Privacy Policy.

Personhood360 is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act) as APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au

The access to our service, or provision of Personal Data directly to us, is a consent to our processing of your Personal Data in the manner and for the purpose set out in this Privacy Policy which may at times includes Sensitive Data.

Policy Updates

This Policy may change from time to time and is available on our website.

www.personhood360.com

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

1 Blue Wren Way, Warriewood, 2102, NSW, Australia

info@personhood360.com

1800 950 689

Please provide all relevant details that would enable us to locate required information in question and respond to any privacy request in compliance with the applicable Data Protection Law.

Section 1: Privacy Policy

1. Collection of Personal Data

We may collect the following categories of Personal Data in in the following situations:

a) Personal Data you voluntarily provide to us:  When you give us your Personal Data directly (whether face-to-face, by telephone, email, post, through social media or by communicating with us in any way), when we meet with an organisation wishing to do business with us and an individual from that organisation provides Personal Data about themselves, when you apply for a job with us, or when you sign up or register to become an Account Holder, or when you enter into a transaction with us you are voluntarily giving us the Personal Data that we collect.

• Categories of Personal Data: The Personal Data we may collect includes your name, physical address, email address, login for the Services, feedback and suggestions for the Services, IP address, phone number, billing information in accordance with our Terms of Use, occupation, employer, job title, area of responsibilities, employment history, and educational qualifications.

1. b) Our email marketing list:  When you become an Account Holder, or where you elect to sign up to our email marketing list, we may collect your name, email address, and email marketing preferences.c) Personal Data we collect automatically: When you use our Service or browse our Website, we may collect information about your usage and web browsing. We may collected the Personal Data as log files, or through cookies or other tracking technologies (see the “Cookies and tracking” below for more information), store it against the associated Account, and link it to the other Personal Data we hold about an Account.

• Categories of Personal Data: The Personal Data we may collect includes your IP address, your operating system, your browser ID, time, date, your browsing activity, your interaction with the Service (including any Content, comments, and location).

1. d) Personal Data uploaded and transferred to the Service by Account Holders: We collect Personal Data about persons (including Children) indirectly when Account Holders use the Service, such as when an Account Holder:

• creates a Child Profile or Educator Portfolio, or invites another person to become an Account Holder (including an invitation to become a Primary Account Holder or Authorised Viewer);
• uploads and transfers Content that contains Personal Data (including photographs or videos of another person including Children, or uploads and transfers materials created by another person including Children); or
• posts a comment or tags Content on the Service that contains Personal Data of another person.

In these situations any such Account Holder is a joint data-controller along with us in respect of such Personal Data. We have no direct relationship with any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about any such person (including where Sensitive Data relating to a Child is collected and stored in the relevant Child Profile). Please see Section 2 (part 1.) below which outlines your obligations in this regard.

e) Statistical information: We may collect statistical (non-personal) information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies.

f) Cookies and tracking:

• We may use various technologies to collect and store information when you use our Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. You may control the use of cookies at the individual browser level, however your use of the Website and Service may be affected.
• Personal Data may be collected as log files, or through cookies or other tracking technologies, stored against associated Accounts, and linked to the other Personal Data we hold about associated Accounts.

2. Use of Personal Data

We process Personal Data for the following purposes:

a) to administer Accounts.

b) to enable the features of the Services to be utilised and enjoyed, subject always to our Terms of Use. This may, for example, entail incidental posting of photographs/videos of a Child on another Child’s Profile. Those posts may remain viewable even once a Child no longer attends a Centre as long as the relevant Child Profile is retained.

c) to analyse User behaviour (in respect of the Website) and Account Holder behaviour (in respect of the Service) for the purposes of:

• determining Service developments;
• inviting Users or Account Holders to explore other features within the Website orService, and otherwise to generally promote our Service;
• ensuring the security of the Website and the Service; and
• combating and preventing breaches of our Terms of Use, other user agreements, this Privacy Policy and our other policies;

