Privacy Policy
This Privacy Policy applies toall personal information collected by Online Safety Pty Ltd, trading asCtrl+Shft, ABN 64685286891, via the website located at www.ctrlshft.global and any related services globally.
1. Definition of "PersonalInformation"
(a) As defined under thePrivacy Act 1988 (Cth), "personal information" is data or opinionsabout an identifiable individual:
● (i) regardless of its truthfulness,and
● (ii) whether it is documented or not.
(b) “Personal information” alsoincludes similar definitions under GDPR (EU General Data ProtectionRegulation), UK GDPR, and relevant US privacy laws (e.g., CCPA) which may applybased on your location. Information that does not reveal your identity or makeyou identifiable typically does not qualify as personal information and is notcovered by this Privacy Policy.
2. What Information Do We Collect?
The type of personalinformation we collect depends on your use of our website and services. We maycollect, store, and process the following types of personal data:
● Identity Data: includes name, title,date of birth, gender.
● Contact Data: includes address,email, phone numbers.
● Financial Data: includes paymentdetails managed by third-party providers (see Section 3).
● Transaction Data: includes details ofpayments and services purchased.
● Technical Data: includes IP address,login data, browser type, location.
● Usage Data: includes informationabout how you use our website and services.
● Marketing Data: includes marketingpreferences and communication preferences.
3. How We Collect Your PersonalInformation
We collect personal informationthrough:
● Direct Interactions: When you providedata through forms, purchases, account creation, or correspondence.
● Automated Technologies: Throughcookies, server logs, and other tracking technologies (see our Cookie Policyfor details).
● Third-Party Sources: Throughpartnerships with service providers and, in some cases, analytics providers andadvertising networks. Third-party service providers may also collect data onstudents or users of our programmes to facilitate their participation andservice experience.
4. Payments and Financial DataSecurity
For your security, OnlineSafety Pty Ltd trading as Ctrl+Shft does not store or retain your credit cardor payment information. Payments for our services are securely managed bythird-party payment providers, Stripe and Commonwealth Bank, who comply withPCI-DSS (Payment Card Industry Data Security Standards) to ensure yourfinancial data is protected. All transactions are processed using encrypted,secure payment systems managed by these third-party providers.
5. Collection of Children'sInformation
Online Safety Pty Ltd tradingas Ctrl+Shft does not knowingly collect or store personal information fromchildren under 16 years of age without parental consent, except as permitted byrelevant privacy laws. Children under 16 may use our services only with thepermission and supervision of a parent or guardian, or if participating throughan approved school programme. If you believe we have inadvertently collecteddata from a child under 16, please contact us immediatelyat hello@ctrlshft.global.
6. Purpose of Collection andProcessing
Our primary purpose incollecting and processing personal information is to provide and improve ourservices, ensuring compliance with applicable laws, including GDPR, UK GDPR,CCPA, and other relevant regulations. Legal bases for processing include:
● Performance of a Contract: To provideour services, products, and customer support.
● Legitimate Business Interests: Whereit does not override your rights and interests.
● Legal Obligations: To comply withlegal requirements.
● Consent: Where you have givenspecific consent, especially in cases of third-party marketing communications.
7. Legal Rights Under GDPR, UK GDPR,and US Privacy Laws
If you are located in the UK,EEA, or US, you have specific rights under applicable privacy laws:
● Access: Right to request access toyour personal data.
● Correction: Right to requestcorrection of your personal data.
● Erasure: Right to request deletion ofyour data under certain conditions.
● Restriction: Right to restrictprocessing under certain conditions.
● Data Portability: Right to receive acopy of your data in a structured format.
● Objection: Right to object toprocessing based on legitimate interests or direct marketing.
To exercise any of theserights, please contact us via hello@ctrlshft.global. We respond to allrequests in accordance with the applicable laws.
8. International Transfers ofPersonal Data
Your personal information maybe transferred to and stored in countries outside your own, includingAustralia, the United States, the UK, and the European Union. Where we transferdata internationally, we ensure that:
● Transfers to countries outside the UKor EEA have adequate protection, including the use of standard contractualclauses.
● Our data processing agreements complywith GDPR, UK GDPR, and other international standards.
Please contact us for moredetails on the specific mechanisms we use for transferring personal data.
9. Data Security
We use robust security measuresto protect your personal data from unauthorised access, alteration, disclosure,or destruction, including:
● Encryption: We encrypt data both intransit and at rest using industry standards.
● Access Controls: Access to personaldata is restricted to authorised personnel only.
● Data Breach Protocols: We haveprocedures in place for detecting, reporting, and managing data breaches andwill notify you and relevant regulatory bodies where legally required.
10. Retention of Personal Data
We retain personal informationonly as long as necessary to fulfil the purposes for which it was collected,including for legal, accounting, or reporting requirements. Retention periodsvary depending on the type of data and applicable regulations.
11. Third-Party Service Providers
Ctrl+Shft partners withthird-party vendors, including learning management systems and analyticsproviders, who process personal data to facilitate our services. Third-partyservice providers are contractually obligated to protect the confidentialityand security of personal data and may only process data following ourinstructions.
12. Cookies and Tracking Technologies
We use cookies and similartracking technologies to enhance user experience, analyse website traffic, andpersonalise content.
13. Direct Marketing andCommunication Preferences
We may use your contactinformation to send marketing materials that we believe may interest you. Inaccordance with GDPR, UK GDPR, and CCPA:
● You have the right to opt out ofreceiving marketing communications.
● We will obtain your consent for anydirect marketing communications by third parties.
● To unsubscribe, follow theinstructions in our communications or contact us directly.
14. Your Rights and Choices UnderCCPA (for California Residents)
If you are a resident ofCalifornia, under the California Consumer Privacy Act (CCPA), you have specificrights regarding your personal information, including:
● The right to know what personalinformation we collect about you.
● The right to request deletion of yourpersonal information, subject to certain conditions.
● The right to opt out of the sale ofpersonal information, where applicable.
15. Data Subject Requests
In compliance with GDPR, UKGDPR, CCPA, and other global privacy standards, we provide means forindividuals to access, correct, or delete their personal data. To make arequest, contact us at hello@ctrlshft.global.
16. Updates to This Privacy Policy
We regularly review and updateour Privacy Policy. Changes will be posted on our website, and wheresignificant, please check back to this page regularly for any changes.
17. How to Contact Us About Privacy
For questions, requests, orcomplaints regarding this Privacy Policy or our data practices, please contactus at hello@ctrlshft.global.