(a) works to ensure compliance with those principles;
(b) implements practices, procedures and systems to which aim to ensure compliance with those principles and to enable us to deal with enquiries and complaints about our compliance with those principles.
This Policy is designed to provide you with guidelines about the handling and management of your personal information by us. It is written in plain language.
Any specific legal obligations that we have in respect of the handling and management of your personal information are outlined in the Privacy Laws.
2 OUR PRIVACY COMMITMENT TO YOU:
We take our obligations under the Privacy Laws and the APP's very seriously. We are committed to maintaining the confidentiality and security of your personal information (including any sensitive information) and handling and managing it in an open and transparent way.
To achieve this we have created this Policy.
Act means the Privacy Act 1988
Amendment Act means the Privacy Amendment (Enhancing Privacy Protection) Act, 2012.
APP's means the Australian Privacy Principles as described in the Amendment Act.
APP's Entity means an agency or organisation.
Marketing Communications means direct marketing communications including but not limited to emails, news letters, teacher/learning programmes and other digital, electronic and hard copy material provided by us to third parties and vice versa.
OAIC means the Office of the Australian Information Commissioner
Permitted General Situation means any of the permitted general situations that may apply under Section 16A(1) of the Act.
Permitted Health Situation means any of the permitted health situations that may apply under Section 16B(1) of the Act.
Personal Information means information or an opinion about you, an identified individual or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in written, electronic or other form or not.
Primary Purposes means the primary purposes more particularly referred to in clause 7 and Schedule 1 of this Policy.
Principles means the Australian Privacy principles as described in the Amendment Act.
Privacy Laws means the Privacy Act, 1988, Privacy Amendments (Enhancing Privacy Protection) Act 2012 and associated regulations.
Sensitive Information means:-
(a) information or an opinion about an individual's:
i. racial or ethnic origin; or
ii. political opinions; or
iii. membership of a political association; or
iv. religious beliefs or affiliations; or
v. philosophical beliefs; or
vi. membership of a professional or trade association; or
vii. membership of a trade union; or
viii. sexual preferences or practices; or
ix. criminal record;
that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information.
We, us or our means Scholastic Australia Pty Limited.(ACN 000 614 577).
You or your means you, the person who provides us with personal and/or sensitive information or who has access to this document and includes educational institutions and/or employees of those institutions, parents and children of parents in some cases, education and technology re-sellers.
4 KINDS OF PERSONAL INFORMATION THAT WE COLLECT, MANAGE AND HOLD:
4.1 We collect and hold electronically and in document form the following types of personal information about you:
(a) Your name (subject to anonymity and pseudonymity referred to in Clause 18 below).
(b) Your child's name (subject to anonymity and pseudonymity referred to in clause 18 below)
(c) Your address, your phone number, your email address
(d) Your username
(e) Your password
(f) Your Vocational role within a specific educational institution if required
(g) The school that your child attends
(h) The address of the school that your child attends
(i) Any other information relevant to the Primary Purposes for which the information and data is collected.
4.2 At all times we only collect personal information that is reasonably necessary for or directly related to one or more of the Primary Purposes referred to in Schedule 1.
5 HOW WE COLLECT PERSONAL INFORMATION:
5.1 We only collect your personal information legally and preferably from you directly. We do this by requesting such information via the following means:
(a) Book Club registration and orders received by mail, facsimile, telephone or online or by email.
(b) Book Fair orders received by mail, facsimile, telephone or online or by email.
(c) Scholastic Literacy Pro Registrations.
(d) School shop registration and orders.
(e) Magazine subscriptions.
(f) Direct business with educational institutions.
(g) New release titles specific websites.
(h) Self service web forms.
(i) Orally from you to the customer service/sales teams.
5.2 If either before we collect your personal information or at the time we do so or as soon as practicable after collecting it (depending on the circumstances) we will take reasonable steps to notify you of the following:
(i) your identity and contact details;
(ii) if we collected the information for someone else, details of that person and how we collected it;
(iii) the primary purpose for which the information is being collected;
(iv) the identity of any party to whom we may disclose that personal information;
(v) whether we are likely to disclose that information to overseas recipients.
5.3 We will only collect personal information about you from yourself other than in circumstances where we obtain your consent to obtaining the information elsewhere, or we are required by Law or a Court or Tribunal Order to collect that information from a third party, or where it is unreasonable or impracticable to collect the information from you.
6 HOW WE HOLD AND SECURE YOUR PERSONAL INFORMATION:
6.1 We hold, store and display your personal information in the following manner:
(a) in electronic form in the Profile sections of the online ecommercial sites;
(b) from any device or application used to access our services;
(c) where you use an external source such as your own computer to access our website;
(d) in the Customer master file and company CRM software;
(e) in our web service log files that record information data supplied by you.
6.2 We secure your personal information in secured electronic and hard copy files which are only accessible by those authorised to do so except as required by Law. That means that your personal information is only accessible by yourself, our information technology providers and us and no other person or entity except for financial institutions who facilitates payments by credit card. The information is secured from access by any other person or entity as it is protected by a Security Socket Layer (SSL) connection to protect your credit card information which encrypts the information so that this information cannot be read as it is conducted through our ordinary system and once received is stored in a location not accessible by any other means.
