Privacy, Confidentiality and Information Handling Policy
Privacy, Confidentiality and Information Handling Policy
Document Owner: Managing Director, Biddly Pty Ltd
Applies to: Employees, contractors, suppliers and representatives of Biddly Pty Ltd
Business Model: 100% remote business management and tender management consultancy
Location: Female-owned Australian company based in Victoria, servicing Australian businesses nationally
Review Frequency: Annually, or earlier if legal, operational, workforce or social impact conditions change
1. Purpose
The purpose of this policy is to outline how Biddly Pty Ltd (Biddly) manages privacy, confidentiality and information handling in the delivery of business management and tender management services.
Biddly handles sensitive client information, including tender documentation, business strategies, pricing, contracts, policies, personnel information, financial information, supplier details, case studies, licences, insurances and commercially confidential records.
This policy ensures that all information handled by Biddly is treated with care, respect, professionalism and confidentiality.
2. Scope
This policy applies to all information collected, accessed, created, received, stored, used, shared or deleted by Biddly, including:
client documents;
tender and procurement documents;
personal information;
employee, contractor and personnel records;
commercial and pricing information;
business plans, methodologies and strategies;
contracts and agreements;
insurance, licence and certification records;
financial documents;
emails, meeting notes and correspondence;
documents stored in Microsoft 365, OneDrive or other approved systems;
information used in AI, digital tools or third-party platforms.
3. Policy Statement
Biddly is committed to handling all client, employee, contractor and business information lawfully, ethically, securely and confidentially.
We will:
only collect information that is reasonably required for business purposes;
use information only for the purpose for which it was provided or authorised;
protect confidential and commercially sensitive information;
store information securely using approved systems;
limit access to people who genuinely need the information;
take reasonable steps to prevent unauthorised access, disclosure, loss or misuse;
not disclose client information without permission unless legally required;
manage personal information with care and respect;
delete or archive information in accordance with agreed retention requirements;
respond promptly to privacy, confidentiality or data handling concerns.
4. Confidential Information
Confidential information includes any information that is not public, and that relates to a client, employee, contractor, supplier, tender opportunity, business process or commercial arrangement.
Examples include:
tender response drafts;
pricing strategies;
contract terms;
client business structures;
internal procedures;
financial information;
project methodologies;
CVs and personnel details;
procurement strategies;
client passwords or access credentials;
supplier agreements;
commercially sensitive correspondence.
Confidential information must not be shared outside Biddly unless authorised by the client, required for service delivery, or required by law.
5. Personal Information
Personal information may include names, contact details, employment history, CVs, qualifications, licences, referee details, signatures, identification documents, financial information, or other information that identifies or could reasonably identify a person.
Biddly will take reasonable steps to ensure personal information is:
collected fairly and only where required;
stored securely;
accessed only by authorised people;
used only for legitimate business purposes;
not disclosed unnecessarily;
corrected where inaccurate;
deleted or archived when no longer required.
6. Client Tender Information
Tender and procurement information must be handled with particular care because it may be commercially sensitive, time-critical and confidential.
Biddly will:
maintain organised client folders;
protect tender packs, addenda and response drafts;
avoid sharing documents with unauthorised parties;
maintain appropriate version control;
confirm client approval before using client examples externally;
avoid discussing client opportunities with other clients or competitors;
protect client pricing, strategy and capability information;
handle procurement clarification responses and addenda carefully.
7. Information Storage
Biddly uses Australian-based, approved digital systems for document storage, file sharing and business communication.
Information must be stored in approved business systems, including:
Microsoft 365;
OneDrive;
approved cloud-based platforms;
approved business email accounts;
approved project management or collaboration systems.
Employees and contractors must not store client documents on unauthorised personal devices, personal cloud accounts, USB drives or unapproved platforms unless expressly authorised.
8. Access Control
Access to client and business information must be based on a genuine business need.
Biddly will:
restrict access to relevant personnel only;
remove access when no longer required;
avoid unnecessary sharing of folders or links;
use secure file-sharing methods;
avoid open or public sharing links unless specifically intended;
review access where a contractor or supplier engagement ends.
9. Use of AI and Digital Tools
Client information must not be entered into AI tools, online platforms or third-party digital systems unless the use is approved, appropriate and consistent with confidentiality obligations.
Where AI or digital tools are used, Biddly will ensure:
confidential information is protected;
personal information is not unnecessarily disclosed;
outputs are reviewed by a human before use;
generated content is checked for accuracy;
client consent is obtained where required;
commercially sensitive material is not exposed to unnecessary risk.
10. Case Studies, Testimonials and Marketing
Biddly must not use client names, project details, tender outcomes, testimonials, logos or case studies in marketing or capability material unless authorised.
Where permission is granted, Biddly will ensure the information is accurate, respectful, not misleading and does not disclose confidential or commercially sensitive information.
11. Information Breaches
An information breach may include:
sending a document to the wrong recipient;
unauthorised access to a client folder;
loss or theft of a device;
compromised email account;
accidental disclosure of confidential information;
uploading confidential documents into an unauthorised tool;
sharing a file link too broadly;
cyber incident or malware event.
Any suspected or actual information breach must be reported immediately to the Director.
12. Responsibilities
The Director is responsible for:
ensuring this policy is implemented;
managing privacy, confidentiality and information handling risks;
responding to suspected or actual breaches;
approving information sharing arrangements;
ensuring appropriate systems are used;
reviewing this policy regularly.
Employees, contractors and representatives are responsible for:
protecting confidential and personal information;
following approved storage and sharing processes;
reporting suspected or actual breaches immediately;
using information only for authorised business purposes;
maintaining confidentiality during and after their engagement with Biddly.
13. Breach of Policy
A breach of this policy may result in corrective action, removal of system access, termination of contractor arrangements, disciplinary action, or legal action where appropriate.
14. Review
This policy will be reviewed annually or earlier if there are changes to legal obligations, business operations, technology systems, client requirements or information security risks.
7. Approval
Approved by:
Managing Director
Biddly Pty Ltd
Name: CLARICE HILL
Date: 28 APRIL 2026
Next Review Date: 27 APRIL 2027