Last Updated: 8 December 2025
Chameleon Software (ACN 066 345 480) (Chameleon, we, our, us) and its associated entities are committed to complying with the Privacy Laws in which it undertakes business.
This Privacy Policy sets out the way in which Chameleon collects, uses, stores and discloses the Personal Information of its customers and the Personal Information of End Users as processed through our customer installations of our software.
This Privacy Policy may be updated from time to time. If practical, we will endeavour to notify End Users of any updates to this policy (eg through push notifications within our website or software products, or via email).
Privacy Laws define personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not (Personal information).
Personal Information includes sensitive information, which is defined under the Privacy Act as information or an opinion about a person’s race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health information, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.
The particular types of Personal Information that we collect will depend on the nature of our relationship with you, such as whether you have a general enquiry, are a customer, business partner, apply for a career opportunity with us, or if you are an End User of our customer’s software.
We collect various types of personal information, including:
(a) name, job title and organisation;
(b) email address and other contact details, including mailing address and telephone number;
(c) personal or professional interests;
(d) if you are making a payment using your personal bank account or credit card, your credit card and banking details; and
(e) if you are applying for a career opportunity with us: government identifiers (eg tax file number, driver’s licence information), education and employment history, and if relevant for the role to which you are applying, background check information, and health information.
We collect your personal information from:
(a) you directly, for example when you create an account on our products or services, or submit a query through our website;
(b) content provided through, or uploaded to, our software products and services by you or End Users of the products or services;
(c) our suppliers, contractors, related entities, related bodies corporate or associated entities; and
(d) from public records or other publicly accessible sources.
Unless it is impracticable, we will provide you with the source of your personal information if requested. Not though that we cannot always control where your Personal Information is stored in ‘free text’ fields within our Software.
Due to the nature of our products and services, it is not practical for us to interact or communicate with you on an anonymous basis or using a pseudonym. We require your personal information in order to provide our products and services, or respond to any questions, concerns or inquiries.
We collect, use and hold Personal Information for the following purposes:
(a) to enable you or End Users to register to, and use, our website, software products or other products and services;
(b) to take and process payments;
(c) to carry out statistical analysis and improve or personalise our products and services;
(d) to respond to requests and inquiries;
(e) for marketing (including direct marketing) and business development activities;
(f) to comply with a law, regulation, court order or other legal process;
(g) to investigate or report suspected unlawful activity; and
(h) to protect, enforce or defend our rights.
We will not use sensitive information for direct marketing purposes.
If you have provided your consent to receive direct marketing communications or it is otherwise within your reasonable expectation that we send you direct marketing communications in light of your interactions with us, we may use your personal information (but never your sensitive information) to provide you with information about our products or services that we believe may be of interest to you (including any newsletters, updates, offers, promotions or other benefits) via email, post, telephone or other direct contact methods. Note that this is specific to direct marketing from us and does not extend to anything conducted by our customers.
If you no longer wish to receive any marketing communications or material from us, or do not want your information used or disclosed for direct marketing purposes, you may opt out by contacting our Privacy Officer using the details below.
If you have applied for a job with us, we collect and process your personal information to assess your suitability for the role, including verification of your identity, qualifications, certifications, entitlement to work), and to conduct background or criminal history checks.
We may share or disclose your personal information to:
(a) our related entities and bodies corporate, and associated entities who provide corporate administration and oversight;
(b) our service providers and partners who assist us to deliver or support our software or services, such as IT or storage service providers, marketing service providers, membership service providers, or direct debit service providers;
(c) our professional advisers, eg lawyers and accountants;
(d) law enforcement officers, regulators, courts and government agencies, if permitted or required:
(i) by law, regulation, court order or other legal process;
(ii) to assist in the prevention or detection of crime;
(iii) to improve the safety of our website or software products;
(iv) in order to protect our or any user’s rights; or
(v) to prevent a threat to any person’s life, health or safety; and
(e) any purchaser or prospective purchaser of our business, including in the case of bankruptcy, a merger, acquisition, reorganisation, sale of assets or assignments, or due diligence in respect of any such transactions.
As we are part of a global organisation, we may disclose personal information to our related entities and bodies corporate, associated entities and service providers that are located outside of Australia, including Canada, the United States, New Zealand, South Africa, Malaysia and the European Union.
By submitting your personal information to us, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that:
(a) Australian Privacy Principle 8.1 does not apply to our disclosure of your personal information; and
(b) countries outside of Australia do not always have the same privacy protection obligations as Australia in relation to personal information. However, we take reasonable steps to ensure that any third parties based outside Australia to whom we disclose your personal information uses and holds your personal information in a secure manner.
If you do not agree to the disclosure of your Personal Information outside Australia, do not submit personal information to us.
We may process your Personal Information using semi- or fully- automated decision-making systems, being any computer program or artificial intelligence to make, or do something that is substantially and directly related to making a decision that could significantly affect the rights or interests of an individual. We have set out some examples below:
If section 16 (GDPR) applies to you, you expressly consent to us Processing of your Personal Data using the automated decision-making systems as set out in this section 9.
Our website or Software may include links to other websites, applications, payment pages, portals or services operated by third parties. This privacy policy does not apply to the data processed by such third-party websites or services, and we have no control over the actions of those third parties in respect of your personal information.
