Privacy Policy
Privacy Policy
1. Overview
BOSS Passive Fire Pty Ltd (ABN: 82 650 727 852), trading as BOSS Fire (“BOSS Fire”, “we”, “us”, “our”), is an Australian-owned company supplying passive fire protection products across Australia and New Zealand.
We are committed to protecting the privacy of individuals whose personal information we collect and handle. In Australia, we are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In New Zealand, we are bound by the Privacy Act 2020 (NZ) and its 13 Information Privacy Principles (IPPs).
This policy explains how we collect, use, disclose, store, and protect personal information, and how individuals can access or correct information we hold about them or make a complaint.
2. Privacy Officer
BOSS Fire has appointed a Privacy Officer responsible for ensuring compliance with privacy obligations in both Australia and New Zealand.
Mark Prior — CEO
BOSS Passive Fire Pty Ltd
Email: info@bossfire.com (Attn: Privacy Officer)
Phone: +61 2 9524 4040
Postal: PO Box 2262, Caringbah Business Hub, Caringbah 2229 NSW Australia,
The Privacy Officer is the first point of contact for any privacy enquiry, access request, correction request, or complaint in either jurisdiction.
3. What Personal Information We Collect
3.1 Customers and Contractors
When you deal with us as a customer, supplier, or contractor, we may collect:
-
- Name, job title, and company name
-
- Contact details — phone, mobile, email, and business address
-
- Purchase history, project details, and product specifications relevant to your order
-
- Payment information — see Section 5 for how payment data is handled
-
- Communications records, including emails and call records via our 3CX phone system
3.2 Website Visitors
When you visit bossfire.com, we may collect:
-
- Browser type, IP address, pages visited, and session data via cookies and analytics tools
-
- Enquiry details submitted through contact forms
-
- Information provided when downloading technical documentation or requesting product support
3.3 Prospective Customers and Marketing Contacts
We use HubSpot as our CRM to manage sales and marketing activities. Information gathered through enquiries, LinkedIn, trade events, or referrals may be recorded in HubSpot, including:
-
- Name, company, role, and contact details
-
- Engagement history and sales interactions
3.4 Employees and Job Applicants
We collect personal information from current and prospective employees for employment-related purposes. This is managed under a separate HR policy available on request from the Privacy Officer.
4. How We Collect Personal Information
We collect personal information:
-
- Directly from you — when you call us, email us, place an order, complete a form, attend a trade event, or visit our premises
-
- Via our website — through enquiry forms, analytics, and cookie tracking
-
- Through HubSpot (CRM) — when you engage with our marketing communications or LinkedIn presence
-
- Through our 3CX phone system — calls may be recorded for quality, training, and dispute resolution purposes. Callers are notified at the start of any recorded call
-
- Through our AccountRight accounting system — in the course of processing orders, invoices, and payments
-
- From third parties — including referrals, LinkedIn, and publicly available business directories
5. Payment Information and Credit Card Handling
BOSS Fire accepts payments via Westpac banking facilities only. We do not operate our own payment processing system. All payment methods route through Westpac, which holds PCI-DSS certification.
5.1 Card-Present Payments (tap or swipe)
Where customers pay in person at our premises, payments are processed directly through the Westpac EFTPOS terminal. Card data is transmitted directly to Westpac and is not accessed, recorded, or stored by BOSS Fire.
5.2 Phone Payments (card number provided verbally)
Where a customer provides card details over the phone, our staff enter that information directly and in real time into the Westpac terminal. Card details are not written down, recorded in any BOSS Fire system, stored in any document, or retained in any form after the transaction is completed. Staff are trained to process phone payments in a single uninterrupted step and to confirm transaction completion before concluding the call.
5.3 Direct Debit
Where customers pay by direct debit, bank account details are provided to Westpac for the purpose of establishing the debit arrangement. Bank account details may be retained in MYOB AccountRight solely for the purpose of processing future payments. These details are protected by access controls within MYOB and are not shared with third parties beyond Westpac.
If you have concerns about any payment method, please contact the Privacy Officer or ask our team to discuss alternatives.
6. Why We Collect and Use Personal Information
We collect and use personal information to:
-
- Process and fulfil orders for supply of our goods and products
-
- Provide technical support and product information
-
- Manage customer accounts, invoicing, and payment processing
-
- Communicate with you about your orders, enquiries, and our products
-
- Conduct sales and marketing activities, including email campaigns and LinkedIn outreach
-
- Maintain and improve our website and digital presence
-
- Comply with legal, regulatory, and standards-body obligations in Australia and New Zealand
-
- Manage supplier and contractor relationships
-
- Improve our products, services, and internal processes
If you do not provide requested personal information, we may be unable to supply products, provide technical support, process payments, or otherwise fulfil our obligations to you.
