A. COMMITMENT TO PRIVACY
CTARS Pty Limited (ACN 603 816 593), its subsidiaries and affiliates in Australia (collectively referred to as CTARS) are committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and in accordance with other applicable privacy laws.
Under the Privacy Act, personal information is broadly defined. In simple terms it means any information about an individual (i.e. a natural person) who can be identified from the information, whether the information is true or not and whether recorded in a material form or not.
B. ABOUT CTARS
CTARS is an Australian software company that develops Client Management Systems for providers of services in relation to NDIS, Disability Services, Out of Home Care, and Children’s Services. In this policy, ‘subscribers‘ means the service providers to which CTARS provides these services, and where relevant their personnel who engage with CTARS.
C. EMPLOYEE RECORDS EXEMPTION
This policy, other than this paragraph C, does not apply to personal information held by the Group relating to the employment of a current or former employee (employee records).
We collect information in relation to applicants as part of their application and from employees during the course of their employment, either from them or in some cases from third parties such as recruitment agencies. Under the Privacy Act, employee records may be held, used or disclosed in any way that is directly connected to the employment relationship. We handle employee records in accordance with legal requirements and our applicable policies in force from time to time.
D. WHAT INFORMATION DOES CTARS COLLECT ABOUT YOU?
1. SUBSCRIBERS AND PROSPECTIVE SUBSCRIBERS
When you enquire about our services or when you become a subscriber of CTARS, a record is made which includes your personal information.
The type of personal information will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
a. Your name, e-mail, postal address and other contact details;
b. Information about your employer or an organisation you represent;
c. Your professional details;
d. Any additional personal information you provide to us, or authorise us to collect, as part of your interaction with CTARS
2. OTHER INDIVIDUALS
CTARS may collect personal information about other individuals who are not subscribers of CTARS. This includes customers and members of the public who participate in events we are involved with.
The service CTARS offers to its subscribers, allows those subscribers to hold information about their clients – the individuals to whom they provide services. Where any such information is held on CTARS equipment, it is held solely for the purposes of our subscriber. CTARS does not use individual client records for any purpose. Individual client records would be accessed solely on behalf of our subscribers that are responsible for those records, for example to provide support or service assurance.
The types of personal information held for CTARS’ subscribers will depend on the services being provided and the purposes for which our subscribers use our services. For example, for some health records, our subscribers will store personal information relating to the parties involved (which may include records as to children). All CTARS employees are validated by the NSW State Government for working with children.
CTARS will sometimes need to collect personal information about individuals who are representatives of the subscribers and other organisations receiving CTARS services (such as business contact details).
3. WEBSITE VISITORS
The way in which we handle the personal information of visitors to our websites is discussed below.
E. HOW AND WHY DOES CTARS COLLECT AND USE YOUR PERSONAL INFORMATION?
CTARS collects personal information reasonably necessary to carry out our business, to assess and manage our subscribers’ needs, and provide services including the provision of client management software and related services. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing client relationships.
This may be done verbally (e.g. in person or over the telephone), in writing (e.g. by letter, fax, email, application or other form) or through contact forms via our websites.
In circumstances where it is not practicable to collect the information directly from the individual, CTARS may collect the information via third parties. This may occur, for example:
1. from other agents and contractors who work with CTARS; or
2. from publicly available information and databases.
From time to time, CTARS may include links on its website to the websites of other organisations. CTARS is not responsible for the content or privacy practices of those other websites or organisations.
Personal information received by CTARS is held securely, either in electronic files on CTARS controlled computer systems or in physical files held on CTARS premises.
However, some contact information about subscribers and potential subscribers is held by external contractors which provide email management services. This information is used to provide Information about CTARS’ services.
F. HOW DOES CTARS INTERACT WITH YOU VIA THE INTERNET?
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
CTARS’s websites may contain links to third-party websites. CTARS is not responsible for the content or privacy practices of websites that are linked to our website.
G. HOW DOES CTARS HOLD INFORMATION?
CTARS stores information predominantly in electronic form. All personal information about clients of CTARS’ subscribers is held in CTARS owned computer systems in Australia and in Australian based systems hosted by reputable cloud service providers. Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
CTARS maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, eg, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
CTARS uses service providers in the United States of America to distribute release notes to our subscribers and also to manage email distribution lists to potential subscribers..
We take steps to destroy or de-identify information that we no longer require.
H. HOW DOES CTARS USE AND DISCLOSURE YOUR PERSONAL INFORMATION?
CTARS may disclose personal information to third parties – for example, to our contractors and subscribers – for the purpose for which the information was collected or related purposes (such as to provide a requested service). Any cloud storage services are obtained on the basis that data is held solely for CTARS.
Personal information may also be disclosed to advisers (including but not limited to solicitors), government and statutory bodies, and to third party contractors engaged by CTARS (e.g. printing and mailing services, payroll and accounting services, information technology, marketing).
Personal information may be shared among members of the CTARS Group of companies (both within and outside Australia) where necessary for our purposes.
Where we disclose personal information to another party, we will require the third party to use the personal information only for the specific purposes for which we supply the information.
I. SAFEGUARDING YOUR PERSONAL INFORMATION
CTARS has technological and operational processes and procedures in place to protect personal information from misuse, interference and loss, unauthorised access, modification and disclosure.
J. HOW CAN YOU ACCESS OR SEEK CORRECTION OF YOUR PERSONAL INFORMATION?
You are entitled to access your personal information held by CTARS on request. To request access to your personal information please contact our Privacy Officer using the contact details set out below.
You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
K. HOW CAN YOU CONTACT CTARS
By telephone: 1300 282 777
By letter to: The Privacy Officer, Ctars.com.au, PO Box 6688 Rouse Hill, NSW, 2155
By email: email@example.com
CTARS will respond to a request for access or correction, or a complaint or query within a reasonable period of time. We may need to request more information from you to investigate a complaint.
Where we refuse access, we will where possible provide you with a written notice setting out our reasons for the refusal and the avenues for complaint about the refusal.
EFFECTIVE 25 August 2020