Simple IT.
Strong Security.
Real Results.

1. Who we are

The Urban Network Pty Ltd is a managed IT and security services provider operating across Sydney, Brisbane, and Melbourne. Our contact details are:
Email: [email protected]
Phone: +61 (0) 402 338 763

2. What personal information we collect

We collect personal information that is necessary to provide our services. This may include:

• Contact information: name, email address, phone number, job title, company name and address
• Technical information: IP addresses, device identifiers, network configuration details, and system logs collected in the course of delivering managed IT services
• Financial information: billing address and payment details (processed securely through third-party payment providers; we do not store full card details)
• Communications: records of correspondence, support tickets, and service requests
• Website usage data: pages visited, time on site, browser type, and referral sources collected via cookies and analytics tools

We collect personal information only by lawful and fair means, and only where necessary for one or more of our functions or activities.

3. How we collect your information

We collect information directly from you when you:

• Submit an enquiry form or request a free IT audit on our website
• Engage us to provide managed IT or security services
• Contact us by phone, email, or chat
• Subscribe to our newsletter or download resources
• Attend an event or webinar we host or participate in

We may also collect information from third parties such as referral partners, publicly available sources, or from your systems in the course of delivering contracted services.

4. Why we collect and use your information

We use personal information to:

• Provide, manage, and improve our managed IT and security services
• Respond to enquiries and provide customer support
• Issue invoices and manage payments
• Send service-related communications, including security alerts and maintenance notifications
• Send marketing communications where you have consented or where permitted under applicable law
• Comply with our legal and regulatory obligations
• Improve our website and service offerings through analytics
• Conduct security monitoring and incident response on behalf of clients

5. Disclosure of your information

We do not sell your personal information. We may share it with:

• Service providers: third-party vendors who assist in delivering our services (e.g. Microsoft, Google, RMM and PSA platforms, cloud providers) — all bound by confidentiality obligations
• Professional advisers: accountants, lawyers, and auditors where required
• Law enforcement or regulators: where required by law, court order, or to protect our legal rights
• Business successors: in the event of a merger, acquisition, or sale of assets, with appropriate confidentiality protections

Some of our service providers may be located overseas (including the United States and European Union). Where we transfer personal information internationally, we take steps to ensure the recipient provides protections equivalent to the APPs.

6. Data retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Client records are generally retained for seven (7) years in accordance with Australian taxation law. Marketing data is held until you withdraw consent or request deletion.

7. Cookies and website analytics

Our website uses cookies and similar technologies to enhance your experience and collect analytics data. You can disable cookies in your browser settings, although this may affect site functionality. We use analytics tools to understand how visitors interact with our site — this data is aggregated and not linked to personally identifiable information.

8. Security of your information

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include encrypted data storage, multi-factor authentication, access controls, and regular security reviews. Despite these measures, no internet transmission is completely secure.

9. Access, correction, and complaints

You have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Withdraw consent to marketing communications at any time by clicking "unsubscribe" or contacting us directly
• Lodge a complaint about our privacy practices

To exercise these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on our website with the date of last update noted above. Material changes will be communicated to active clients by email.

1. Services

TUN provides managed IT services, cybersecurity solutions, physical security installation, compliance support, device endpoint management, and security training ("Services") as specified in a Statement of Work (SOW), Service Agreement, or written proposal accepted by the Client.

All Services are subject to these Terms unless a separate written agreement expressly overrides them. In the event of conflict, the signed Service Agreement takes precedence.

2. Engagement and acceptance

An engagement begins when the Client accepts a proposal, signs a Service Agreement, or instructs TUN to commence work in writing (including by email). A free IT audit does not constitute a binding engagement and carries no obligation on either party.

3. Client responsibilities

The Client agrees to:

• Provide TUN with timely access to systems, premises, credentials, and personnel necessary to deliver the Services
• Maintain appropriate authorisation and rights over all systems and data TUN is asked to work on
• Notify TUN promptly of any changes to the environment that may affect service delivery
• Keep all account credentials, access tokens, and remote access tools provided by TUN secure and confidential
• Ensure staff participate in required onboarding and security training sessions as part of managed service agreements
• Maintain appropriate cyber insurance where recommended by TUN

4. Fees, invoicing, and payment

Managed services: Billed monthly in advance via agreed method. Fees are fixed for the contracted term unless a change in scope is agreed in writing.

