- Provider has adopted this Policy in accordance with the privacy law.
- This Policy outlines how Provider deals with Personal Information, which it collects in conjunction with the Services.
- Provider may also collect information about Individuals who do not use the Services of Pink Elephant Kids.
- Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.
2. Collecting information directly from people
Provider collects Personal Information directly when an Individual:
- contacts Provider by telephone, SMS, email, Webcontact form, or another from of communication;
- gives Provider his or her information in person on a paper or electronic form, including a web enquiry form;
- sends the Provider a message through SMS or a third party app;
- registers or subscribes for an account
- Makes a purchase of a Phelly product;
Provider also collects Personal Information directly when:
- Provider’s server and analytics service may log details about website visits; and
- Provider’s website places a cookie on an Individual’s device or store Individuals’ I.P. addresses.
3. Types of Information that Provider collects and holds
Using processes described in this Policy, Provider may collect the following categories of Personal Information about Individuals:
- (Content) whatever Personal Information is included in content Individuals share using Provider’s Services;
- (Identity Information) name, child's name, child's date of birth, family details, usernames;
- (Contact Information) email address, social media profiles, telephone number(s), residential and postal addresses;
- (Internet Data) webpage views, IP address, referring web site addresses, location, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics;
4. Sensitive Information
Privacy law categorise certain types of Personal Information as “sensitive information”, including:
- information or an opinion (that is also Personal Information) about an Individual’s:
- racial or ethnic origin;
- political opinions;
- religious beliefs or affiliations;
- philosophical beliefs;
- criminal record; and/or
- sexual orientation or practices;
- health information about an Individual, including:
- any information or opinion about the Individual’s health, health services, or wishes regarding health care; and
- information collected to provide, or in providing, a health service of any kind.
Provider collects information from Individuals in providing the Services. If Individuals disclose other sensitive information to the Provider, this may be included in records managed by the Provider.
5. How Provider stores Personal Information
Provider holds and stores Personal Information using:
- (Storage Services) third party data storage services with servers basd in Australia and overseas including, but not limited to, Microsoft Email and applications, Data Centres, Westpac Bank (Westpac), PayPaland any other applications and software used for business operations;
- (Provider Devices) devices operated by contractors to and employees of Provider’s business; and
- (Paper Files) printed paper and files.
Provider will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure the Provider’s physical facilities and electronic networks. Provider secures Personal Information that Provider collects with requirements and agreements between Provider and employees and contractors used by the provider.
Provider limits access to personal information to those with a valid reason for using that information. Provider’s document storage includes security measures such as passwords, pins, encryption, session expiries, firewalls, SSL network encryption, SSL certificate and website transmission encryption, the use of reputable vendors, physical locks and storage on physical files and datacentres housing servers.
Google security information: https://www.google.com/policies/privacy/#infosecurity
Westpac Bank security information: https://www.westpac.com.au/privacy/privacy-policy/
For more information on security, please contact Provider using our contact form.
7. Deletion Procedures
Provider deletes Personal Information when considered appropriate under relevant state and national laws. Our deletion process is:
- Provider identifies all digital records relating to the individual and delete them from these digital storage media; and
- Provider identifies any paper records relating to the individual and shred these onsite or personally de-identify them.
- Provider has certain obligations under Australian law to retain some client information for a prescribed period of time.
8. Why data is held, used and disclosed
Provider’s handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that Provider can:
- assist with the selection of appropriate cards or exercises which may help the child;
- offer surveys and questionnaires;
- transact with Individuals and process payments;
- assess and improve the Services; and
- provide secure access to the Services.
- For more information on when Provider shares Personal Information, see below.
9. Disclosing Personal Information
Provider shares Personal Information with others in the following ways:
- facilitating the sharing of information when requested by the Client with other authorised bodies ;
- sharing information with other health practitioners, parents/guardians, teaching staff, governmental institutions including Medicare and private healthcare insurers; and
- sharing information with administration staff and business service providers and contractors to provide services.
10. Service providers can access personal information
When Provider uses the services of companies that Provider works with to provide the Services, they may get access to the Provider’s data, including Personal Information. Such third party services may include:
- (Hosting) Cloud and web hosting service providers (see Amazon Web Services https://aws.amazon.com/compliance/data-privacy-faq/, Google applications https://www.google.com/policies/privacy/, Go Daddy;
- (SaaS) providers of software as a service;
- (Support) administration staff and contractors, IT support services, web and software development staff and contractors;
- (Data analytics) Google Analytics (see [http://www.google.com/intl/en/policies/privacy/](http://www.google.com/intl/en/policies/privacy/));
- (Online payment) Westpac Banking Corporation (Westpac) and PayPal;
Provider will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions.These third parties may have their own privacy and security policies. For more information about this, please contact Provider using the details listed in the “contacting us” section below.
11. Contacting us
Individuals contact the Provider using the details below if they want to access, correct or delete Personal Information or lodge a complaint. Privacy Officer – firstname.lastname@example.org
Provider reserves the right to refuse access or correction where there are reasonable grounds for doing so, for example if providing access would be unlawful or would compromise the privacy of another person.
12. Complaints process
If Individuals have a complaint about privacy, they can contact Provider using the details listed above.Provider will respond to complaints in writing within a reasonable period (usually 10 business days from the day Provider receives an email).
Provider will try to work with Individuals to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.
If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
means a natural person.
means information about an Individual whose identity is apparent, or can reasonably be ascertained, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.
means this document, drafted in accordance with the Privacy Act 1988 (Cth).
means Pink Elephant Kids Pty Limited T/a Phelly Kids and its staff and contractors.