This Policy sets out how we collect, handle and use information about you.

We reserve the right to update this Policy at any time without notice.

We are subject to the Australian Privacy Principles (APPs).

In certain circumstances we may also be subject to the EU General Data Protection Regulation (Regulation 2016/679) as it applies to residents in the European Economic Area.

The purpose of this Policy is to:

1. set out the types of information that we may collect; and
2. how that information will be used, handled, stored and disclosed.

This policy applies to information that we may collect about you.

This policy does not apply to information that may be collected by a third party or how that third party may use, handle, store or disclose your information.

Organisation means a natural person, a body corporate, a partnership, any other unincorporated association, or a trust, that is not a small business operator, a registered political party, an agency, a state, territory or national authority or a prescribed instrumentality of a state, territory or nation.

Personal Information means information or an opinion about an identified natural person, or a natural person who is reasonably identifiable.

Digistorm Group, we, us, our means Digistorm Pty Ltd and its ‘related bodies corporate’(as that term is defined and used in the Corporations Act 2001 (Cth)), including but not limited to Digistorm Operations Pty Ltd and Digistorm Group Pty Ltd.

Institution means preschools, primary schools, secondary schools, and further and higher education places for learning, whether public or private.

Suite of Products means:

1. eduAPP;
2. eduSITE;
3. eduSITE Themed;
4. Enrol;
5. Funnel;
6. Forms,

and any other products or adaptations that may be added from time to time. All of our products may be viewed at https://www.digistorm.com/. 

In Australia - Privacy Act 1988 (Cth) which includes the Australian Privacy Principles set out therein, as substituted, amended, replaced or varied from time to time.

In the European Economic Area – for residents in the European Economic Area only, EU General Data Protection Regulation (Regulation 2016/679).

1. How, what and why we collect your information

   We collect information about you (including, but not limited to, that information set out in the table below) that:

   1. you give us directly (for example information we receive from you directly when you create an account, complete an enrolment form or when you communicate with us by email or through social media);
   2. we receive from other sources (for example information we receive from Institutions, business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers, search information providers); and
   3. we collect about you and your device (for example technical information, including the IP address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, cookies, operating system and platform, type of device. Additionally, as you browse the our platforms, websites and Suite of Products, we collect information about the individual web pages or products that you view, what websites or search terms referred you to across those platforms, and information about how you interact with our Suite of Products. We refer to this automatically collected information as “Device Information”).
   4. We collect Device Information using the following technologies:
      1. “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
      2. “Log files” track actions occurring on our Suite of Products, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps; and
      3. “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse our Suite of Products.

   What information do we collect?	Why we might collect this information
   Your full name, sex, date of birth, age, residential address, postal address, email address, telephone number, facsimile number and proof of identity information.	to identify you and conduct appropriate identity checks for or on behalf of Institutions; to create an account with us in order to interact with Institutions; to submit enrolment applications with an Institution; to send you updates about your account; to communicate about and provide you with our current and future products and services; to send you relevant news, promotion and marketing materials, either initiated by us or by Institutions; to respond to your requests, questions, comments and complaints; to register for conferences and special events; or any other reason allowed at law.
   Information or opinions about your racial or ethnic origin, political opinions, or memberships, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation, or criminal record.	to the extent that we or an Institution consider it is necessary to provide our products and services to you or to improve the products, services and business activities that we undertake; to publish your reviews, forum posts or other content on our website or if an Institution chooses to do so; or any other reason allowed at law.
   Information, communication or opinions about any of our products, services, transactions, payment history and business activities.	to improve the products, services and business activities that we or an Institution undertake; or any other reason allowed at law.
   Video footage and audio surveillance.	for internal training and quality purposes; or to ensure effective delivery of products and services; to resolve disputes or problems; or any other reason allowed at law.
   Identifiers (such as tax file number and business number), citizenship and residency details, details regarding and information provided by your referees, details regarding and information provided by your guarantor(s) and business partner(s), financials/credit/criminal history checks, results of any pre-employment or profile tests, employment history, education history, identity documents, health information and next of kin details.	to identify you; to identify your referees and guarantor(s); to conduct identity and criminal checks; to conduct credit checks; to assess your suitability for employment; to act as your agent; to process your application on behalf of Institutions; to register for conferences and special events; or any other reason allowed at law.
   Information that may be collected by us or on our behalf via third parties including the date and time of your visit to our website, IP address, documents and pages you access, type of browser and setting, operating system, address of a recurring site you are about to visit; information you submit regarding payment particulars, device identifier, including UDID, device details, pages visited, language selections, cookies, tracking pixels, geographic area and location.	to provide you with local information and alerts about our products and services on behalf of Institutions; to improve our website and services; to comply with local legal restrictions; to gather anonymous statistics; for analytical purposes; to ensure proper function of the website and online software ; or any other reason allowed at law.
   Other information.	to provide you with products, services and undertake business activities; as described to you at the point of collection; or any other reason allowed at law.
   Device Information	to help us screen for potential risk and fraud; improve and optimise our Suite of Products (for example, by generating analytics about how our customers browse and interact with platforms, and to assess the success of our marketing and advertising campaigns); to provide you with local information and alerts about our products and services; to improve our website, goods, services and Suite of Products; to comply with local legal restrictions; to gather anonymous statistics; for analytical purposes; to ensure proper function of the website and online software; or any other reason allowed at law.

