Young Academics Early Learning Centre (Young Academics) understand the importance of privacy and its security to you. We take privacy very seriously and are committed to dealing with Personal Information in accordance with the requirements of the Privacy Act 1988 (Cth), the Notifiable Data Breaches Scheme (NDB), the Australian Privacy Principles (APP) and any other applicable privacy legislation.
The right to confidentiality and privacy of the child and the family is outlined in Early Childhood Code of Ethics and National Education and Care Regulations. We will respect the privacy of children and their parents and educators, while ensuring that they access high quality early years care and education in our service.
From time to time, we will review our Privacy Policy to keep pace with changes in our service. Please take a moment to read this Privacy Policy so you understand how we collect, store, use and disclose Personal Information. By providing your Personal Information to us, you agree and consent that we may collect, use and disclose your Personal Information in accordance with this Privacy Policy.
Definitions
- “Data” or “Content” means any Personal Information that is collected and stored.
- “Personal Information” has the meaning given to that term in the Privacy Act.
- “Privacy Act” means the Privacy Act 1988 (Cth).
- “Service/s” means the childcare services we offer at our centres.
- “Website” or “Application” means this website, youngacademics.com.au and any other websites we have or establish for Your use.
- “You” or “Your” means any user of the Website or Services.
Scope
This Privacy Policy applies to children, families, staff, management and visitors of any Young Academics centre. It also applies to all Personal Information obtained by us, including, but not limited to, information submitted to our website or any other applications offered by our service.
Purpose
To preserve private and confidential files of the children, families, staff and visitors using the Services. We aim to protect the privacy and confidentiality by ensuring continuous improvement on our current systems use, storage and disposal of records, ensuring that all records and information about individual
children, families, educators and management are preserved in a secure place and are only retrieved by or released to people who need the information to fulfil their responsibilities at the service or have a legal obligation to distinguish.
Collection and storage of personal information and data
We store your data securely on our servers and use industry-standard measures to protect it from unauthorised access, use and disclosure. We also limit access to your data to our authorised personnel who need it ensure the functionality of our Software. However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.
By accessing the Website or using the Application, all such users consent to the collection, use, disclosure, storage and processing of their information in accordance with this Privacy Policy.
We may collect:
- Personal Information – (being information about a person from which their identity is apparent or can reasonably be determined). This information can include names, dates of birth, email addresses, home and work addresses, telephone numbers and photographs. It can also include such information (where applicable) about a child, including a child to whom a Young Academics profile pertains (“Child”). We will collect such information by lawful and fair means and not in an unreasonably intrusive way;
- Sensitive Information – Medicare card number, cultural and religious details, languages spoken at home;
- Financial Information – being information such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our Services;
- Medical Information – being information such as immunisation records, medical or health services provider details, special requirements, dietary (including allergy) requirements, medical condition history, and emergency contact information;
- Legal Information – being information such as copies of any court and/or tribunal orders or documentation relevant to, without limitation, living and/or custody arrangements; and
- Statistical Information – behavioural and statistical information about an individual and business in connection with the Services.
We may collect Personal Information in circumstances including:
- From you directly when you provide information to us (whether face to face or otherwise);
- When Personal Information about including a photograph or video of an individual is loaded into the Website. There may be circumstances when a Child may be photographed or filmed in connection with educational or related activities by staff at a centre (including incidentally) with another such Child, which image/film is subsequently posted on the Website;
- In respect of sensitive information (as defined in privacy legislation) when such information is submitted in relation to a child or an adult in posts made by users through the Website;
- When you enter into a transaction with us using a credit card or method of payment other than cash;
- When you interact with us on social media, visit our website and send an enquiry through or make a comment or other post at the Website;
- When you sign up or subscribe to an email marketing list;
- When we meet with an organisation wishing to do business with us (and an individual from that organisation provides Personal Information about themselves); and
- When evaluating job applicants and personnel which may include collection of details such as employment history and educational qualifications. This may include “sensitive information”.
Use of personal information
We use Personal Information about you or your child for the purpose it was provided or collected, including in the following ways:
- For the purposes of the collection described above;
- To respond to enquiries received from you;
- To perform authorised financial transactions with you and to help us to manage our accounts and administrative services;
- To verify your identity;
- To communicate with you and provide you with information (whether by email, post or other means) about our services, where you have requested or consented to receiving this from us or where this provision is otherwise permitted under the relevant legislation including under the Australian Privacy Principles and other applicable legislation.
- To notify you about changes to our services;
- To receive and address feedback or complaints from you;
- Incidentally, where educators at centres and their educational mentors, for their further professional development, may view, some content of an account to which an Early Childhood Provider has lawful access;
- To protect our legal interests and fulfil our regulatory obligations (if and to the extent necessary); and
- In other circumstances, with your prior consent.
All those with whom we interact have the option to opt-out of receiving marketing communications from us. If you do not wish to continue to receive electronic marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you.
