- NumeroPro Pty Ltd ACN 652 326 121 as trustee for The ELS Venture Trust t/as Kidsoft (collectively referred to in this document as ‘NumeroPro’ / ‘we’ / ‘us’ / ‘our’/ ‘Company’/ ‘Kidsoft’) understands and respects the importance of your privacy and is committed to safeguarding your personal information. In providing our service to you, we must collect personal information from you, and this policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
- NumeroPro is bound by The Privacy Act 1988 (Cth) (‘Act’) as amended from time to time. This document sets out the Company’s policy with the protection of personal information, as under the Act and the Australian Privacy Principles (‘APPs’). The APPs regulate the handling of personal information.
- The Act regulates how public agencies and individual private organisations can collect, hold, use and disclose personal information, and how you can access and correct that personal information. The Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts.
- This Policy sets out how NumeroPro complies with the Act and addresses how we collect, hold, use and disclose your personal information, including any financial information that you provide to NumeroPro.
- If we do not receive personal information about you, this Policy will not apply.
2. What is personal information?
Personal information is information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identified individual, and any indication of intention in respect of an individual. Personal information may be collected directly by NumeroPro from you (or your representative), or via a third party. In most situations, NumeroPro collects personal information about an individual from the NumeroPro client or from the NumeroPro client where the parent/guardian has a child enrolled in the childcare centre. In particular, we may also collect your personal information when you:
- register on our website to use the services we provide;
- use our services;
- post to the Kidsoft Forum, blogs or on any of our social media platforms including but not limited to Facebook, Twitter and Instagram;
- contact the Kidsoft support team; and
- visit our website.
Where NumeroPro is provided with personal information by its clients; NumeroPro relies on its clients having obtained the consent of the individual for the collection, use, and disclosure of his or her personal information to and by NumeroPro. NumeroPro will not ask you for any personal information which we do not need. The Act requires that we should only collect information for a purpose that is reasonably necessary for or directly related to our activities and operations.
3. Employee Records
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.
- An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of an employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, and terms and conditions of employment of the employee. Please see the Act for further examples of employee records.
4. Information we may collect from you
NumeroPro collects only the information necessary to provide its services.
Information you give us
Specifically, NumeroPro collects and holds the following types of personal information (which will vary depending on the context of the collection):
- Name, address and contact details (for example email, phone and fax) – including for parents/guardians and their child(ren);
- Information about employment on its employees (for example user ID, salary details, payroll details, superannuation contributions, PAYG withholding tax). NumeroPro utilises this information for its payroll product ‘iPayrollPro’ for all of its childcare centres;
- Information about identity (for example date of birth) – including for parents/guardians and their child(ren);
- Government identifiers (for example Tax File Number, Customer Reference Number) – including for parents/guardians and their child(ren); and
- Information about financial affairs (for example banking details, payment details) – including for parents/guardians and their child(ren).
Information we collect about you.
Concerning each of your visits to our website, we may automatically collect the following information Technical information, including the following:
- Browser type and version;
- Time zone setting;
- Browser plug-in types and versions; and
- Operating system and platform; and
Information about your visit, including the following:
- Full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time);
- Products you viewed or searched for; and
- Page response times download errors, the length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- NumeroPro will generally only collect personal information from its website where a person chooses to provide that information. If you visit our website to download or read information, then we may record technical information (for example your IP or server address, the time and date of your visit, and your general locality) which does not reveal your identity. This information is used for monitoring and development purposes. NumeroPro will not make any attempt to identify you in these circumstances, other than in exceptional circumstances, for example, an investigation into the improper use of the website.
- Some functionality of our website is run by third parties, for example, Google, Twitter, Facebook, LinkedIn and YouTube, who may capture and store your personal information, including outside of Australia. Those third parties may not be subject to the Act. NumeroPro is not responsible for the privacy policies of third parties. We encourage you to examine each website’s privacy policies and make your own decisions. Our website may contain links to other websites. NumeroPro is not responsible for the content or the privacy policies of external websites.
5. Unsolicited Personal Information
In the event that we receive unsolicited personal information that could not have been obtained through solicited means on reasonable terms, we confirm that the information will be destroyed as soon as reasonably possible.