    

   In some situations you will have the option to deal with us anonymously or through a pseudonym, however, where you are requesting products or services from us or from an Institution where such contact is via us or one of our services, it may become impracticable to provide those products or services to you without verifying your identity. Where you fail to provide us information or where the information provided is incomplete and/or inaccurate, or you choose not to provide us with the information that we have requested, it may affect our or an Institutions ability to provide you with our products and services.

   In the event that we receive identifiable information from a third party, such as an Institution, we will take reasonable steps to ensure that you have given express or implied consent to the collection of that information. If it is determined that we are unable to have possession of the information under a relevant law, we will destroy the information or ensure that the information is de-identified.

2. Do Not Track settings

   For some (but not all) services operated by us, the Do Not Track browser setting is accepted (which can be adjusted in your browser). Because a uniform technological standard has not yet been developed for Do Not Track, we do not currently respond to all Do Not Track signals. We continues to review new technologies and may adopt a standard once one is created.

3. Storing your information

   We are a growing online business. In order to offer a consistent service to you we may store and manage data electronically or in paper form. Where data is stored electronically, it is done so by a third party cloud service provider that may store your information or a backup of your information in Australia or such other locations that the third party cloud service provider determines from time to time (see our list of third parties here for jurisdictions where your information may be stored). The data that we collect from you may be transferred to, and stored to these servers or processed by staff operating in other countries, who work for us or an Institution.

   We will take all steps reasonably necessary to ensure that your information is secured from misuse, interference, loss, unauthorised access, unauthorised modification or unauthorised disclosure. Any information will be handled in accordance with this Policy and applicable privacy laws. Despite using all steps reasonably necessary, the transmission of information through the internet is not completely secure.

   Submission of any information to us is an acknowledgement that you agree to such use, storage and disclosure.

4. Disclosing your information

   We may share your information with:

   1. any of its ‘associates’ (as that term is defined in section 50AAA of theCorporations Act 2001 (Cth)); 
   2. third parties including Institutions, business partners, suppliers and subcontractors;
   3. any prospective buyer of any part of our business or assets; or
   4. where we are required to disclose your information in order to comply with any legal obligation, or in order to enforce any agreements; or to protect the rights, property, or safety of us and our customers, or others. This includes, where relevant, exchanging information with Organisations for the purposes of fraud protection and credit risk reduction.
5. Accessing and correcting your information
   1. You may request access to Personal Information that we hold about you at any time by contacting our Privacy Officer using the details set out in this Policy. We will respond to any such request for access to Personal Information within a reasonable time frame and will provide you access to the Personal Information that we hold pertaining to you, unless we are authorised not to do so by law.
   2. We may charge you a reasonable fee for processing your request to access your Personal Information and should we decline you access to your Personal Information, a written explanation will be provided setting out the legal reasoning for doing so.
   3. If upon receiving your Personal Information, or at any other time, you believe the Personal Information that we hold about you is incorrect, out of date, incomplete, irrelevant or misleading, please notify our Privacy Officer using the details set out in this Policy.
   4. If we decline to correct your Personal Information as requested by you, a reason for refusal will be provided except to the extent that it is unreasonable to do so. In the event that we decline the request to correct Personal Information, you may request to associate a statement with the information.
6. Complaints

   Should you believe that we have not fulfilled our obligations under any relevant law or have not complied with the terms of this Policy or would like to appeal a decision made by us in relation to your Personal Information, you can make a complaint in writing to our Privacy Officer using the contact details set out in this Policy. 