1. d) to respond to enquiries, feedback or complaints received from you;e) to perform authorised financial transactions with you and to help us to manage our accounts and administrative services;f) to verify your identity;

   g) for directly marketing to you (including by email, post, other means, or through functionality within the Service) with information about our Service;

   h) on an aggregated non-identifiable basis, to:

• help Personhood360 understand its market position;
• assist with marketing our Services to others, including in respect of any online advertising; and
• deliver a statistical result to help with general Personhood360 announcements;

1. i) incidentally, where educators at centres and their educational mentors, for their further professional development, may view, some content of an account to which an Early Childhood Provider has lawful access;j) to protect our legal interests and fulfil our regulatory obligations, including any notification or reporting obligations and any access directions, imposed on us by any Government agency (if and to the extent necessary);k) for ensuring the trust and safety of any Child and Users of the Service; and

   l) in other circumstances, provided we comply with applicable Data Protection Laws.

2. Lawful Basis for processing

Performance of a contract:  You acknowledge and agree that the processing identified below is necessary for the performance of a contract to which the data subject is party (being the Agreement):

• to carry out User and Account administration tasks;
• to manage and deliver the Service; and
• to manage any disputes (including disputes over invoices or delivery of the Service).

Legitimate interests: In respect of all other processing of Personal Data detailed in this Privacy Policy (including direct marketing activities), such processing is necessary for the purposes of a legitimate interest pursued by Personhood360, and we have assessed that such interests are not overridden by the interests or fundamental rights and freedoms of the persons to whom the Personal Data relates.

If you are EU based you have the right to object to the way we processes your Personal Data where the processing is based on legitimate interests. For more information see “Your Rights” section below.

Data Processor:  In respect of Personal Data uploaded and transferred to the Service by Account Holders we are a joint data-controller alongside the relevant Account Holder. However, the relevant Account Holder is responsible for determining the legal basis upon which that Personal Data is processed. Please see Section 2 (part 1.) below which outlines the Account Holder’s obligations in this regard.

Explicit Consent: We obtain the explicit consent of the Primary Account Holder in respect of all Sensitive Information relating to a Child where such information is uploaded into a Child Profile.

4. Direct marketing

All those with whom we interact have the option to opt-out of receiving direct marketing communications from us. If you do not wish to continue to receive direct marketing communications from us and/or selected third parties you should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you.

Please note that some features of the Service may involve us providing, through the functionality within the Service, recommendations or suggestions for goods, services or benefits that we offer.

5. Retention and deletion of Personal Data

We will retain your Personal Data for as long as the Account associated with you is active, or as long as needed to provide you with our Service.

We take steps to regularly destroy Personal Data, however we may:

a) in some cases, retain a copy of your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal Data retained for this purposes will be archived and stored in a secure manner after your Account has been closed, and will not be accessed unless required for any of these reasons; and

b) retain Personal Data in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying you from the information.

6. Disclosure of Personal Data

We will not sell Personal Data to anyone.

We share Personal Data with third parties for limited purposes, such as to help us run our business and provide the Website and Service. Those third parties can be categorised as follows:

a) Account Holders: At the direction of an Account Holder (through the Service) Personhood360 shall disclose Content (which may contain Personal Data) to other Account Holders. For example:

• The family version of the Service enables Account Holders to tag posts and Content in a way as to identify particular interests of a Child or features of a Child’s development or progress. Personhood360 may be directed to disclose this Personal Data to an Authorised Viewer (such as an educator), to facilitate their understanding of the Child’s progress, development, interests etc.
• the Service will enable an Authorised Viewer to access (and upload) Sensitive Information relating to a Child, solely for the purpose of their understanding of the Child’s progress, development, interests, etc.  
• Educators may share stories from a Child Profile with Authorised Viewers (including any person invited by the Primary Account Holder to have access to that Child’s stories).
• Stories from a Child Profile (which may include Sensitive Information of a Child) may also be shared by Authorised Viewers with other family members of a Child’s Personhood360 community, However, Authorised Viewer’s cannot disclose notes, routines or plans from a Child’s Profile with any other family members of a Child’s Personhood360 community or any other parents or families.
• Educators may share group stories (which may include Sensitive information of a Child) relating to two or more Children with family members from the Personhood360 community for the relevant Children.
• Educators may share group plans (which may include Sensitive information of a Child) with the Primary Account Holders for all Children included in the group plan.
• Personhood360 may be directed to allow a Centre (or a network that operates a Centre) to access an Educator Portfolio and its associated Personal Data (where that Centre maintains the Centre Account to which your Educator Portfolio relates).

