Incident Response & Breach Notification Policy

Effective Date: [01/10/2025]

1. Purpose

This policy sets out how Revuva will respond to data security incidents and comply with the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme.

2. Detection & Response

• Revuva monitors its systems for unusual activity, suspected unauthorised access, or data integrity issues.
  
  
  

• Security incidents will be logged and investigated promptly by our internal team.
  
  
  

3. Notification

• If an incident is likely to result in serious harm to individuals, Revuva will notify affected customers and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and within the timeframes required by law.
  
  
  

• Notifications will describe:
  
  
  

  • the nature of the breach
    
    
    

  • types of data involved
    
    
    

  • steps taken or recommended to mitigate harm
    
    
    

4. Customer Duties

Clients must notify Revuva promptly of any suspected misuse, unauthorised disclosure, or security issue relating to their account or customer data.