1 INTRODUCTION TO THIS POLICY
2 ABOUT CHILDAWARE
We operate a child safety management software known as ChildAware. This platform allows schools, early childhood services, sporting and community organisations and other organisations which provide services and facilities to children, or employ or engage children to comply with their legal and moral obligations to be child safe.
The platform invites schools, early childhood services, sporting and community organisations and other organisations to create an account with ChildAware and use its functionality and resources to provide for the safety and wellbeing of children who are associated with that school, early childhood service, or other organisation. In this Policy, these schools, early childhood services, sporting and community organisations, and other organisations are referred to as ‘Our Customers.’
Once Our Customers have created an account with ChildAware, they invite individual users such as employees, volunteers, contractors, children and their parents and carers to also create an account on the platform (or use an existing account on the platform), and link themselves to the relevant school, early childhood service, sporting or community organisation, or other organisation. When the individual user creates an account on the platform, they will provide various personal information to create a profile. The user will then be able to link their profile to any of Our Customers who are also using the platform. These individual users are referred to in this policy as ‘you’ and ‘your.'
The platform then allows Our Customers and all users who have linked their profile to Our Customer to use the functionality and resources that are available on our platform.
This policy does not describe the privacy and security practices of Our Customers. You are encouraged to read and understand the privacy policies of Our Customers before you link to them on the ChildAware platform. We will not be responsible for the privacy or security practices of Our Customers.
This policy does not describe the privacy and security practices of social networking services that you may use to interact with us.
4 WHY WE COLLECT PERSONAL INFORMATION
We collect, store, use and disclose personal information for purposes including the following:
- to allow you to create an account and become a user of the ChildAware platform;
- to provide our services to you and Our Customers;
- to provide you with assistance and support, and respond to your enquiries or complaints and reports about our services;
- to improve and optimise our service offering, customer experience and digital tools such as ChildAware, our website and social media;
- to communicate with you about our services and deliver promotional materials, special offers and general information about the services which are similar to those you already use or enquired about unless you have opted not to receive such information (as further described in the Direct Marketing section below);
- to protect the safety and security of the services including detecting and responding to security incidents and other malicious or unlawful activity, and to detect, prevent and address technical issues;
- to protect our legitimate business interests including for fulfilling and exercising our obligations and rights (or to assist Our Customers with their legal obligations, including compliance with all child safety laws), and for exercising or defending legal claims;
- to generate de-identified statistical data to uncover collective insights about the use of our service; and
- in connection with business transfers to facilitate the sale, purchase, merger or demerger of any business by us, including assessing potential transfers and managing transitional arrangements.
We may also collect, use or disclose your personal information when you have provided us with consent to collect, store, use or disclose it for any other purpose.
5 TYPES OF PERSONAL INFORMATION WE COLLECT
The personal information that we collect about you may include the following:
- telephone number, email address and other contact details;
- age or date of birth;
- sensitive information as set out below;
- health information as set out below;
- qualifications, training and other credentials;
- registration status with professional regulatory bodies;
- screening and registration status to engage in child related work;
- information related to your occupation, workplace, professional history and professional interests;
- photos, videos or files that identify you;
- communications between you and other users of ChildAware;
- feedback, opinions, complaints and incidents that you have been involved in any capacity including as a complainant, person who engaged in the conduct, a person who was the subject of the conduct, or as a witness;
- personal, health and other sensitive information about you when you are the subject of, feedback, opinions, complaints or incidents recorded on our platform;
- information about your preferences, interests, and experiences with our services;
- information that you have provided in connection with surveys, questionnaires and promotions that we may send to you;
- your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
- any other information provided by you via our website, our platform, or our online presence; and
- any other information required by us or provided by other users.
The sensitive information that we may collect about you may include:
- information or an opinion about your:
- racial or ethnic origin;
- religious beliefs or affiliations;
- sexual orientation or practices;
- criminal record; and
- your health information.
The health information we may collect about you may include information or an opinion about:
- your health including an illness, disability or injury (at any time);
- your expressed wishes about the future provision of health services; and
- a health service provided, or to be provided, to you.
6 HOW WE COLLECT PERSONAL INFORMATION
6.1 Collection from you
We may collect personal information (including sensitive information) from you in the following ways:
You are invited to create an account with ChildAware. During this process, you will be asked to provide personal information such as your name, email address, mobile number, and password.
Once you have created an account, you can set up your profile. You have a choice about the personal information that you include in your profile. For individuals working for one of Our Customers, this may include your qualifications, your professional registrations, your working with children checks, your criminal history checks, and your photo.
You have a choice about whether you link yourself to one or more of our Customers. When you link yourself with one or more of our Customers, we receive information about that connection, and the role(s) that you play at that organisation.
We may also collect personal information from you when you:
- download or use ChildAware;
- call or email us;
- contact us through our website;
- ask for access to information we hold about you;
- make a complaint or report a matter to us;
- participate in any offers, promotions, competitions, rewards or incentive activities;
- communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
- interact with our website, social applications, services, content and advertising; or
- otherwise provide the information to us in any other way.
6.2 Collection from third parties
We may also collect personal information about you from someone else. For example, this may occur where another user of ChildAware uploads personal information about you on ChildAware, for example in the case of feedback, a complaint or an incident report.
It may also occur when our Customers:
- consent to you being linked to their organisation;
- remove your link to their organisation;
- receive and respond to your feedback, complaints or incidents;
- assign Policies and Training to be reviewed by you; and
- otherwise record activities or actions that relate to you on the ChildAware portal.
