Privacy policy.

Last updated: 14 September 2025

1. Who we are

[gorau; Engineering Solutions] (“we”, “us”, “our”) is an engineering and operations consultancy based in Australia.
ABN: 93 633 590 645
Website: www.gorau.au
Contact: privacy@gorau.au

We respect your privacy and are committed to handling personal information in a responsible, transparent way.

2. Scope

This policy explains how we collect, use, disclose, store, and protect personal information relating to:

  • Website visitors and people who contact us (e.g., via our contact form or email),

  • Prospective and current clients and their personnel,

  • Suppliers and business partners,

  • Job applicants.

Note: We are a small business and may not be subject to the Privacy Act 1988 (Cth). Regardless, we follow the principles in this policy as a matter of good practice. If/when the Australian Privacy Principles (APPs) apply to us, we will update this policy to reflect those obligations.

3. The personal information we collect

The personal information we may collect includes:

  • Identity & contact details: name, job title/role, company, email address, phone number, postal address.

  • Enquiry details & correspondence: information you include in messages, notes from calls/meetings.

  • Client engagement information: scope of work, statements of work, purchase orders, billing/contact points.

  • Technical/usage data (from our website): IP address, device/browser type, pages viewed, timestamps, referral source, and cookie identifiers.

  • Recruitment information (if you apply for a role): CV/resume, cover letter, references, work rights.

  • Sensitive information: we do not seek to collect sensitive information. If it is necessary for a specific matter, we will ask for your express consent and handle it with extra care.

4. How we collect personal information

We collect information:

  • Directly from you: via our website forms, email, phone, virtual meetings, or in person.

  • Automatically: limited technical and usage data via cookies and similar technologies when you use our website.

  • From third parties: professional referrals, public professional profiles (e.g., LinkedIn), or your colleagues who provide your business contact details for project coordination.

5. Why we collect and use personal information

We use personal information to:

  • Respond to enquiries and communicate with you,

  • Provide and improve our services, proposals, and deliverables,

  • Plan and manage projects, including stakeholder coordination,

  • Operate and secure our website and IT systems, and perform troubleshooting/analytics,

  • Administer our business, including invoicing, record-keeping, and compliance with applicable laws,

  • Recruitment: assess job applications and manage the hiring process.

We do not sell personal information. We also do not send marketing communications. If we introduce optional updates or a newsletter in future, we will obtain your consent first and provide easy ways to opt out.

6. Legal basis (EU/UK visitors)

If you are located in the EU/UK, we process personal data on bases such as:

  • Legitimate interests (e.g., responding to enquiries, delivering and improving services, website security),

  • Contract (e.g., preparing or performing an agreement with you/your organisation),

  • Consent (e.g., where required for optional activities),

  • Legal obligations (e.g., tax and record-keeping).

7. Disclosing personal information

We may disclose personal information to:

  • Service providers who support our operations (e.g., website hosting, email, calendar/booking tools, document storage, video conferencing, IT/security, analytics). These providers are only permitted to use the information to provide services to us.

  • Professional advisers (e.g., accountants, insurers, lawyers) under confidentiality obligations.

  • Relevant third parties when reasonably necessary to prevent or respond to suspected unlawful activity or to comply with law, regulation, court orders, or insurance requirements.

  • Successors/assignees in the event of a business restructure or transfer, subject to confidentiality.

We do not sell personal information.

8. International transfers

Some service providers may operate from or store data in other countries (for example, data centres outside Australia). Where practical and appropriate, we take steps to use reputable providers and to ensure reasonable safeguards are in place. If specific transfer safeguards are required by law (e.g., for EU/UK data subjects), we will implement them.

9. Cookies, analytics, and similar technologies

Our website may use cookies and similar technologies to help it function properly, keep it secure, and understand aggregate usage (e.g., page views, time on page). You can usually control cookies through your browser settings (e.g., blocking some or all cookies, or receiving alerts). Blocking essential cookies may affect site functionality.

If we use third-party analytics, they may set their own cookies. We configure analytics to minimise the amount of personal information processed, and we use the insights in aggregate to improve our site and services.

10. Storage and security

We use reasonable technical and organisational measures to protect personal information, including:

  • Access controls and permissions on a need-to-know basis,

  • Strong authentication (e.g., MFA) where available,

  • Encryption in transit for our website and cloud services,

  • Regular software updates and secure configurations.

No method is 100% secure. If we become aware of a data incident involving personal information, we will assess the situation promptly and notify affected individuals and/or authorities where required.

11. Retention

We keep personal information only as long as necessary for the purposes described in this policy or as required by law. As a guide:

  • Enquiry records are typically retained for 12–24 months,

  • Client engagement and financial records are retained for the period required by applicable laws (for example, tax and accounting), after which they are securely deleted or de-identified.

12. Your choices and rights

You can:

  • Access and correction: request access to the personal information we hold about you and ask us to correct it if it’s inaccurate, incomplete, or out of date.

  • Objection/erasure: in some cases, request that we stop using your information or delete it (subject to legal and contractual constraints).

  • Cookie controls: manage cookies via your browser settings.

To exercise these rights, contact us at privacy@gorau.au. We may need to verify your identity before actioning requests and, where lawful, we may refuse or limit a request (we’ll explain why if that happens).

13. Third-party links

Our website may link to third-party sites or services. Their privacy practices are not covered by this policy. We recommend reviewing their privacy information before submitting personal information.

14. Children

Our services are designed for business professionals. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate steps.

15. Complaints and how to contact us

If you have a question or concern about privacy, please contact us first:

Email: privacy@gorau.au

We will respond as soon as practicable. If you believe we have not resolved your concern satisfactorily and the Privacy Act applies to us, you may be able to contact the Office of the Australian Information Commissioner (OAIC) or your local data protection authority (if outside Australia).

16. Changes to this policy

We may update this policy from time to time to reflect changes to our practices or legal requirements. The “Last updated” date at the top will tell you when it was most recently revised. If changes materially affect how we handle your personal information, where appropriate we will take reasonable steps to let you know.