Project work: Quoted and invoiced per project milestones or on completion, as specified in the SOW.

Ad-hoc work: Billed at our current standard hourly rates plus GST, invoiced monthly in arrears.

Payment terms: Invoices are due within 14 days of issue. Overdue amounts attract interest at 10% per annum. TUN reserves the right to suspend services for accounts more than 30 days overdue after providing written notice.

All fees are quoted in Australian Dollars (AUD) exclusive of GST unless otherwise stated.

5. Service levels (SLA)

For active managed service clients, TUN targets the following response times:

• Critical (business-wide outage): Initial response within 1 hour; resolution efforts begin immediately
• High (significant impact, workaround available): Initial response within 2 hours
• Standard (general issues): Initial response within 4 business hours
• Low (minor issues, queries): Response within 1 business day

SLAs apply during business hours (8am–6pm AEST/AEDT, Monday to Friday) unless an out-of-hours support arrangement is in place. TUN is not liable for SLA breaches caused by factors outside its reasonable control.

6. Intellectual property

All intellectual property created or developed by TUN in the course of delivering Services ("Deliverables") remains the property of TUN unless the parties agree otherwise in writing. Upon full payment, TUN grants the Client a non-exclusive, perpetual licence to use the Deliverables for their internal business purposes.

The Client retains ownership of all pre-existing intellectual property provided to TUN. The Client grants TUN a limited licence to use Client materials solely to the extent necessary to perform the Services.

7. Confidentiality

Both parties agree to keep the other party's confidential information strictly confidential and not to disclose it to third parties without prior written consent, except as required by law. This obligation survives termination of the engagement for a period of three (3) years.

TUN will not disclose Client data or system information to third parties except as necessary to deliver contracted Services or comply with applicable law.

8. Limitation of liability

To the maximum extent permitted by law:

• TUN's total liability to the Client for any claim arising out of or in connection with the Services is limited to the total fees paid by the Client in the three (3) months preceding the event giving rise to the claim
• TUN is not liable for indirect, incidental, consequential, or special damages, including loss of profits, loss of data, or business interruption
• TUN is not liable for losses arising from the Client's failure to maintain adequate backups, failure to implement recommended security measures, or actions of third parties outside TUN's control

Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)) that cannot lawfully be excluded.

9. Termination

By the Client: Managed service agreements may be terminated with 30 days' written notice after any minimum contract term. Project work may be terminated with 14 days' notice; fees for work completed to date remain payable.

By TUN: TUN may terminate immediately if the Client materially breaches these Terms and fails to remedy the breach within 7 days of written notice, or if the Client becomes insolvent.

Upon termination, TUN will provide reasonable assistance to facilitate transition to another provider and return or securely delete Client data within 30 days, subject to any legal retention obligations.

10. Force majeure

Neither party is liable for failure or delay in performance caused by circumstances beyond their reasonable control, including natural disasters, pandemics, government actions, cyberattacks by third parties, or telecommunications failures.

11. Governing law and disputes

These Terms are governed by the laws of New South Wales, Australia. The parties agree to submit to the exclusive jurisdiction of the courts of New South Wales. Before commencing any legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days.

12. Changes to these terms

TUN may update these Terms from time to time. Clients will be notified of material changes by email at least 30 days before they take effect. Continued use of Services after that date constitutes acceptance of the updated Terms.

