iChildcare Management Pty Ltd ATF Early Learning Management Trust ABN 19 632 288 713 (collectively referred to in this document as ‘Early Learning Management’ / ‘we’ / ‘us’ / ‘our’/ ‘Company’) understands & respects the importance of your privacy & is committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you, & this policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
Early Learning Management is bound by The Privacy Act 1988 (Cth) (‘Act’) as amended from time to time. This document sets out the Company’s policy with the protection of personal information, as under the Act & the Australian Privacy Principles (‘APPs’). The APPs regulate the handling of personal information.
The Act regulates how public agencies & individual private organisations can collect, hold, use & disclose personal information, & how you can access & correct that personal information. The Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts.
This Policy sets out how Early Learning Management complies with the Act & addresses how we collect, hold, use & disclose your personal information, including any financial information that you provide to Early Learning Management.
What is Personal Information?
Personal information is information which relates to a living individual who can be identified from that information, or from that information & other information in a person’s possession, including any expression of opinion, whether true or not, & whether recorded in material form or not, about an identified or reasonably identified individual, & an indication of intention in respect of an individual. Personal information may be collected directly by Early Learning Management from you (or your representative), or via a third party. In most situations, Early Learning Management collects personal information about an individual from the Early Learning Management client or from the Early Learning Management client where the parent/guardian has a child enrolled in the childcare centre. In particular, we may also collect your personal information when you:
Register on our website to use the services we provide;
(a) post to the Early Learning Management Forum, blogs or on any of our social media platforms including but not limited to Facebook, Twitter & Instagram;
(b) contact the Early Learning Management support team;
(c) visit our website.
Where Early Learning Management is provided with personal information by its clients;
Early Learning Management relies on its clients having obtained the consent of the individual for the collection, use, & disclosure of his or her personal information to & by Early Learning Management. Early Learning Management will not ask you for any personal information which we do not need. The Act requires that we should only collect information for a purpose that is reasonably necessary for or directly related to our activities & operations.
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record. An employee record is a record of personal information relating to the employment of an employee. Examples of personal information about the employment of an employee include, but are not limited to, health information & information about the engagement, training, disciplining, resignation, termination, terms & conditions of employment of the employee.
Information we may Collect from You
Early Learning Management collects only the information necessary to provide its services.
The information you give us; specifically, Early Learning Management collects & holds the following types of personal information (which will vary depending on the context of the collection):
(a) Name, address & contact details (for example email, phone & fax) – including for parents/guardians & their child(ren);
(b) Information about employment on its employees (for example user ID, salary details, payroll details, superannuation contributions, PAYG withholding tax). Early Learning Management utilises this information for its payroll product ‘iPayrollPro’ for all of its childcare centres;
(c) Information about identity (for example date of birth) – including for parents/guardians & their child(ren);
(d) Information about financial affairs (for example banking details, payment details) – including for parents/guardians & their child(ren).
Information We Collect About You
Concerning each of your visits to our website, we may automatically collect the following information Technical information, including the following:
(b) Browser type & version;
(c) Time zone setting;
(d) Browser plug-in types & versions;
(e) Operating system & platform;
(f) Information about your visit, including the following:
Full Uniform Resource Locators (URL) clickstream to, through & from our site (including date & time);
Products you viewed or searched for;
Page response times download errors, the length of visits to certain pages, page interaction information (such as scrolling, clicks, & mouse-overs), & methods used to browse away from the page & any phone number used to call our customer service number.
Early Learning Management will generally only collect personal information from its website where a person chooses to provide that information. If you visit our website to download or read information, then we may record technical information (for example your IP or server address, the time & date of your visit, & your general locality) which does not reveal your identity. This information is used for monitoring & development purposes. Early Learning Management will not make any attempt to identify you in these circumstances, other than in exceptional circumstances, for example, an investigation into the improper use of the website.
Some functionality of our website is run by third parties, for example, Google, Twitter, Facebook, LinkedIn & YouTube, who may capture & store your personal information, including outside of Australia. Those third parties may not be subject to the Act. Early Learning Management is not responsible for the privacy policies of third parties. We encourage you to examine each website’s privacy policies & make your own decisions. Our website may contain links to other websites. Early Learning Management is not responsible for the content or the privacy policies of external websites.
Some of the third party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place are based in the United States, and so their processing of your personal data will involve a transfer of data outside the European Economic Area (EEA). Other than this, we shall not transfer your personal information outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented by either:
– using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and/or
– ensuring the providers we are transferring data to and with who are based in the US are part of the Privacy Shield certification scheme which requires them to provide similar protection to personal data shared between Europe and the US.
