Last updated November 9, 2023
Bellcastle Pty Ltd (t/as Team Management Systems (TMS)) respects the privacy of all persons and is committed to ensuring openness and transparency in our personal information handling practices.
As part of our ongoing commitment to privacy, we want to ensure that all persons understand how we collect, use, disclose and process their information in relation to our products and services.
When we refer to personal information, we mean any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
As an Australian based company, we are, as a minimum, bound by the Australian Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). Specific privacy laws may also apply to personal information and data subjects in certain jurisdictions.
You should familiarise yourself with privacy laws that may apply to you around the world and review the section titled Additional Information For Certain Jurisdictions below, including those in the EEA or the UK for important information that may apply to you. If you are using our service from an EEC County, the GDPR Information part applies in the first place alongside the regulations in this general part.
In this policy ”we”, “us” and “our” refers to TMS of 139 Coronation Drive, Milton, QLD 4064, Australia.
This policy sets out how we collect and process personal information related to:
- This website, our other websites and any related service, app or tool (together our Platform);
- The services we offer, being psychometric assessments (Assessments), generation of profiles, training of Accredited Practitioners and reporting services (together the Services);
- Respondents, who are people that take part in and complete our Assessments (Respondents);
- Clients of TMS and its authorised distributors, who are parties that contract with TMS for the provision of the Services (Clients). A Client may or may not be a Respondent;
- Authorised users, who are people that our Clients have authorised to access the Platform and use our Services (Authorised Users);
- Administrators, who are Authorised Users who have administrative privileges on the Platform;
- Accredited Practitioners, who work for our Clients or with Respondents in connection with our Services, data subjects and profiles (Accredited Practitioners); and
- All of those persons and all other persons who engage with us, including by visiting, browsing or using our Platform (you or data subject).
You consent to TMS collecting, holding, using and disclosing your personal information in accordance with this policy.
TMS sets down guidelines in respect of Personal Information. It is a condition of use of the Platform and Services that all those that interact with TMS, the Platform, the Services and data subjects agree to and abide by the guidelines, to the extent that they apply to those persons. For example, both Accredited Practitioners and Administrators must agree to, and abide by, the TMS Ethical Guidelines.
Your Accredited Practitioner or Administrator may process your Report or your personal information, so long as the processing of that information adheres to the TMS Ethical Guidelines as they apply to Accredited Practitioners and Administrators. Your Accredited Practitioner or Administrator may also share your Report and Personally Identifiable Information (PII) and you should consult your Accredited Practitioner or Administrator to understand how they may share your personal information.
Processing of Information
Reports aide Clients and Respondents to develop and sustain high performance at work through individual self-awareness and a strengths-based approach to teamwork. Accredited Practitioners assist Clients and Respondents to understand and utilise the Reports. Respondent Reports may be reviewed by Accredited Practitioners or Administrators who are appointed by our Clients and who may or may not be employees of our Clients. Respondents can also engage us directly.
We also, from time to time, may invite you to participate in research questions (Research) which assist us in providing statistics and other information to the marketplace. Research questionnaires are entirely voluntary and are not used in the generation of a Respondent’s Profile.
Sources of Personal Information and the Personal Information we collect and hold
We collect information when you engage with us, when you browse our Platform, when you visit or use our Platform and when we engage with Clients, Administrators, Accredited Practitioners and Respondents.
The personal information we collect and from whom we collect personal information will depend on a data subject’s role with us and how they interact with us. For instance, the information we collect from Respondents will differ from the information we collect from those who browse our Platform. The information we collect from some data subjects may also be sensitive information.
Due to the nature of our Services, depending on how you interact with us, it may not be possible to remain anonymous on our Platform or to use a pseudonym. For instance, it is not possible to remain completely anonymous if you are a Respondent. However in some limited circumstances we can make allowances for use of a pseudonym.
Information from Clients
We collect information sufficient from Clients, to identify the Client and the individuals who contact us, or interact with us; information to create and maintain accounts; and other information required for us to provide our Services to the Client and provide online accounts to our Client (such as login information). We also collect and use any other information provided to us by our Client such as personal information regarding Respondents, Administrators and Accredited Practitioners.
Information from Respondents
From Respondents, we collect information including identification information, personal information to set up and maintain accounts, and the Respondent’s response to questionnaires and Assessments. We also maintain the Reports generated from those responses. The information collected from Respondents includes, but is not limited to, identity information, name, time zone, email, address, login details, preferred language, and other account registration information. It is also necessary for us to collect psychometric information as the Respondent completes an Assessment. The psychometric information we obtain from Respondents comprises the responses to questions included in the Assessment and that information is processed to create Reports.
