Terms & Conditions for IT Consulting | Vrbas IT

Terms and Conditions

Effective Date: 17/02/2026

Business Name: Vrbas IT Pty Ltd

ABN: 35 641 914 409

Website: https://www.vrbasit.com.au

1. Introduction

These Terms and Conditions govern the provision of services by Vrbas IT Pty Ltd (Vrbas IT, we, us, our) to the Client (you, your). By engaging our services, signing a proposal, or making payment, you agree to be bound by these Terms.

2. Services

Vrbas IT provides IT support, server and network configuration, Microsoft 365 administration, cybersecurity services, WordPress website development, SEO services, Google Ads management, CRM integrations, and project consulting. The specific scope of services is defined in the applicable proposal or Statement of Work.

3. Engagement Term

Unless otherwise agreed in writing, services are provided on a month-to-month basis. Either party may terminate the agreement by providing 30 days written notice. Fixed-term agreements must be documented in writing.

4. Fees and Payment

Fees are outlined in the approved proposal or invoice. Ongoing services may be billed monthly in advance. Project work may require milestone payments. Invoices are payable within the timeframe specified. Late payments may result in service suspension or recovery action.

5. Client Responsibilities

The Client must provide accurate information, timely access to systems, hosting, credentials, and approvals. The Client is responsible for maintaining backups unless otherwise agreed in writing.

6. Changes to Scope

Any variation to scope must be agreed in writing. Additional work outside the agreed scope may be charged at agreed hourly rates or via revised proposal.

7. Intellectual Property

Each party retains ownership of its pre-existing intellectual property. Upon full payment, the Client receives ownership of custom deliverables created specifically for them. Third-party software remains subject to its own licence terms.

8. Confidentiality

Both parties agree to keep confidential information secure and not disclose it except as required to deliver services or by law. This obligation survives termination.

9. Privacy and Data Protection

Vrbas IT complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles. Personal information is handled in accordance with the published Privacy Policy.

10. Service Limitations

Vrbas IT does not guarantee uninterrupted service availability, specific SEO rankings, advertising performance outcomes, or third-party platform uptime.

11. Limitation of Liability

To the maximum extent permitted by law, Vrbas IT’s liability is limited to the fees paid for the relevant service in the preceding three months. Vrbas IT is not liable for indirect or consequential loss.

12. Suspension

Services may be suspended if payments are overdue, the Client breaches these Terms, or continued service presents legal or security risk.

13. Dispute Resolution

The parties agree to attempt resolution in good faith prior to commencing legal proceedings.

14. Governing Law

These Terms are governed by the laws of Victoria, Australia.

15. Amendments

Vrbas IT may update these Terms from time to time. Updated Terms will be published on the website.

———————————————————————————————————————

Data Processing & Security Addendum (DPA)

Effective Date: 17/02/2026

Parties: Vrbas IT Pty Ltd (Service Provider) and the Client identified in the applicable Services Agreement (Client).

This Addendum forms part of the Services Agreement between the parties.

1. Purpose and Scope

This Addendum governs the processing of Personal Information by Vrbas IT on behalf of the Client in connection with the provision of services. Where there is inconsistency between this Addendum and the Services Agreement, this Addendum prevails in relation to data protection and security obligations.

2. Definitions

Personal Information has the meaning given in the Privacy Act 1988 (Cth). Sensitive Information includes health information and other information defined as sensitive under Australian law. Data Breach means unauthorised access, disclosure, loss, or alteration of Personal Information. Sub-Processor means any third party engaged by Vrbas IT to process Personal Information.

3. Roles of the Parties

Unless otherwise agreed in writing, the Client is the Data Controller and Vrbas IT acts as a Data Processor. The Client determines the purpose and means of processing Personal Information. Vrbas IT processes Personal Information solely to deliver the agreed services.

4. Processing Obligations

Vrbas IT agrees to process Personal Information only on documented instructions from the Client; ensure compliance with the Privacy Act and Australian Privacy Principles; not use Personal Information for unrelated purposes; implement appropriate technical and organisational controls; and ensure personnel are bound by confidentiality obligations.

5. Categories of Data Processed

Depending on scope, data may include names, contact details, CRM records, IT logs, financial records, and where applicable, health or NDIS participant data. Processing may include system configuration, hosting, security monitoring, cloud migration, CRM automation, and analytics reporting.

6. Security Measures

Technical controls may include role-based access, multi-factor authentication, encrypted communications, secure cloud infrastructure, endpoint protection, and firewall segmentation. Organisational controls include confidentiality agreements, least-privilege access, incident response procedures, and system patch management.

7. Sub-Processors

Vrbas IT may engage reputable Sub-Processors such as cloud hosting providers, Microsoft 365, Google services, CRM platforms, and marketing automation tools. Vrbas IT remains responsible for their performance. Some providers may store data outside Australia.

8. Data Breach Management

Vrbas IT will notify the Client without undue delay of any suspected or confirmed Data Breach affecting Client data, provide relevant information, cooperate in remediation, and support compliance with the Notifiable Data Breaches scheme.

9. Data Retention and Deletion

Upon termination, Vrbas IT will return or securely delete Personal Information subject to legal retention requirements. Backup retention may apply for limited periods consistent with system architecture.

10. Audit and Assurance

The Client may request reasonable information regarding security controls. Formal audits require reasonable notice and must not disrupt operations. Confidentiality applies to audit findings.

11. High-Risk or Sensitive Data

Where services involve NDIS, healthcare, financial compliance, or government-related data, additional safeguards such as enhanced encryption, data segregation, or restricted access may be implemented as defined in the Statement of Work.

12. Limitation of Liability

Liability relating to data protection is subject to the limitation clauses in the Services Agreement, except where prohibited by law. Statutory rights under Australian law are not excluded.

13. Survival

Obligations relating to confidentiality, data protection, and security survive termination of the Services Agreement.