Privacy Policy

STLP CONSULTINGPTY LTD (ACN 128 389 408) trading as Castlepoint Systems and our related companies (“Castlepoint Systems Pty Ltd”, “Castlepoint Systems”, “Castlepoint, “we”, “our” or “us”) is committed to protecting personal information and handling data transparently, securely and responsibly.

This Privacy Policy explains how we collect, use, disclose and store personal information when individuals interact with our website, products, services, events, communications and business activities.

This policy is intended to support compliance with applicable privacy and data protection obligations, including the Australian Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020, the UK General Data Protection Regulation (UK GDPR), the UK Privacy and Electronic Communications Regulations (PECR), and Singapore’s Personal Data Protection Act 2012 (PDPA).

1. What information we collect

Castlepoint may collect personal information including:

  • name
  • business or organisation name
  • job title
  • email address
  • phone number
  • company details
  • event attendance information
  • communication preferences
  • enquiry or support information
  • information submitted through forms, downloads or correspondence
  • business relationship information
  • technical and usage information relating to website interactions

We may also collect limited technical information automatically through our website and systems, including:

  • IP address
  • browser type
  • device information
  • approximate geolocation information
  • pages visited
  • website interactions and engagement data
  • referral sources
  • communication interaction data

2. How we collect information

Castlepoint may collect personal information:

  • directly through website forms, enquiries and downloads
  • when individuals subscribe to communications or updates
  • through business interactions and meetings
  • through events, sponsorships and industry partnerships
  • from event organisers where attendees have consented to information sharing or where lawful business communication permissions apply
  • through communications with Castlepoint representatives
  • through cookies, analytics tools and website technologies
  • through CRM and business development systems

Website form submissions and marketing preferences are managed through Castlepoint systems and CRM platforms, including Freshsales.

3. Why we collect and use information

Castlepoint may collect, use and process personal information to:

  • respond to enquiries and requests
  • provide products and services
  • manage customer and business relationships
  • send updates, insights, publications, event invitations and marketing communications
  • provide downloadable resources and content
  • improve our website, communications and services
  • manage events, registrations and sponsorship activities
  • maintain security and operational integrity
  • support sales, marketing and business development activities
  • comply with legal and regulatory obligations

Where required under applicable law, Castlepoint relies on lawful bases for processing personal information including:

  • consent
  • legitimate business interests
  • contractual necessity
  • legal and regulatory obligations

Castlepoint may also rely on inferred consent or legitimate business interests where permitted by applicable laws, including where individuals have engaged with Castlepoint in a professional or business capacity In Australia and other jurisdictions where permitted, Castlepoint may rely on legitimate business interests or implied consent where individuals have engaged with Castlepoint in a professional or business capacity. In the United Kingdom, European Union, and other jurisdictions where applicable, Castlepoint will only rely on a valid lawful basis under the UK GDPR or equivalent law, including explicit consent where required..

4. Marketing communications

Castlepoint may send communications relating to:

  • products and services
  • company updates
  • insights and publications
  • webinars and events
  • industry news and announcements

Marketing communications may be sent to individuals who:

  • have subscribed through Castlepoint website forms or downloadable resources
  • have opted in to receive communications
  • have engaged with Castlepoint representatives, products or services
  • have attended Castlepoint events, sponsored sessions or partner events
  • have provided information through event organisers, sponsorship arrangements or commercially supplied attendee lists where appropriate consent or lawful business communication permissions applyhas been obtained. Castlepoint does not rely on commercially supplied attendee lists to market to individuals located in the United Kingdom or European Union.

In Australia, New Zealand and other jurisdictions where permitted, Castlepoint may also rely on inferred consent or legitimate business interests where permitted under applicable laws, including where individuals have engaged with Castlepoint in a business or professional capacity. Marketing communications to individuals in the United Kingdom or European Union will be sent on the basis of explicit consent or another lawful basis under the UK GDPR.

Individuals may opt out of marketing communications at any time by:

  • using unsubscribe links included in communications
  • requesting deletion or removal of personal information

Where an unsubscribe request is received, Castlepoint will cease marketing communications within a reasonable timeframe. Certain information may still be retained where reasonably required for legal, operational, security or administrative purposes.