We may use Personal Information for the purpose of marketing but only where such use complies with privacy legislation in effect in the relevant state/territory. We may, subject to legislative requirements, send occasional emails to you in relation to our current or future services. Any such emails will contain an unsubscribe link, enabling you to opt-out of these messages.
We take steps to regularly destroy data (being Personal Information and sensitive information) that does not need to be archived and to de-identify stored data where identification of a person is not reasonably required or necessary.
The data will be aggregated and rendered unidentifiable in order to:
- Aid Young Academics in comprehending its position within the market.
- Support the marketing of our Services to third parties, which may include online advertising.
- Generate statistical outcomes that can be used for general Young Academics announcements.
Disclosure of personal information
We will not sell your Personal Information to anyone. We share your Personal Information outside our organisation for limited purposes, such as:
- to help us run our business and provide the Services;
- IT support providers;
- Organisations who carry out credit, fraud and other security checks;
- marketing businesses engaged by us to disseminate materials to which recipients have consented; and
- in a de-identified manner pursuant to this Privacy Policy.
We may also disclose your Personal Information to third parties outside our organisation:
- Where we have your express permission to do so, or it can reasonably be inferred from the circumstances that you consent to the disclosure to the third parties;
- If Young Academics in its entirety or substantially all of its assets were acquired by a third party, in which case Personal Information which we hold may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy); and
- If we are under a duty or have a legal right to disclose or share Personal Information in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions or to protect our rights, property, or the safety of our personnel and Users. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your Personal Information and use your Personal Information only for the purposes that we give it to them.
We may use your Personal Information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide, including by way of sale, de-identified information in aggregated form, to third parties. This de-identified and aggregated information may be used to:
- provide users with further information regarding the uses and benefits of the Services or the Online Platforms;
- enhance our business productivity, including by creating insights and trends from the de-identified information and/or the aggregated data;
- assist us to better understand and provide us with insights and trends on how our users are using the Services or the Online Platforms;
- to improve the Service or the Online Platforms;
- such other uses that is otherwise reasonable in the daily operation, or your continued use, of the Services and/or the Online Platforms, that is otherwise not capable of identifying you.
When your Personal Information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
National quality standard (NQS)
Quality Area 7: Governance and Leadership
- 7.1 Governance
- Governance supports the operation of a quality service
- 7.1.1 Service philosophy and purposes
- A statement of philosophy guides all aspects of the service’s operations
- 7.1.2 Management Systems
- Systems are in place to manage risk and enable the effective management and operation of a quality service
- 7.1.3 Roles and Responsibilities
- Roles and responsibilities are clearly defines, and understood and support effective decision making and operation of the service
- 7.2 Leadership
- Effective leadership builds and promotes a positive organisational culture and professional learning community
Education and care services national regulations
Children (Education and Care Services) National Law NSW
- 168
- Education and care services must have policies and procedures
- 181
- Confidentiality of records kept by approved provider
- 181-184
- Confidentiality and storage of records
Implementation
Early Childhood Services are required to comply with Australian privacy law which includes the Privacy Act, the NDB, the APP and any other applicable privacy legislation.
The NDB scheme requires Early Childhood Services, Family Day Care Services and Out of School Hours Care Services to provide notice to the Office of the Australian Information Commissioner and affected individuals of any data breaches that are likely to result in serious harm.
In the event of a suspected or actual eligible data breach, a reasonable and expeditious assessment will be undertaken to determine if the data breach is likely to result in serious harm to any individual affected – this includes:
- isolating affected systems and devices;
- shutting down network access;
- notifying relevant enforcement and security authorities; and
- communicate with affected individuals, including providing notifications and updates as necessary.
The APP are a set of principles that govern the collection, use, disclosure and storage of personal information by Australian government agencies and businesses with an annual turnover of more than $3 million a year (APP Entity). In particular, the APP cover how personal information can be:
- used and disclosed (including overseas);
- keeping personal information secure; and
- the open and transparent management of personal information, including having a privacy policy.
The APP covers:
- the open and transparent management of personal information including having a privacy policy
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
- how personal information can be used and disclosed (including overseas)
- maintaining the quality of personal information
- keeping personal information secure
- right for individuals to access and correct their personal information
The APP place more stringent obligations on entities that the APP apply to when ‘sensitive information’ is handled.
Sensitive information is a type of personal information and includes information about an individual’s:
- health (including predictive genetic information)
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
- biometric information that is to be used for certain purposes
- Biometric templates.
Australian privacy principles (APPS)
- APP 1 – Open and transparent management of personal information
Ensures that APP entities manage personal information in an open and transparent way. This includes
having a clearly expressed and up to date APP privacy policy. - APP 2 – Anonymity and Pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. - APP 3 – Collection of solicited personal information
Outlines when an APP Entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information. - APP 4 – Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information. - APP 5 – Notification of the collection of personal information
Outlines when and in what circumstances an APP Entity that collects personal information must notify an individual of certain matters. - APP 6 – Use or disclosure of personal information
Outlines the circumstances in which an APP Entity may use or disclose personal information that it holds. - APP 7 – Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met. - APP 8 – Cross-order disclosure of personal information
Outlines the steps an APP Entity must take to protect personal information before it is disclosed overseas. - APP 9 – Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual. - APP 10 – Quality of personal information
An APP Entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. - APP 11 – Security of personal information
An APP Entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances. - APP 12 – Access to personal information
Outlines an APP Entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies. - APP 13 – Correction of personal information
Outlines an APP Entity’s obligations in relation to correcting the personal information it holds about individuals.
