Cru Software Privacy
At Cru Software, we take your privacy seriously. This Privacy Policy is intended to provide you with a clear understanding of how we handle your information, what choices you have regarding the collection and use of your data, and how you can contact us if you have any questions or concerns.
Please take a moment to review the following information.
Cru Software Privacy Policy
This page relates to your personal information, collected by Cru Software as part of any Subscriber sign up process and your use of Cru Software services, and held by Cru Software as part of our day-to-day business dealings with you. Some of the personal information that Cru Software holds may be the same information as that which you enter in a Cru Software database, however our information is not collected only from that source. Only you and your nominated representatives (which explicitly includes Cru Software employees) have access to your financial database under normal operational circumstances with the exception of summarised (anonymous) industry wide benchmarking information for use in our research department (which will not have enough detail to identify underlying individuals or individual businesses under any circumstances) and associated research subscribers.
This Privacy Policy sets out the approach which Cru Software will take in relation to the treatment of Personal Information. It includes information on how Cru Software collects, uses, discloses and keeps secure, individuals’ personal information. It also covers how Cru Software makes the personal information it holds available for access to and correction by the individual.
This policy has been drafted having regard to Cru Software’s obligations under the Privacy Act 1988 (including the National Privacy Principles) (the Privacy Act) as well as the European Union’s General Data Protection Regulation.
This policy is a public document and has been prepared in light of National Privacy Principle 5, Openness.
1. Collection
Cru Software (”we”, “our”) provides services and products in a variety of industries. Part of this service provision requires us to protect your privacy. From 21 December 2001 the Commonwealth Privacy Act contains new sections that we are bound by. They concern a number of principles in relation to the protection of your personal information and in how we must deal with our customers in relation to this information. Personal information held by Cru Software may include your name, current and previous addresses, telephone/mobile numbers, e-mail address, bank account and credit card details, details of your services and information we require to perform our services for you.
Sensitive personal financial information entered into any of Cru Software’s products, will not be used or disclosed by Cru Software except as authorised by you to perform our services for you and to provide summarised anonymous benchmarking data across all our clients. Access to this information by your professional advisors or other representatives can only be granted by you. Should you choose not to provide personal information we may not be able to provide you with the services you require or at a sufficient level
that we regard as important for performing at best practice and as such we reserve the right to terminate the supply of this service to you.
1.1 Cru Software will only collect Personal Information where the information is necessary for Cru Software to perform one or more of its functions or activities. In this context, “collect” means gather, acquire or obtainby any means, information in circumstances where the individual is identifiable or identified.
1.2 Cru Software collects Personal Information primarily to supply individuals who obtain Cru Software products and services directly from Cru Software with information and details of it’s products and services. Cru Software also collects and uses Personal Information for secondary purposes including: provision of products and services; accounting purposes; business planning and product development; marketing and the personalisation of website experiences.
1.3 Cru Software will notify individuals (including, but not limited to, our customers) of the matters listed below at the time of collecting any Personal Information (either via a simple confirmation or Cru Software’s acceptance of the submitted information): the main reason that we are collecting Personal Information (this reason will be the Primary Purpose); other related Uses or Disclosures that we may make of the Personal Information (Secondary Purposes); our identity and how individuals can contact us, if this is not obvious; that individuals can access the Personal Information that Cru Software holds about them; that individuals should contact Cru Software if they wish to access or correct Personal Information collected by us or have any concerns in relation to Personal Information; the organisations or types of organisations to whom we usually Disclose the Personal Information; where applicable, any law that requires the Personal Information to be collected; the consequences (if any) for the individual if all or part of the Personal Information is not provided to Cru Software.
1.4 Where it is not practicable for Cru Software to notify individuals of all of the Collection Information before the collection of Personal Information, Cru Software will ensure that individuals are notified of the Collection Information as soon as possible after the collection. Cru Software will provide “post collection notification” in those circumstances where it is not practicable to notify individuals about the collection of their personal information before it is collected.
1.5 Cru Software will not collect Sensitive Information from individuals except with express consent from the individual and only where it is necessary for Cru Software to collect such information for an activity or function.
1.6 Cru Software will not collect Personal Information secretly or in an underhanded way.
2. Use
2.1 Cru Software will obtain an individual’s consent for Use of non-sensitive Personal Information for Secondary Purposes at the time of collection, unless the Use is a related Secondary Purpose which would be within the relevant individual’s Reasonable Expectations.
2.2 Cru Software Uses Personal Information primarily for the purposes listed in 1.2 above.
2.3 If Cru Software relies on the Direct Marketing exception to Direct Market to individuals it will ensure that: individuals are clearly notified of their right to Opt Out from further Direct Marketing; and if the individual Opts Out of all Direct Marketing the Opt Out will be respected by Cru Software and implemented free of charge.
2.4 Cru Software will not use Sensitive Information for Direct Marketing.
2.5 Cru Software may use Personal Information to avoid an imminent threat to a person’s life or to public safety. It may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities.
2.6 Cru Software will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.
2.7 Cru Software will not attempt to match de-identified or anonymous data collected through surveys or such online devices as “cookies”, with information identifying an individual, without the consent of the relevant individual.
3. Disclosure
3.1 Cru Software may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual.
3.2 Cru Software may Disclose Personal Information to unrelated third parties to enable outsourcing of functions where that Disclosure or Use is for a related Secondary Purpose and has been notified to individuals or where such Disclosure is within the individual’s Reasonable Expectations.
