Digistorm Group - Version 2.1 – 13 January 2021

Introduction

This Policy sets out how we collect, handle and use information about you.

We reserve the right to update this Policy at any time without notice.

We are subject to the privacy laws of the jurisdictions in which we operate, including the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

In certain circumstances we may also be subject to the EU General Data Protection Regulation (Regulation 2016/679) as it applies to residents in the European Economic Area.

Purpose

The purpose of this Policy is to:

Application

This policy applies to Personal Information that we may collect about you in the manner outlined in this policy, including from all legal entities owned or controlled by us (across any jurisdiction).

This policy does not apply to Personal Information that may be collected by a third party or how that third party may use, handle, store or disclose your Personal Information.

Definitions

Organisation means a natural person, a body corporate, a partnership, any other unincorporated association, or a trust, that is not a small business operator, a registered political party, an agency, a state, territory or national authority or a prescribed instrumentality of a state, territory or nation.

Personal Information means information or an opinion about an identified natural person, or a natural person who is reasonably identifiable.

Digistorm Group, we, us, our means:

Institution means preschools, primary schools, secondary schools, and further and higher education places for learning, whether public or private.

Suite of Products means those products and services on our website from time to time.

Information we collect about you

We collect personal information about you (including, but not limited to, the details outlined in the ‘what types of information do we collect?’ section below) that:

In some situations you will have the option to deal with us anonymously or through a pseudonym, however, where you are requesting products or services from us or from an Institution where such contact is via us or one of our services, it may become impracticable to provide those products or services to you without verifying your identity. Where you fail to provide us information or where the information provided is incomplete and/or inaccurate, or you choose not to provide us with the information that we have requested, it may affect our or an Institutions ability to provide you with our products and services.

In the event that we receive identifiable information from a third party, such as an Institution, we will take reasonable steps to ensure that you have given express or implied consent to the collection of that information. If it is determined that we are unable to have possession of the information under a relevant law, we will destroy the information or ensure that the information is de-identified.

What types of information do we collect?

Personal details

We collect the following types of information about you: full name, gender, date of birth, age, residential address, postal address, email address, phone number, facsimile number, and proof of identity information.

Why we collect this information:

Religious and political beliefs

We collect information or opinions about your racial or ethnic origin, political opinions, or memberships, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation, or criminal record.

Why we collect this information:

Digistorm products and services

We collect information, communication or opinions about any of our products, services, transactions, payment history and business activities.

Why we collect this information:

Digital media

We collect digital media and content such as; video footage and audio.

Why we collect this information:

Proof of identity

We collect identifiers (such as tax file number and business number), citizenship and residency details, details regarding and information provided by your referees, details regarding and information provided by your guarantor(s) and business partner(s), financials/credit/criminal history checks, results of any pre-employment or profile tests, employment history, education history, identity documents, health information and next of kin details.

Why we collect this information:

Third parties

Information that may be collected by us or on our behalf via third parties including the date and time of your visit to our website, IP address, documents and pages you access, type of browser and setting, operating system, address of a recurring site you are about to visit; information you submit regarding payment particulars, device identifier, including UDID, device details, pages visited, language selections, cookies, tracking pixels, geographic area and location.

Why we collect this information:

Do Not Track settings

For some (but not all) services operated by us, the Do Not Track browser setting is accepted (which can be adjusted in your browser). Because a uniform technological standard has not yet been developed for Do Not Track, we do not currently respond to all Do Not Track signals. We continues to review new technologies and may adopt a standard once one is created.

Storing your information

We are a growing online business. In order to offer a consistent service to you we may store and manage data electronically or in paper form. Where data is stored electronically, it is done so by a third party cloud service provider that may store your Personal Information or a backup of your Personal Information in Australia, the United States of America or such other locations that the third party cloud service provider determines from time to time (see our list of third parties here for jurisdictions where your informed may be stored). The data that we collect from you may be transferred to, and stored to these servers or processed by staff operating in other countries, who work for us or an Institution.

