MDMS — Modern Dealer Management System

    Privacy Policy

    Last updated: May 2026

    This document is provided for information and does not constitute legal advice.

    1. About this policy

    This Privacy Policy explains how Anthony Phillip Carle trading as MDMS ("MDMS", "we", "us", "our"), based in Queensland, Australia, handles personal information in connection with the Modern Dealer Management System website and software-as-a-service platform (the "Service").

    We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle health, tax file number, or other sensitive information on behalf of a customer, we do so only as permitted by law and by our agreement with that customer.

    2. Information we collect

    • Account information — name, business name, email, phone, role, and authentication identifiers.
    • Customer Data — records you upload into the Service (customers, equipment, parts, invoices, quotes, work orders, etc.). You control this data; we process it on your behalf.
    • Billing information — ABN, billing address, plan, invoices. Card details are handled by our payment processor and not stored by us.
    • Technical and usage data — IP address, device and browser data, log files, pages visited, feature usage, error reports.
    • Communications — support tickets, sales enquiries, survey responses.
    • Cookies and similar technologies — see our Cookie Policy.

    3. How we collect it

    We collect information directly from you when you sign up, use the Service, or contact us; automatically through your use of the Service; and occasionally from third parties such as identity providers, referrers, or publicly available sources.

    4. Why we use it (APP 6)

    • Provide, maintain and improve the Service.
    • Authenticate users and secure accounts.
    • Process billing and manage subscriptions.
    • Provide support and respond to enquiries.
    • Send service notices and, with consent, product updates and marketing.
    • Detect and prevent fraud, misuse and security incidents.
    • Comply with legal obligations and enforce our terms.

    5. Disclosure to third parties (APP 6 & APP 8)

    We disclose personal information to trusted sub-processors who help us run the Service, including cloud hosting, database, email delivery, analytics and customer-support providers. We require them to handle information consistently with this policy.

    We use Paddle.com Market Limited ("Paddle") as our Merchant of Record to process payments, manage subscriptions, calculate and remit sales taxes, and issue invoices. When you make a purchase, billing and payment information you provide at checkout is collected and processed by Paddle as an independent data controller in accordance with Paddle's Privacy Notice. We do not store full payment card details.

    Some of these providers operate, or process data, outside Australia (for example in the United States or the European Union). By using the Service you acknowledge that your information may be transferred to and processed in those jurisdictions. We take reasonable steps to ensure overseas recipients handle personal information in a way consistent with the APPs.

    We may also disclose information where required or authorised by law, including to law enforcement, regulators, courts or in connection with a sale or restructure of our business.

    6. Data security

    We use industry-standard safeguards including encryption in transit (TLS) and at rest, role-based access controls, audit logging, network segregation, multi-factor authentication for staff, and regular vulnerability scanning. No system is completely secure, and we cannot guarantee absolute security.

    7. Data retention

    We retain Customer Data while your account is active and for a reasonable period afterwards to allow data export and to meet our legal, accounting and tax obligations. After that period we securely delete or de-identify the information unless we are required to retain it by law.

    8. Your rights (APPs 12 & 13)

    You may request access to, or correction of, personal information we hold about you by contacting privacy@moderndms.com.au. We will respond within a reasonable time (generally within 30 days) and will not charge for reasonable requests.

    9. Direct marketing and the Spam Act

    Where we send marketing communications we comply with the Spam Act 2003 (Cth). Every commercial email includes an unsubscribe link, and you can opt out at any time by using it or by contacting us.

    10. Notifiable Data Breaches scheme

    If we suffer a data breach that is likely to result in serious harm to an individual whose personal information is involved, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by Part IIIC of the Privacy Act.

    11. Cookies and analytics

    We use a small number of essential and analytics cookies. See our Cookie Policy for details.

    12. Children

    The Service is intended for business users aged 18 and over. We do not knowingly collect personal information from children.

    13. Changes to this policy

    We may update this policy from time to time. Material changes will be notified through the Service or by email. The "Last updated" date above always reflects the current version.

    14. Complaints and contact

    If you have a privacy concern, contact us first at privacy@moderndms.com.au and we will investigate and respond within 30 days. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au or on 1300 363 992.

    Anthony Phillip Carle trading as MDMS
    Queensland, Australia
    privacy@moderndms.com.au