Ledgerscope Services Limited
Early Learning Management has a subscription with Ledgerscope Services Limited. Ledgerscope Services Limited is a company registered in England (Company Number 10803032) with a registered office at Kemp House, 160 City Road, London, EC1V 2NX. Ledgerscope Services provide a range of online services known as Movemybooks, Checkmybooks and Backupmybooks from each of the following websites www.movemybooks.co.uk, www.checkmybooks.co.uk and www.backupmybooks.com and/or any of the applications used for the purposes of accessing the Services. Ledgerscope Services Limited is what is known as a ‘data controller’ as it is responsible for handling and processing your personal Xero data. Ledgerscope Services Limited are committed to protecting and respecting your privacy and complying with the applicable Data Protection Laws (meaning the Data Protection Act 1998 and, unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998). Your backups are stored in Microsoft datacentres in Dublin and Amsterdam compliant with data protection policies. Data is encrypted during transit (using TLS 1.2) from Xero’s servers in the US and then stored encrypted (using 256-bit AES) to protect from unauthorised access. By storing 6 separate copies of all of your backups, in at least 2 different countries, we ensure that the data is protected against outages and disasters.
More information about the facilities used can be found here and is provided in the video below.
Early Learning Management utilises Hubdoc in its financial processes. Hubdoc is a document automation tool that collects key business documents (by automatically collecting documents from third-party websites and by accepting documents that are manually uploaded by users), organizes and securely stores the documents in the cloud, extracts data from the documents, and publishes the documents and associated data to third-party accounting and cloud storage platforms. Data security is a core element of Hubdoc’s business and is our top priority. Hubdoc’s security policy takes an extensive, layered approach to security, integrating industry-leading security measures into our procedures, applications and infrastructure.
Hubdoc is built with multiple layers of security to protect your personal information. These include Login Security. Your login password is secured using a 256-bit salted hash.
- Encryption. We use Transport Layer Security (TLS) technology to encrypt your personal information using the highest encryption algorithm available — the same algorithm utilised by the top U.S. financial institutions.
- Third-Party Verification. We use industry leaders McAfee to perform daily scans on our site for vulnerabilities and TRUSTe to certify our privacy practices. For more information on these services, see McAfee’s Secure Site and TRUSTe’s service.
- Data Centre Security. Hubdoc’s data centres are monitored by closed circuit television systems and protected by onsite security teams around the clock. All access is controlled by a military-grade passcard system. Hubdoc’s data centres comply with national, international and industry standards relating to security.
- “Read-Only” Data Separation. Hubdoc pulls all of your bills and statements from your accounts to help you get organised, but Hubdoc does not have the ability to make account changes of any kind. This means that no one, including you, can use your Hubdoc account to access your money or make changes to any of your household accounts.
Early Learning Management uses Xero as its preferred accounting application. When Xero shares data, it may be transferred to and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Rest assured, where Xero disclose personal data to a third party in another country, Xero puts safeguards in place to ensure your personal data remains protected. Xero is certified as compliant with ISO/IEC 27001:2013 which is globally recognised as the premier information security management system (ISMS) standard. Xero achieved certification by developing and implementing a robust security management program, including a comprehensive Information Security Management System (ISMS). Security is a priority for Xero when it comes to your personal data. Xero is committed to protecting your personal data and has appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out Xero’s security pages. If you want more detailed information, Xero has produced a Service Organisation Control (SOC 2) report, which is available on request. The SOC 2 report was produced after an independent auditor’s examination of Xero service controls.
Unsolicited Personal Information
If we receive unsolicited personal information that could not have been obtained through solicited means on reasonable terms, we confirm that the data will be destroyed as soon as reasonably possible.
In some circumstances, we may collect personal information from you which is regarded as sensitive information pursuant to the Act (‘Sensitive Information’). Sensitive Information includes types of personal information such as:
(a) your racial or ethnic origin;
(b) religious beliefs or affiliations;
(c) criminal record;
(d) health information (which may include information about your medical history, immunisations, allergies, special needs, disabilities or injuries) – including for parents/guardians & their child(ren). We will only collect Sensitive Information when necessary;
(e) in accordance with section 3.3 of the APPs as set out in the Act;
(f) about you with your consent & where reasonably necessary for, or directly related to, one or more of our functions or activities.
Where you provide Sensitive Information to us, you consent to us using that Sensitive Information for the purpose for which it was collected. For example, if you provide health information to us, you consent to us using & disclosing that health information in connection with arranging our service.
