CAS systems adhere to the highest level of data security standards, PCI DSS, and CAS employs strict procedures and controls to ensure the security and privacy of our clients information.

CAS's policy on private information, including but not limited to name, address, payment card/account details, is:

CAS may collect information needed to verify a transaction
CAS requires a certain amount of information to process a payment transaction. This includes the credit card/account number, expiry date, the name on the card, and may also include the date of birth, address, phone number(s) or other contact details of the card/account holder.

CAS will retain transaction information
CAS will retain all information about a transaction securely in our systems in accordance with PCI DSS and in accordance with our legal responsibilities to track financial information, and to provide accurate reports and statistics to our clients. This information is also retained and referenced as needed in case of a dispute regarding a transaction.

CAS will not sell or disclose personal information to third parties
CAS will not sell, provide or otherwise disclose information regarding specific persons or transactions from our systems to any party other than:

• The cardholder
• The merchant
• The bank or financial institution acquiring the transaction
• The bank or financial institution that issued the card
• A Government or Law Enforcement Agency authorised by law

and then only for the purpose of resolving a potential dispute about a transaction.

CAS will not use your personal information
CAS will not use your personal information for any purpose, other than to contact you in the event of a problem or dispute with your card or transaction.

CAS must comply with legal requirements
CAS is bound by the laws and legislation of the State of New South Wales and the Commonwealth of Australia. CAS must always comply with our legal requirements, in regard to credit card and other financial transactions, privacy of information, and any other matters. This statement in no way limits the rights or responsibilities of CAS, any merchant, bank or other financial institution, or cardholder. In particular, where the Privacy Act 1988 would conflict with this policy, the Act has effect.