Contact Us

Privacy Policy

Centaur Software Pty Ltd, ACN 057 620 390, (“Centaur”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Website Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR), and our ISO/IEC 27001:2022 certified Information Security Management System (ISMS). 

By using our Services and our Website (www.centaursoftware.com.au), you consent to the collection, processing, and management of Personal Information as described in this Privacy Policy. 

Note that this policy does not apply to the information we process in the role of a Processor on behalf of our customers, as specified in the Trust Portal > Data Processing Addendum (Trust Portal). 

This policy also does not apply to the following Products with their own Privacy Policies: 

eServices 

1. Collection of Personal Information

Our collection of Personal Information is dependent on the way you contact or interact with us. 

Non-Product Based (Centaur as Controller)

Personal Information may be collected when you contact us via phone, email, or web forms; subscribe to newsletters or marketing communications; or interact with our Website or social media. We may also receive Personal Information from third parties you have agreed can share your Personal Information. If we do, we will protect that Personal Information in accordance with this Privacy Policy. 

This includes the following types of Personal Information: 

  • Name, contact details (phone, email, address, etc), and job title 
  • Business information 
  • IP address and device information 
  • Usage data and preferences 

Non-Product Based (Centaur as Controller)

We offer a range of products that processes a variety of Personal Information and Patient Data that may be collected when you use our software or services; or received from third parties you have agreed can share your Personal Information. If we do, we will protect that Personal Information in accordance with this Privacy Policy. 

This includes the following types of Personal Information:  

  • Name, contact details (phone, email, address, etc), and job title 
  • Business information 
  • IP address and device information 
  • Usage data and preferences 
  • Payment information 
  • Patient Data (refer to section 2) 
  • Some Centaur Applications/Services utilise the OAuth2 standard to allow our Customers to securely send emails via O365 and Google Mail. Only the senders email address and the refresh token, required for OAuth2, are stored within the local database and both are encrypted, secured, and not shared with anyone.  Our Customer has the option to delete their senders email address from the database. 

2. Sensitive Personal Information

As a Processor, as part of our Services, we process the Personal Information of patients uploaded by our Customers based on their instructions, which may include: 

  • health information 
  • racial or ethnic origin data  
  • genetic data

This type of information is referred to in the Privacy Act and under the GDPR as sensitive information (‘Sensitive Data’). 

The Personal Information of patients may include: 

  • name, contact details (address, phone, email and SMS messaging), date of birth 
  • patient details, treatment notes and records, health insurance details, Medicare numbers, accounting and payments details, images, and other health information submitted by Customers when using our Services. 

Sensitive Data will only be used by us for the purpose of supplying our Services or where required or authorised by law. Sensitive Data is not collected for purposes of this Website. 

It is the responsibility of Customers to ensure that they have obtained the explicit and informed consent (or rely on another legal basis) of patients, including that of minors, to use their Personal Information and Sensitive Data in the supply of our Services to Customers. 

Where we process Sensitive Data, we use high-level data encryption and document protection on all such data. 

3. Use of Personal Information

Centaur as Controller

We use your personal information to: 

  • Provide, administer and support our products and services 
  • Respond to enquiries and provide customer support 
  • Improve our offerings and user experience 
  • Send marketing communications (with opt-out options) 
  • Communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail 
  • Comply with legal obligations 
  • Investigate complaints 


If you choose to withhold your Personal Information, it may not be possible for us to provide you with our Services or for you to access certain parts of our Website and for us to respond to your query. 

Centaur as Processor

We use your personal information to: 

  • Provide our products and services as required to the Controller (our customer) 

4. Disclosure of Personal Information

We do not sell personal information. We may disclose it to: 

  • Trusted third-party service providers (e.g., cloud hosting, CRM, partners) 
  • Legal or regulatory authorities when required 
  • Our professional advisors (e.g., legal, accounting) 

When we disclose your data to third parties, we do so on the basis that your data is treated with confidence and only is used for the limited purpose of providing support for our Services and in a manner consistent with this Privacy Policy. 

