ChildSafe Privacy Policy
ChildSafe Limited (“we/us/our”) is committed to protecting the privacy of your personal information (as an individual or authorised officer of an entity) and upholding our obligations under the Privacy Act 1988 (Cth). This document sets out the manner in which we collect, use, disclose and store your personal information. We may change this privacy policy from time to time and will post any updates on our website after notifying you of them.
1. What types of personal information do we collect?
We promote the prevention and control of behaviour that is harmful or abusive to children and vulnerable people when in the care of an organisation, primarily through subscription to our services and our Safety Management Online (“SMO”) system. In the course of providing our services (or for other activities associated with providing the services, such as providing quotes or responding to questions), we may collect the following personal information:
- Your full name
- Organisation (if applicable)
- Postal, residential or business address (as applicable)
- Email, telephone and mobile number
- Financial or payment information, including credit card details if necessary to process an invoice payment
Users of our SMO system may be required to upload personal and sensitive information directly to the URL created for your organisation, on which the information is held by a third party cloud computing provider.
The primary purpose for which this information is collected by us (“Primary Purpose”) is to enable users to:
A secondary purpose (“Secondary Purpose”) for which this information is collected is to allow you to keep records of any specific incidents relating to the harm and abuse of children and vulnerable people within the care of your organisation, and also to disclose this information to enforcement-related bodies for future child abuse related investigations, if needed. We consider this purpose to be directly related to the Primary Purpose as it is consistent with the protection of children and vulnerable people.
The following types of information may be uploaded by you directly or by your organisation (if your organisation has your consent to do so):
- Your full name
- Organisation (if applicable)
- Postal, residential or business address (as applicable)
- Email, telephone and mobile number
- Financial or payment information, including credit card details if necessary to process an invoice payment
- Working With Children’s Check number
- Drivers licence
- Date of birth
- Information about your health
- Details of any criminal record and/or ‘prior conduct’
This information is only collected with your consent, and where that information is reasonably necessary for us to provide our services to you or your organisation.
2. How and why do we collect your personal information?
There are many aspects of our website which can be viewed without providing personal information, however, we need to collect personally identifiable information about you in the following situations:
- If you contact us (we may also keep a record of this correspondence);
- If you apply for, establish or access an online account or sign up to our online mailing list;
- If you access the SMO system under an organisation’s account;
- If someone from your organisation records information about you through the SMO system;
- If you deal with an organisation that utilises the SMO system;
- If you purchase services or tools from ChildSafe.
Some of your personal information will be collected from you directly through our website when you contact us. We may also collect your personal information from you directly by mail, email, telephone or meeting with you personally, if required.
We may also collect your personal information from third parties even if you do not directly access our services but you access the services of the third parties.
We collect, hold and use your personal information to enable us to provide our services to you, as well as for related purposes such as the Secondary Purpose which you would reasonably expect us to (and only directly related purposes for sensitive information). We will collect, hold and use your personal information to:
- Set up an online account for you or your organisation.
- Allow you to access the SMO system.
- To enable your organisation to meet its child safety obligations.
- Allow you to access records in relation to our training services, incident reports and dealings between your organisation and children and vulnerable people.
- Notify you about changes or updates to our services.
- Keep records of your business with us, including following termination of our services.
- Improve, review and measure the manner in which we provide our services to you.
- Manage and respond to any complaints or queries you have in relation to the services.
- Market and advertise our services (except in relation to sensitive information, which we will not use for direct marketing unless we have your express consent).
- Manage our business, including engaging any third parties relating to your business with us (such as accountants, legal advisers or debt collection companies).
You may choose not to disclose your personal information, or to deal with us using a pseudonym, however, if you choose to do so, we may not be able to provide you with our services or respond to any query or complaint that you have in relation to our services.
3. How do we hold your personal information?
We take reasonable steps to protect your personal information while it is in our control. The information that we collect from you directly is stored on our internal servers and file storage service, and is protected by passwords and firewalls.
The information that is uploaded onto the SMO system is stored on our third-party data storage (cloud) provider, an externally operated cloud (based in Australia). All transfer of data across public networks is encrypted. The service performs automated backups that are securely stored and can only be accessed through our provider’s account, to which our authorised privacy officer has sole access.
We also keep some payment information secure through engaging the services of and online encrypted payment transaction service.
Certain personal information about you may be linked with other information about you, including sensitive information. We will take reasonable steps to de-identify or destroy your personal information that is collected about you directly and held on our internal servers if we no longer require it. However, we may keep copies of the information uploaded onto our SMO system for the Primary Purpose and Secondary Purpose if necessary, which may also be disclosed to relevant authorities for this purpose.
If you are an individual accessing the SMO system on behalf of an organisation, we note that your organisation can access specific fields of personal information about you at all times, including but not limited to your name, date of birth, phone and email address.
4. Do we disclose your personal information?
We may disclose your personal information to:
- Entities that we engage to ensure that payments are processed securely.
- External cloud-based customer relationship management software systems for the purposes of marketing, sales processing and customer support.
- The organisation with which you are or have been associated, in relation to its child safety obligations.
If any of these entities hold data overseas, by providing your information to us you consent to the disclosure of your information to those countries, even if they do not have privacy legal regimes similar to those in Australia.
As outlined above, if you access our SMO system, your information is automatically uploaded to our external cloud computing provider for the purpose of data storage. This body stores your information within Australia and the information can only be accessed by our authorised privacy officer.
5. Third party websites
Our website may contain links to other websites. These links are provided solely for your convenience. If you submit personal information to or via any linked website, the privacy principles applying to that information are outside our control. You should check the privacy statement of the linked website before submitting information to or via that site.
6. How can you access your information or make a complaint?
You have a right to request access to or correction of your personal information that you have directly provided to us. If you would like to do so, we will give you access to the information within 7 days, and will make every endeavour to ensure that the information is updated correctly as soon as practicable.
If you are an individual that has uploaded information and data onto the SMO system and wish to access or correct this information, you should contact your organisation (which remains in control of the relevant information) for the timeliest response and correction.
If you would like to make a complaint in relation to this privacy policy or the storage of your personal information, please contact us using the contact details below.
e-mail: info@childsafe.org.au
Call: 03 9967 8000
Post: PO Box 7127, Banyule, VIC 3084
Online: su.org.au/incident-report/
Our authorised privacy officer will contact you directly in response to your query within 10 business days from receipt of a request. If your complaint fails to be resolved, you may take it to the Office of the Australian Information Commissioner via the online privacy complaint form, by mail, by fax or by email – https://www.oaic.gov.au/about-us/contact-us