This privacy statement is effective as of November 18th, 2019. Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.
This Policy sets out how Early Learning Management complies with the Act and addresses how we collect, hold, use and disclose your personal information, including any financial information that you provide to Early Learning Management.
What is Personal Information?
Personal information is information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in a material form or not, about an identified or reasonably identified individual and an indication of intention in respect of an individual. Personal information may be collected directly by Early Learning Management from you (or your representative), or via a third party. In most situations, Early Learning Management collects personal information about an individual from the Early Learning Management client or from the Early Learning Management client where the parent/guardian has a child enrolled in the childcare centre. In particular, we may also collect your personal information when you:
Register on our website to use the services we provide;
(a) post to the Early Learning Management Forum, blogs or on any of our social media platforms including but not limited to Facebook, Twitter and Instagram;
(b) contact the Early Learning Management support team;
(c) visit our website.
Where Early Learning Management is provided with personal information by its clients;
Early Learning Management relies on its clients having obtained the consent of the individual for the collection, use, and disclosure of his or her personal information to and by Early Learning Management. Early Learning Management will not ask you for any personal information which we do not need. The Act requires that we should only collect information for a purpose that is reasonably necessary for or directly related to our activities and operations.
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record. An employee record is a record of personal information relating to the employment of an employee. Examples of personal information about the employment of an employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee.
Information we May Collect from You
Early Learning Management collects only the information necessary to provide its services. The information you give us; specifically, Early Learning Management collects and holds the following types of personal information (which will vary depending on the context of the collection):
(a) Name, address and contact details (for example email, phone and fax) – including for parents/guardians and their child(ren);
(b) Information about employment on its employees (for example user ID, salary details, payroll details, superannuation contributions, PAYG withholding tax). Early Learning Management utilises this information for its payroll product ‘iPayrollPro’ for all of its childcare centres;
(c) Information about identity (for example date of birth) – including for parents/guardians and their child(ren);
(d) Information about financial affairs (for example banking details, payment details) – including for parents/guardians and their child(ren).
Information we Collect About You
Concerning each of your visits to our website, we may automatically collect the following information Technical information, including the following:
(b) Browser type and version;
(c) Time zone setting;
(d) Browser plug-in types and versions;
(e) Operating system and platform;
(f) Information about your visit, including the following:
Full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time);
Products you viewed or searched for;
Page response times download errors, the length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. Early Learning Management will generally only collect personal information from its website where a person chooses to provide that information. If you visit our website to download or read information, then we may record technical information (for example your IP or server address, the time and date of your visit, and your general locality) which does not reveal your identity. This information is used for monitoring and development purposes. Early Learning Management will not make any attempt to identify you in these circumstances, other than in exceptional circumstances, for example, an investigation into the improper use of the website.
Some functionality of our website is run by third parties, for example, Google, Twitter, Facebook, LinkedIn and YouTube, who may capture and store your personal information, including outside of Australia. Those third parties may not be subject to the Act. Early Learning Management is not responsible for the privacy policies of third parties. We encourage you to examine each website’s privacy policies and make your own decisions. Our website may contain links to other websites. Early Learning Management is not responsible for the content or the privacy policies of external websites. Some of the third party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place are based in the United States, and so their processing of your personal data will involve a transfer of data outside the European Economic Area (EEA). Other than this, we shall not transfer your personal information outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented by either:
– using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and/or
– ensuring the providers we are transferring data to and with who are based in the US is part of the Privacy Shield certification scheme which requires them to provide similar protection to personal data shared between Europe and the US.
Ledgerscope Services Limited
Early Learning Management has a subscription with Ledgerscope Services Limited. Ledgerscope Services Limited is a company registered in England (Company Number 10803032) with a registered office at Kemp House, 160 City Road, London, EC1V 2NX. Ledgerscope Services provide a range of online services known as Movemybooks, Checkmybooks and Backupmybooks from each of the following websites www.movemybooks.co.uk, www.checkmybooks.co.uk and www.backupmybooks.com and/or any of the applications used for the purposes of accessing the Services. Ledgerscope Services Limited is what is known as a ‘data controller’ as it is responsible for handling and processing your personal Xero data. Ledgerscope Services Limited are committed to protecting and respecting your privacy and complying with the applicable Data Protection Laws (meaning the Data Protection Act 1998 and, unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998). Your backups are stored in Microsoft data centres in Dublin and Amsterdam compliant with data protection policies. Data is encrypted during transit (using TLS 1.2) from Xero’s servers in the US and then stored encrypted (using 256-bit AES) to protect from unauthorised access. By storing 6 separate copies of all of your backups, in at least 2 different countries, we ensure that the data is protected against outages and disasters.