5. Cookies and website tracking

Castlepoint uses cookies and similar technologies to support website functionality, analytics, communications and user experience.

Cookies are small text files stored on a user’s device when visiting a website.

Castlepoint may use:

  • essential cookies required for website functionality
  • analytics cookies to understand website usage and performance
  • functional cookies to improve user experience
  • limited business and marketing tracking technologies

Our website currently uses technologies and platforms including:

  • Google Analytics 4 (GA4)
  • LinkedIn Insight Tag
  • Freshsales integrations and form functionality
  • Webflow functionality and integrations
  • geolocation and website optimisation tools

These technologies may collect information including:

  • pages viewed
  • traffic sources
  • browser and device information
  • approximate location
  • website interactions
  • referring websites

Castlepoint currently uses these technologies primarily for analytics, website optimisation, lead management and business communications. Castlepoint does not currently use website visitor information for active advertising audience profiling or remarketing activities, though this may change in future as marketing activities evolve.

Users can manage or decline non-essential cookies through our website cookie consent banner and browser settings.

6. Disclosure of personal information

Castlepoint may disclose personal information:

  • to service providers supporting our operations
  • to CRM, analytics, hosting and communications platforms
  • to event and business partners where relevant
  • to professional advisers and consultants
  • where required by law or regulatory obligations
  • where necessary to protect Castlepoint’s legal rights, systems or operations

Castlepoint does not sell personal information to third parties.

7. International disclosure and third-party providers

Castlepoint may use third-party service providers and platforms to support website hosting, analytics, communications, CRM management, events and operational services.

These providers may process or store personal information in Australia and other jurisdictions.

Where personal information is transferred internationally, Castlepoint takes reasonable steps to ensure appropriate privacy and security safeguards are maintained, including contractual protections and service provider obligations where appropriate. For transfers of personal data from the United Kingdom, Castlepoint relies on approved transfer mechanisms, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or transfers to jurisdictions covered by a UK adequacy decision. For transfers from Australia, Castlepoint takes reasonable steps to ensure compliance with Australian Privacy Principle 8.

8. Data security

Castlepoint takes reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

This includes security controls, access restrictions, operational safeguards and security management practices appropriate to the nature of the information handled.

Where required by applicable law, Castlepoint will respond to and notify eligible data breaches in accordance with relevant legal obligations.

In Australia, eligible data breaches will be notified to the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable under the Notifiable Data Breaches scheme. In the United Kingdom, personal data breaches will be notified to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach where required under the UK GDPR, and to affected individuals where there is a high risk to their rights and freedoms. Equivalent notification obligations will apply in New Zealand and Singapore where required by local law.

9. Data retention

Castlepoint retains personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including operational, legal, regulatory, security and business requirements.

Retention periods may vary depending on the nature of the information and the purpose for which it was collected.

Individuals may request deletion or removal of their personal information by contacting info@castlepoint.systems, subject to applicable legal, contractual and operational obligations.

10. Access, correction and privacy rights

Individuals may request access to, correction or deletion of their personal information by contacting Castlepoint.

Depending on applicable laws and jurisdiction, individuals may also have rights relating to:

  • objection to processing
  • restriction of processing
  • withdrawal of consent
  • data portability
  • complaints regarding privacy handling

Castlepoint will respond to privacy requests in accordance with applicable legal obligations. To exercise any of these rights, individuals can contact Castlepoint at info@castlepoint.systems. Castlepoint will respond to verified requests within 30 days where required under the UK GDPR, and within a reasonable timeframe under other applicable laws. Castlepoint may require reasonable verification of identity before responding to a request.

11. Complaints and enquiries

Privacy enquiries, complaints or requests relating to personal information can be directed to:

info@castlepoint.systems

Castlepoint will review and respond to privacy complaints within a reasonable timeframe.

Where applicable, individuals may also have the right to lodge complaints with relevant privacy or data protection regulators.

12. Updates to this policy

Castlepoint may update this Privacy Policy from time to time to reflect operational, legal, regulatory, technology or business changes.

The latest version will always be available on our website.

Our team are experts too. We love to help.