Creative Garden

Privacy Policy

Last updated May 2020

1. Application

This Privacy Policy (Policy) explains how Creative Garden early learning centres (which are owned and operated by G8 Education Ltd ACN 123 828 553) (we, our or us) and any website we operate (website), collect, handle and protect your personal information.

We comply with the Privacy Act 1988 (Cth) (Privacy Act) and handle personal information that we collect in accordance with the Australian Privacy Principles (APPs). The Privacy Act and the APPs apply to all our early education and child-care services operating nationally.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Policy and any other arrangements that apply between us.  This Policy should be read together with any terms and conditions related to our dealings with you and any location specific legal notice.

2. What is personal information?

Personal information means information or an opinion about you which identifies you (or from which you can reasonably be identified), or as otherwise defined by applicable privacy law.  It does not include information that is de-identified (anonymous data).

3. Dealing with us anonymously

Where it is lawful and practicable to do so, you may deal with us anonymously (e.g. when enquiring about our services generally).  However, we usually need your name, contact information and other details to enable us to provide our services to you. If you provide incomplete or inaccurate personal information to us, that may effect what services we can provide to you. 

4. Why do we collect personal information?

We collect and handle personal information about you or your child when it is reasonably necessary for or related to our business activities, the services we provide, or as otherwise required or permitted by law.  We may collect personal information for one or more of the following purposes (depending on our relationship with you):

  • to provide early education and child-care services to your children, with their well-being, protection, and development in mind;
  • to contact you and provide resources we consider helpful in supporting your child’s journey and milestones;
  • to administer and manage our services including charging, billing, and collecting debts;
  • to analyse the needs of families using our services with a view to the development of new and/or improved services;
  • for market research and surveys, direct marketing, promotions and/or competitions;
  • to notify you (either directly or via a third-party advertising platform) about special offers and services available from us or our partners;
  • to ensure the proper function of our website and online software;
  • for fulfilling our mandatory reporting obligations required by applicable law;
  • if you apply for a job or placement, to assess your qualifications and suitability for a role with us, to make observations and to take references;
  • any related secondary purpose which we believe you would reasonably expect when we collected the personal information or as a result of our ongoing relationship with you;
  • to respond to and manage inquiries, complaints, feedback, and claims, defend our legal interests, and investigate and protect against fraud, theft, and other illegal activities; and
  • any other purpose that you have consented to.

We may also use personal information for other purposes not listed above which will be made clear to you at the time we collect your personal information, or for such purposes as may be required or permitted by law.

5. What personal information do we collect and hold?

The personal information collected depends on the dealings you have with us.

Early Education and Child-Care Enrolments

If you enrol (or contact us to enquire about enrolling) your child at one of our centres, we may collect and use the following personal information about you and your child:

  • name, date of birth, gender, address (postal and email) and telephone and facsimile numbers;
  • financial information (including bank account details, credit card numbers, and debit card numbers);
  • government identifiers (including Centrelink or Medicare reference numbers);
  • information relating to custody arrangements and parenting orders; and
  • other information necessary for our functions and activities, including sensitive information described below in this Policy.

We may also collect and use:

  • photographs, videos, and children’s work samples;
  • information relating to your occupation;
  • details of your child’s nominated emergency contact people;
  • opinions expressed in relation to any of our services; and
  • other such information (including proof of identity) that is relevant for us to provide our services to you in the manner that you have requested, or to comply with the law.

Other persons we interact with

We collect personal information from a range of individuals in the context of our services and activities, including representatives of our suppliers, families of children enrolled, sponsors and business partners; contractors; landowners; vendors; investors; job applicants and others.

We may collect a range of information in the context of the above interactions, such as names, genders, job titles, identification information, email addresses, home addresses and other contact details, details of business and other interests, experience and/or academic and professional qualifications, third party references, communications (including notes from meetings and telephone call recordings), feedback or survey responses provided to us, financial and payment information, and information collected from clearance questionnaires and/or interviews.

We use this information for relevant business-related purposes, including negotiating, concluding, and performing contracts, managing business relationships, administering tenancy agreements, recruitment, managing accounts and records, communicating individuals, supporting corporate social responsibility activities, security, legal, regulatory, and internal investigations, and debt administration.

Visitors to our websites

We may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the IP address assigned to your computer.

We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable us to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.

Sensitive Information

In some circumstances we may ask for personal information that is sensitive. This may include information such as your child’s racial or ethnic origin or any cultural or religious requirements (for example, for staff to use in educational programs).  We are also required by law to collect and hold details of your child’s dietary requirements, medical conditions, immunisation history and additional needs. We collect this information as it is required by law and/or reasonably necessary for ensuring the well-being, protection, and development of children in our care.