We have no direct relationship with any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to disclose any Content (which may contain Personal Data) in the manner you direct through the Service. Please see Section 2 (part 1.) below which outlines your obligations in this regard.

If you no longer want to be contacted by one of our Account Holders, please contact the Account Holder directly.

b) Service providers: We share your Personal Data with our third party service providers and licensors of software services utilised by us in the provision of the Service, who help us provide and support our Service. For example:

• Organisations who carry out credit, fraud and other security checks;
• Payment processors;
• Hosting services;
• Content delivery services;
• IT support providers; and
• Marketing businesses engaged by us to disseminate materials to which recipients have consented.

We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your Personal Data, and use your Personal Data only for the purposes that we give it to them.

c) Sale, merger, consolidation, liquidation, reorganisation, or acquisition: If Personhood360 or substantially all of its assets were acquired by a third party, Personal Data which we hold may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy).

d) Legal obligation: If we are under a duty or have a legal right to disclose or share Personal Data in order to comply with any legal obligation or request or investigation issued by any Government agency, or in order to enforce or apply our terms and conditions or to protect our rights, property, or the safety of our personnel or third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection, trust and safety and credit risk reduction.

7. Trans-border Personal Data flows

Personhood360’s head office is located in Australia, so some limited information about adult individuals (including customers) is transferred and /or stored there. In respect of our responsibilities under the GDPR, the appropriate safeguard in place for such a transfer is the existence of an adequacy decision under Article 45 of the GDPR.

The vast majority of Personal Data we handle is stored and hosted in Australia. All Personal Data relating to Children on Personhood360 is hosted in Australia.

‍Some limited Personal Data may be provided to companies located in the USA who offer software as a service products that process content for inclusion on the Service (for example, conversion of images and videos to make them suitable for viewing online/ through a web browser). Third parties located overseas are not permitted to (and are contractually obligated to not) access or use the Personal Data provided except for those limited purposes. We only choose reputable service providers and have agreements with such third parties that prevent them from using or disclosing to others the Personal Data we share with them, other than as is necessary to assist us.

In respect of the transfer of Personal Data to Australia, the USA and other countries, we will use reasonable efforts to obtain assurances from any third parties that they will safeguard personal information consistent with this Privacy Policy and all applicable Data Protection Laws. However, in providing your consent to such trans-border transfers, you acknowledge that the Data Protection Laws existing in some jurisdictions may not contain safeguards that are comparable to those contained in the Australian Privacy Act 1988 (Cth) (the Privacy Act).

While the information resides outside of the territory where you reside, it may be accessible to the local courts, law enforcement and national security authorities in a foreign jurisdiction.

8. Security of Personal Data

We take all reasonable steps to protect Personal Data, including through internal and external security, restricting access to Personal Data to those who have a need to know, maintaining technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We choose technology partners based on their security and privacy policies and practices.

Personal Data stored in our system is protected by electronic and procedural safeguards. We take reasonable precautions to protect Personal Data (and other content) from accidental loss and theft by storing it in secure data centres with off-site backups. Communication between Account Holders and our servers is encrypted via industry-standard secure sockets layer (SSL).

The Service is protected by a secure and encrypted password that each Account Holder must choose themselves. Account Holders should never share their passwords. Personhood360 is not responsible for any loss of data or breach of privacy if an Account Holder shares their password with someone else. We do not store your password on our servers.

Because internet transmissions cannot be guaranteed to be 100% secure, you acknowledge and agree that you use the Service at your own risk.

In case of a Security incident or any other breach of security safeguards, such as the loss of, unauthorised access to or unauthorised disclosure of Personal Data under Personhood360’s control, we will respond in accordance with applicable Data Protection Laws.