More information about the facilities used can be found here and is provided in the video below.
Early Learning Management utilises Hubdoc in its financial processes. Hubdoc is a document automation tool that collects key business documents (by automatically collecting documents from third-party websites and by accepting documents that are manually uploaded by users), organises and securely stores the documents in the cloud, extracts data from the documents, and publishes the documents and associated data to third-party accounting and cloud storage platforms. Data security is a core element of Hubdoc’s business and is our top priority. Hubdoc’s security policy takes an extensive, layered approach to security, integrating industry-leading security measures into our procedures, applications and infrastructure. Hubdoc is built with multiple layers of security to protect your personal information. These include Login Security. Your login password is secured using a 256-bit salted hash. Hubdoc uses Transport Layer Security (TLS) technology to encrypt your personal information using the highest encryption algorithm available — the same algorithm utilised by the top U.S. financial institutions.
Hubdoc uses industry leaders McAfee to perform daily scans on our site for vulnerabilities and TRUSTe to certify our privacy practices. For more information on these services, see McAfee’s Secure Site and TRUSTe’s service. Hubdoc’s data centres are monitored by closed-circuit television systems and protected by onsite security teams around the clock. All-access is controlled by a military-grade passcard system. Hubdoc’s data centres comply with national, international and industry standards relating to security.
“Read-Only” Data Separation. Hubdoc pulls all of your bills and statements from your accounts to help you get organised, but Hubdoc does not have the ability to make account changes of any kind. This means that no one, including you, can use your Hubdoc account to access your money or make changes to any of your household accounts.
Early Learning Management uses Xero as its preferred accounting application. When Xero shares data, it may be transferred to and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Rest assured, where Xero disclose personal data to a third party in another country, Xero puts safeguards in place to ensure your personal data remains protected. Xero is certified as compliant with ISO/IEC 27001:2013 which is globally recognised as the premier information security management system (ISMS) standard. Xero achieved certification by developing and implementing a robust security management program, including a comprehensive Information Security Management System (ISMS). Security is a priority for Xero when it comes to your personal data. Xero is committed to protecting your personal data and has appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out Xero’s security pages. If you want more detailed information, Xero has produced a Service Organisation Control (SOC 2) report, which is available on request. The SOC 2 report was produced after an independent auditor’s examination of Xero service controls.
Unsolicited Personal Information
If we receive unsolicited personal information that could not have been obtained through solicited means on reasonable terms, we confirm that the data will be destroyed as soon as reasonably possible.
In some circumstances, we may collect personal information from you which is regarded as sensitive information pursuant to the Act (‘Sensitive Information’). Sensitive Information includes types of personal information such as:
(a) your racial or ethnic origin;
(b) religious beliefs or affiliations;
(c) criminal record;
(d) health information (which may include information about your medical history, immunisations, allergies, special needs, disabilities or injuries) – including for parents/guardians and their child(ren). We will only collect Sensitive Information when necessary;
(e) in accordance with section 3.3 of the APPs as set out in the Act;
(f) about you with your consent and where reasonably necessary for, or directly related to, one or more of our functions or activities.
Where you provide Sensitive Information to us, you consent to us using that Sensitive Information for the purpose for which it was collected. For example, if you provide health information to us, you consent to us using and disclosing that health information in connection with arranging our service.
Purposes for which Personal Information is Collected and Held
By providing us, or otherwise allowing us to collect your personal information, you consent to us using and disclosing your personal information for the purposes for which it was collected, and for related or ancillary purposes. We use information held about you for a number of different purposes relating to its activities and services, including:
(a) providing payroll services and child care management services;
(b) billing and account management;
(c) for internal business operations such as planning, product development, research, and reporting to Early Learning Management-related entities;
(d) advising clients on functions and product launches;
(e) providing direct market offers for products and services provided by or on behalf of Early Learning Management (or other organisations), which Early Learning Management considers being of interest to its clients.
