Privacy Policy
This Privacy Policy applies toall personal information collected by Online Safety Pty Ltd, trading as Ctrl+Shft, ABN 64685286891, via the website located at www.ctrlshft.global and any related services globally.
1. Definition of "Personal Information"
(a) As defined under the Privacy Act 1988 (Cth), "personal information" is data or opinions about an identifiable individual:
● (i) regardless of its truthfulness, and
● (ii) whether it is documented or not.
(b) “Personal information” also includes similar definitions under GDPR (EU General Data Protection Regulation), UK GDPR, and relevant US privacy laws (e.g., CCPA) which may apply based on your location. Information that does not reveal your identity or makeyou identifiable typically does not qualify as personal information and is not covered by this Privacy Policy.
2. What Information Do We Collect?
The type of personal information we collect depends on your use of our website and services. We may collect, store, and process the following types of personal data:
● Identity Data: includes name, title, date of birth, gender.
● Contact Data: includes address, email, phone numbers.
● Financial Data: includes payment details managed by third-party providers (see Section 3).
● Transaction Data: includes details ofpayments and services purchased.
● Technical Data: includes IP address,login data, browser type, location.
● Usage Data: includes informationabout how you use our website and services.
● Marketing Data: includes marketing preferences and communication preferences.
3. How We Collect Your Personal Information
We collect personal information through:
● Direct Interactions: When you provide data through forms, purchases, account creation, or correspondence.
● Automated Technologies: Throughcookies, server logs, and other tracking technologies (see our Cookie Policyfor details).
● Third-Party Sources: Through partnerships with service providers and, in some cases, analytics providers and advertising networks. Third-party service providers may also collect data on students or users of our programmes to facilitate their participation and service experience.
4. Payments and Financial Data Security
For your security, Online Safety Pty Ltd trading as Ctrl+Shft does not store or retain your credit card or payment information. Payments for our services are securely managed by third-party payment providers, Stripe and Commonwealth Bank, who comply with PCI-DSS (Payment Card Industry Data Security Standards) to ensure your financial data is protected. All transactions are processed using encrypted, secure payment systems managed by these third-party providers.
5. Collection of Children's Information
Online Safety Pty Ltd trading as Ctrl+Shft does not knowingly collect or store personal information from children under 16 years of age without parental consent, except as permitted by relevant privacy laws. Children under 16 may use our services only with the permission and supervision of a parent or guardian, or if participating through an approved school programme. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at hello@ctrlshft.global.
6. Purpose of Collection and Processing
Our primary purpose in collecting and processing personal information is to provide and improve our services, ensuring compliance with applicable laws, including GDPR, UK GDPR,CCPA, and other relevant regulations. Legal bases for processing include:
● Performance of a Contract: To provide our services, products, and customer support.
● Legitimate Business Interests: Where it does not override your rights and interests.
● Legal Obligations: To comply with legal requirements.
● Consent: Where you have given specific consent, especially in cases of third-party marketing communications.
7. Legal Rights Under GDPR, UK GDPR, and US Privacy Laws
If you are located in the UK,EEA, or US, you have specific rights under applicable privacy laws:
● Access: Right to request access to your personal data.
● Correction: Right to request correction of your personal data.
● Erasure: Right to request deletion of your data under certain conditions.
● Restriction: Right to restrict processing under certain conditions.
● Data Portability: Right to receive a copy of your data in a structured format.
● Objection: Right to object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, please contact us via hello@ctrlshft.global. We respond to allrequests in accordance with the applicable laws.
8. International Transfers of Personal Data
Your personal information maybe transferred to and stored in countries outside your own, including Australia, the United States, the UK, and the European Union. Where we transfer data internationally, we ensure that:
● Transfers to countries outside the UKor EEA have adequate protection, including the use of standard contractual clauses.
● Our data processing agreements comply with GDPR, UK GDPR, and other international standards.
Please contact us for more details on the specific mechanisms we use for transferring personal data.
9. Data Security
We use robust security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction, including:
● Encryption: We encrypt data both in transit and at rest using industry standards.
● Access Controls: Access to personal data is restricted to authorised personnel only.
● Data Breach Protocols: We have procedures in place for detecting, reporting, and managing data breaches and will notify you and relevant regulatory bodies where legally required.
10. Retention of Personal Data
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and applicable regulations.
11. Third-Party Service Providers
Ctrl+Shft partners with third-party vendors, including learning management systems and analytics providers, who process personal data to facilitate our services. Third-party service providers are contractually obligated to protect the confidentiality and security of personal data and may only process data following our instructions.
12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyse website traffic, and personalise content.
13. Direct Marketing and Communication Preferences
We may use your contact information to send marketing materials that we believe may interest you. Inaccordance with GDPR, UK GDPR, and CCPA:
● You have the right to opt out ofreceiving marketing communications.
● We will obtain your consent for anydirect marketing communications by third parties.
● To unsubscribe, follow theinstructions in our communications or contact us directly.
14. Your Rights and Choices UnderCCPA (for California Residents)
If you are a resident of California, under the California Consumer Privacy Act (CCPA), you have specific rights regarding your personal information, including:
● The right to know what personal information we collect about you.
● The right to request deletion of your personal information, subject to certain conditions.
● The right to opt out of the sale of personal information, where applicable.
15. Data Subject Requests
In compliance with GDPR, UKGDPR, CCPA, and other global privacy standards, we provide means for individuals to access, correct, or delete their personal data. To make a request, contact us at hello@ctrlshft.global.
16. Updates to This Privacy Policy
We regularly review and update our Privacy Policy. Changes will be posted on our website, and where significant, please check back to this page regularly for any changes.
17. How to Contact Us About Privacy
For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us at hello@ctrlshft.global.