7. Disclosure of Personal Information
We do not sell, rent, or trade personal information to third parties for their own marketing purposes.
We may disclose personal information to:
-
- Westpac Banking Corporation — for payment processing via EFTPOS terminal and direct debit facilities
-
- HubSpot Inc — for CRM and marketing automation. HubSpot may store data in the United States and other jurisdictions outside Australia and New Zealand
-
- MYOB Australia Pty Ltd — for accounting and order management
-
- 3CX — for telephone system operation and call recording
-
- LinkedIn Corporation — where you interact with our company LinkedIn presence. LinkedIn may store data in the United States and other jurisdictions outside Australia and New Zealand
-
- Sullivan Dewing (Caringbah) — our external accounting advisers, who may access financial records containing personal information in the course of their engagement
-
- Legal advisers — where required to obtain legal advice or manage disputes
-
- Regulatory bodies or law enforcement — where required or permitted by law in Australia or New Zealand
-
- Any other party with your prior consent
Where personal information is disclosed to overseas service providers, we take reasonable steps to ensure those providers maintain privacy protections consistent with Australian and New Zealand requirements. By dealing with BOSS Fire, you acknowledge that some information may be stored or processed outside Australia and New Zealand.
8. Security of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our measures include:
-
- Access controls, password protection and 2FA where possible across all business systems
-
- Restricted access to MYOB, HubSpot, and 3CX based on staff role
-
- Westpac-managed PCI-DSS compliant payment infrastructure
-
- Staff training on data handling protocols, including phone payment procedures
-
- Secure cloud-based storage for CRM, accounting, and communications records
In Australia, we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable if a data breach occurs that is likely to result in serious harm, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
In New Zealand, we will notify the NZ Privacy Commissioner and affected individuals as soon as reasonably practicable where a privacy breach has caused, or is likely to cause, serious harm, in accordance with the Privacy Act 2020 (NZ).
9. Retention of Personal Information
We retain personal information for as long as it is needed for the purpose for which it was collected, or as required by law (including tax, corporate, and contractual record-keeping obligations). When personal information is no longer required, we take reasonable steps to securely destroy or permanently de-identify it.
10. Accessing and Correcting Your Information
You have the right to request access to the personal information we hold about you, and to request correction of information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
To make a request, contact the Privacy Officer (Section 2). We will respond within 30 days. If we decline access or correction, we will provide the reason in writing and advise you of your options to complain.
11. Website and Cookies
Our website (bossfire.com) uses cookies and analytics tools to understand how visitors interact with the site. Cookies do not identify you personally. You can disable cookies through your browser settings, though this may affect website functionality.
Our website may link to third-party sites. We are not responsible for the privacy practices of those sites.
12. New Zealand Operations
BOSS Fire operates a facility in New Zealand and supplies passive fire protection products to customers throughout New Zealand. As an overseas agency carrying on business in New Zealand, we are bound by the Privacy Act 2020 (NZ) in respect of personal information collected from or about New Zealand residents.
12.1 NZ Information Privacy Principles
The NZ Privacy Act 2020 establishes 13 Information Privacy Principles (IPPs) governing how we collect, use, store, and disclose personal information relating to NZ individuals. These principles are broadly aligned with the Australian Privacy Principles and our practices satisfy both frameworks. The NZ Privacy Act also incorporates IPP 3A (effective from the Privacy Amendment Act 2025), which requires us to inform individuals when their personal information is collected from a third party rather than directly from them.
12.2 NZ Privacy Officer
Mark Prior (CEO) serves as Privacy Officer for both Australia and New Zealand. NZ-based individuals may direct any enquiry, access request, or complaint to the Privacy Officer using the contact details in Section 2.
12.3 NZ Breach Notification
Where a privacy breach involving NZ personal information has caused, or is likely to cause, serious harm to one or more individuals, we will notify the Office of the Privacy Commissioner (NZ) and the affected individuals as soon as reasonably practicable, in accordance with sections 113-120 of the Privacy Act 2020 (NZ).
12.4 NZ Complaints
If you are a New Zealand resident and are not satisfied with our response to a privacy complaint, you may contact:
Office of the Privacy Commissioner (New Zealand)
Website: www.privacy.org.nz
Phone: 0800 803 909
Online complaint form: www.privacy.org.nz/your-rights/making-a-complaint/
13. Complaints — Australia
Please contact our Privacy Officer (Section 2) in the first instance. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Online complaint form: www.oaic.gov.au/privacy/privacy-complaints
14. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business operations, systems, or legal obligations. The current version will always be published on our website at bossfire.com. Where changes are material, we will take reasonable steps to notify affected individuals.