We will take all steps reasonably necessary to ensure that your information is secured from misuse, interference, loss, unauthorised access, unauthorised modification or unauthorised disclosure. Any Personal Information will be handled in accordance with this Policy and applicable privacy laws. Despite using all steps reasonably necessary, the transmission of information through the internet is not completely secure.

Submission of any information to us is an acknowledgement that you agree to such use, storage and disclosure.

Disclosing your information

We may share your information with:

International data transfers

We collect and store Personal Information globally from each jurisdiction we operate in and from each legal entity that is owned or operated by us in different international jurisdictions and may transfer, process and store your Personal Information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Suite of Products and services provided by those Suite of Products. We have appointed Digistorm Pty Ltd to control and deal with all Personal Information that is collected globally by the Digistorm Group.

Accessing and correcting your information

You may request access to Personal Information that we hold about you at any time by contacting our Privacy Officer using the details set out in this Policy. We will respond to any such request for access to Personal Information within a reasonable time frame and will provide you access to the Personal Information that we hold pertaining to you, unless we are authorised not to do so by law.

Where permitted by law, we may charge you a reasonable fee for processing your request to access your Personal Information and should we decline you access to your Personal Information, a written explanation will be provided setting out the legal reasoning for doing so.

If upon receiving your Personal Information, or at any other time, you believe the Personal Information that we hold about you is incorrect, out of date, incomplete, irrelevant or misleading, please notify our Privacy Officer using the details set out in this Policy.

If we decline to correct your Personal Information as requested by you, a reason for refusal will be provided except to the extent that it is unreasonable to do so. In the event that we decline the request to correct Personal Information, you may request to associate a statement with the information.

Complaints

Should you believe that we have not fulfilled our obligations under any relevant law or have not complied with the terms of this Policy or would like to appeal a decision made by us in relation to your Personal Information, you can make a complaint in writing to our Privacy Officer using the contact details set out in this Policy.

We will respond to you within a reasonable period of time (or where a period is specified by any law, that period) to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

Our external provider’s privacy policies

We provide the Suite of Products to various Institutions. The Suite of Products have been specifically designed to appear as the relevant Institution, however, the your interactions when using the Suite of Products is with us and can be confirmed where:

We ‘hold’ your Personal Information on behalf of the Institution in which you are dealing with.

Accordingly, where you are dealing with an Institution and you are concerned that there may have been a breach of this Policy by an independent third party associated with us and/or an Institution, please contact the relevant entity directly. Alternatively, you may contact the Privacy Officer at the details set out in this Policy.

(Primary Purpose): The primary purpose for which your Personal Information is collected by us:

(Secondary Purpose): The secondary purpose in which we will use your Personal Information, includes (but is not limited to):

General Data Protection Regulation (GDPR)

Application

This section applies to residents in the European Economic Area (EEA).

Definitions

Controller , Data Processor, Data Subject,Processor, Processing, Subprocessor, and Supervisory Authority shall be interpreted in accordance with applicable EU Data Protection Legislation.

EU Data Protection Legislation means the General Data Protection Regulation, Regulation (EU) 2016/679 and any legislation and/or regulation implementing or made pursuant to it or which amends or replaces any of them, as it applies to the EEA.

Residents of the EEA (where we act as processor)

We work with Institutions and Organisations around the world, including in the EEA. If you are located in the EEA, your personal information is processed by us in Australia. When you submit data, including Personal Information, via our Suite of Products, that data is being submitted directly into Australia and at no time is it held in the EEA. As part of providing our Suite of Services, we may transfer your personal information to other regions, including to Australia.

We rely on the following provisions of the EU Data Protection Legislation when transferring your data to our servers in Australia:

If you are located in the EEA, you have certain rights under European law with respect to your personal data, including:

Due to the manner in which the Suite of Products is delivered, you are contracting directly with an Institution. That Institution has subsequently contracted with us in order to deliver the Suite of Products and therefore facilitate the various communications between you and the Institution. In this manner, we are the Processor of your Personal Information for the Institution.