Where data is transferred outside Australia or the EU, we ensure appropriate safeguards are in place in accordance with APP 8, GDPR Articles 44–50, and ISO/IEC 27001 controls. 

 If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible by law our databases, together with any Personal Information and non-Personal Information contained in those databases. 

5. Legal basis in the European Union (EU) for the collection and processing of your Personal Data

“Personal Data” refers to any information relating to an identifiable natural person who can be identified directly or indirectly. This includes information such as your name, email address, and contact details. 

The legal basis for collecting and processing your Personal Data will depend on how your Personal Data is being used and how it was collected. 

When you engage our Services, we process Personal Data on your behalf as a Data Processor where you are the Data Controller and otherwise to the extent that we are a Data Controller as defined in the GDPR. 

The legal basis that collect and process your Personal Data is based on the following: 

  • Contractual basis. This legal basis applies to the collection or processing of Personal Data in order to fulfil or perform a contract with you, or to which you are a party. 
  • Consensual basis. This applies where you have provided your consent to the collection or processing of Personal Data for a specific purpose (for example, to provide you with marketing updates). You can withdraw your consent at any time by updating your email preferences, opting-out, or by contacting us directly. 
  • Legitimate interests. This applies where we have a legitimate interest to collect or process your Personal Data. For example, it may be to respond to an enquiry about our Services, or to improve our Services. 
  • Legal obligations.  This applies where it is necessary to disclose your Personal Data to comply with a legal obligation. 

Unless otherwise required by contractual obligation or any other legal basis, we only store your Personal Data while it remains necessary to fulfil the purpose for which it was collected, or if the purpose of the processing could not reasonably be fulfilled by other means. Periods of data retention will apply differently for each specific category of data. 

When we use third-parties to process your Personal Information on our behalf, we ensure that the Personal Information is pursuant to our documented instructions and in accordance with the legal basis for the processing. 

We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data. 

6. Data Security

Centaur maintains robust security controls aligned with ISO/IEC 27001:2022 to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These include: 

  • Access controls and encryption 
  • Secure cloud infrastructure (e.g., AWS) 
  • Regular security audits and risk assessments 
  • TLS1.2+ 
  • AES-256 encryption at rest 
  • Least-privilege 
  • IAM/MFA 
  • 24/7 logging/monitoring 
  • Vulnerability management cadence 
  • Regular penetration testing

7. Data Retention

Personal information is retained based on the following or as required by law: 

  • Log files (12 months) 
  • Security logs (24 months) 
  • Support tickets (indefinitely) 
  • Hosted patient data backups (90 days) 
  • Hosted patient data deleted/returned (30 days post contract termination or per customer instruction) 

8. Cookies and Tracking Technologies

Our Website may use cookies and similar technologies to enhance user experience and collect usage data. You can manage cookie preferences via your browser settings. 

9. Your Rights

You have the right to: 

  • Access your personal information 
  • Request correction or deletion 
  • Withdraw consent for marketing communications 
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) 
  • If you are located in the EU, you also have rights under the GDPR including data portability, restriction of processing, and the right to object to processing. 


To exercise these rights, contact us at: 

information@centaursoftware.com.au 

1300 855 312 

10. Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify affected Customers and the OAIC within 30 days in accordance with the Notifiable Data Breaches (NDB) scheme. For EU residents, we will also comply with GDPR Article 33 and notify the relevant supervisory authority within 72 hours. 

Please report any actual or suspected breaches in relation to the supply of our Services for investigation to Centaur Software by using the Contact Us page provided on our Website. 

11. Policy Updates

We review this Privacy Policy periodically to ensure ongoing compliance and relevance. Updates will be posted on our Website, and significant changes will be communicated directly where appropriate. 

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact: 

Centaur Software Pty Ltd 

507/410 Elizbeth St, Surry Hills NSW 2010 

privacy@centaursoftware.com.au  

1300 855 312 


© 2025 Centaur Software Development Co Pty Ltd. ALL RIGHTS RESERVED.

Privacy Policy last updated 17 March 2026.

Contact Us