We handle personal information in an open and transparent manner in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) ("Privacy Act") and other applicable privacy laws. We are compliant with the Australian Notifiable Data Breaches (NDB) Scheme that came into effect on 22nd February 2018. We are also compliant with the requirements of the European General Data Protection Regulation (GDPR).
What data do we collect?
In order to operate, we need to obtain and retain names and email addresses, and in some cases postal and billing addresses of our customers. This is considered basic personal data and we are obliged to handle it appropriately.
We do not now, or intend to keep in the future, any customer data that is considered to be sensitive personal information.
Sensitive personal information is considered to be:
- Racial or ethnic origin
- Political opinion
- Religious belief
- Trade union membership
- Physical and/or mental health
- Sexual orientation
- Criminal history, legal proceedings, and allegations
- Genetic and biometric information
If an individual user decides to share any other (sensitive) personal information with us, we are obliged to handle it appropriately.
We will only ask for your credit card details on the secure payment pages connected with our website. Your details are sent directly to our payment providers (Pin Payments and St George Bank), and the limited card and transaction details that they give us access to cannot be used to make new payments. We will never ask for (and we cannot accept) credit card details over the phone or by email. In certain circumstances we require other financial information, including your bank account details where appropriate. This information is stored securely and is only used for the purpose for which it is provided (payment or refund).
Cookies allow your browser to utilise some of the features of our websites. We use both session cookies and persistent cookies. Most web browsers are set by default to accept cookies; if you reject cookies you will be unable to take advantage of some of the features of our websites. You can view our cookies policy for more details.
The primary purpose for which we collect information about you is to conduct our business, provide and market our products and services to you, meet our legal or regulatory obligations, for the management of business transactions entered into with us and the administration of any accounts you have with us.
How do we collect data? How do we use it?
We will generally collect personal information by way of forms filled out by people, face-to-face meetings, business cards, electronic communications and telephone conversations. In addition, we collect personal information from our website through receiving subscription applications, and other electronic documents.
We may collect your personal information when you request, acquire or use a product or service from us, register with us as a subscriber, complete a survey or questionnaire, enter a competition or event, or when you communicate with us electronically (including email and facsimile), by telephone or in writing (for example if you make a complaint or provide feedback) or where you provide personal information via social media (such as via Facebook).
If, at any time, you provide personal or other information about someone other than yourself, you must have that person's consent to provide such information for the purpose for which you provide it to us.
We may use the personal information we collect for the following purposes:
- to provide you with news and information about our products and services, email updates
- To conduct competitions or promotions
- To verify your identity
- To investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity
We will not sell, trade or disclose to third parties any individual's information, including names and addresses, without the consent of the individual concerned, or otherwise in accordance with the Privacy Act.
We may, at our discretion, disclose personal information to third parties:
- Engaged by us to perform functions or provide products and services on our behalf, such as processing of credit card information, mailouts, debt collection, marketing*, research, advertising* and hosting of customer relationship management (CRM) systems.
- That are our agents, business partners or joint venture entities or partners;
- Authorised by you to receive information held by us;
- As part of any investigation in relation to you or your activity which we suspect to be a breach of any of our terms and conditions, serious misconduct or unlawful (including disclosure to the police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator)
* We only engage third party services for marketing or advertising to customers who are signed up to our newsletter.
Primary data storage: database in Amazon cloud, hosted in Sydney, Australia.
Service providers with direct access to database:
Service providers with access to/storage of a limited set of customer (including student/principal/teacher) data:
- Digital Ocean: secondary cloud hosting
- Mailtrap: notification email testing
- MailChimp: newsletter subscribers
- Mandrill (by MailChimp): notification emails
- New Relic: application performance monitoring
- Sentry: error reporting
We provide subscription services to children and young adults who are legally minors and may not be able to provide valid consent to our collection, use, disclosure, storage or other handling of their personal information.
Parents and guardians of children/minors are personally responsible for monitoring their child's access to, and use of, our services and for providing valid approvals for their child's participation in subscription, and other promotional activities conducted by us.
If you are a child or young adult under the age of 18 years, you must ask your parent or legal guardian to approve your provision of personal information before you submit your personal details to us.
Accessing and updating or correcting your information
Under the Privacy Act, you may request to access, update or correct the personal information we hold about you. We will require you to verify your identity and to specify the information that you wish to access, update or correct.
Subscribers or members of our website will generally be able to access, update and correct their membership and contact details online.
We request that you keep your information as current as possible so that we may continue to improve our service to you.
We will make attempts to ensure that the personal individual information held by us is accurate and up to date. If information we have about an individual is not accurate or up to date, they may ask that it be corrected.
Upon request, we will permanently remove and securely delete any information that we hold about you. This request must be made in writing to:
The Manager, Haese Mathematics, 152 Richmond Road, Marleston, South Australia 5033
Or email firstname.lastname@example.org
We will respond to your request within 5 business days.