Privacy Policy

We collect personal information that is reasonably necessary for, and directly related to, providing independent roof asset management services. This includes:

• Contact details — full name, organisation, role (committee member, strata manager, building manager, owner), phone number and email address.
• Property details — site address, building type and access information needed to perform an assessment.
• Engagement details — the nature of your enquiry, any existing roof condition information you share, and any documents you upload as part of an inspection.
• Website usage data — pages visited, referring site, device and browser type, approximate location (city level), collected via Google Analytics 4 for the sole purpose of improving the website.

We do not collect sensitive information (as defined under APP 3) unless it is necessary for a specific engagement, and where required we will request your express consent before collection.

Information is used exclusively to provide and improve our services. Specifically:

• To respond to enquiries and schedule independent roof condition assessments, insurance investigations and compliance reporting.
• To produce, review and deliver written inspection reports and capital works planning documents.
• To communicate with you about the progress of an engagement, follow-up advice and scheduled re-inspections under our Roof Guardianship program.
• To meet record-keeping, tax and insurance obligations applicable to a professional consultancy.
• To improve our website and content (aggregated analytics only — no individual tracking).

We do not sell personal information. We do not use your information for unrelated marketing purposes. We do not share enquiry data with roofing contractors, suppliers or any commission-linked third party.

Personal information may be disclosed only to the limited extent necessary to deliver the service you have engaged us for, including:

• Engaged service providers (e.g. drone operators or rope-access specialists) who attend a site under a contractual confidentiality obligation to SRM.
• Insurers, loss adjusters or tribunals where a report is commissioned specifically for an insurance claim or dispute and you have authorised that disclosure.
• Government authorities where legally compelled to do so (e.g. lawful subpoena, court order, statutory request).

We do not transfer personal information overseas without your knowledge, except where data is incidentally stored on Australian-region cloud services with appropriate contractual safeguards.

We take reasonable administrative, technical and physical safeguards to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Administrative safeguards

• Written confidentiality and data-handling obligations for every SRM employee, contractor and engaged service provider.
• Role-based access — only personnel directly involved in delivering your engagement can access your file.
• Periodic privacy and information-security training.
• A documented data-breach response process aligned to the Notifiable Data Breaches scheme under the Privacy Act.

Technical safeguards

• TLS encryption for all data in transit between your browser and our systems.
• Encrypted storage for files at rest within reputable Australian-region cloud providers.
• Multi-factor authentication on all administrative access to client data.
• Independent backups with retention limits aligned to legal and professional record-keeping obligations.

Physical safeguards

• Secure storage of any printed inspection materials at controlled-access premises.
• Secure destruction of any physical records when no longer required for legal or professional purposes.

Our website uses cookies and similar technologies to operate the site, remember your preferences and measure aggregated usage. We use Google Analytics 4 to understand how visitors interact with the site so that we can continually improve content and structure.

Google Analytics 4 collects anonymised usage data (pageviews, session duration, device class, approximate region) and does not identify individual visitors to SRM. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, or by disabling third-party cookies in your browser.

Most browsers allow you to view, manage, delete and block cookies for any website. Refer to your browser's documentation for instructions.

Under the Australian Privacy Principles you have the right to:

• Request access to the personal information we hold about you.
• Request correction of information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
• Request deletion of personal information that is no longer required to be retained for legal, professional or contractual reasons.
• Opt out of any future direct communications by contacting us using the details below.
• Make a complaint about how we have handled your personal information.

If you are not satisfied with our response to a complaint, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We retain personal information only for as long as is necessary to deliver the engaged service, satisfy our legal and professional record-keeping obligations (typically up to seven years for engagement records) and support any related insurance or dispute resolution process.

When information is no longer required, it is securely destroyed or permanently de-identified.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or services. The current version is always available on this page. The "Last updated" date at the top of the document indicates when the most recent revision was published.

For any privacy-related question, request or complaint, please contact: