Digital Product Privacy Policy

We are committed to safeguarding your privacy. We comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) in relation to the handling of personal information. We also comply with the European Union General Data Protection Regulation (GDPR) insofar as we collect and process personal information about individuals located in member countries of the European Economic Area (EEA).

This privacy policy:

• applies to the collection and processing of personal information by or on behalf of The Alannah and Madeline Foundation Limited (ACN 090 752 800) as trustee of The Alannah and Madeline Foundation (‘AMF’, ‘we’, ‘us; and ‘our’) in relation to our eSmart Digital Licence+ program; and
• tells you how and why we collect your information, the legal basis for processing it, what we use it for, who we share it with, and your rights in relation to your personal information.

Additional information about our data handling practices is available in our general AMF privacy policy www.amf.org.au/privacy-policy.

You can also find our more about our eSmart Digital Licence+ product at digitallicenceplus.org.

What personal information do we collect and hold?

We collect personal information about:

• our eSmart Digital Licence+ customers (educational organisation representatives / staff members, and parents / legal guardians of participating children), include
  • name, address and email address; and
  • if you are an authorised school staff member or representative – job title and school details;
• participating children (collected from customers), including name, age date of birth, gender, school year level, student identifier used by the school, and Australian Indigenous status.

Through the operation of our product solution, we also generate and collect:

• identifiers for participating children and school coordinators/educators; and
• Learnosity module results data (including overall module scores, levels of achievement on student outcomes

We only collect personal information about a participating child if that information is provided to us by:

• the child’s parent or legal guardian; or
• an educational organisation representative who has obtained consent from the child’s parent or guardian to permit us to collect, use and disclose the child’s information for the purposes set out in this eSmart Digital Licence+ Privacy Policy (other than direct marketing).

If you do not provide requested information, you may not be able to activate the eSmart Digital Licence+ program.

What personal information do we collect and hold?

We only keep your information as long as we require it:

• for the purposes of providing access to the eSmart Digital Licence+ program;
• for our business operations; or
• in accordance with, and for the purposes of, applicable laws.

How do we use, process and disclose personal information?

We use, process and disclose personal information:

• in connection with, and to perform our obligations under, our agreement with you in relation to the provision of the eSmart Digital Licence+ program, including:
  • activating and providing you with access to the eSmart Digital Licence+ program;
  • issuing a participating child with a ‘Digital Licence’ on the successful completion of applicable modules;
  • responding to inquiries about the provision of our program, including product related customer service;
• for direct marketing only with your express consent;
• in connection with our legitimate interests in carrying on our business (where this does not override your rights and interests) in relation to:
  • evaluating and improving our products, which may involve sending voluntary customer surveys from time to time;
  • preparing de-identified data for the Child Online Safety Index, and AMF and DQ Institute annual reports;
  • allowing us to operate our business and related services, and perform administrative and operational tasks (such as risk management, undertaking research and statistical analysis, and systems/product development and testing
  • investigating and taking appropriate action in relation to an identified or serious threat or risk to you, other customers, our staff, or members of the public;
• to comply with legal obligations under laws and regulations that apply to us.

Direct marketing

We will only use (and share with our contracted service providers) your personal information for direct marketing purposes with your consent.

You can withdraw your consent at any time without detriment, and we will process your request as soon as practicable.

You can opt out of receiving direct marketing communications at any time by contacting our Privacy Officer on the details below, or clicking on the unsubscribe link included in marketing communications.

Who do we share your personal information with?

The organisations with whom we typically share personal information are our contracted service providers who:

• operate, manage or otherwise support the delivery of the eSmart Digital Licence+ program, or the Digital Licence+ website, from time to time on our behalf; or
• provide direct marketing services on our behalf (only where you have consented to receiving direct marketing communications).

We may also share your personal information:

• as necessary with law enforcement bodies and other authorities where we are required or authorised to do so by law; or
• with other third parties at your request or otherwise with your consent.

Sharing outside of Australia

Our contracted service providers may be located outside of Australia, including (but not necessarily limited to) the United States.

We may also share your personal information:

• as necessary with law enforcement bodies and other authorities where we are required or authorised to do so by law; or
• with other third parties at your request or otherwise with your consent.

We primarily store your personal information in Australia. Information may be stored in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be accessed or held.

If you are in a country that is a member of the EEA, we and our service providers will transfer your personal information outside the EEA only where relevant protections are in place. We will take steps to ensure your personal information will be afforded the level of protection required of us and our service providers in accordance with applicable data protection laws and current legally recognised data transfer mechanisms, such as:

• where the country has been deemed adequate by the European Commission (EC);
• where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient); or
• by adopting appropriate EC approved standard contractual provisions.

Overseas organisations may be required to disclose information we share with them under an applicable foreign law.

Your rights

Accessing your personal information

You can ask us to access the personal information we hold about you by making a request in writing to our Privacy Officer on the contact details below.

We will respond to our request promptly, but may need to verify your identity before providing access to your information.

We will generally give you access to your information, unless doing so would adversely impact the privacy rights of others, or there is a legal reason why we are unable to do so. If we refuse your request,
we will give you written notice of our decision, including our reasons and how to complain if you are not satisfied with our decision.

Correcting your personal information

If you think the personal information we hold about you is incorrect, please contact us by writing to our Privacy Officer on the details below.

Additional rights for EEA country residents

If you are in a country that is a member of the EEA, you can, in certain circumstances:

• obtain information about the processing of your personal information;
• ask us to erase your personal information, such as if you withdraw your consent and we are not otherwise legally entitled to retain it;
• object to, and ask us to restrict, our processing of your personal information, although we may continue to process your personal information while we verify your assertion that your information is inaccurate, or if we are processing your information for our legitimate interests;
• receive some personal information you have given us in a structured, commonly used and machinereadable format, or ask us to transmit it to someone else if technically possible feasible; and
• withdraw your consent (but we may be able to continue processing without your consent if there is another legitimate reason to do so). The withdrawal of your consent will not affect the processing of your information to which you had consented.

How to make a complaint or inquiry

If you have a complaint or question about how we handle your personal information, please contact us on the details below.

We will investigate and respond to your complaint or question within a reasonable period, and within 30 days.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner on the details below.

Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online form: www.oaic.gov.au (Privacy Complaint Form)

Contacting us

Please contact us if you have any questions or comments about this privacy policy, or if you wish to exercise your rights you have under applicable privacy laws using the following details:

Post: Attention: Privacy Officer
Alannah & Madeline Foundation
PO Box 5192
South Melbourne VIC 3205

Email: privacy@amf.org.au

Telephone: (03) 9697 0666

Changes to this privacy policy

The Foundation may, from time to time, update or change this privacy policy to ensure that it reflects the acts and practices of our organisation, as well as any changes in the law. Any changes will take effect from the time that they are posted on our website.

Last updated: 24/08/2021