Privacy Policy

This privacy statement is effective as of July 1st, 2021. Please note this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

Early Learning Management ABN 19 632 288 713 (collectively referred to in this document as ‘Early Learning Management’ / ‘we’ / ‘us’ / ‘our’/ ‘Company’) understands and respects the importance of your privacy and is committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you, and this policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. This Privacy Policy (‘Policy’) explains in general terms how Early Learning Management and its subsidiaries, related body corporates and franchisees protect the privacy of your personal information. We are firmly committed to protecting the privacy and confidentiality of personal information, and maintain various physical, electronic and procedural safeguards to protect personal information in our care. Early Learning Management is bound by The Privacy Act 1988 (Cth) (‘Act’) as amended from time to time, which includes obligations under the Notifiable Data Breach (“NDB”) Scheme introduced in February 2018.

This document sets out the Company’s policy with the protection of personal information, as under the Act and the Australian Privacy Principles (‘APPs’). The APPs regulate the handling of personal information. The Act regulates how public agencies and individual private organisations can collect, hold, use and disclose personal information, and how you can access and correct personal information. The Act applies only to information about individuals, not to information about corporate entities, such as businesses, firms or trusts.

This Policy sets out how Early Learning Management complies with the Act and addresses how we collect, hold, use and disclose your personal information, including any financial information that you provide to Early Learning Management.

The purpose of the Privacy Policy is generally to inform people of:

• how and when we collect Personal Information or Personal Data (as applicable);
• how we use and disclose Personal Information or Personal Data (as applicable);
• how we keep Personal Information or Personal Data (as applicable) secure, accurate and up-to-date;
• how an individual can access and correct their Personal Information or Personal Data (as applicable); and
• how we will facilitate or resolve a privacy complaint.

We will only use or disclose your Personal Information or Personal Data (as applicable) for the primary purpose for which it was collected or consented to by you. At or around the time we collect Personal Information or Personal Data (as applicable) from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.

If you have any questions or comments about this policy, please email our privacy officer at info@elm.net.au and we will attend to your query promptly.

This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record. An employee record is a record of personal information relating to the employment of an employee.

• Contact information including name, email address, current postal and residential address, phone numbers, country of residence, next of kin, emergency contact details.
• Employee record information.
• Identifying information including your photos, passport and residency details, date of birth.
• CV resume or application related information, including the details provided in your resume or CV, your eligibility to work in Australia, your education, previous employment details.
• Tax, superannuation and payroll information.
• Background check information from third parties.
• Medical or health information that you voluntarily provide to us as part of your pre-employment screening.
• Performance related information.
• Information collected from referees (as nominated by you).
• Background checks are collected for the purpose of assessing the candidate for suitability for the role.
• Utilising the information collection for administrative and performance monitoring use.

We may disclose your Personal Information or Personal Data (as applicable) to;

• Relevant superannuation companies;
• Government agencies, including but not limited to the Australian Taxation Office, Centrelink and the Child Support Agency;
• Relevant Worker’s Compensation organisation;
• Third party referees provided by you in connection with a job application;
• Service providers;
• Recruitment agents used in connection with your application with us;
• Third parties in connection with the sale of any part of our business or an entity that we own;
• Third parties in connection with obtaining any background checks, pre-employment screenings;
• Financial institutions for payroll purposes; or
• As required or authorised by law.

