Data Usage Policy

Last updated: 19 April 2026

1. Overview

This Data Usage Policy explains what data the MERIT Lumina collects, how we use it, and how long we retain it. It supplements our Privacy Policy and our Data Processing Agreement.

2. Data We Collect

We collect the following categories of data when you use the Platform:

  • Account data: name, email address, role, and organisation details provided during registration
  • KPI and performance data: metrics, targets, and results you enter or import into the Platform
  • Staff records: employee profiles and performance information created by authorised users
  • Usage data: pages visited, features used, session duration, and error logs (collected automatically)
  • Technical data: IP address, browser type, device type, and operating system

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery: providing, operating, and maintaining the Platform features you have subscribed to
  • Authentication: verifying your identity and managing secure access to your organisation's account
  • Reporting: generating dashboards, KPI reports, and analytics within the Platform
  • Support: diagnosing issues, responding to support requests, and improving service reliability
  • Billing: processing subscription payments and issuing invoices
  • Legal compliance: meeting obligations under Australian law, including the Privacy Act 1988 (Cth)

We do not sell your data, use it for advertising, or share it with third parties for their own purposes.

4. NDIS Participant Data

Where your organisation uses the Platform to manage data related to NDIS participants, we treat that data with heightened care. It is stored exclusively on Australian servers, is never used for any purpose other than service delivery to your organisation, and is subject to the access controls and audit logging described in our Data Processing Agreement.

5. Data Retention

We retain your data for the following periods:

  • Active account data: retained for the duration of your subscription
  • Post-cancellation: retained for up to 90 days after your subscription ends, then securely deleted or anonymised
  • Usage and audit logs: retained for 12 months to support security monitoring and compliance
  • Legal holds: where required by law (e.g. NDIS record-keeping obligations), data may be retained for longer periods

6. Your Rights

Under the Privacy Act 1988 (Cth) and applicable Australian privacy law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (subject to legal retention requirements)
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us.

7. Third-Party Services

We use a limited number of trusted third-party services to operate the Platform (e.g. cloud infrastructure, email delivery). These providers act as processors under our instruction and are bound by data protection agreements. We do not use third-party analytics tools that track your users across other websites.

8. Contact

If you have questions about how we use your data, please contact us. Our Privacy Officer can be reached through the same contact form.