Privacy Policy

Centaur Software

1.         About this Privacy Policy

1.1      Centaur Software Development Co Pty Ltd (ACN 057 620 390) (Centaur Software’) is committed to maintaining the security of personal information (‘Personal Information’) provided to us and providing a compliant and transparent approach to data protection.

1.2      When you share Personal Information with us, we treat it with care and take our responsibility to protect it seriously.

1.3      We adhere to the Australian Privacy Principles in the Privacy Act 1988 (Cth) (‘Privacy Act’), the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) and applicable State and Territory laws pertaining to health service providers and the handling of personal information and health records.

1.4      Please read this Privacy Policy carefully as it explains how Centaur Software collects, stores and uses your Personal Data in accordance with the EU General Data Protection Regulation (GDPR).

1.5      For the purposes of this Privacy Policy, any reference to “Centaur Software”, “we”, “our”, or “us” means Centaur Software Development Co Pty Ltd (ACN 057 620 390).

2.         About Centaur Software

2.1     Centaur Software is a leading Australian provider of practice management software and related hardware to our customers (‘Customers’). Our products and services include the supply of related imaging and photography devices and ongoing training and support services.

(collectively our ‘Services’)

2.1      Centaur Software is committed to maintaining high standards of data security. We comply with the applicable standards and obligations set out under the Privacy Act and the GDPR.

2.2      This Privacy Policy clearly describes our privacy practices and how we collect, use, process, and manage your Personal Information in relation to our business activities and the use of our website at www.centaursoftware.com.au.

2.3      By using our Services and our Website, you consent to the collection, processing, and management of Personal Information as described in this Privacy Policy.

 

3.         The types of Personal Information we collect

3.1      “Personal Information” is information or an opinion that can reasonably identify an individual.

3.2      We collect Personal Information for the primary purpose of supplying our Services, providing information to our Customers and marketing.

3.3      Centaur Software collects the following types of Personal Information:

(a)      Customers Personal Information such as your name and title, the name of your clinic or business, practitioner registration details, your address, phone number, email address, payment details such as your credit or debit card details and any other Personal Information required for us to provide you with our Services, communicate with you and to keep a record of your transactions.

(b)       Marketing Personal Information so that we can market our Website and our Services or that of third parties to you in accordance with your preferences. Before we share your Personal Information with any third party for marketing purposes, we will obtain your explicit consent.  You may also unsubscribe from our mailing list at any time by following the opt-out link on any message sent to you. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

3.4      We may collect Personal Information from you, including but not limited to, when you provide us with feedback, when you provide us with data about your business activities, a password when you register with us, when you change your content or email preferences, when you respond to our surveys and promotions, or when you communicate with our customer support.

3.5      Centaur Software may also collect any other type of Personal Information you provide to us while interacting with us through your use of our Website and the supply of our Services.

3.6      Some Centaur Applications/Services utilise the OAuth2  standard to allow our Customers to securely send emails via O365 and Google Mail. Only the senders email address and the refresh token, required for OAuth2, are stored within the local database and both are encrypted, secured, and not shared with anyone.  Our Customer has the option to delete their senders email address from the database.

 

4.       Sensitive Personal Information

4.1       As part of our Services, we process the Personal Information of patients uploaded by our Customers which may include health information, racial or ethnic origin data, and genetic data. This type of information is referred to in the Privacy Act and under the GDPR as sensitive information (‘Sensitive Data’).

4.2       The Personal Information of patients may include name, contact information (address, phone, email and SMS messaging), date of birth, patient details, treatment notes and records, health insurance details, Medicare numbers, accounting and payments details, images, and other health information submitted by Customers when using our Services.

4.3      Sensitive Data will only be used by us for the purpose of supplying our Services or where required or authorised by law.

4.4      It is the responsibility of Customers to ensure that they have obtained the explicit and informed consent (or rely on another legal basis) of patients including that of minors to use their Personal Information and Sensitive Data in the supply of our Services to Customers.

4.5      Where we process Sensitive Data, we use high-level data encryption and document protection on all such data.

 

5.       How we collect Personal Information

5.1      Centaur Software collects Personal Information from you in a variety of ways, including when you interact with us electronically or in person, when you access our Website and when we provide our Services to you.

5.2     We may also receive Personal Information from third parties. If we do, we will protect that Personal Information in accordance with this Privacy Policy.

 

6.       How we use your Personal Information

6.1      We use your Personal Information and you consent to us using your Personal Information to:

(a)       provide you with our Services;

(b)       administer our business activities;

(c)       process transactions involving our business and through our Website where you have purchased our Services.

(d)       manage, research and develop our Services including through data analytics;

(e)       provide you with information about our Services;

(f)        communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail;

(g)       to meet legal, regulatory and compliance obligations; and

(h)       investigate any complaints.

6.2      If you choose to withhold your Personal Information, it may not be possible for us to provide you with our Services or for you to access certain parts of our Website and for us to respond to your query.

 

7.       Sharing your Personal Information with third-parties

7.1      We will only process and share your Personal Information with third-parties for the purposes described in this Privacy Policy.

7.2      We may disclose your Personal Information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy or otherwise to government bodies that require us to report processing activities.

7.3      We may share your Personal Information with third-party service providers to help us provide our Services and to provide you with a payment platform.

7.4      When we disclose your data to third parties, we do so on the basis that your data is treated with confidence, and only is used for the limited purpose of providing support for our Services and in a manner consistent with this Privacy Policy.

7.5      If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our databases, together with any Personal Information and non-Personal Information contained in those databases.

 

8.         Legal basis in the European Union (EU) for the collection and processing of your Personal Data

8.1      “Personal Data” refers to any information relating to an identifiable natural person who can be identified directly or indirectly. This includes information such as your name, email address, and contact details.

