STLP CONSULTINGPTY LTD (ACN 128 389 408) trading as Castlepoint Systems and our related companies (“Castlepoint Systems Pty Ltd”, “Castlepoint Systems”, “Castlepoint, “we”, “our” or “us”) is committed to protecting personal information and handling data transparently, securely and responsibly.
This Privacy Policy explains how we collect, use, disclose and store personal information when individuals interact with our website, products, services, events, communications and business activities.
This policy is intended to support compliance with applicable privacy and data protection obligations, including the Australian Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020, the UK General Data Protection Regulation (UK GDPR), the UK Privacy and Electronic Communications Regulations (PECR), and Singapore’s Personal Data Protection Act 2012 (PDPA).
Castlepoint may collect personal information including:
We may also collect limited technical information automatically through our website and systems, including:
Castlepoint may collect personal information:
Website form submissions and marketing preferences are managed through Castlepoint systems and CRM platforms, including Freshsales.
Castlepoint may collect, use and process personal information to:
Where required under applicable law, Castlepoint relies on lawful bases for processing personal information including:
Castlepoint may also rely on inferred consent or legitimate business interests where permitted by applicable laws, including where individuals have engaged with Castlepoint in a professional or business capacity In Australia and other jurisdictions where permitted, Castlepoint may rely on legitimate business interests or implied consent where individuals have engaged with Castlepoint in a professional or business capacity. In the United Kingdom, European Union, and other jurisdictions where applicable, Castlepoint will only rely on a valid lawful basis under the UK GDPR or equivalent law, including explicit consent where required..
Castlepoint may send communications relating to:
Marketing communications may be sent to individuals who:
In Australia, New Zealand and other jurisdictions where permitted, Castlepoint may also rely on inferred consent or legitimate business interests where permitted under applicable laws, including where individuals have engaged with Castlepoint in a business or professional capacity. Marketing communications to individuals in the United Kingdom or European Union will be sent on the basis of explicit consent or another lawful basis under the UK GDPR.
Individuals may opt out of marketing communications at any time by:
Where an unsubscribe request is received, Castlepoint will cease marketing communications within a reasonable timeframe. Certain information may still be retained where reasonably required for legal, operational, security or administrative purposes.
Castlepoint uses cookies and similar technologies to support website functionality, analytics, communications and user experience.
Cookies are small text files stored on a user’s device when visiting a website.
Castlepoint may use:
Our website currently uses technologies and platforms including:
These technologies may collect information including:
Castlepoint currently uses these technologies primarily for analytics, website optimisation, lead management and business communications. Castlepoint does not currently use website visitor information for active advertising audience profiling or remarketing activities, though this may change in future as marketing activities evolve.
Users can manage or decline non-essential cookies through our website cookie consent banner and browser settings.
Castlepoint may disclose personal information:
Castlepoint does not sell personal information to third parties.
Castlepoint may use third-party service providers and platforms to support website hosting, analytics, communications, CRM management, events and operational services.
These providers may process or store personal information in Australia and other jurisdictions.
Where personal information is transferred internationally, Castlepoint takes reasonable steps to ensure appropriate privacy and security safeguards are maintained, including contractual protections and service provider obligations where appropriate. For transfers of personal data from the United Kingdom, Castlepoint relies on approved transfer mechanisms, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or transfers to jurisdictions covered by a UK adequacy decision. For transfers from Australia, Castlepoint takes reasonable steps to ensure compliance with Australian Privacy Principle 8.
Castlepoint takes reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
This includes security controls, access restrictions, operational safeguards and security management practices appropriate to the nature of the information handled.
Where required by applicable law, Castlepoint will respond to and notify eligible data breaches in accordance with relevant legal obligations.
In Australia, eligible data breaches will be notified to the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable under the Notifiable Data Breaches scheme. In the United Kingdom, personal data breaches will be notified to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach where required under the UK GDPR, and to affected individuals where there is a high risk to their rights and freedoms. Equivalent notification obligations will apply in New Zealand and Singapore where required by local law.
Castlepoint retains personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including operational, legal, regulatory, security and business requirements.
Retention periods may vary depending on the nature of the information and the purpose for which it was collected.
Individuals may request deletion or removal of their personal information by contacting info@castlepoint.systems, subject to applicable legal, contractual and operational obligations.
Individuals may request access to, correction or deletion of their personal information by contacting Castlepoint.
Depending on applicable laws and jurisdiction, individuals may also have rights relating to:
Castlepoint will respond to privacy requests in accordance with applicable legal obligations. To exercise any of these rights, individuals can contact Castlepoint at info@castlepoint.systems. Castlepoint will respond to verified requests within 30 days where required under the UK GDPR, and within a reasonable timeframe under other applicable laws. Castlepoint may require reasonable verification of identity before responding to a request.
Privacy enquiries, complaints or requests relating to personal information can be directed to:
Castlepoint will review and respond to privacy complaints within a reasonable timeframe.
Where applicable, individuals may also have the right to lodge complaints with relevant privacy or data protection regulators.
Castlepoint may update this Privacy Policy from time to time to reflect operational, legal, regulatory, technology or business changes.
The latest version will always be available on our website.