Management will:
- Provide staff and educators with relevant changes;
- Make sure all relevant staff understand the requirements under Australia’s privacy law;
- Keep up to date with the Australian Privacy Principles (this may include delegating a staff member to oversee all privacy-related activities to ensure compliance);
- Ensure personal information in protected in accordance with our obligations under the Act and the Privacy Amendments (Enhancing Privacy Protection) Act 2012 (Cth);
- Ensure all records and documents are maintained and stored in accordance with the Education and Care Service National Regulations;
- Ensure the service acts in accordance with the requirements of the APP and Privacy Act by developing, reviewing and implementing procedures and practices that identify
- the name and contact details of the service;
- what information the service collects and the source of information
- why the information is collected;
- who will have access to the information
- Collection, storage, use, disclosure and disposal of personal information collected by the service
- any law that requires the particular information to be collected;
- adequate and appropriate storage for personal information collect by the service
- protection of personal information from unauthorised access
- Ensure the appropriate use of images of children
- Ensure all employees, students volunteers and families are provided with a copy of this policy
- Deal with privacy complaints promptly and in a consistent manner, following the service’s Grievance Procedures. Where the aggrieved person is dissatisfied after going through the grievance process
- Ensure families only have access to the files and records of their own children
- Ensure information given to educators will be treated with respect and in a professional manner
- Children and staff files are stored in a locked and secure cabinet
- Ensure Information relating to staff employment will remain confidential to the people directly involved with making personnel decisions.
- Information shared with us by the family will be treated as confidential unless told otherwise.
Nominated supervisor will:
- Adhere to centre policies and procedures, supporting management
- Ensure educators, staff, volunteers and families are aware of the privacy and confidentiality policy
- Ensure the service obtains consent from parents and/or guardian of children who will be photographed or videoed by the service
- Ensure families only have access to the files and records of their own children
- Information given to educators will be treated with respect and in a professional manner
- Ensure only necessary information regarding the children’s day to day health and wellbeing is given to non-primary contact educators – for example food allergies
- Will not discuss individual children with people other than the family of that child, except for the purposes of curriculum planning or group management. Communication in other settings must be approved by the family beforehand.
- Information shared with us by the family will be treated as confidential unless told otherwise.
Responsible persons and staff will:
- Read and adhere to the privacy policy at all times
- Ensure recording information and photographs of children are kept secure and may be requires at any time by the child’s parents or guardian
- Ensure families only have access to the files and records of their own children
- Treat private and confidential information with respect in a professional manner
- Will not discuss individual children with people other than the family of that child, except for the purposes of curriculum planning or group management. Communication in other settings must be approved by the family beforehand.
- Information shared with us by the family will be treated as confidential unless told otherwise.
- Maintain individual and Service information and store documentation according to this policy at all times.
- Not to share information about the individual or service, management information, or other staff as per legislative authority.
Questions and concerns and access to/correction or updating of your personal information
You have a right to access the Personal Information we hold about you. To obtain a copy of the Personal Information we hold about you, to update it or to make a complaint about our handling, please write to us at:
The Privacy Officer
Young Academics
or by email to: [email protected]
Please provide sufficient detail about the information in question to help us locate it. We will then use commercially reasonable efforts to promptly determine if there is a problem and take the necessary corrective action within a reasonable time. If a fee is charged for such access we will advise you of the cost in advance.
Right to be forgotten
In the event that you decide that you no longer want us to hold your Personal Information, you may notify us in writing of your desire for us to delete your Personal Information on record. We will use our best endeavours and comply with all legal requirements within a reasonable timeframe to delete your Personal Information, unless we are required by law to retain such information.
Amendments to this agreement
Young Academics reserves the right to amend or replace this policy at any time, with or without notice to Users, by posting an updated version on the Website, which shall become effective immediately upon posting. In the event that an updated policy constitutes a material change to this policy, we will make reasonable efforts to announce such change on the Website. Your continued use of the Service and/or Website following any amendment shall constitute your acceptance of any updated Agreement. If you do not agree to any updated Agreement, you must discontinue use of the Service and cancel your Account.
Source
- Australian Children’s Education & Care Quality Authority.
- Guide to the Education and Care Services National Law and the Education and Care Services National Regulations
- ECA Code of Ethics.
- Guide to the National Quality Standard.
- United Nations Convention of the Rights of a child
- Privacy Act 1988 (Cth)
- Revised National Quality Standard
- Australian Childcare Alliance – Changes to the Australia’s Privacy law
- Office of the Australian Information Commission – Australian Privacy Principles
- www.oaic.gov.au/agencies-and-organisations/app-guidelines
www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles