Chameleon Software Privacy Policy

Chameleon Software complies with Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy sets out the Chameleon Software Pty Ltd (Chameleon Software) privacy obligations to you and explains the types of personal information that we may collect, hold, use and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about this information.

Chameleon Software is committed to protecting the privacy of your personal information. This commitment extends to the data recorded by you in the Case Manager application related to your case contacts (e.g. patients, referrers, insurers, and health professionals). This policy is intended to help you understand:


What personal information we collect and store

Chameleon Software collects two categories of personal information: we store personal data collected directly from you (our customer) and indirectly when you use our service (Case Manager) to record personal data about your case contacts.


Personal information we collect directly from you

This information is collected when you contact Chameleon Software about becoming a customer or request assistance from our support or sales team. We need to collect the following types of personal information from you to allow us to deliver our services:

In addition to the above, Chameleon Software collects the following information during the use of our Services via Case Manager:

We do not collect any sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Our Website may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, and your privacy choices with Google, please see Google’s privacy policy and their information at


Personal information we collect indirectly via your use of our services

Personal information is collected indirectly when you use Case Manager to enter client, patient, bill-to, referrer, and other case contact details.

This information you collect and store in Case Manager will include personal information such as:

Given some of the above data elements contain sensitive/special categories of personal data, it is important that when dealing with UK/EU citizens, that your organisation is GDPR compliant. See “UK/EU Customers” section below.

We will only use such personal information for the purposes of providing the services and products for which our customers have engaged us. You are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in your privacy policies who their personal information is being shared with and processed by.


Why we collect personal information

We collect personal information directly from you to enable us to:

How we use the information we collect

We use this information to provide you with any services you’ve requested and to manage our relationship with you. More specifically:

How we share the information we collect

There are times when we need to share your personal information with third parties. The third parties that we share with are different based on data shared directly with us and data shared indirectly with us (Please see above for the differences between direct and indirect data).

We will only disclose directly collected personal data to:


We will only disclose indirectly collected personal data to:

Other than the above points, Chameleon Software will not share, sell, or rent personal information with anyone without your permission or unless ordered by a court of law.


How we store and secure the information we collect

Chameleon Software takes all reasonable steps to protect your personal information from loss, misuse or unauthorised disclosure, modification or destruction.

Chameleon Software has a Cyber Security Information Sheet detailing the security measures we have in place to secure your data which is available upon request.


How we operate in different geographical locations

Chameleon Software provides products and services to companies based in Australia, UK, and the USA. Personal information collected from your data subjects (e.g. patients) is always stored in a data centre located in that region. Personal data is not transferred outside of that region to ensure data sovereignty is maintained.

Chameleon Software recognises that different global regions operate under their own local governing data and privacy laws. Chameleon Software will take all reasonable steps to comply with local data and privacy laws, to the extent consistent with legal obligations we have under Australian law, where we are based.


UK/EU Customers (GDPR / UK DPA 2018)

GDPR (General Data Protection Regulation) is a set of rules aimed to streamline, update, simplify, and replace the many data protection policies that existed in the EU states. Since Brexit, the UK has adopted the “UK Data Protection Act 2018” (DPA 2018) which currently supplements and tailors the GDPR within the UK.

For Chameleon Software customers hosted in the UK (On-Prem or SaaS), all processing of personal information is performed in accordance with the privacy rights and regulations following the UK DPA 2018. Under DPA 2018, UK customers have certain rights around the personal information that we process about you:

Chameleon Software is the data controller for personal data directly collected from you. Chameleon Software is the data processor for indirectly collected personal data, you (the Customer) is the data controller for indirectly collected personal data.

Please note, Chameleon Software can only support the above rights for directly collected personal information from you (our customer). You are responsible for ensuring that personal data collected from your data subjects is done so in accordance with all relevant laws and regulations. You are also responsible for responding to any access requests from your data subjects that may wish to access, correct or delete their personal data. Chameleon Software can provide reasonable assistance to you in responding to those requests.

If you wish to exercise any of the above-mentioned rights, please email our data protection officer (DPO) with the details:


How long we retain personal information

The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).

We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.


Notifiable Data Breaches

Chameleon Software complies with its legal obligations in relation to notifiable data breaches and has an updated plan to ensure compliance with those requirements, including notification to the Australian Information Commissioner and any other relevant supervisory authority, and affected individuals of certain types of data breaches, and is able to promptly respond to any suspected data breaches.


Change of purpose

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.



We do not sell our services to children and the website is not intended for or directed at children under the age of 13 years. As such, our websites are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13.


Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page. All modifications will be effective immediately upon our posting of the modifications on our website. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.


How to contact us for more information

If you have any questions in relation to our privacy policy, please contact our data protection officer (DPO) via email:

Want to find out how Case Manager can help your business?

Arrange a Demo Contact Us