1Introduction
MRK Innovations (“MRK Innovations”, “we”, “us” or “our”) provides AI and automation, custom software, IT infrastructure and managed support services. We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988(Cth) (the “Privacy Act”) and the Australian Privacy Principles (“APPs”).
This Privacy Policy explains how we collect, use, hold, disclose and protect personal information when you visit our website at mrkinnovations.com.au (the “Website”), engage us for services, or otherwise interact with us. By using our Website or services, you consent to the practices described in this Policy.
2What personal information we collect
The personal information we collect depends on how you interact with us. It may include:
- Contact and identity information — your name, email address, phone number, business name, job title and postal address, including information you submit through our contact form or consultation booking.
- Enquiry and engagement information — details you provide about your business, projects, requirements and the systems we are engaged to build or support.
- Client portal account information — login credentials, account identifiers, support requests, and records of your activity within our client panel.
- Client systems data — where you engage us to build, host, manage or support software and IT systems, those systems may contain or process personal information belonging to you, your staff or your own customers. We handle this data on your behalf as part of providing our services (see section 7).
- Billing information — information needed to invoice and process payments. We do not store full payment card numbers; card payments are handled by third-party payment providers.
- Technical and usage information — IP address, browser type, device information, pages visited and similar analytics data collected automatically when you use our Website (see section 9).
We generally collect personal information directly from you. In some cases we may collect it from third parties, such as your authorised representatives or publicly available sources, where it is reasonable to do so.
3How we collect personal information
We collect personal information when you:
- submit our contact form or book a consultation;
- email, call or otherwise communicate with us;
- enter into an engagement or contract with us;
- register for or use our client portal;
- engage us to develop, host or support your systems; or
- browse our Website.
If you provide us with personal information about another person (for example, your employees or customers), you must ensure you are authorised to do so and that they are aware of this Policy.
4Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information for purposes including to:
- respond to your enquiries and provide quotes and proposals;
- scope, deliver, host, maintain and support the services you engage us for;
- create and manage your client portal account;
- communicate with you about your engagement, including project updates, support and technology advisory;
- process payments and manage our accounts and records;
- comply with our legal and regulatory obligations;
- protect the security and integrity of our systems and yours; and
- improve our Website and services.
We will only use or disclose your personal information for the purpose for which it was collected, a directly related purpose you would reasonably expect, or where you have consented or we are otherwise permitted or required by law.
We do not sell your personal information.
5Use of AI platforms and subprocessors
A core part of our services involves implementing and managing AI workflows and automation. To deliver these services, we use third-party AI platforms and infrastructure providers (“subprocessors”), which may include providers such as Anthropic (Claude), OpenAI (ChatGPT), Google (Gemini), Microsoft (Copilot) and similar platforms, as well as cloud hosting providers.
Where we are engaged to build or operate AI systems for you, data from your systems — which may include personal information — may be processed by these subprocessors to deliver the agreed functionality. When we do this:
- we use subprocessors that provide appropriate security and confidentiality protections;
- we configure systems, where reasonably practicable, to use business or enterprise tiers that do not train public models on your data;
- the specific subprocessors and data flows for your engagement are scoped and agreed with you as part of your contract; and
- you remain responsible for the lawfulness of the data you provide to us for processing.
Some subprocessors may store or process data outside Australia (see section 8).
6Disclosure of personal information
We may disclose your personal information to:
- our staff and contractors who need it to perform their roles;
- third-party service providers and subprocessors who support our operations, including AI platforms, cloud hosting, email, analytics and payment providers;
- professional advisers such as accountants, auditors and lawyers;
- a successor entity in connection with a sale or restructure of our business; and
- government, regulatory or law enforcement bodies where required or authorised by law.
We require our service providers to handle personal information consistently with the APPs and our obligations to you.
7Client data and our role
Where you engage us to develop, host, manage or support systems that contain personal information, you are generally the entity responsible for that information and the relevant data subjects, and we handle it on your behalf and on your instructions under your service contract. Our handling of that data is governed by your contract together with this Policy. You are responsible for ensuring you have the necessary rights and consents to provide that data to us for the agreed purposes.
8Overseas disclosure
Some of our service providers and subprocessors are located outside Australia, including in the United States and other countries where AI platforms and cloud infrastructure are operated. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it in accordance with the APPs, or rely on an applicable exception under the Privacy Act. The specific locations relevant to your engagement can be confirmed as part of your contract scoping.
9Cookies and website analytics
Our Website may use cookies and similar technologies to operate the site, remember your preferences and understand how the Website is used. You can configure your browser to refuse cookies, though some features of the Website may not function properly as a result. Any analytics we use is for understanding aggregate usage and improving the Website.
10Security
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include access controls, encryption where appropriate, security patching and monitoring. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If we become aware of a data breach that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (“OAIC”) where required.
11Retention of personal information
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to provide and support our services, and to meet our legal, accounting and record-keeping obligations. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.
12Accessing and correcting your information
You may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete or misleading. To make a request, contact us using the details in section 14. We will respond within a reasonable period. We may need to verify your identity before processing your request, and in limited circumstances permitted by law we may decline access, in which case we will explain why.
13Complaints
If you believe we have breached the APPs or mishandled your personal information, please contact us using the details in section 14. We will acknowledge your complaint and aim to resolve it within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with the OAIC at www.oaic.gov.au or by calling 1300 363 992.
14Contact us
For any privacy questions, requests or complaints, contact:
15Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available on our Website, and the “Last updated” date above will indicate when it was last revised. We encourage you to review this Policy periodically.