Purposes for which Personal Information is Collected & Held
By providing us, or otherwise allowing us to collect your personal information, you consent to us using & disclosing your personal information for the purposes for which it was collected, & for related or ancillary purposes. We use information held about you for a number of different purposes relating to its activities & services, including:
(a) providing payroll services & child care management services;
(b) billing & account management;
(c) for internal business operations such as planning, product development, research, & reporting to Early Learning Management-related entities;
(d) advising clients on functions & product launches;
(e) providing direct market offers for products & services provided by or on behalf of Early Learning Management (or other organisations), which Early Learning Management considers being of interest to its clients.
Early Learning Management uses & discloses personal information for the primary purpose for which it is collected. We will only use your personal information for secondary purposes where we are permitted to do so in accordance with the Act. With respect to information, we receive from other sources; We may combine this information with information you give to us & information we collect about you. We may use this information & the combined information for the purposes set out above (depending on the types of information we receive). We are only allowed to store your personal information for as long as necessary having regard to the purpose for which it was collected or a related or ancillary purpose. We may, therefore, delete your personal information after a reasonable period of time &, if you have not used our services for some time, you may have to re-enter or re-supply your personal information to us.
Collection & Storage of Personal Information Methods
Early Learning Management collects personal information through a number of different methods, including:
(b) telephone & facsimile communications;
(c) email communications;
(d) electronic & paper-based forms.
Disclosure of Personal Information
Early Learning Management does not sell or rent personal information to anyone. However, in using personal information, it may be necessary for Early Learning Management to disclose personal information to various organisations &/or parties, such as:
(a) the Australian Taxation Office;
(b) banking/financial institutions;
(c) superannuation authorities;
(d) health insurance organisations;
(e) contracted service providers;
(f) business partners;
(g) related companies of Early Learning Management.
Early Learning Management may also disclose personal information in special cases when Early Learning Management believes, in good faith, that such action is reasonably necessary, for example to:
(a) conform to legal requirements or comply with legal process;
(b) protect & defend Early Learning Management’s rights or property;
(c) enforce Early Learning Management’s contractual arrangements; or
(d) protect the interests of Early Learning Management’s clients or others;
(e) Early Learning Management will take seriously any unauthorised or accidental disclosure of personal information. We may also disclose your personal information to third parties. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Other than with respect to the permitted disclosures set out above, & with respect to the overseas recipients detailed below, We will not disclose your personal information without your consent unless We reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
Internet & Data Storage
The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our Websites is at your own risk.
You have the right to ask us not to process your data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
We confirm that we will issue emails to our clients confirming the details of Our latest offers, news & updates, Please note that we will not inform you beforeh& further than the information provided in this document that we intend to issue this material. If you wish to unsubscribe from receiving our promotional material, please email [email protected] to unsubscribe. You can exercise your right to prevent the processing set out above by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us via the contact details outlined in the Policy. Before we disclose personal information about you to a third party, we will take steps as are reasonable in the circumstances to ensure that you are aware that we have collected the information & the purpose of collecting the third party does not breach the APPs in relation to the information. If you wish to make a complaint in relation to the collection & use of your personal information or any effects to your rights with respect to your personal information or place a request to amend information held about you.
Client Testimonials & Comments
We post client testimonials & comments (client stories) on our website, which may contain personal information. We obtain each client’s consent via email prior to posting their name, business & testimonial.
How to Correct, Access & Update your Personal Information
You are legally obliged always to provide us with accurate information, & you agree to update it whenever necessary. You also agree that, in the absence of an update, we can assume that the information submitted to us is correct.
You can also choose not to provide us with some of the information we request, however. As a result, we may not be able to provide our service to you.
To ensure that we carry out your instructions accurately, to help improve our service & in the interest of security, we may monitor &/or record:
(a) your telephone calls;
(b) customer activities on our website. All recordings are & shall remain our sole property.
Anonymity & Pseudonymity
You have the option of not identifying yourself or using a pseudonym when dealing with the Company in relation to a particular matter. This does not apply where:
(a) the Company is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(b) it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym;
(c) however, in some cases, if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
If you believe we may have breached the privacy rights you may contact us using the contact details set out below. Early Learning Management is committed to achieving a speedy & fair resolution of any complaints & will ensure that your complaint is taken seriously. We will respond to your complaint or request promptly if you provide your contact details to us.
How to contact us
If you wish to:
(b) seek correction of or obtain access to your personal information;
(c) ask about how your personal information is collected, used, held or disclosed; or
(d) make a complaint about a breach of your privacy.
You may contact Early Learning Management’s Privacy Officer using the following contact details:
(a) [email protected]
(b) Privacy Officer – PO Box 6309 Gold Coast MC Qld 9726; &
(c) 07 5592 5800
Last updated: 30 March 2019