If you are a Data Subject in the EEA and wish to exercise rights in accordance with the EU Data Protection Legislation, please contact the Institution you interacted with directly -- we serve as a processor on their behalf and can only forward your request to them to allow them to respond.

Additionally, if you are located in the EEA, we note that we are generally processing your Personal Information in order to fulfil contracts we might have with you (for example if you submit an enrolment application for a child at an Institution), or otherwise to pursue our legitimate business interests outlined in this Policy, unless we are required by law to obtain your consent for a particular processing operation. In particular we process your Personal Information to pursue the following legitimate interests, either for ourselves, the Institutions, our partners, or other third parties:

When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that Personal Information can help mitigate the risks to the Data Subject.

We note that we use third parties as Subprocessors to process your information in association with the Suite of Products. Depending on the processing undertaken by the third party, will depend on information disclosed to them. Please click here to view the list of third party Subprocessors.

Where you submit any data to or otherwise use the Suite of Products:

Residents of the EEA (where we act as controller)

We work with Institutions and Organisations around the world, including in the EEA and you may make an enquiry with us, either on your own behalf or on behalf of an Institution. If you are located in the EEA, your Personal Information is processed by us in Australia. When you submit data, including Personal Information, via our Suite of Products, that data is being submitted directly into Australia and at no time is it held in the EEA. In such circumstances, we will be considered the controller of such data submitted.

We rely on the following provisions of the EU Data Protection Legislation when transferring your data to our servers in Australia:

If you are located in the EEA, you have certain rights under European law with respect to your personal data, including:

If you are a submitting an enquiry on behalf of an Institution or other Organisation to acquire use of the Suite of Products in an Institution and wish to exercise these rights in accordance with the EU Data Protection Legislation, please contact us using the contact information below. In this manner, we are acting as the Controller of the Personal Information.

Additionally, if you are located in the EEA, we note that we are generally processing your Personal Information in order to fulfil contracts we might have with you (for example if you submit an enquiry to acquire the Suite of Products), or otherwise to pursue our legitimate business interests outlined in this Policy, unless we are required by law to obtain your consent for a particular processing operation. In particular we process your Personal Information to pursue the following legitimate interests, either for ourselves, the Institutions, our partners, or other third parties:

When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that Personal Information can help mitigate the risks to the Data Subject.

We note that we use third parties as Subprocessors to process your information where we are the Controller. Depending on the processing undertaken by the third party, will depend on information disclosed to them. Please click here to view the list of third party Subprocessors.

Where you submit any data to or otherwise use the Suite of Products:

Minors

Our website and Suite of Products are not intended for Data Subjects under the age of 16. However, due to the nature of the Suite of Products facilitating the enrolment and communication of minors that attend an Institution with their respect parents, you may submit Personal Information to us on behalf of a Data Subject under the age of 16. In such circumstances, we will seek your express consent to this submission and use of Personal Information of the Data Subject no yet 16 years of age.

Contact

Your information, irrespective of which entity you submitted data to or contracted with, is controlled by Digistorm Pty Ltd and this entity has been appointed to deal with all privacy inquires on behalf of the Digistorm Group.

If you have any comments, concerns or questions regarding this Policy or Personal Information that we hold about you, please contact our Privacy Officer by email to [email protected] or by post at:

Privacy Officer Digistorm Pty Ltd ACN 153 005 264 Suite G2, 2019 Gold Coast Highway MIAMI, QUEENSLAND 4220 AUSTRALIA

Please note that where you have submitted any Personal Information to us via any Institution and contact us in accordance with this Policy, we will disclose and provide that request to the relevant Institution for their action and instruction. We suggest you contact the Institution to resolve any matter related to your Personal Information before contacting us.