If you apply for a position with us, we may collect your health information, medical history, information about national origin or immigration status, or optional demographic information such as race (or ATSI status).

We will only collect your sensitive information with your consent and will ensure that it is stored securely.

Financial information

We may collect your financial information (including bank account details, credit card numbers, and debit card numbers) where you provide that information to us for the purposes of payment for services, including by direct debit. We will ensure financial information provided to us is stored securely and treated as strictly confidential.

Government identifiers

In certain circumstances, we are required to collect government identifiers such as those used by Centrelink and the Department of Human Services. We will only use or disclose this information for legitimate business purposes in accordance with the law.

6. How is personal information collected?

We will normally only collect personal information directly from you when you provide it to us:

  • when you attend our centres, complete a standard form or survey;
  • when you telephone us, email us, or post us your information;
  • via our website or our social media pages;
  • if you apply for any job vacancy; or
  • if you provide feedback or make a complaint to us.

We may sometimes collect personal information about you from other sources, for example our third-party suppliers and contractors who assist us to operate our business (such as a third-party payment gateway or a recruitment agency).  We only collect and use personal information for the purpose for which you provided it to us or otherwise as stated in this Policy.

7. Using and disclosing personal information

We will not disclose personal information to any third parties, other than in accordance with this Policy, without the consent of the data subject or their parent or legal guardian. We may disclose personal information:

  • to our related bodies corporate, suppliers, consultants, contractors, or agents to help us to provide you with services;
  • to service providers who assist us in our day-to-day business operations and for purposes which are related to the marketing and promotion of our services to you and to others;
  • to a purchaser of the assets and operations of our business or a part of it, provided those assets and operations are purchased as a going concern;
  • to relevant federal, state and territory authorities for the purpose of investigating a health or safety issue, including a workplace health and safety matter or child protection matter;
  • when conveying information to a responsible person (e.g. a guardian or emergency contact), unless you have requested otherwise; and
  • as authorised or required by law.

8. Do we disclose any information overseas

We may disclose personal information outside of Australia to our third-party partners and suppliers such as cloud storage providers or data centres for software we use.  When you provide your personal information to us, you consent to the disclosure of your information outside of Australia. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the APPs.

9. Marketing and your consent/opting out

We and/or our carefully selected partners may send you direct marketing communications and information about our services and related goods and services offered by our partners. This may take the form of emails, SMS, or mail, in accordance with the Spam Act 2003 (Cth) and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).

We may occasionally engage other companies to provide marketing or advertising services on our behalf.  Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services.  We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.

10. Third party advertising services

We may utilise certain third-party advertising services (e.g. organizations such as FastClick or Google) to display advertising for our advertisers. These third-party services may place a cookie on your computer for the purposes of ad-tracking and presentation. We do not share personally identifiable visitor information with these third-party services.

11. Storing personal information

We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information from misuse, interference and loss, and unauthorised access, modification, or disclosure.  Some of the ways this is done include:

  • requiring our staff to maintain confidentiality;
  • implementing physical and network security measures;
  • providing a secure environment and access control for confidential information; and
  • only allowing access to personal information where the individual seeking access has satisfied our identification requirements.

Where we store your personal information depends on what interaction you have had with us. These include electronic databases, email databases for marketing communications, and secure archiving for paper based forms.

We will only store your personal information for as long as required for the purposes for which it was collected, or as otherwise required by law.  We will delete or destroy your personal information when it is no longer required for the purposes for which you gave it to us or you have requested that we delete it, and we are not legally required to retain it.

12. Data breaches

The Privacy Act requires us to notify affected individuals and the Australian Privacy Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:

  • there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
  • the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates; and
  • we are unable to prevent the likely risk of serious harm with remedial action.

If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals.  This is to ensure that you are notified if your personal information is involved in a data breach that is likely to result in serious harm.  Even if the criteria are not met, we may deem it appropriate to notify you anyway as part of our commitment to taking privacy seriously.

13. Keeping personal information accurate and up to date

You can access the personal information we hold about you by contacting our Privacy Officer using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact our Privacy Officer and we will take reasonable steps to ensure that it is corrected.

In some circumstances which are prescribed by the Privacy Act, such as where to do so might put a person at risk of harm or have an unreasonable impact on the privacy of others, we may decline access to personal information. If your request for access is denied, we will tell you why.

14. Changes to this Policy

We may change this Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

15. Contact us

If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please contact our Privacy Officer on the following details:

Phone:  +61 (07) 5581 5300

Post: Privacy Officer
G8 Education Ltd
PO Box 515
Varsity Lakes, QLD

E-mail: privacy@g8education.edu.au

We will need to verify you, and we will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) via the OAIC website: www.oaic.gov.au.