1. Scope and customer data

We handle personal information in accordance with applicable Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles where they apply.

A customer organisation decides which users may access its LeaseTrack workspace and what portfolio information is entered or imported. Where we handle personal information contained in that customer data, we generally do so to provide the service to the customer and in accordance with its authorised instructions. The customer remains responsible for ensuring it is permitted to provide that information to LeaseTrack.

This policy does not replace a customer's own privacy notices or obligations to its employees, contractors, customers or other individuals.

2. Personal information we collect

Depending on how you interact with us, we may collect:

LeaseTrack is not designed to collect sensitive personal information. Please do not enter sensitive information unless it is genuinely required, lawful and authorised by your organisation.

3. How we collect information

We may collect personal information:

4. Why we use personal information

We use personal information where reasonably necessary to:

If required information is not provided, we may be unable to create an account, deliver a requested feature, process billing or respond to a request.

5. When we disclose information

We may disclose personal information to:

We do not sell or rent personal information. We do not use customer portfolio data to build advertising profiles or permit third parties to advertise within LeaseTrack.

6. Overseas handling

LeaseTrack's primary application database is configured in Australia. Some providers may process or make information accessible from other countries, including the United States, for hosting, billing, authentication, support, security or operational purposes.

Where Australian privacy law applies to an overseas disclosure, we take reasonable steps appropriate to the circumstances to address the recipient's handling of the information. Provider locations and support arrangements can change; customers may contact us for current subprocessor information relevant to their review.

7. Security

We use administrative, technical and organisational measures designed to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. These measures are reviewed as the service develops and include controls over user access, customer separation, protected operations, monitoring and change management.

No online service can eliminate all risk. Customers are responsible for managing authorised users, maintaining the confidentiality of account credentials, reviewing access and avoiding unnecessary personal information in free-text fields or imports.

8. Data breaches

We maintain processes for assessing and responding to suspected data breaches. Where the Notifiable Data Breaches scheme applies and an eligible data breach occurs, we will notify affected individuals and the Office of the Australian Information Commissioner as required by law. Customer notification may also be governed by the applicable service agreement.

9. Retention, account closure and deletion

We retain personal information for as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining security and audit records, meeting contractual or legal obligations, resolving disputes and enforcing agreements.

Customer portfolio retention and offboarding are handled in accordance with the customer agreement, authorised customer instructions and applicable legal or records-management requirements. Depending on those requirements, information may be exported, archived, deleted or de-identified. Residual copies may remain temporarily in backups or logs until removed through ordinary retention cycles.

10. Access, correction and requests

You may request access to or correction of personal information we hold about you by contacting us. We may need to verify your identity and authority before acting. Where the information is customer-controlled workspace data, we may refer the request to, or coordinate with, the relevant customer organisation.

We will respond within a reasonable period and may refuse or limit a request where permitted by law, in which case we will explain the applicable reason where required. Requests to delete information are subject to lawful retention, security, audit and contractual requirements.

11. Service messages and direct marketing

We may send operational communications about accounts, billing, support, security and material service changes. These messages are necessary to manage the service and may continue while an account is active.

We may also send relevant product or commercial communications where permitted. You may opt out of marketing messages using the unsubscribe method provided or by contacting us. Opting out of marketing does not stop necessary service communications.

12. Cookies and local storage

LeaseTrack uses cookies, browser storage and similar technologies where needed for authentication, security, session continuity and user preferences. Standard server logs also record technical request information. The public website does not currently use third-party behavioural advertising cookies.

You can control cookies through your browser, but blocking essential storage may prevent sign-in or other application functions from working correctly.

13. Children

LeaseTrack is a business service and is not directed to children. Users must be authorised by a customer organisation and legally able to use the service.

14. Privacy complaints

If you have a privacy concern, contact us with enough detail for us to investigate. We will acknowledge and address the complaint within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.

15. Changes to this policy

We may update this policy to reflect changes to LeaseTrack, our providers or legal requirements. The effective date above identifies the current version. Where a change is material, we may also provide notice through the service or by email.

16. Contact

Privacy enquiries, requests and complaints may be sent to clientservices@commtrack.com.au. Please do not send passwords, authentication codes or unnecessary confidential portfolio information by email.