Privacy Policy
LeaseTrack is a CommTrack solution provided by CommTrack Pty Ltd (ABN 46 694 019 782). This policy explains how CommTrack Pty Ltd ("CommTrack", "we", "us" or "our") handles personal information in connection with the LeaseTrack website, application, customer onboarding, billing, support and related services.
1. Scope and customer data
We handle personal information in accordance with applicable Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles where they apply.
A customer organisation decides which users may access its LeaseTrack workspace and what portfolio information is entered or imported. Where we handle personal information contained in that customer data, we generally do so to provide the service to the customer and in accordance with its authorised instructions. The customer remains responsible for ensuring it is permitted to provide that information to LeaseTrack.
This policy does not replace a customer's own privacy notices or obligations to its employees, contractors, customers or other individuals.
2. Personal information we collect
Depending on how you interact with us, we may collect:
- Account and identity information, such as your name, work email address, organisation, role, user identifier and account status.
- Customer and portfolio information, such as entities, sites, lenders, finance agreements, funded assets, facilities, rates, repayment information, schedules, draft outputs, notes, imports and audit records. This information is usually commercial rather than personal, but may contain personal information where a customer or user includes it.
- Billing information, such as plan, customer, checkout, subscription and transaction metadata. Payment-card details are handled by our payment provider and are not stored directly by LeaseTrack.
- Communications, including sales enquiries, support requests, feedback and records of our correspondence.
- Technical and security information, such as IP address, browser and device information, authentication events, timestamps, request and diagnostic data, and activity needed to operate, secure and troubleshoot the service.
LeaseTrack is not designed to collect sensitive personal information. Please do not enter sensitive information unless it is genuinely required, lawful and authorised by your organisation.
3. How we collect information
We may collect personal information:
- directly from you when you contact us, create or use an account, request support or complete a transaction;
- from your organisation or its administrators when they invite you, manage access or provide customer data;
- from files and records that authorised users enter or import into LeaseTrack;
- automatically through the operation, security and logging of our website and application; and
- from service providers involved in authentication, hosting, billing, communications, security or support.
4. Why we use personal information
We use personal information where reasonably necessary to:
- provide, administer and support LeaseTrack;
- create accounts, authenticate users and enforce access permissions;
- process subscriptions, payments and account changes;
- import, store, organise, calculate, display and export customer-authorised portfolio data;
- respond to enquiries, provide support and communicate service or security information;
- monitor reliability, investigate errors, prevent misuse and respond to security incidents;
- maintain audit, compliance, financial and business records;
- improve the service using operational information and customer feedback; and
- comply with legal obligations and establish, exercise or defend legal rights.
If required information is not provided, we may be unable to create an account, deliver a requested feature, process billing or respond to a request.
5. When we disclose information
We may disclose personal information to:
- the customer organisation that manages your LeaseTrack workspace and its authorised administrators;
- service providers that support hosting, database, authentication, billing, communications, security, monitoring and professional services;
- our professional advisers, insurers, auditors and contractors where reasonably necessary and subject to appropriate obligations;
- government agencies, regulators, courts or other parties where required or authorised by law, or where reasonably necessary to protect rights, safety or the service; and
- a prospective purchaser or successor in connection with a genuine corporate transaction, subject to appropriate confidentiality arrangements.
We do not sell or rent personal information. We do not use customer portfolio data to build advertising profiles or permit third parties to advertise within LeaseTrack.
6. Overseas handling
LeaseTrack's primary application database is configured in Australia. Some providers may process or make information accessible from other countries, including the United States, for hosting, billing, authentication, support, security or operational purposes.
Where Australian privacy law applies to an overseas disclosure, we take reasonable steps appropriate to the circumstances to address the recipient's handling of the information. Provider locations and support arrangements can change; customers may contact us for current subprocessor information relevant to their review.
7. Security
We use administrative, technical and organisational measures designed to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. These measures are reviewed as the service develops and include controls over user access, customer separation, protected operations, monitoring and change management.
No online service can eliminate all risk. Customers are responsible for managing authorised users, maintaining the confidentiality of account credentials, reviewing access and avoiding unnecessary personal information in free-text fields or imports.
8. Data breaches
We maintain processes for assessing and responding to suspected data breaches. Where the Notifiable Data Breaches scheme applies and an eligible data breach occurs, we will notify affected individuals and the Office of the Australian Information Commissioner as required by law. Customer notification may also be governed by the applicable service agreement.
9. Retention, account closure and deletion
We retain personal information for as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining security and audit records, meeting contractual or legal obligations, resolving disputes and enforcing agreements.
Customer portfolio retention and offboarding are handled in accordance with the customer agreement, authorised customer instructions and applicable legal or records-management requirements. Depending on those requirements, information may be exported, archived, deleted or de-identified. Residual copies may remain temporarily in backups or logs until removed through ordinary retention cycles.
10. Access, correction and requests
You may request access to or correction of personal information we hold about you by contacting us. We may need to verify your identity and authority before acting. Where the information is customer-controlled workspace data, we may refer the request to, or coordinate with, the relevant customer organisation.
We will respond within a reasonable period and may refuse or limit a request where permitted by law, in which case we will explain the applicable reason where required. Requests to delete information are subject to lawful retention, security, audit and contractual requirements.
11. Service messages and direct marketing
We may send operational communications about accounts, billing, support, security and material service changes. These messages are necessary to manage the service and may continue while an account is active.
We may also send relevant product or commercial communications where permitted. You may opt out of marketing messages using the unsubscribe method provided or by contacting us. Opting out of marketing does not stop necessary service communications.
12. Cookies and local storage
LeaseTrack uses cookies, browser storage and similar technologies where needed for authentication, security, session continuity and user preferences. Standard server logs also record technical request information. The public website does not currently use third-party behavioural advertising cookies.
You can control cookies through your browser, but blocking essential storage may prevent sign-in or other application functions from working correctly.
13. Children
LeaseTrack is a business service and is not directed to children. Users must be authorised by a customer organisation and legally able to use the service.
14. Privacy complaints
If you have a privacy concern, contact us with enough detail for us to investigate. We will acknowledge and address the complaint within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.
15. Changes to this policy
We may update this policy to reflect changes to LeaseTrack, our providers or legal requirements. The effective date above identifies the current version. Where a change is material, we may also provide notice through the service or by email.
16. Contact
Privacy enquiries, requests and complaints may be sent to clientservices@commtrack.com.au. Please do not send passwords, authentication codes or unnecessary confidential portfolio information by email.