Early Learning Management uses and discloses personal information for the primary purpose for which it is collected. We will only use your personal information for secondary purposes where we are permitted to do so in accordance with the Act. With respect to information, we receive from other sources; We may combine this information with information you give to us and the information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive). We are only allowed to store your personal information for as long as necessary having regard to the purpose for which it was collected or a related or ancillary purpose. We may, therefore, delete your personal information after a reasonable period of time and, if you have not used our services for some time, you may have to re-enter or re-supply your personal information to us.
Collection and Storage of Personal Information Methods
Early Learning Management collects personal information through a number of different methods, including:
(b) telephone and facsimile communications;
(c) email communications;
(d) electronic and paper-based forms.
Do we Send Targeted Emails?
We send commercial email to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our targeted email messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in a marketing email you receive from Early Learning Management, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site. Targeted emails from Early Learning Management may include additional data privacy information, as required by applicable laws.
Do we maintain Customer Relationship Management (CRM) databases?
Like most companies, Early Learning Management uses customer relationship management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail (including web activity following links from our e-mails), website activity of registered users of our website, and other business information included by Early Learning Management professionals based on their personal interactions with you.
Disclosure of Personal Information
Early Learning Management does not sell or rent personal information to anyone. However, in using personal information, it may be necessary for Early Learning Management to disclose personal information to various organisations and/or parties, such as:
(a) the Australian Taxation Office;
(b) banking/financial institutions;
(c) superannuation authorities;
(d) health insurance organisations;
(e) contracted service providers;
(f) business partners;
(g) related companies of Early Learning Management.
Early Learning Management may also disclose personal information in special cases when Early Learning Management believes, in good faith, that such action is reasonably necessary, for example to:
(a) conform to legal requirements or comply with legal process;
(b) protect and defend Early Learning Management’s rights or property;
(c) enforce Early Learning Management’s contractual arrangements; or
(d) protect the interests of Early Learning Management’s clients or others;
(e) Early Learning Management will take seriously any unauthorised or accidental disclosure of personal information. We may also disclose your personal information to third parties. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Other than with respect to the permitted disclosures set out above, and with respect to the overseas recipients detailed below, We will not disclose your personal information without your consent unless We reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as the United States, where our data hosting provider’s servers are located. These countries may have laws different from what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected. For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
Internet and Data Storage
The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our Websites is at your own risk.
You have the right to ask us not to process your data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. We confirm that we will issue emails to our clients confirming the details of Our latest offers, news and updates, Please note that we will not inform you beforehand further than the information provided in this document that we intend to issue this material. If you wish to unsubscribe from receiving our promotional material, please email [email protected] to unsubscribe. You can exercise your right to prevent the processing set out above by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us via the contact details outlined in the Policy. Before we disclose personal information about you to a third party, we will take steps as are reasonable in the circumstances to ensure that you are aware that we have collected the information and the purpose of collecting the third party does not breach the APPs in relation to the information. If you wish to make a complaint in relation to the collection and use of your personal information or any effects to your rights with respect to your personal information or place a request to amend information held about you.
Client Testimonials and Comments
We post client testimonials and comments (client stories) on our website, which may contain personal information. We obtain each client’s consent via email prior to posting their name, business and testimonial.
How to Correct, Access and Update your Personal Information
You are legally obliged to provide us with accurate information, and you agree to update it whenever necessary. You also agree that, in the absence of an update, we can assume that the information submitted to us is correct. You can also choose not to provide us with some of the information we request, however. As a result, we may not be able to provide our service to you.
To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record:
(a) your telephone calls;
(b) customer activities on our website. All recordings are and shall remain our sole property.
Anonymity and Pseudonymity
You have the option of not identifying yourself or using a pseudonym when dealing with the Company in relation to a particular matter. This does not apply where:
(a) the Company is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(b) it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym;
(c) however, in some cases, if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
If you believe we may have breached the privacy rights you may contact us using the contact details set out below. Early Learning Management is committed to achieving a speedy and fair resolution of any complaints and will ensure that your complaint is taken seriously. We will respond to your complaint or request promptly if you provide your contact details to us.
How to Contact Us
If you wish to:
(b) seek correction of or obtain access to your personal information;
(c) ask about how your personal information is collected, used, held or disclosed; or
(d) make a complaint about a breach of your privacy.
You may contact Early Learning Management’s Privacy Officer using the following contact details:
(a) [email protected]
(b) Privacy Officer – PO Box 6309 Gold Coast MC Qld 9726; and
(c) 07 5592 5800