As much as possible or unless provided otherwise in this Privacy Policy or a notification, we will collect your Personal Information or Personal Data (as applicable) directly from you

We may collect Personal Information or Personal Data (as applicable):

• In conversations with you and your employees, in person or by e-mail, fax and telephone;
• From your employees when they interact with the Application;
• When an individual signs up or registers to use the Application;
• When personal information about including a photograph or video of an individual is loaded into the Application. Without limiting this, subject to our Terms of Use, there may be circumstances when a Child may be photographed or filmed in connection with educational or related activities by staff at a centre (including incidentally) with another such Child, which image/film is subsequently posted on a Service Centre account by a person who is authorised by a Primary Account Holder to view and/or access a Child Profile, being typically but not exclusively limited to that Child’s parents/guardians and family members, specialists, and the Child’s Early Childhood Providers (each an “Centre Admin, Owner Admin”);
• If materials created by a child include such personal information and are loaded into the Application by the child or other persons authorised by the child’s parent or guardian to do so;
• In relation to a child, from that person’s parent or guardian, family member or Early Childhood Provider at a centre using the Application, or a professional care provider who has registered to use the Application;
• In respect of sensitive information (as defined in privacy legislation) when such information is submitted in relation to a child or an adult in posts made by Users through the Application;
• From third parties, such as your employees, your accountant, related companies, credit reporting agencies or your representatives;
• When we are required to do so by law; and
• From our own records of your use of Early Learning Management services.

We may also collect Personal Information or Personal Data (as applicable) about you from other sources. For instance, when we collect information about you from third parties or from publicly available sources (e.g. court judgments, bankruptcy searches, Australia Post or social media platforms).

If we collect information about you from someone else, we will, wherever reasonably possible, inform you that we have done this and why, unless this information is collected from any personal referee, from a publicly available source or as otherwise required by law.

Where we inadvertently collect Personal Information or Personal Data (as applicable) from you, or a third party, in circumstances where we have not requested that Personal Information or Personal Data (as applicable) and we consider that it is not required, we will destroy or de-identify that information.

We take security of your Personal Information or Personal Data (as applicable) seriously, and will hold it securely and store it on infrastructure owned or controlled by us or with a third party service provider who has taken reasonable steps to assist us in complying with the Privacy Act 1988 (Cth).

If you use our website, we may utilise “cookies”, which enable us to monitor traffic patterns, trends and to serve you more efficiently if you revisit our website. We may also gather your IP address as part of our business activities, and to assist with operational difficulties or support issues with our services. This information does not identify you personally, but may identify your internet service provider. This information, combined with other sources of Personal Information or Personal Data (as applicable), may enable us to identify you. If you do not wish for this to occur, you can set your browser to notify you of this, and you may then accept or reject it.

Your Personal Information or Personal Data (as applicable) may be used to:

• Provide products and services to you;
• Collect payments and to administer your account;
• Provide you with updated or new information about our products or services;
• For development of existing and new products and services;
• Maintain and update our business infrastructure and systems;
• Actively promote our other products and services to you. If you do not wish to receive such communications, please advise us;
• For research into our client base and for related purposes by our research team, including aggregated (anonymous) benchmarking data.

Products you viewed or searched for;

Page response times download errors, the length of visits to certain pages, page interaction information (including scrolling, clicks, and mouse-overs), and methods used to browse away from the page, and any phone number used to call our customer service number. Early Learning Management will generally only collect personal information from its website where a person chooses to provide that information. If you visit our website to download or read information, then we may record technical information (for example, your IP or server address, the time and date of your visit, and your general locality), which does not reveal your identity. This information is used for monitoring and development purposes. Early Learning Management will not make any attempt to identify you in these circumstances, other than in exceptional circumstances, for example, an investigation into the improper use of the website.

Some functionality of our website is run by third parties, for example Google, Twitter, Facebook, LinkedIn and YouTube, who may capture and store your personal information, including outside Australia. Those third parties may not be subject to the Act. Early Learning Management is not responsible for the privacy policies of third parties. We encourage you to examine each website’s privacy policies and make your own decisions. Our website may contain links to other websites. Early Learning Management is not responsible for the content or privacy policies of external websites. Some third party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place are based in the United States, and so their processing of your personal data will involve a transfer of data outside the European Economic Area (EEA). Other than this, we shall not transfer your personal information outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented by either:

• Using specific contracts approved by the European Commission, which give personal data the same protection it has in Europe; and/or
• Ensuring the providers we are transferring data to and with who are based in the US is part of the Privacy Shield certification scheme, which requires them to provide similar protection to personal data shared between Europe and the US.

