Cybersecurity and Information Security Policy

Last Updated: 20 October 2025

This Cybersecurity and Information Security Policy outlines how The Groove Man (“we,” “us,” “our”) protects the confidentiality, integrity, and availability of data collected through our website https://thegrooveman.com (the “Site”) and our associated systems. It should be read alongside our Privacy Policy and Data Retention Policy.

1. Purpose

The purpose of this policy is to safeguard personal, financial, and business information against unauthorised access, misuse, disclosure, alteration, or destruction. We are committed to maintaining secure systems and promoting safe online practices for all customers, staff, and partners.

2. Scope

This policy applies to all data handled by The Groove Man, including customer records, payment details, and business correspondence, whether stored electronically or in paper form.

3. Security Measures

We take reasonable technical and organisational measures to protect information, including:

  • Encryption: All transactions and sensitive data transfers are encrypted using SSL/TLS protocols.
  • Access Control: Staff access to systems and data is limited to authorised personnel who require it for their role.
  • Secure Hosting: Our website is hosted on Shopify, which maintains PCI DSS compliance and advanced security infrastructure.
  • Regular Monitoring: We review system logs and monitor for unauthorised access attempts or suspicious activity.
  • Malware Protection: All connected systems and devices are protected with regularly updated anti-malware software.
  • Secure Backups: Data is backed up periodically to ensure continuity and rapid recovery in the event of system failure.

4. Payment Security

We do not store full credit card or payment details. All payments are processed securely via third-party gateways such as Shopify Payments, PayPal, and Afterpay, which comply with PCI DSS (Payment Card Industry Data Security Standard).

5. Staff Awareness and Training

All staff are trained in basic cybersecurity hygiene, including password management, identifying phishing emails, and responsible handling of customer information.

6. Incident Response

In the event of a suspected data breach, we will:

  1. Investigate and contain the incident immediately.
  2. Notify affected individuals and relevant authorities as required under the Australian Privacy Act 1988 (Cth) and the Notifiable Data Breaches Scheme.
  3. Review systems and implement corrective measures to prevent recurrence.

7. Customer Responsibilities

Customers are encouraged to take reasonable precautions when using our Site, such as keeping login credentials confidential, using secure passwords, and avoiding shared devices when entering payment details.

8. Third-Party Services

We work with reputable service providers (e.g., Shopify, Google, Meta) that maintain strong data security standards. While we monitor third-party compliance, we cannot control their individual security measures or systems.

9. Policy Review

This policy is reviewed annually or when significant changes occur in our business operations, legal obligations, or technology environment.

10. Contact Us

If you have any questions or concerns about our cybersecurity or information security practices, please contact:

The Groove Man
23 Arthur Terrace, Red Hill, QLD 4059, Australia
Email: info@thegrooveman.com
Phone: 0468 474 556
ABN: 36 672 060 259

Discover Audio Gear