   We will respond to you within a reasonable period of time (or where a period is specified by any law, that period) to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

   In Australia if after getting our response you are still not satisfied that your complaint has been resolved or adequately dealt with, you may direct your complaint to the Australian Information Commissioner (AIC). The contact details of the AIC are listed on their website: www.oaic.gov.au

7. Our external provider’s privacy policies
   1. We provide the Suite of Products to various Institutions. The Suite of Products have been specifically designed to appear as the relevant Institution, however, the your interactions when using the Suite of Products is with us and can be confirmed where:
      1. the URL is:
         1. digistorm.com;
         2. digistormenrol.com, or
      2. the mobile app:
         1. designates ‘Digistorm’ as the publisher or seller in the relevant app store; or
         2. the terms with the relevant Institution app provide that the service is provided by a member of the Digistorm Group.
   2. We ‘hold’ your Personal Information on behalf of the Institution in which you are dealing with. 
   3. Accordingly, where you are dealing with an Institution and you are concerned that there may have been a breach of this Policy by an independent third party associated with us and/or an Institution, please contact the relevant entity directly. Alternatively, you may contact the Privacy Officer at the details set out in this Policy.
   4. (Primary Purpose): The primary purpose for which your Personal Information is collected by us: 
      1. is to facilitate various services on behalf of an Institution to you, including delivering any number of services in the Suite of Products;
      2. for the Institution to communicate with you in a secure manner;
      3. for you to make payments to an Institution;
      4. for an Institution to market to you; 
      5. for an Institution to organise and store your Personal Information in a consistent manner for the Institution to better provide its services to you or a family member of yours; and
      6. in any manner described or disclosed in the relevant privacy policy of an Institution.
   5. (Secondary Purpose): The secondary purpose in which we will use your Personal Information, includes (but is not limited to):
      1. providing analytics services, of any kind, to Institutions;
      2. to provide any entity in the Digistorm Group;
      3. disclosure is required or authorised by or under an Australian law or a court/tribunal order;
      4. a permitted general situation exists in relation to the use or disclosure of the Personal Information by us; and
      5. we reasonably believe that the use or disclosure of your Personal Information is necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body

1. Application

   This clause applies to residents in the European Economic Area (EEA).

2. Definitions

   Controller, Data Processor, Data Subject, Processor, Processing, Subprocessor, and Supervisory Authority shall be interpreted in accordance with applicable EU Data Protection Legislation.

   EU Data Protection Legislation means the General Data Protection Regulation, Regulation (EU) 2016/679 and any legislation and/or regulation implementing or made pursuant to it or which amends or replaces any of them, as it applies to the EEA.

3. Residents of the EEA (where we act as processor)
   1. We work with Institutions and Organisations around the world, including in the EEA. If you are located in the EEA, your personal information is processed by us in Australia. We do not have a presence other than in Australia and all of our servers are located in Australia. When you submit data, including Personal Information, via our Suite of Products, that data is being submitted directly into Australia and at no time is it held in the EEA. As part of providing our Suite of Services, we may transfer your personal information to other regions, including to Australia. 
   2. We rely on the following provisions of the EU Data Protection Legislation when transferring your data to our servers in Australia:
      1. (Article 49(1)(a)): at the time of submitting the data, you explicitly consented to the transfer of your data outside of the EEA and into Australia;
      2. (Article 49(1)(b)): the transfer of your data into Australia is necessary in order to perform the contract you are entering into with the Institution (which is the Controller) when you submit your data; 
      3. (Article 49(1)(c)): the transfer of your data into Australia is necessary in order to conclude or perform a contract concluded between you and the Institution (which is the Controller), created when you submitted the data; and
      4. (Article 1): to otherwise pursue our legitimate business interests outlined in this policy, which includes us acting as Processor for the Institution as Controller.
   3. If you are located in the EEA, you have certain rights under European law with respect to your personal data, including:
      1. the right to request access to, correct, amend, delete, port to another service provider; 
      2. or object to certain uses of your personal data. 

   4. Due to the manner in which the Suite of Products is delivered (see clause 6.7 of this Policy), you are contracting directly with an Institution. That Institution has subsequently contracted with us in order to deliver the Suite of Products and therefore facilitate the various communications between you and the Institution. In this manner, we are the Processor of your Personal Information for the Institution. 

      If you are a Data Subject in the EEA and wish to exercise rights in accordance with the EU Data Protection Legislation, please contact the Institution you interacted with directly -- we serve as a processor on their behalf and can only forward your request to them to allow them to respond.