In some circumstances, we may collect personal information from you, which is considered sensitive information pursuant to the Act (‘Sensitive Information’). Sensitive Information includes types of personal information, including:

• Your racial or ethnic origin;
• Religious beliefs or affiliations;
• Criminal record;
• Health information (which may include information about your medical history, immunisations, allergies, special needs, disabilities or injuries) – including for parents/guardians and their child(ren). We will only collect Sensitive Information when necessary;
• In accordance with section 3.3 of the APPs as set out in the Act;
• About you with your consent, and where reasonably necessary for, or directly related to, one or more of our functions or activities.

Where you provide Sensitive Information to us, you consent to us using that Sensitive Information for the purpose for which it was collected. We may also collect sensitive information from you. Sensitive information is a subset of Personal Information or Personal Data (as applicable). It includes information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purposes of automated biometric verification or biometric identification or biometric templates.

In general, we attempt to limit the amount of sensitive information collected from you, but inherent in using our product is the likelihood that we will collect sensitive information from you, and you will collect that from your employees. We do not and will not use sensitive information to send you direct marketing communications without your express consent. We may collect sensitive information from you, or you, from your employees, where you (or your employee, as the case may be) has consented and agreed to the collection of such information. We will endeavour to obtain this consent at or around the point in time in which we collect sensitive information.

Any Personal Information or Personal Data (as applicable) collected and held by us may be disclosed to, and held at, a destination outside Australia, including, but not limited to, the United Kingdom and the United States of America, where we use third party service providers to assist us in providing Early Learning Management’s application and other services to you.

Personal Information or Personal Data (as applicable) may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies. All personal information and images, documents, videos relating to children, guardians and employees within Early Learning Management’s services are hosted in Australia.

By submitting your Personal Information or Personal Data (as applicable) to Early Learning Management, you expressly agree and consent to the disclosure, transfer, storage or processing of your Personal Information or Personal Data (as applicable) outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia regarding Personal Information or Personal Data (as applicable). However, we will take appropriate steps to ensure that your Personal Information or Personal Data (as applicable) is used by third parties securely and in accordance with the terms of this Privacy Policy.

Early Learning Management uses Xero as its preferred accounting application. When Xero shares data, it may be transferred to and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Rest assured, where Xero disclose personal data to a third party in another country, Xero puts safeguards in place to ensure your personal data remains protected. Xero is certified as compliant with ISO/IEC 27001:2013 which is globally recognised as the premier information security management system (ISMS) standard. Xero achieved certification by developing and implementing a robust security management program, including a comprehensive Information Security Management System (ISMS). Security is a priority for Xero when it comes to your personal data. Xero is committed to protecting your personal data and has appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out Xero’s security pages. If you want more detailed information, Xero has produced a Service Organisation Control (SOC 2) report, which is available on request. The SOC 2 report was produced after an independent auditor’s examination of Xero service controls.

Early Learning Management utilises Hubdoc in its financial processes. Hubdoc is a document automation tool that collects key business documents (by automatically collecting documents from third-party websites and by accepting documents that are manually uploaded by users), organises and securely stores the documents in the cloud, extracts data from the documents, and publishes the documents and associated data to third-party accounting and cloud storage platforms. Data security is a core element of Hubdoc’s business and is our top priority. Hubdoc’s security policy takes an extensive, layered approach to security, integrating industry-leading security measures into our procedures, applications and infrastructure. Hubdoc is built with multiple layers of security to protect your personal information. These include Login Security. Your login password is secured using a 256-bit salted hash. Hubdoc uses Transport Layer Security (TLS) technology to encrypt your personal information using the highest encryption algorithm available — the same algorithm utilised by the top U.S. financial institutions.

