Data Handling Policy
Last updated: 10 February 2026
1. Purpose
This Data Handling Policy outlines how True Line Electrical ("we", "us", "our") collects, processes, stores, and protects data in the course of our business operations. This policy supplements our Privacy Policy with specific details about our data management practices.
We are committed to handling all data responsibly, securely, and in compliance with the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and applicable Victorian legislation.
2. Data Classification
We classify data into the following categories based on sensitivity:
| Classification | Description | Examples |
|---|---|---|
| Confidential | Sensitive personal or business information requiring highest protection | Payment details, insurance claim information, access codes |
| Private | Personal information requiring protection | Contact details, property addresses, service history |
| Internal | Business information for internal use | Scheduling data, operational notes, pricing structures |
| Public | Information intended for public access | Website content, published pricing, service descriptions |
3. Data Collection Practices
3.1 Collection Principles
We adhere to the following principles when collecting data:
- Necessity: We only collect data that is necessary for the specified purpose
- Transparency: We inform individuals about what data we collect and why
- Consent: We obtain appropriate consent before collecting personal information
- Accuracy: We take reasonable steps to ensure data is accurate and up-to-date
- Lawfulness: We collect data only through lawful and fair means
3.2 Collection Methods
- Website Forms: Contact forms, booking requests, partner enquiries
- Direct Communication: Phone calls, emails, SMS messages
- On-Site: Information gathered during service delivery
- Third Parties: Referrals from property managers, insurers, or other authorised sources
- Automated: Website analytics and cookies (with consent)
4. Data Processing
4.1 Lawful Basis for Processing
We process personal data based on one or more of the following grounds:
- Contractual Necessity: To fulfil our service obligations
- Legal Obligation: To comply with regulatory requirements (e.g., electrical safety certificates)
- Legitimate Interests: For business operations, quality improvement, and fraud prevention
- Consent: For marketing communications and optional services
4.2 Processing Activities
- Scheduling and appointment management
- Service delivery and documentation
- Invoicing and payment processing
- Compliance certificate generation and submission
- Customer communication and support
- Business analytics and reporting
5. Data Storage
5.1 Storage Locations
Data is stored in the following locations:
- Cloud Services: Secure cloud platforms with data centres in Australia and/or United States (AWS, Google Cloud, or similar)
- Email Systems: Business email hosted on secure platforms with encryption
- Business Applications: Scheduling, invoicing, and CRM systems with appropriate security certifications
- Local Systems: Encrypted devices for operational use
5.2 Storage Security
- Encryption: Data encrypted at rest (AES-256 or equivalent) and in transit (TLS 1.2+)
- Access Controls: Role-based access with principle of least privilege
- Authentication: Strong password policies and multi-factor authentication where available
- Backups: Regular automated backups with secure offsite storage
- Monitoring: Security monitoring and logging of access to sensitive data
6. Data Retention and Disposal
6.1 Retention Schedule
| Data Type | Retention Period | Basis |
|---|---|---|
| Certificates of Electrical Safety | 7 years | Victorian electrical safety regulations |
| Service records and job documentation | 7 years | Legal and warranty requirements |
| Financial records and invoices | 7 years | Australian tax law |
| Customer contact information | Duration of relationship + 2 years | Business operations |
| Enquiry records (non-customers) | 2 years from last contact | Business operations |
| Website analytics | 26 months | Analytics platform defaults |
| Marketing consent records | Until consent withdrawn + 2 years | Compliance evidence |
6.2 Secure Disposal
When data reaches the end of its retention period, we dispose of it securely:
- Digital Data: Secure deletion using industry-standard methods
- Physical Documents: Cross-cut shredding or secure destruction service
- Hardware: Secure data wiping before disposal or recycling
7. Data Sharing and Transfer
7.1 Third-Party Sharing
We share data with third parties only when necessary and with appropriate safeguards:
- Service Providers: Email, scheduling, payment processing, and hosting providers
- Regulatory Bodies: Energy Safe Victoria for compliance certificates
- Insurance Companies: For insurance restoration claims (with authorisation)
- Property Managers: Compliance documentation for managed properties
- Professional Advisers: Accountants, lawyers, insurers
7.2 International Transfers
Some of our service providers may store data in countries outside Australia (primarily the United States). We ensure these providers:
- Have appropriate security certifications (e.g., SOC 2, ISO 27001)
- Are bound by contractual data protection obligations
- Provide a level of protection comparable to Australian standards
8. Data Security Measures
8.1 Technical Measures
- Encryption of data at rest and in transit
- Firewalls and intrusion detection systems
- Regular security updates and patch management
- Secure backup and disaster recovery procedures
- Multi-factor authentication for sensitive systems
8.2 Organisational Measures
- Staff training on data protection and security
- Access controls based on role and necessity
- Confidentiality obligations for all personnel
- Regular review of security practices
- Incident response procedures
9. Data Breach Response
In the event of a data breach, we will:
- Contain: Take immediate steps to contain the breach and prevent further unauthorised access
- Assess: Evaluate the nature and scope of the breach, including what data was affected
- Notify: Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if the breach is likely to result in serious harm (as required by the Notifiable Data Breaches scheme)
- Remediate: Take steps to remediate the breach and prevent recurrence
- Document: Maintain records of the breach and our response
10. Your Data Rights
You have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Restriction: Request restriction of processing in certain circumstances
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for processing based on consent
To exercise these rights, contact us at service@truelineelectrical.com.au. We will respond within 30 days.
11. Policy Review
This Data Handling Policy is reviewed annually or when significant changes occur to our data processing activities. Updates will be posted on this page with an updated "Last updated" date.
12. Contact Us
For questions about this Data Handling Policy or our data practices, contact us:
True Line Electrical
ABN: 29 696 139 929
Email: service@truelineelectrical.com.au
Phone: 0456 254 593
Location: Melbourne, Victoria, Australia