Lodestone (“we,” “us,” or “our”) is committed to protecting the privacy of individuals and handling personal information in accordance with the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (APPs). This Privacy Policy outlines how we collect, use, disclose, and protect personal information. This Privacy Policy applies to the personal information we collect from employees, contractors, customers, and end-users of our software solutions.
Under the Privacy Act, all Australian government agencies and private sector organizations with an annual turnover of AU$3 million or more are required to have a Privacy Policy. Additionally, some smaller businesses must comply if they handle sensitive information, provide health services, or engage in activities like credit reporting.
Given Lodestone’s role in providing software solutions, we recognize our responsibility to uphold high privacy standards in alignment with legal requirements and industry best practices. Lodestone acts as a data processor on behalf of its customers and does not determine the purpose or means of processing End User data unless required by law.
We may collect personal information in the course of providing our services, including:
Important note: It is our view that End User data is “owned” by our customers. As a provider of software solutions, we generally do not determine the policies around the collection, retention, and disclosure of End User personal information. These policies and processes are determined by our customers (e.g. Insurance companies), and we act on their instructions unless compelled to do otherwise by a relevant authority.
We only collect personal information necessary to provide our services, in compliance with APP 3 (Collection of Solicited Information). If we collect any sensitive information (such as health or biometric data), we will seek explicit consent or rely on applicable legal grounds.
We use personal information to:
We may disclose personal information:
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. This includes implementing physical, technical, and administrative security measures. We implement encryption, secure access controls, and industry-standard security measures to protect personal information.
In the event of a data breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in compliance with the Notifiable Data Breaches scheme.
Individuals have the right to request access to and correction of their personal information held by us. Such requests should be directed to our Privacy Officer. End User requests will be referred to our customers (e.g. insurance companies).
Requests for access or correction will be processed within 30 days, as per APP 12 & 13.
Some of our third-party service providers may be located outside of Australia. When disclosing personal information overseas, we take reasonable steps to ensure that the recipient complies with the APPs or is otherwise bound by privacy obligations similar to those under the Privacy Act.
When transferring personal data internationally, we ensure that the recipient complies with the APPs or operates under legally binding privacy protections equivalent to those in Australia.
We will notify individuals if their data is transferred to countries not covered by adequate privacy laws.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify users of significant changes via email or a public notice on our website. The latest version will always be available on our website.
For any questions or concerns about this Privacy Policy or our handling of personal information, you can contact our Privacy Officer at:
Copyright © 2025 Lodestone Solutions. All Rights Reserved.