6.3 Collection through our website and platform
We may also collect various personal information when you use or access our website and our platform. This includes the following:
We use Google Analytics to collect data about your interaction with our website. The main purpose of collecting your data in this way is understand the performance of our website and to improve your experience with our website and our services.
The type of data we collect with these tools include:
- Your device’s IP address
- Search terms and pages visited on our website
- Date and time when pages are accessed
- Time spent on the page and bounce rate
- Referring domain
- Device screen size
- Geographic location (city)
Cookies are small data files transferred on to computers or devices by our website for record keeping purposes and to enhance functionality on the website.
Most browsers allow you to choose whether to accept cookies or not. Most web browsers are initially set up to accept them. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website and/or platform.
6.4 Collection through social media
We use social networking services such as LinkedIn and Facebook to communicate with the public about our services. When you communicate with us using these services we may collect your personal information.
The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access their privacy policies on their websites.
6.5 Collection of sensitive information
We may collect sensitive information about you during the course of providing our services to you, or engaging with you, either directly or via a third party, with your consent, as required or permitted under laws applicable to us or to Our Customers (for example health and safety legislation), or otherwise in accordance with privacy laws
Where you have provided, and you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, you can contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact us to ask general information about our services, we will not ask for your name and contact details unless we need these to be able to respond to your query.
However, you may not be able to use our Services or access certain functionalities if you do not provide your personal information, for example, we will need your name, your contact details, and other personal information to enable you to create an account.
7 DIRECT MARKETING
We may at times send you marketing communications which will be done in accordance with the Spam Act 2003 (Cth).
In this regard, we may use your email, SMS, social media, phone or mail to send you direct marketing communications.
Where consent is needed, we will ask you for your consent before sending you marketing communications, except where you:
- have explicitly opted-in to receiving email marketing from us in the past; or
- were given the option to opt-out of email marketing when you initially signed up for our services and you did not do so.
8 WHEN WE MAY DISCLOSE PERSONAL INFORMATION
8.1 To Our Customers
If you request to link your account to one of our Customer’s accounts you consent to profile information being visible to that organisation, such as your name and contact details, for the purpose of that organisation assessing your suitability to be linked to that organisation.
Our Customers may also send you link by email or SMS, using details that you have already provided to them, inviting you to link your account to the account for the organisation. You have a choice about whether to accept an invitation and link your profile to the organisation.
If you choose to connect to one or more of Our Customers, you consent to those Customers and all authorised individuals who are employed or engaged by those Customers having access to your profile on the ChildAware platform. This enables Our Customers to view your profile and to communicate with your using this platform. This also enables you to communicate with Our Customers, including by providing feedback and making complaints, and receiving incidents reports. It also enables Our Customers to invite you to review and acknowledge policies, to complete specified training, and to verify and/or update your professional registrations, your working with children checks, your qualifications or any other personal information that may appear on your profile.
8.2 To third party third party service providers
We may disclose your personal information to third party providers who assist us to provide and develop or enhance our services. This may include third party providers who assist us to improve or enhance our services, conduct maintenance, conduct analysis, or provide storage or security services.
We may disclose your personal information to obtain the services of our professional advisers such as insurance providers, accountants, lawyers and auditors.
8.3 Other disclosures
We may disclose your personal information in the following circumstances:
- Where the disclosure of your personal information is for a secondary purpose related to the primary purpose (directly related in the case of sensitive information), and in circumstances where you would reasonably expect us to disclose your personal information in that way;
- where we reasonably believe that the disclosure of your personal information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
- when we reasonably believe that it is needed to take action in relation to unlawful activity or misconduct of a serious nature such as fraud;
- where it is required or authorised by privacy and other laws, under a subpoena, court order or other mandatory reporting requirement; or
- where there is a change in control or sale. We may disclose your personal information as part of a sale, merger or change of control, or in preparation for any of these events.
9 CORRECTION OF PERSONAL INFORMATION
We will take reasonable steps to ensure that the personal information that we collect is accurate, up to date and complete.
If you believe that the personal information we have collected about you is inaccurate, out of date, incomplete, irrelevant or misleading we encourage you to contact us using the contact details set out below.
We may need to verify your identity before considering the request. In some cases, we may be unable to correct your personal information and where this occurs, we will explain why. We will deal with all requests for correction to personal information within a reasonable timeframe.
10 SECURITY OF PERSONAL INFORMATION
We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access.
Generally, we store all personal information on secure servers managed by third party cloud storage providers whose servers are located in Australia.
We use a range of administrative and technical measures to protect our systems. This may include:
- Password protection
- Encryption of many of our services using Secure Sockets Layer (SSL) or Transport Layer Security (TSL)
- Restricting access to personal information to our employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Whilst we take reasonable measures to protect the security of your personal information, no data storage or transmission systems can be guaranteed as fully secure. Accordingly, we cannot guarantee or warrant the security of any personal information we collect from being accessed, disclosed, altered or destroyed by a breach of our security measures and safeguards.
11 ACCESS TO PERSONAL INFORMATION
If you would like to request access to the personal information that we have collected about you, you are encouraged to contact us using the contact details set out below.
We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.
If you would like to complain about how we, our employees or contractors, or our third party service providers handle your personal information, please contact us using the details set out below. We will investigate your complaint promptly and respond to you within a reasonable timeframe.
If you are unsatisfied with how we handle your complaint, you may contact the Office of the Australian Information Commissioner at:
Address: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected]
13 CONTACT US
Name: ChildAware Privacy Officer
Email: [email protected]
Address: 6 Riddell Parade Elsternwick VIC 3185
As part of any correspondence, it is important that you include your name and your contact details including a telephone number and email address.