Autism Swim provides an online eLearning platform and various online communities. These include the Autism Swim eLearning site (the Site), the Autism Swim application [currently in development] (the App) and related Internet services (collectively, the Service(s)). The Service is operated by Autism Swim Pty Ltd ACN 614 083 975 (the Company, we or us) for users of the Service (you).
What personal information do we collect?
We may collect personal information from you when you voluntarily provide such information, such as when you register for access to the Services, interact with us, or use certain Services.
We may collect the following types of personal information:
- email address;
- address and phone number;
- Australian Business Number;
- your child's age (if applicable);
- information you provide to us through customer surveys;
- IP address, device ID, statistics on page views, traffic to and from the sites and standard web log information;
- credit card information (if applicable, and only for processing transactions);
- details of your activities within the Services;
- details of the products and services we have provided to you, or that you have enquired about, including any additional information necessary to deliver those Services and respond to those enquiries;
- any additional information relating to you that you provide to us directly through our Services, or indirectly through your use of our Services, or through other websites of accounts from which you permit us to collect information; and
- any other personal information that may be required to facilitate your dealings with us.
We may also collect these types of personal information from third parties. For example, you may connect a social networking service (SNS) such as Facebook or Twitter to your Autism Swim account. When you do this, it allows us to obtain information from those accounts (for example, your friends or contacts).
Why do we collect, use, process and disclose your personal information?
We may collect, hold, use, process and disclose your personal information for the purposes set out in the below table. If you are located within the European Union, the lawful basis for our collection, holding, use, processing and disclosure of your personal information is also set out in this table.
|Purpose of collection, holding, use, processing and disclosure||Lawful Purpose|
|To enable you to access and use our Services.||Your consent (if given to us).
Performance of a contract with you.
|To operate, protect, improve and optimise our Services and our users' experience, such as to perform analytics, conduct research and for advertising and marketing our Services to you.||For our legitimate interests in operating our business efficiently and effectively.|
|To send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you.||Your consent (if given to us).
Performance of a contract with you.
|To administer rewards, surveys, or other promotional activities or events sponsored or managed by us, or our business partners.||Your consent (if given to us).
For our legitimate interests in operating and promoting our business and rewarding our users.
|To send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting.||Your consent (if given to us).|
|To share your de-identified information with our trusted third parties.||For our legitimate interests in operating our business efficiently and effectively.|
|To comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.||Compliance with our legal obligations.
For our legitimate interests in enforcing our contractual and legal rights.
|To help resolve an urgent medical situation.||To protect the vital interests of the individual or others.|
In an ongoing effort to better understand and serve the users of the Services, we may conduct research on our customer demographics, interests and behaviour based on the information collected. This research may be compiled and analysed on an de-identified, aggregated basis, and we may share this de-identified, aggregated data with our affiliates, agents and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Do we use your personal information for direct marketing?
We and/or our carefully selected business partners may send you direct marketing communications and information about our Services. These may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the contact method set out here – firstname.lastname@example.org – or by using the opt-out facilities (such as an unsubscribe mechanism) provided in the communication.
If you do not wish to receive personalised advertising that is delivered by third parties outside of the Autism Swim Service, you may be able to exercise that choice through opt-out programs that are administered by third parties.
To whom do we disclose your information
- our employees and consultants;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- third party suppliers and service providers (including developers and other providers for the operation of our Services and/or our business or in connection with providing our Services to you);
- payment system operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners, sponsors, promotors or partners;
- our professional advisors;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Where information is processed
Autism Swim is based in Australia. No matter where you are located, you consent to the processing and transferring of your information in and to Australia and other countries. The laws of Australia and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.
Disclosure of Australian Personal Information Outside Australia
We may disclose personal information outside of Australia to offshore business partners, cloud or software providers located outside of Australia, including the United Kingdom. When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.
Websites and Cookies
We may collect personal information about you when you use and access our website, or a publishers website that we (or a third party acting on our behalf) is placing advertising on.
While we do not use browsing information to identify you personally, we may record certain information about your use of these websites, such as which pages you visit, the time and date of your visit, the number of messages users have sent and the IP address assigned to your computer.
We may also employ cookies to keep track of your website usage and remember your preferences. Cookies are small files that store information on your browser or device that can be read on future visits, and can recognise you across different websites, services, devices or browsing sessions.
However, you can disable cookies by changing your browser settings. Further information about the procedure to follow in order to disable cookies can be found on your Internet browser provider’s website via your help screen.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect the information provided via the Services from loss, misuse, interference and unauthorised access, disclosure, modification, or destruction, and we use a number of physical, administrative, personnel and technical measures to protect your personal information.
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the contact information provided through the website or using the contact details set out below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us using the details set out below and we will take reasonable steps to ensure that it is corrected.
Additional rights under GDPR for individuals within the European Union
If you are located within the European Union, then you also have the following additional rights under the GDPR. We will comply with all of our obligations under the GDPR in respect of these rights.
Where we process any personal information about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out below). We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing. The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.
You have a right to information portability, which is the right in certain circumstances to request a copy of your personal information in in a structured, commonly used and machine-readable format and to transmit this information to another data controller. You may also request that we erase any personal information that we hold about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of or processing which you are allowed under the GDPR to object to. We will comply with such requests unless we are permitted or required by law to retain that information.
You also have the right to object to our processing of personal information in certain circumstances, including where we process personal information based on our legitimate interests. You can also request that we restrict our processing activities in some circumstances. If you make such a request in those circumstances, then we will continue to store your personal information but will not otherwise process your personal information without your consent or as otherwise permitted by law.
Making a Complaint
If you think we have breached the Privacy Act (if you are located in Australia) or the GDPR (if you are located within the European Union), or you wish to make a complaint about the way we have handled your personal information, you can contact us at email@example.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first at firstname.lastname@example.org describing your complaint and providing us with your contact information, and we will do our very best to resolve your concern.
Privacy Compliance Officer
As our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, we are not required under GDPR to appoint a data protection officer.
Effective Date: 06.02.2019