It is not mandatory for a Respondent to provide us with any information, including psychometric information, and a Respondent can decline to provide that information to us, or withdraw our right to use that information, at any time. However, it may not be possible for us to provide services to Respondents or Clients if the Respondent declines to provide information or withdraws our ability to use any personal information we hold on the Respondent.
Information from Accredited Practitioners
From Accredited Practitioners we collect information necessary to identify the Accredited Practitioner, such as their name, accreditation details, address, email address and other contact details. Accredited Practitioners may provide us with personal information regarding themselves, our Clients or Respondents.
Information from Administrators
From Administrators we collect information necessary to identify the Administrator, such as their name, accreditation details, address, email address and other contact details. Administrators may provide us with personal information regarding themselves, our Clients or Respondents.
Information for Research
When you participate in Research, we collect gender information, nationality, age, qualification, background, industry information and other information relevant to the research. Research participation is voluntary, and you can decline to take part in research at any time. Research results are de-identified.
Information from our Platform
We may also collect information when you (or other data subjects) access or use our Platform and interact with us. We do this by using a range of tools such as emails, Cookies and Google Analytics. This information may include:
(a) where you submit an enquiry with us or download material (such as our free eBooks) from our Platform, your name, email address, organisation name and other contact details (if provided by you);
(b) the location from which you have contacted us, come to our Platform and the pages you have visited; and
(c) technical data, which may include IP address, the types of devices you are using to access our websites or Platform and device attributes, browser type, language and operating system.
Due to the nature of psychometric testing and our Services the information we collect may, in some circumstances, be considered sensitive information (as that term is defined by Australian privacy laws, or equivalent foreign law).
Why do we collect, hold and use your Personal Information?
The information we collect is used to determine aspects of personality and behaviours at work. Reports contain insights into work preferences and behaviours. We use that information to generate the Reports, to generate aggregated group Reports and for Research purposes. When the information is used for Research purposes the information is de-identified.
We collect, hold and use your personal information so that we can:
(a) provide our Services to our Clients in accordance with our contractual obligation with our Clients;
(b) allow Respondents to complete Assessments and generate Reports based on their responses;
(c) manage and administer accounts for Clients, Administrators, Accredited Practitioners and Respondents;
(d) contact you and respond to your queries or complaints;
(e) provide you with information about our Services, Assessments and any other services we offer;
(f) notify you of updates to our Services, contracts, Platform or rivacy policy;
(g) update our Platform and our Services and determine how our Platform and Services are used by you and other data subjects;
(h) ensure that our Platform is user friendly, error free and safe and secure;
(i) process research information to conduct industry bench marking, best practices and other information relevant to industries;
(j) comply with our legal obligations and assist government and law enforcement agencies or regulators, such as privacy laws.
If you do not provide us with your personal information we may not be able to provide you with our Services, communicate with you or respond to your enquiries.
How do we process, store and hold Personal Information?
Your personal information may be processed by software and processed electronically.
If you are a Respondent your Reports will be generated automatically by software. We do not, and our software does not, make decisions based on Reports. Rather, any decision making in relation to Reports is made by our Clients.
We store most information about you in computer systems and databases operated by either us or our external service providers. We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
These processes and systems include:
(a) the use of identity and access management technologies to control access to systems on which information is processed and stored;
(b) requiring all employees and contractors to comply with internal security policies and keep information secure;
(c) requiring all employees and contractors to complete training about information security; and
(d) monitoring and regularly reviewing our practice against our own policies and against industry best practice.
We also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
Who do we disclose your Personal Information to, and why?
We may transfer or disclose your personal information:
(a) to our related companies such as our authorised distributors but only to those who need to have personal information from us in order to supply their services;
(b) where you are a Respondent, to our Client who has engaged us to generate Reports for you and to Accredited Practitioners and Administrators for that Client; and
(c) external service providers so that they may perform services for us or on our behalf, for example our email provider and our cloud-based service providers.
We may also disclose your personal information to others where:
(a) we are required or authorised by law to do so;
(b) the disclosure or the consent may be reasonably inferred from the circumstances; or
(c) we are otherwise permitted to disclose the information under the Privacy Act or any applicable law.
Where we disclose personal information to third parties we request those parties implement and enforce appropriate security measures to protect your personal information to the same standards that we protect your personal information.
We may also disclose your personal information if the ownership or control of all or part of our business changes. That is, we may transfer your personal information to the new owner so long as the transfer does not have the effect of substantially lessening privacy protections of your personal information.
You should speak with your Accredited Practitioner and our Client as to how they hold and disclose personal information.
Do we disclose Personal Information to overseas recipients?
USERS IN AUSTRALIA: We may disclose your personal information to a recipient which is located outside Australia, unless we have agreed with your Accredited Practitioner or our Client not to do so.
The transfer of data overseas generally occurs due to our use of cloud services to store and process information. Due to the nature of our Services, the processing of your personal information may occur outside of Australia (unless we have agreed otherwise with your Accredited Practitioner or our Client). That processing occurs through third parties.
You should ask your Accredited Practitioner and the processing Client whether they disclose personal information to a recipient that may be located outside of Australia.
USERS IN THE EEA & UK: Your data will be hosted securely in either Germany or Australia in alignment with the processing Client’s instructions, so if you are a UK user your personal data will be transferred out of the UK.
The transfer of data overseas generally occurs due to our use of cloud services to store and process information. Due to the nature of our Services, other processing of your personal information may occur outside of the EEA or UK. That processing occurs through third parties.
Any transfer out of the UK or out of the EEA only takes place where we have put the appropriate GDPR compliant processes in place.
Access to, deletion and correction of your Personal Information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is generally no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
Your personal information will be deleted in accordance with laws and regulations that require us to delete that data. In addition our Client may require us to delete your personal information at certain times and we will act in accordance with those instructions. You are also able to delete your personal information through our Platform, or contact us to have the personal information deleted.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
If you have any questions, comments, requests or concerns, please contact us at:
Bellcastle Pty Ltd
139 Coronation Drive
Brisbane, QLD 4064 Australia
Ph: +61 (0)7 3368 2333
Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our Platform.
You may obtain a copy of our current policy from our Platform or by contacting us at the contact details above.
ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS
Do we disclose personal information to overseas recipients?
We may disclose your personal information to a recipient which is located outside Australia, unless we have agreed with your Accredited Practitioner or our Client not to do so. As these recipients are located outside of Australia, they are not required to comply with the Privacy Act and you will not be able to seek any redress under the Privacy Act in connection with the use of your information. Australian Privacy Principle 8.1 will not apply if you consent to such disclose. The overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles, you may not be able to seek redress in the overseas jurisdiction and the overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority. You expressly consent to such disclosure.
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.
These products and services may be offered by us, our related companies, our other business partners or our service providers.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Access to and correction of your Personal Information
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
GDPR Addendum (European & UK Users)
Bellcastle Pty Ltd
139 Coronation Drive
Brisbane, QLD 4064 Australia
Ph: +61 (0)7 3368 2333
PLANIT // LEGAL
Jungfernstieg 1 20095 Hamburg
Ph: +49 (0)40 609 44 190
Processing Purpose and Justification
We process your personal data in order to provide the Services i.e. in order to process psychometric assessments and produce reports that aide you in your role and in interaction with your team. Please refer to the document above for a more detailed description of the processing operations. The lawful basis for us processing your personal data is contractual. You are paying us to process the personal data which you provide to us via our platform in order for you to receive our Services. Where you are based in the UK or EU and you request our Services directly (not via one of our distributors) then we explain to you that we are based in Australia so you are also required to provide us with express consent to the transfer of your personal data out of the UK or EU for us to provide our Services from Australia.
Your personal data may be disclosed to persons within our group of entities and our service providers that are deployed to provide and operate the Services, to your Accredited Practitioner, to your employer’s Authorised Users in case it has engaged us for providing the Services to you, and other persons, e.g. external advisors etc. assigned by your employer for such purpose. Where required by law we may also disclose your personal data to other recipients including public authorities. We would disclose such activities as early as possible unless we are prevented to do so by law.
We operate a global IT-infrastructure to provide the Services globally. Therefore it is possible that your personal data is transferred to a third country within or outside the EEA or UK. For extra EEA or UK data transfers we have in place the means to ensure adequate protection of your personal data at the recipients end. These in particular include the EU Standard Contractual Clauses and additional safeguards as required under the respective ECJ jurisdiction.
Your personal data will be processed as long as required for the purpose of processing stated above or as long as there is an obligation to retain it and deleted in accordance with data protection law.
Data Subject Rights
As a data subject, you have the right to confirmation as to whether or not we process your personal data the right to access personal data, the right to rectification of incorrect personal data, the right to claim deletion and restriction of the processing, the right to object to the processing of your personal data and to withdraw consent. Whether and to which extent these rights are in place and enforceable is subject to statutory regulations. You also have the right to contact the competent data protection authority.
Requirement to Provide Personal Data
You are neither required to provide any personal data nor to participate in the Services. In case you refuse to do so, you will not or not fully be able to participate in the Service. There would be no other consequences.
No Automated Decision-Making (including Profiling)
We do not process your personal data for the purpose of automated decision making (including profiling) under Art. 22 (1) and (4) GDPR.
We would hope that any query will be effectively resolved by us further to your notification however you always have the right to lodge a complaint with the relevant supervisory authority for data protection issues.
In Australia : The Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au
In the EEA : The EU Data Protection Authority in your member state https://edpb.europa.eu/about-edpb/about-edpb/members_en
In the UK : Information Commissioner's Office (ICO) ico.org.uk