- We have adopted this Policy in accordance with the Privacy Act.
- This Policy outlines how we deal with Personal Information, which we collect in conjunction with the Services.
- We may also collect information about Individuals who do not use the Services.
- Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.
2. Collecting information directly from people
We collect Personal Information directly when an Individual:
- contacts us by telephone, fax, email or another form of communication;
- gives us their information in person, on a paper form or by online form submission;
- provides information to the Platform via the mobile app;
- sends us a message through SMS or a third party app;
- registers or subscribes for an account on the Platform;
We may also collect Personal Information directly in the following ways:
- the Platform automatically captures Personal Information in content Individuals post on the Platform;
- our server and analytics service may log details about website visits;
- location services, when switched on, capture Individuals’ locations;
- our website will likely place a cookie on Individuals’ devices and store visitors’ IP addresses.
3. Types of Information that we collect and hold
Using processes described in this Policy, we collect the following categories of Personal Information about Individuals:
- (Content) whatever Personal Information is included in content Individuals enter using our Services;
- (Identity Information) name, signature, date of birth, nationality, licence registration details, bank account details, family details, employment details, educational qualifications, usernames;
- (Contact Information) email address, social media profiles, telephone fax numbers, third-party usernames, residential and postal addresses;
- (Student Information) student identification numbers and enrolment information;
- (Behaviour Information) habits, movements, trends, decisions, associations, memberships, finances, purchases, including usage data and metrics relating to participation in CPD Activities; and
- (Internet Data) webpage views, IP address, referring web site addresses, location, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics.
4. Sensitive Information
The Privacy Act categorises certain types of Personal Information as "sensitive information". We do not actively collect sensitive information, but information that Individuals post or store using the Platform may fall into this category.
If Individuals submit, post or store any sensitive information using the Platform, we take this as consent to the management of it in accordance with this Policy.
5. How we store Personal Information
We hold and store Personal Information using:
- third party data storage services, including applications and software;
- devices operated by employees of our business; and
- printed paper and archival storage services, which may be provided by third parties.
We will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure our physical facilities and electronic networks.
We secure Personal Information that we collect with credentials, passwords, pins, encryption, session expiry, firewalls, SSL network encryption, and through the use of reputable vendors.
For more information on security, please contact us using the details in the "contacting us" below.
7. Deletion procedures
We will delete Personal Information when users close their account with us.
However, your name and email address may be retained on our electronic mailing lists unless and until you unsubscribe from those mailings. You may do this by clicking the unsubscribe link in the relevant email.
8. Why data is held, used and disclosed
Our handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that we can:
- provide functionality within the Platform;
- provide notifications and support;
- offer marketing and promotions, competitions, surveys and questionnaires;
- transact with Individuals and process payments;
- provide services in connection with the Platform to Content Providers, organisations and educational institutions;
- assess and improve the Platform; and
- provide secure access to the Platform.
For more information on when we share Personal Information, see below.
9. Handling of data
Some collection, holding, use and disclosure of Personal Information happens simply by virtue of Individuals using the Services. The purpose of the Platform is to facilitate an Individual’s completion of Continuous Professional Development (CPD) Activities and maintaining records about Individuals’ completion of CPD Activities.
10. Disclosing Personal Information
We share Personal Information with others in the following ways:
- displaying information about Individuals on pages, profiles, walls, and accounts;
- sharing profile and activity information with social networks, and posting to those social networks if Individuals have given permission for this to occur;
- showing usernames and contact details on forums, comments, messages and correspondence;
- providing personal information and CPD Activity participation data to an Individual’s educational institution or organisation;
- providing anonymised, aggregated data about usage of the Platform to educational institutions and Content Providers;
- providing feedback and participation data to Content Providers in relation to CPD Activities; and
- facilitating the sharing of information about sales, inquiries and payments.
Service providers can access personal information
When we use the services of companies that we work with to provide the Platform, they may get access to our data, including Personal Information. Such third party services may include:
- (Hosting) Cloud and web hosting service providers;
- (SaaS) providers of software as a service;
- (Support) providers of IT support services, web and software development;
- (Data analytics) Google Analytics (see http://www.google.com/intl/en/policies/privacy/);
- (Online payment) providers of online payment systems; and
- (Apple device functionality providers) Apple location services, Siri dictation, Apple Maps, Apple Notifications (see http://www.apple.com/au/privacy/).
- (Android device functionality providers) Google services including location services and Google Maps (see http://www.google.com/intl/en/policies/privacy/);
We will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions.
These third parties may have their own privacy and security policies. For more information about this, please contact Provider using the details listed in the "contacting us" section below.
For information on disclosures to overseas recipients, see below.
12. Disclosing information overseas
We may store or process some Personal Information overseas. Individuals may not have the same rights relating to their information when it is overseas as they would under the Privacy Act and Australian law.
By providing us with Personal Information, Individuals consent to the transfer of their Personal Information to overseas recipients as contemplated by this Policy.
If Individuals consent to such transfer, we will not be accountable for overseas recipients’ handling of their Personal Information.
13. Contacting us
Individuals may edit content and account details within the Services.
However, Individuals can also contact us using the details below if they want to access, correct or delete Personal Information or lodge a complaint.
Privacy Officer – email@example.com
We reserve the right to refuse access or correction where there are reasonable grounds for doing so, for example if providing access would be unlawful or would compromise the privacy of another person.
14. Complaints process
If Individuals have a complaint about privacy, they can contact us using the details listed above.
We will respond to complaints in writing within a reasonable period (usually 10 business days from the day we receive an email).
We will try to work with Individuals to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.
If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
We may amend this Policy at its sole discretion. Individuals that continue to use the Platform after receiving notice from Provider of such an amendment, agree to be bound by this Policy as amended.
Content Provider means a third party individual or organisation that provides content on the Platform.
CPD Activity means a continuing professional development activity provided by us or a Content Provider via the Platform.
Individual means a natural person.
Personal Information has the meaning prescribed by the Privacy Act and includes information about an Individual whose identity is apparent, or can reasonably be ascertained, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.
Platform means the mobile app and website called CPD ANYTIME.
Policy means this document, drafted in accordance with the Privacy Act.
Privacy Act means the Privacy Act 1988 (Cth).
We, us, our means GRT Applications Pty Ltd as trustee for the GRT Solutions Unit Trust trading as CPD Anytime (ABN 81 862 449 746).