9. Your Rights
10. a) You have the right to access and correct your Personal Data that is held by us at anytime.  Requests for such access and correction requirements can be made to the contact details in section 4 of this Privacy Policy.If you are a resident of the EU you also have the right to:b) request the erasure of any or all of your Personal Data;
    ‍
    c) restrict or object to the processing of any or all of your Personal Data;

    d) request the porting of any or all your Personal Data to another organisation;

    e) withdraw any consent to processing that you have previously given in respect of any or all of your Personal Data;  and

    f) lodge a complaint regarding our data processing activities as they relate to your Personal Data with the supervisory authority in your member state.

    Please note that where we are not, or are no longer, in a position to identify you within the information we hold (including because of any de-identification techniques we may have employed), then your rights as described above shall not apply.

    We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws where you are resident.

    We will respond to any request made in respect of the above without delay, but in any case within one (1) month of are quest, or two (2) months where the requests are complex or numerous (in which case, we will inform you of such delay).

11. Cancelling your Account

If your Personhood360 Account terminates (for whatever reason), the Personal Data associated with it may no longer be accessible to you. Any Content you have posted from your Account may still be available to other Account Holders that the Content has been associated with. There may continue to be residual copies of such Content due to ongoing data back-up and archiving.

Section 2: Your Responsibilities

1. Uploading and transferring other people’s Personal Data through the Service

You acknowledge and agree that, in respect of other people’s Personal Data (including the Personal Data of Children) that you upload and transfer within the Service, you are acting as a joint data-controller along with Personhood360 in respect of such Personal Data.

By accessing and using the Service to upload and transfer other people’s Personal Data, you agree that you:

a) Comply with all Data Protection Laws: will comply with your obligations under all applicable Data Protection Laws;

b) Obtain consent: have obtained (or shall obtain) all consents necessary under Data Protection Laws, for Personhood360 to lawfully process the Personal Data through the Service as you direct, and that such consent is obtained from the correct person.  If you are a Primary Account Holder, you must provide Explicit Consent to enable such information regarding a Child to be lawfully uploaded into the relevant Child Profile.

Personhood360 may, but shall not be required to, offer through the functionality of the Service a pop-up or embedded form to allow Account Holders to give their consent, retrospectively, to the processing of their Personal Data (or the Personal Data of a Child that they are the parent or guardian of) through the Service. However, you shall not rely on any such functionality, and it is your responsibility to ensure that you obtain consent from the appropriate person(s).

c) Withdrawn consent or objection to processing: must notify us (and remove the relevant Personal Data from the Service) without undue delay if any Account Holder fails to provide consent, withdraws their consent, or any part of their consent, or objects to any processing of Personal Data through the Service. This shall include any withdrawal of consent, or objection received by you from a Child to whom the Personal Data relates;

d) Accuracy of Personal Data: will make sure that you are frequently updating any Personal Data stored within your Account that relates to another person when requested to do so by that person;

e) Security breach: upon becoming aware of a Security Incident, or any other breach, or suspected breach, of your security safeguards, must notify us without undue delay and shall provide timely information relating to the security incident as it becomes known or as is reasonably requested by us;

f) Sensitive data: if required by Data Protection Laws, will only upload or transfer Sensitive Data to the Service if Explicit Consent has been obtained from the Primary Account Holder;

g) Secure use of the Service: are responsible for your secure use of the Service, including securing your Account authentication credentials, protecting the security of Personal Data when in transit to and from the Service, taking any appropriate steps to securely encrypt or backup any Personal Data uploaded to the Service and ensuring that Personal Data is protected in a manner comparable to (or no less stringent than) the safeguards contained in the APPs.

1. 
   h) Evaluation of the Service: are responsible for reviewing the information made available by Personhood360 relating to data security and making an independent determination as to whether the Service meet your requirements and legal obligations under Data Protection Laws.i) Updates to Terms of Use and Privacy Policy:  acknowledge that the Service is subject to technical progress and development and that Personhood360 may update or modify its Terms of Use and this Privacy Policy from time to time, and you agree to review the latest version of the Terms of Use and Privacy Policy from time to time.