Hubdoc uses industry leaders McAfee to perform daily scans on our site for vulnerabilities and TRUSTe to certify our privacy practices. For more information on these services, see McAfee’s Secure Site and TRUSTe’s service. Hubdoc’s data centres are monitored by closed-circuit television systems and protected by onsite security teams around the clock. All-access is controlled by a military-grade passcard system. Hubdoc’s data centres comply with national, international and industry standards relating to security.

“Read-Only” Data Separation. Hubdoc pulls all of your bills and statements from your accounts to help you get organised, but Hubdoc does not have the ability to make account changes of any kind. This means that no one, including you, can use your Hubdoc account to access your money or make changes to any of your household accounts.

You have the right to ask us not to process your data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. We confirm that we will issue emails to our clients confirming the details of Our latest offers, news and updates, Please note that we will not inform you beforehand further than the information provided in this document that we intend to issue this material. If you wish to unsubscribe from receiving our promotional material, please email info@elm.net.au to unsubscribe. You can exercise your right to prevent the processing set out above by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us via the contact details outlined in the Policy. Before we disclose personal information about you to a third party, we will take steps as are reasonable in the circumstances to ensure that you are aware that we have collected the information and the purpose of collecting the third party does not breach the APPs in relation to the information. If you wish to make a complaint in relation to the collection and use of your personal information or any effects to your rights with respect to your personal information or place a request to amend information held about you.

We post client testimonials and comments (client stories) on our website, which may contain personal information. We obtain each client’s consent via email prior to posting their name, business and testimonial.

Subject to any exceptions set out in applicable privacy laws, we invite you to access any personal information we may hold about you. Where personal information we hold about you is not accurate, complete, up-to-date or relevant, you may ask us to correct that personal information, and we will respond to your request within a reasonable time. We reserve the right to confirm the identity of the person seeking access or corrections to personal information before complying with a request. If we deny access or correction, we will provide you with the reason for such denial. If you wish to access or seek correction of any personal information we hold about you; please contact us. Please note that under the Act there are circumstances in which we can decline access to or correction of personal information. To access or seek correction of your personal information, please contact Early Learning Management using the contact details set out in the ‘How to contact us’ section of this Privacy Policy.

You are legally obliged to provide us with accurate information, and you agree to update it whenever necessary. You also agree that, in the absence of an update, we can assume that the information submitted to us is correct. You can also choose not to provide us with some of the information we request, however. As a result, we may not be able to provide our service to you.

To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record:

• Your telephone calls;
• Customer activities on our website. All recordings are and shall remain our sole property.

You have the option of not identifying yourself or using a pseudonym when dealing with the Company in relation to a particular matter. This does not apply where:

• The Company is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
• It is impracticable for the Company to deal with individuals who have not identified themselves or have used a pseudonym;
• However, in some cases, if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.

If you believe we may have breached the privacy rights, you may contact us using the contact details above. Early Learning Management is committed to achieving a speedy and fair resolution of any complaints, and will ensure that your complaint is taken seriously. We will respond to your complaint or request promptly if you provide your contact details to us.

To resolve a complaint, we:

• Will liaise with you to identify and define the nature and cause of the complaint;
• May request that you provide the details of the complaint in writing;
• Will keep you informed of the likely time frame within which we will respond to your complaint; and
• Will inform you of the legislative basis (if any) of our decision in resolving such complaints.
• We will maintain a register of all complaints, and any action taken.

This Privacy Policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all of part of this Privacy Policy.

By using our website, purchasing a product or service from us, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you acknowledge and agree to provide the consents given by you in this Privacy Policy, and you have been informed of all the matters in this Privacy Policy.

We reserve the right to modify our Privacy Policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website). If you do not agree to our continued use of your Personal Information or Personal Data (as applicable) due to the changes in our Privacy Policy, please stop providing us with your Personal Information or Personal Data (as applicable) and contact us via the details set out at the top of this Policy (if you are an Australian resident from whom we have collected Personal Information).