1. Security governance

Security is a core organisational priority at TUN. We maintain a continuous security improvement programme that includes:

• Regular review of security controls and policies (at minimum annually)
• Risk assessments conducted prior to onboarding new services or vendors
• Clear assignment of security responsibilities within the team
• Security considerations embedded in all project and service delivery activities

2. ASD Essential Eight alignment

TUN implements and maintains controls aligned to the ASD Essential Eight Maturity Model. Our current implementation covers:

• Application control: Only approved and tested applications are permitted to execute on TUN-managed systems
• Patch applications: Critical patches are applied within 48 hours of release; all others within 14 days
• Configure Microsoft Office macro settings: Macros are disabled by default and enabled only with explicit approval
• User application hardening: Web browsers and productivity applications are configured to block untrusted content
• Restrict administrative privileges: Administrative access is granted on a least-privilege basis and reviewed quarterly
• Patch operating systems: Operating systems are patched within 48 hours for critical vulnerabilities
• Multi-factor authentication: MFA is mandatory for all staff accessing TUN systems and client environments
• Regular backups: Daily automated backups with offline/offsite copies tested quarterly

3. Access control

Access to TUN systems and client environments is governed by the principle of least privilege:

• All staff are issued individual accounts — shared credentials are not permitted
• Multi-factor authentication (MFA) is enforced for all remote access, email, and cloud services
• Privileged access is separately credentialed and subject to additional logging and monitoring
• Access rights are reviewed when staff roles change and revoked within 24 hours of departure
• Client environment access is documented, scoped to the minimum required, and logged

4. Data protection and encryption

• All data in transit is encrypted using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 or equivalent standards
• Portable devices and storage media used in the delivery of services are encrypted
• Client data is logically segregated and never commingled with other client data
• Sensitive credentials are stored in enterprise-grade password management systems with zero-knowledge architecture

5. Network security

• TUN operational networks are segmented and protected by enterprise-grade firewalls and intrusion detection systems
• All remote access to client systems is conducted over encrypted VPN or Zero Trust Network Access (ZTNA) connections
• DNS filtering and web proxy controls are applied to block access to known malicious sites
• Network traffic is logged and reviewed for anomalous activity

6. Endpoint security

• All TUN-managed endpoints are protected by enterprise endpoint detection and response (EDR) software
• Endpoint agents provide real-time threat detection, behavioural analysis, and automated response
• USB and removable media usage is controlled and logged
• All endpoints are subject to the patch management controls described in Section 2

7. Vendor and third-party security

TUN assesses the security posture of all significant third-party vendors and technology partners before use. Our key service providers include enterprise-grade platforms operated by Microsoft and Google, which maintain their own comprehensive security certifications (ISO 27001, SOC 2 Type II). Vendor security assessments are reviewed annually.

8. Incident response

TUN maintains a documented Incident Response Plan (IRP) covering detection, containment, eradication, recovery, and post-incident review. In the event of a security incident affecting client data:

• The affected client will be notified within 24 hours of TUN becoming aware of the incident
• TUN will provide regular updates on the investigation and remediation progress
• Where required, TUN will assist with mandatory breach notifications under the Notifiable Data Breaches (NDB) scheme (Privacy Act 1988)
• A post-incident review will be conducted and remediation actions implemented to prevent recurrence

9. Business continuity and disaster recovery

• TUN maintains a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) reviewed annually
• Critical operational systems have documented recovery time objectives (RTO) and recovery point objectives (RPO)
• Backup restoration is tested quarterly to validate recoverability
• TUN staff are trained on emergency procedures and escalation paths

10. Staff security

• All TUN staff complete security awareness training upon commencement and annually thereafter
• Staff handling sensitive client data are subject to reference and identity verification checks
• Phishing simulation exercises are conducted periodically to maintain staff vigilance
• Acceptable use policies govern all staff use of TUN and client systems

11. Physical security

• TUN does not operate a public-facing data centre; client data is hosted in enterprise cloud environments
• Physical access to any TUN office or workspace is controlled and restricted to authorised personnel
• Screens are locked when unattended; clear desk policies are enforced
• Physical documents containing sensitive information are stored securely and disposed of via cross-cut shredding

12. Vulnerability management

TUN conducts regular vulnerability scanning of its operational systems and promptly remediates identified weaknesses. Clients engaged on managed security services receive vulnerability scanning as part of their service package. Critical vulnerabilities are escalated and remediated in accordance with the patch timelines in Section 2.

13. Reporting a security concern

If you identify a security vulnerability in our systems or services, or wish to report a security concern, please contact us immediately at [email protected] or call +61 (0) 402 338 763. We are committed to investigating all reports promptly and responsibly.