3.3 Cru Software will take reasonable steps to ensure that its contracts with third parties include requirements for third parties to comply with the Use and Disclosure requirements of the Privacy Act.
3.4 In the rare event that Cru Software is required to disclose Personal Information to law enforcement agencies, government agencies or external advisors Cru Software will only do so in accordance with the Privacy Act or any other relevant Australian legislation.
3.5 Cru Software may Disclose Personal Information to avoid an imminent threat to a person’s life or to public safety.
3.6 If a Disclosure is not for a Primary Purpose; is not for a related Secondary Purpose; or upfront consent has not been obtained, Cru Software will not Disclose Personal Information otherwise than in accordance with the exceptions set out at 3.1 to 3.6 above.
3.7 Cru Software does not generally share its customer lists on a commercial basis with third parties but if it did, it would only do so if we had the appropriate consent of the individual involved.
4. Remarketing
4.1 Cru Software also uses 3rd party vendor re-marketing tracking cookies, including the Google Adwords, Facebook, LinkedIn and other tracking cookies. This means we will continue to show ads to you across the internet, specifically on the Google Content Network (GCN) or other related networks. As always we respect your privacy and are not collecting any identifiable information through the use of Google’s or any other 3rd party remarketing system.
4.2 The third-party vendors, including Google, whose services we use – will place cookies on web browsers in order to serve ads based on past visits to our website. – Third party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website. This allows us to make special offers and continue to market our services to those who have shown interest in our service
5. Information Quality
5.1 Cru Software will review, on a regular and ongoing basis, its collection and storage practices to ascertain how improvements to accuracy can be achieved.
5.2 If required, Cru Software will take steps to destroy or de-identify Personal Information after as short a time as possible and after a maximum of seven years, unless the law requires otherwise.
6. Information Security
6.1 Cru Software requires employees and contractors to perform their duties in a manner that is consistent with Cru Software’s legal responsibilities in relation to privacy.
6.2 Cru Software will take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by people within Cru Software who have a genuine “need to know” as well as “right to know”.
6.3 Cru Software will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities can be achieved and maintained.
7. Access and Correction
7.1 Cru Software will allow its records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
7.2 Cru Software will correct its records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
7.3 Individuals wishing to lodge a request to access and/or correct their Personal Information should do so by contacting Cru Software, as per the details in this document.
7.4 Cru Software will not normally charge a fee for processing an access request unless the request is complex or is resource intensive.
7.5 Cru Software will provide you with the “right to be forgotten”. If you wish to have your details deleted, please contact Cru Software to arrange deletion of your user data as per the below contact information.
8. Openness
8.1 Contact with Cru Software via phone or web inquiry will be the first point of contact for inquiries about privacy issues.
8.2 Any formal privacy related complaints should be directed in writing to the Cru Software Level 5, Transport House, 230 Brunswick Street, Fortitude Valley, 4006, Australia.
8.3 Cru Software will endeavour to manage any privacy related complaint efficiently and in a timely manner.
8.4 Cru Software websites will contain a prominently displayed privacy statement and will include a copy of this Cru Software Privacy Policy.
9. Anonymous Transactions
9.1 Cru Software will not make it mandatory for visitors to its websites to provide Personal Information unless such Personal Information is required to answer an inquiry or provide a service. Cru Software may however request visitors to provide Personal Information voluntarily to Cru Software (for example, as part of a competition or questionnaire).
9.2 Cru Software will allow its customers to transact with it anonymously wherever that is reasonable and practicable.
10. Transferring personal information overseas
10.1 Cru Software generally does not send information overseas.
10.2 If Personal Information must be sent by Cru Software overseas for sound business reasons, Cru Software will require the overseas organisation receiving the information to agree that it will handle that information in accordance with the National Privacy Principles, preferably as part of the services contract.
11. Glossary
Collection Information means the information outlined in 1.3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information.
Direct Marketing means the marketing of goods or services through means of communication including written, verbal or electronic means. The goods or services which are marketed may be those of Cru Software or a Related Body Corporate or those of an independent third party organisation.
Disclosure generally means the release of information outside Cru Software, including under a contract to
carry out an “outsourced function”.
Health Information means information or an opinion about:
the health or a disability (at any time) of an individual; or
an individual’s expressed wishes about the future provision of health services to them; or
a health service provided or to be provided to an individual; that is also personal information; or
other personal information collected to provide or in providing a health service; or
other personal information about an individual collected in connection with the donation; or
intended donation by the individual of their body parts or body substances. Opt Out means an individual’s
expressed request not to receive further Direct Marketing.
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.
Reasonable Expectation means a reasonable individual’s expectation that their personal information might be Used or Disclosed for the particular purpose.
Sensitive Information means:
information or an opinion about an Individual’s: racial or ethnic origin; or
membership of a political association; or
religious beliefs or affiliations; or philosophical beliefs; or
membership of a professional or trade association; or
membership of a trade union; or
sexual preferences or practices; or
criminal record; that is also personal information: or Health Information about an individual; or Use means the handling of Personal Information within Cru Software.
Contacting Cru Software
If you require further information regarding Cru Software’s Privacy Policy, contact us. Telephone: +61 7 3252 0810 Level 5, Transport House, 230 Brunswick St, Fortitude Valley, 4006, Australia.