6. Sensitive information
In some circumstances, we may collect personal information from you which is regarded as sensitive information pursuant to the Act (‘Sensitive Information’). Sensitive Information includes types of personal information such as:
- your racial or ethnic origin;
- religious beliefs or affiliations;
- criminal record; and
- health information (which may include information about your medical history, immunisations, allergies, special needs, disabilities or injuries) – including for parents/guardians and their child(ren). We will only collect Sensitive Information when necessary:
- in accordance with section 3.3 of the APPs as set out within the Act; and
- about you with your consent and where reasonably necessary for, or directly related to, one or more of our functions or activities.
Where you provide Sensitive Information to us, you consent to us using that Sensitive Information for the purpose for which it was collected. For example, if you provide health information to us, you consent to us using and disclosing that health information in connection with arranging our service.
7. Purposes for which personal information is collected and held
By providing us, or otherwise allowing us to collect your personal information, you consent to us using and disclosing your personal information for the purposes for which it was collected, and for related or ancillary purposes. We use information held about you for a number of different purposes relating to its activities and services, including:
- providing payroll services and child care management services;
- billing and account management;
- for internal business operations such as planning, product development, research, and reporting to NumeroPro-related entities;
- advising clients of functions and product launches; and
- providing direct market offers for products and services provided by or on behalf of NumeroPro (or other organisations), which NumeroPro considers being of interest to its clients.
NumeroPro uses and discloses personal information for the primary purpose for which it is collected. We will only use your personal information for secondary purposes where we are permitted to do so in accordance with the Act. With respect to information, we receive from other sources; We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive). We are only allowed to store your personal information for as long as necessary having regard to the purpose for which it was collected or a related or ancillary purpose. We may, therefore, delete your personal information after a reasonable period of time and, if you have not used our services for some time, you may have to re-enter or re-supply your personal information to us.
8. Collection and storage of personal information
NumeroPro collects personal information through a number of different methods, including:
- telephone and facsimile communications;
- email communications; and
- electronic and paper-based forms.
Where we store your personal data
NumeroPro stores personal information in electronic and paper-based records. The data that we collect from you may be:
- transferred to, and stored at, a destination outside Australia; and
- processed by staff operating outside Australia, who work for us or for one of our affiliates.
- internal secure servers; and
- a Federal Government approved enterprise-class cloud hosting solution within Australia (‘Cloud’). We confirm that the Cloud is given Federal Government approval on the basis that the system complies with the requirements of the Act, the Australian Government Information Security Manual and The Department of Education and Training requirements
9. Protection of personal information
NumeroPro exercises great care to protect personal information that it holds and regularly reviews security and encryption technologies and will strive to protect your personal information as fully as we protect our own confidential information. Our protection techniques include, among other things, using industry-standard techniques such as firewalls, encryption, intrusion detection, and site monitoring. Unfortunately, no data transmission over the Internet can be guaranteed to be one-hundred percent (100%) secure. As a result, while NumeroPro strives to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. Any transmission is at your own risk. This is especially true for information you transmit to us via e-mail. We have no way of protecting that information until it reaches us. Once we receive your email transmission, we make our best effort to ensure its security on our servers. If this is of concern to you, then you may use other methods of communication with NumeroPro, for example, post, phone or fax (although these methods of communication also have risks associated with them).
10. Disclosure of personal information
NumeroPro does not sell or rent personal information to anyone. However, in using personal information, it may be necessary for NumeroPro to disclose personal information to various organisations and/or parties, such as:
- the Australian Taxation Office;
- banking/financial institutions;
- superannuation authorities;
- health insurance organisations;
- contracted service providers;
- business partners; and
- related companies of NumeroPro.
NumeroPro may also disclose personal information in special cases when NumeroPro believes, in good faith, that such action is reasonably necessary, for example to:
- conform to legal requirements or comply with legal process;
- protect and defend NumeroPro’s rights or property;
- enforce NumeroPro’s contractual arrangements; or
- protect the interests of NumeroPro’s clients or others.
NumeroPro will take seriously any unauthorised or accidental disclosure of personal information. We may also disclose your personal information to third parties. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
Other than with respect to the permitted disclosures set out above, and with respect to the overseas recipients detailed below, We will not disclose your personal information without your consent unless We reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.
When you provide or otherwise allow us to collect your personal information, you consent to your personal information being disclosed to certain overseas recipients, as set out below under ‘Where we store your personal data’. Where we disclose your personal information to an overseas recipient, you agree that we will not be required to ensure the recipient’s compliance with Australian privacy laws or otherwise be liable or accountable for how the recipient handles your personal information. Although as outlined above, we will take reasonable steps in order to ensure that the overseas recipient complies with the Act and the APPs. If you have any objections to your personal information being disclosed to an overseas recipient, please let us know on the contact details form.