When you use our website or Software, we may use “cookies”, traffic measurement software or other similar technologies to personalise or improve your user experience, including:
(a) Functionality. These cookies allow us to recognise you when you access our website or Software, and remember your selected preference.
(b) Analytics and customisation. These cookies help us understand how you use our website or Software, how effective our marketing campaigns are, or to help us customise our website or Software for you.
(c) Advertising. These cookies allow us to collect information about your activities on our website or Software (including the content you viewed and links you clicked), so we can present advertisements based on your activities.
In using cookies, we may collect data including:
(d) your username;
(e) IP address;
(f) device information;
(g) your Personal Data;
If you do not want your information to be collected through the use of cookies or traffic measurement software, your device and/or browser may enable you to delete or “turn off” cookies or some of the measurement software features. However, some or all parts of our Software or website may not function properly if these features are disabled.
We may use de-identified and aggregated forms of information for any purpose, including without limitation, statistical analysis, product or service development or any other commercial purpose. We take reasonable steps to remove or deidentify your personal information so that this data cannot be associated to you.
We will store your personal information for so long as is required to provide you with our products and services or some other purpose for which your information was collected, as set out in this privacy policy.
When we no longer require your personal information to carry out any such purpose or if required by law, we will remove or de-identify your personal information as soon as reasonably possible.
However, we may retain your personal information for another period to comply with any applicable law, for the prevention of fraud, to resolve disputes or for other legitimate purposes.
We take commercially reasonable steps to implement and maintain technical and organisational measures to protect your personal information (such as, data encryption and pseudonymisation measures) in our custody or control.
However, data transfers made over the Internet are never 100% secure and if you send us any information, you acknowledge this is done at your own risk.
You may request access to your personal information, or correct any inaccurate or out of date information by contacting us using the below details.
No fees apply to making a request for access or correction of your personal information. Before we grant you access to, or correct, your personal information, we will need to confirm your identity.
We may refuse your request to access or correct your personal information for legitimate reasons, including if we believe that granting you access will endanger the life, health or safety of any person, would adversely impact the privacy of other individuals, that the request is frivolous or vexatious, or if your personal information is part of ongoing or pending legal proceedings between you and Chameleon.
If you are a resident of the European Union or United Kingdom, we are required to comply with the GDPR. In addition to the other sections of this Privacy Policy, this section 16 applies to our processing of your Personal Data.
For avoidance of doubt, where this section 16 applies, any reference to personal information in this Privacy Policy is a reference to Personal Data. This section will not apply if you reside outside the European Union or United Kingdom (as applicable).
In this section 16:
“GDPR” means:
(a) when used in the context of United Kingdom residents, means the UK General Data Protection Regulation as implemented by the Data Protection Act 2018 (UK); and
(b) when used in the context of European Union residents, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
The terms “Controller“, “Data Subject“, “Personal Data“, “Processing“, and “Supervisory Authority” have the meaning given to those respective terms under the GDPR, and their corresponding terms will be construed accordingly.
As a Data Subject, you have the following additional rights:
(a) Access. You may request access to any Personal Data we hold about you and information regarding our Processing of your Personal Data (including the purpose of processing, data retention period, and categories of data involved).
(b) Rectification. You may ask us to correct or update any of the Personal Data we hold about you.
(c) Erasure. You may request for the deletion of your Personal Data if we no longer require your data for the purpose for which it was collected, or if you withdraw your consent to Processing of your Personal Data and we have Processed your Personal Data without legitimate grounds.
(d) Restriction. You may ask us to restrict the processing of your Personal Data, if:
(i) you are contesting the accuracy of the Personal Data and you enable the Controller to verify the accuracy of your data;
(ii) the Processing of your Personal Data is unlawful and you oppose the erasure of your data, but request a restriction instead;
(iii) the Controller no longer needs to process the Personal Data, but you require the Personal Data for legal proceedings; or
(iv) you have objected to Processing pursuant to Article 21(1) of the GDPR;
(e) Objection. You may object to our Processing of your Personal Data under certain conditions.
(f) Data Portability. You may request for us to:
(i) provide you your Personal Data in a machine-readable format; or
(ii) transfer any Personal Data we hold about you to you or a nominated third party.
If you wish to exercise any of your Data Subject Rights, please contact us using the details set out at section 17 below.
If you have any concerns or complaints regarding our Processing of your Personal Data or the exercising of your Data Subject rights, you may contact a Supervisory Authority.
You should contact us if:
(a) someone has gained unauthorised access to your Personal Information that is stored in our business systems, website or Software;
(b) you believe we have breached our privacy obligations (including under the Privacy Act) or your privacy rights in any way; or
(c) you wish to discuss any issues regarding our privacy policy or information handling processes.
You may contact us at:
Address: Attn: Privacy Officer
Jonas Software AUS Pty Ltd (ACN 141 653 054)
Level 13, 348 Edward Street,
Brisbane City QLD 4000
Email: privacy@jonassoftware.com.au
You can find more information about your rights and obligations in respect of privacy at www.oaic.gov.au or by contacting the Office of the Australian Information Commissioner at:
Address: GPO Box 5218, Sydney NSW 2001
Email: enquiries@oaic.gov.au