8.2      The legal basis for collecting and processing your Personal Data will depend on how your Personal Data is being used and how it was collected.

8.3      When you engage our Services, we process Personal Data on your behalf as a Data Processor where you are the Data Controller and otherwise to the extent that we are a Data Controller as defined in the GDPR.

8.4      The legal basis that collect and process your Personal Data is based on the following:

(a)      Contractual basis. This legal basis applies to the collection or processing of Personal Data in order to fulfil or perform a contract with you, or to which you are a party.

(b)      Consensual basis. This applies where you have provided your consent to the collection or processing of Personal Data for a specific purpose (for example, to provide you with marketing updates). You can withdraw your consent at any time by updating your email preferences, opting-out, or by contacting us directly.

(c)       Legitimate interests. This applies where we have a legitimate interest to collect or process your Personal Data. For example, it may be to respond to an enquiry about our Services, or to improve our Services.

(d)      Legal obligations.  This applies where it is necessary to disclose your Personal Data to comply with a legal obligation.

8.5      Unless otherwise required by contractual obligation or any other legal basis, we only store your Personal Data while it remains necessary to fulfil the purpose for which it was collected, or if the purpose of the processing could not reasonably be fulfilled by other means. Periods of data retention will apply differently for each specific category of data.

8.6      When we use third-parties to process your Personal Information on our behalf, we ensure that the such Personal Information is pursuant to our documented instructions and in accordance with the legal basis for the processing.

8.7      We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.

 

9.         International Data Transfers

9.1      We may store, process and transfer your data, including your Personal Information in countries other than the country you live in. Data transfer may occur in and between countries outside of Australia which may include but are not limited to the United States and Europe provided these are countries that the European Commission has approved as providing an adequate level of protection for Personal Data.

9.2      As part of our obligations under the GDPR, we only transfer the data of individuals residing in the EU to countries outside of the EU with adequate privacy data laws or to a third party where we have approved transfer mechanisms in place to protect your Personal Data (by entering into the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield certified for data transfer to third parties based in the United States.

9.3      If the above safeguards do not apply, we will request your explicit consent to any transfers and you will have the right to withdraw this consent at any time.

 

10.      How we secure your Data and Data Breach

10.1   We are committed to ensuring that the data you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data and protect this data from misuse, interference, loss and unauthorised access, modification and disclosure.

10.2   A reportable “Data Breach” is a security incident where the integrity of Personal Information or Personal Data is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person where it is likely to result in serious harm to any individual affected.

10.3    We have procedures and systems in place including a data breach incident response plan, specific data breach policies and procedures and personnel to deal with an actual or suspected “Data Breach” and will notify you and the applicable regulator in accordance with our obligations under the NDB and GDRP.

10.4    Please report any actual or suspected breaches in relation to the supply of our Services for investigation to Centaur Software by using the Contact Us section provided on our Website.

 

11.      Data Access Request under the GDPR (Right of Access and Correction)

11.1    It is important that the Personal Data we hold is accurate and up to date. Please keep us informed of any changes to your data to ensure it is relevant, accurate, complete and current.

11.2    We comply with your rights under the GDPR (subject to the grounds set out in the GDPR and applicable law) that permit you:

(a)       to be informed as to how your Personal Data is being used;

(b)       to access your Personal Data and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Data in electronic format free of charge if requested);

(c)       to rectify your Personal Data if it is inaccurate or incomplete;

(d)       to erase your Personal Data (also known as ‘the right to be forgotten’) if you wish to delete or remove your Personal Data;

(e)       to restrict Data Processing of your Personal Data;

(f)        to retain and reuse your Personal Data for your own purposes (“Personal Data portability”);

(g)       to object to your Personal Data being used; and

(h)       to object against automated decision making and profiling.

11.3    You can contact us any time to exercise your rights under the GDPR including as to:

(a)       request access to Personal Data that we hold about you (“Data Access Request”);

(b)       to correct any Personal Data that we hold about you;

(c)       delete Personal Data that we hold about you; or

(d)       opt out of emails, marketing, and any other notifications that you receive from us.

11.4    We may ask you to verify your identity before acting on any of your requests. All Data Access Requests will be processed within one (1) month and will be provided in a digital format free of charge.

11.5    If you have any questions about the Company’s collection and storage of data, please Contact us using the contact details provided below.

 

12.      The types of non-Personal Information we collect

12.1   We collect non-Personal Data from you when you visit our Website or social media pages.

12.2   The information collected is generally anonymous traffic data and may include your IP address, browser type, device information, and language. The information that we collect is in aggregate form so that it cannot identify any individual user.

12.3   We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our Website to improve user experience, the supply of our Services and to analyse how our Website is used.

12.4   We also use cookies on our Website. Cookies are very small files on a website to identify visitors to our Website and to store details about the use of our Website. In addition, cookies may be used to serve relevant advertisements to website visitors through third party services such as Google AdWords.

 

13.      Access to and how you can control your Personal Information

13.1    You may request details of Personal Information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth).

13.2    If you would like a copy of your data or believe that your data is inaccurate, out of date, incomplete, irrelevant, please Contact us using the contact details provided below.

 

14.      Complaints about privacy

If you have any complaints about our privacy practices, please contact us and we will respond promptly to your notice.

 

15.      Changes to this Privacy Policy

We may modify this Privacy Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our Website.

 

16.      Our contact details

16.1    You can contact us:

(a)       using the support section provided on our website located at www.centaursoftware.com.au;

(b)       by telephone on 1300 855 966; or

(c)       by email at information@centaursoftware.com

16.2   Our Data Protection Officer can be contacted at information@centaursoftware.com

© 2020 Centaur Software Development Co Pty Ltd. ALL RIGHTS RESERVED.

Privacy Policy last updated 7 August 2018.