   5. Additionally, if you are located in the EEA, we note that we are generally processing your Personal Information in order to fulfil contracts we might have with you (for example if you submit an enrolment application for a child at an Institution), or otherwise to pursue our legitimate business interests outlined in this Policy, unless we are required by law to obtain your consent for a particular processing operation. In particular we process your Personal Information to pursue the following legitimate interests, either for ourselves, the Institutions, our partners, or other third parties:
      1. To provide Institutions, yourself and others with our Suite of Products;
      2. To prevent risk and fraud on our platform and within our Suite of Products;
      3. To provide communications, marketing, and advertising;
      4. To provide reporting and analytics;
      5. To facilitate communications and payments between you and the relevant Institution;
      6. To provide troubleshooting, support services, or to answer questions;
      7. To test out features or additional services; and
      8. To improve our services, Suite of Products, and websites.
   6. When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that Personal Information can help mitigatethe risks to the Data Subject.
   7. We note that we use third parties as Subprocessors to process your information in association with the Suite of Products. Depending on the processing undertaken by the third party, will depend on information disclosed to them. Please click here to view the list of third party Subprocessors.
   8. Where you submit any data to or otherwise use the Suite of Products:
      1. you expressly consent to us transferring the submitted data outside of the EEA; and
      2. consent to your use of the Subprocessors as disclosed and as added to or replaced from time to time.
4. Residents of the EEA (where we act as controller)
   1. We work with Institutions and Organisations around the world, including in the EEA and you may make an enquiry with us, either on your own behalf or on behalf of an Institution. If you are located in the EEA, your Personal Information is processed by us in Australia. We do not have a presence other than in Australia and all of our servers are located in Australia. When you submit data, including Personal Information, via our Suite of Products, that data is being submitted directly into Australia and at no time is it held in the EEA. In such circumstances, we will be considered the controller of such data submitted.
   2. We rely on the following provisions of the EU Data Protection Legislation when transferring your data to our servers in Australia:
      1. (Article 49(1)(a)): at the time of submitting the data, you explicitly consented to the transfer of your data outside of the EEA and into Australia;
      2. (Article 49(1)(b)): the transfer of your data into Australia is necessary in order to perform the contract you are entering into with us when you submit your data; 
      3. (Article 49(1)(c)): the transfer of your data into Australia is necessary in order to conclude or perform a contract concluded between you and us, created when you submitted the data; and
      4. (Article 1): to otherwise pursue our legitimate business interests outlined in this policy.
   3. If you are located in the EEA, you have certain rights under European law with respect to your personal data, including:
      1. the right to request access to, correct, amend, delete, port to another service provider; 
      2. or object to certain uses of your personal data. 
   4. If you are a submitting an enquiry on behalf of an Institution or other Organisation to acquire use of the Suite of Products in an Institution and wish to exercise these rights in accordance with the EU Data Protection Legislation, please contact us using the contact information below. In this manner, we are acting as the Controller of the Personal Information.
   5. Additionally, if you are located in the EEA, we note that we are generally processing your Personal Information in order to fulfil contracts we might have with you (for example if you submit an enquiry to acquire the Suite of Products), or otherwise to pursue our legitimate business interests outlined in this Policy, unless we are required by law to obtain your consent for a particular processing operation. In particular we process your Personal Information to pursue the following legitimate interests, either for ourselves, the Institutions, our partners, or other third parties:
      1. To communicate with you regard the Suite of Products;
      2. To prevent risk and fraud on our platform and within our Suite of Products;
      3. To provide communications, marketing, and advertising;
      4. To provide reporting and analytics;
      5. To facilitate communications and payments between you, the Institution and us;
      6. To provide troubleshooting, support services, or to answer questions;
      7. To test out features or additional services; and
      8. To improve our services, Suite of Products, and websites.
   6. When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that Personal Information can help mitigate the risks to the Data Subject.
   7. We note that we use third parties as Subprocessors to process your information where we are the Controller. Depending on the processing undertaken by the third party, will depend on information disclosed to them. Please click here to view the list of third party Subprocessors.
   8. Where you submit any data to or otherwise use the Suite of Products:
      1. you expressly consent to us transferring the submitted data outside of the EEA; and
      2. consent to your use of the Subprocessors as disclosed and as added to or replaced from time to time.
5. Minors

   Our website and Suite of Products are not intended for Data Subjects under the age of 16. However, due to the nature of the Suite of Products facilitating the enrolment and communication of minors that attend an Institution with their respective parents, you may submit Personal Information to us on behalf of a Data Subject under the age of 16. In such circumstances, we will seek your express consent to this submission and use of Personal Information of the Data Subject not yet 16 years of age.

If you have any comments, concerns or questions regarding this Policy or Personal Information that we hold about you, please contact our Privacy Officer by email to or by post at:

Privacy Officer
Digistorm Pty Ltd ACN 153 005 264
(a company incorporated in Australia)
Suite G2, 2019 Gold Coast Highway
MIAMI, QUEENSLAND 4220
AUSTRALIA