11. Transborder data flows and overseas recipients
NumeroPro’s business, Kidsoft, has its head office located in Australia and childcare data held within the Child Care Management System (‘CCMS’), which) is considered to be both ‘Personal’ information as defined in the Act and ‘Protected’ information (as defined in A New Tax System (Family Assistance) (Administration) Act 1999 (Cth)). As per the Australian Government Information Security Manual (‘ISM’), data that is classified as ‘Personal’ and ‘Protected’ must not be stored or processed offshore or in onshore ‘Public’ cloud under any circumstances, and can only be stored onshore in Private or Community Cloud solutions. Kidsoft adheres to these provisions.
Currently, our servers are located in Sydney, Australia by Amazon (AWS), and your personal information will be routed through and stored on, those servers as part of the Service. If the location of our servers changes in the future, we will update this Policy. You should review our Policy regularly to keep informed of any updates. By providing your personal information to NumeroPro, you consent to NumeroPro storing your personal information on servers hosted in Australia. While your personal data will be predominantly stored on servers located in Australia and will remain within NumeroPro’s effective control, We confirm that some data may be shared with overseas recipients as detailed below, particularly from our payroll system and accounting system in addition to inputting sales, purchasing, invoicing and payroll processing. The server host’s role is limited to providing a hosting and storage service to NumeroPro, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
As outlined above, on occasion We will disclose personal information to third party companies/ overseas recipients located in New Zealand, United States of America, Indonesia and Germany. An example of a situation in which we may transfer personal information overseas is the provision of personal information to recipients using a web-based email account where data is stored on an overseas server. A further example is Storypark, who host aspects of system or offer software as a service products and services that process content for inclusion on certain Applications (for example, conversion of images and videos to make them suitable for viewing online/ through a web browser). We will not transfer any information to recipients that are not located in Australia unless permitted to do so by the Act. Where personal information is provided for server hosting purposes only, it is likely that this does not constitute a “disclosure” of that information to third parties located overseas for the purposes of Australian privacy legislation. In any case, we confirm that we only choose reputable service providers who have been fully vetted and have agreements with such third parties that prevent them from using or disclosing to others the personal information we share with them, other than as is necessary to assist us and as permitted by law. We ensure that these companies take the security and confidentiality of your personal information as seriously as we do.
13. Your rights
- You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
- We confirm that we will issue emails to our clients confirming the details of Our latest offers, news and updates Please note that we will not inform you beforehand further than the information provided in this document that we intend to issue this material. In the event that you wish to unsubscribe from receiving our promotional material, please email firstname.lastname@example.org to unsubscribe.
- You can exercise your right to prevent the processing set out above by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us via the contact details outlined in the Policy.
- Before we disclose personal information about you to a third party, we will take steps as are reasonable in the circumstances to ensure that you are aware that we have collected the information and the purpose of collection the third party does not breach the APPs in relation to the information.
- If you wish to make a complaint in relation to the collection and use of your personal information or any effects to your rights with respect to your personal information, or place a request to amend information held about you.
14. How to correct, access and update your personal information
- You are legally obliged always to provide us with accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct.
- You can also choose not to provide us with some of the information we request, however. As a result, we may not be able to provide our service to you.
To ensure that we carry out your instructions accurately, to help improve our service and in the interest of security, we may monitor and/or record:
- your telephone calls; and
- customer activities on our website. All recordings are and shall remain our sole property.
16. Anonymity and Pseudonymity
You have the option of not identifying yourself, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply where:
- the Company is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
- it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym,
- however, in some cases, if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
If you believe we may have breached your privacy rights you may contact Us using the contact details set out below. NumeroPro is committed to achieving a speedy and fair resolution of any complaints, and will ensure that your complaint is taken seriously. We will respond to your complaint or request promptly if you provide your contact details to us.
18. How to contact us
If you wish to:
- seek correction of or obtain access to your personal information;
- ask about how your personal information is collected, used, held or disclosed; or
- make a complaint about a breach of your privacy,
- contact NumeroPro’s Privacy Officer using the following contact details:
- email@example.com – Privacy Officer, PO Box 6309, Gold Coast Mail Centre, Qld 9726; and Ph: 1800 827 234