7 THE PURPOSE FOR WHICH WE COLLECT, HOLD, MANAGE, USE AND DISCLOSE YOUR PERSONAL INFORMATION
7.1 We will only handle your personal information for the primary purposes for which we collect it. The Primary Purpose or Purposes for which we collect information are set out in Schedule 1 which is attached.
7.2 We will not disclose, use or otherwise deal with your personal information (not being sensitive information) for any other purpose (the secondary purpose) unless:
(a) we first obtain your consent; or
(b) you would reasonably expect us to use or disclose the information for those secondary purposes related to the Primary Purpose; or
(c) if the information is sensitive, the use is directly related to the Primary Purpose; or
(d) where we are required to disclose by Law; or
(e) unless a Permitted General Situation exists as defined by section 16(A) of the Act; or
(f) if required because a Permitted Health Situation exists as defined by, and in circumstances set out in, Section 16(B) of the Act.
8 TO WHOM WE DISCLOSE PERSONAL INFORMATION:
Essentially we treat your personal information as confidential and use it in the administration and management of your accounts. Subject to us complying with Clause 7, we disclose your personal information to:
(a) Service providers which include financial institutions only in respect of the primary purpose identified in Item 1 of Schedule 1.
(b) Our web support vendors in respect of the Primary Purpose referred to in Item 4 of Schedule 1.
(c) Third party providers (from time to time) in respect of the Primary Purposes referred to in Item 3 and 7 of Schedule 1 for email marketing.
(d) Financial Institutions for the primary purpose set out in Item 1 of Schedule 1.
Other than authorised personnel described above, do not make your personal information available or disclose it to any third party.
9 HOLDING PERIOD AND DESTRUCTION OF PERSONAL INFORMATION:
9.1 All personal information that we hold, keep and secure is held by us for such time that we no longer need the information for a primary purpose. At that stage, our policy is to destroy the personal information you provide and you will need to make a fresh application to apply to have access to our products and/or services if this occurs.
9.2 You can re-apply by contacting us as set out in Clause 22.
9.3 Your personal information may be destroyed and you would need to make a fresh application to re-apply to have access to our products and/or services.
10 COLLECTION, MANAGEMENT AND DISCLOSURE OF SENSITIVE INFORMATION:
Generally speaking we do not collect Sensitive Information about you unless:
(a) you consent and the information is reasonably necessary for one of our functions or activities; or
(b) any of the following is relevant:
i. the collection is required or authorised by Law, Court Order or a Tribunal; or
ii. a Permitted General Situation exists as defined by the Privacy Laws; or
iii. a Permitted Health Situation exists as defined by the Privacy Laws.
11 GENERAL ACCESS TO YOUR PERSONAL INFORMATION:
11.1 You may request access to the personal information we hold about you. We prefer you to put the request in writing.
11.2 We will allow you access to the personal information unless any of the following is relevant:
(a) If we are required or authorised by Law to refuse giving you access to the personal information; or
(b) if any of the following circumstances are relevant;
i. we reasonably believe that giving you access would pose a serious threat to the life, health and safety of any individual or to public health or public safety; or
ii. any access would have an unreasonable impact on the privacy of any other individual; or
iii. your request is frivolous or vexatious; or
iv. the information relates to existing or anticipated legal proceedings between you and us, and our legal advice is that it would not be accessible by the process of discovery in such proceedings; or
v. giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice such negotiations; or
vi. giving access would be unlawful; or
vii denying access is required or authorised under Australian Law or a Court Order; or
viii. we have reason to suspect that unlawful activity or misconduct of a serious nature relating to our functions or activities have been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to that matter; or
vix giving access would be likely to prejudice one or more enforcement related activities conducted by an enforcement body; or
x giving access would reveal evaluative information from within our entity in connection with a commercially sensitive decision making process.
12 HOW YOU MAY ACCESS, REVIEW, CORRECT OR UPDATE YOUR PERSONAL INFORMATION:
12.1 If you wish to access, review, correct or update your personal information you may contact us by any of the means referred to in Section 21 of this Policy.
12.2 In your request please include your name, address, email address and telephone number and specify clearly the information you would like to access, review, correct or update.
12.3 We may need to share your information with third parties to assist in responding to your request.
12.4 We will respond to your request within a reasonable period of time and will give access to you if it is reasonable and practical to do so.
12.5 If we do not give you access, we will provide you with reasons why such access is denied.
12.6 If we refuse to give you access because of the reasons set out in Clause 11 above (in accordance with 12.2 or 12.3 of the APP%u2019s) or do not give you access in the manner requested by you, we will give you written notice setting out the reasons for the refusal (except where it is unreasonable to do so), and outline the mechanisms available to you to complain about the refusal.
12.7 As part of this Policy we seek to ensure that all the personal information we collect, use, manage and disclose is update, complete and relevant.
13 WHAT DO WE DO ABOUT UNSOLICITED PERSONAL INFORMATION:
13.1 Generally we do not receive unsolicited personal information about you save and except we may receive such unsolicited personal information from persons who provide us with unsolicited manuscripts.
13.2 If we receive personal information and we have not solicited it, we will, within a reasonable period after receiving that information, determine whether or not we could have collected the information if we had solicited it.
13.3 We may use that personal information, but if we determine that we could not have collected it and it is not contained within any Commonwealth record, we will (as soon as practical) but only if it is lawful and reasonable to do so, destroy or de-identify that information to ensure it is de-identified. Otherwise, we will deal with it in accordance with Clause 6.
14 HOW CAN YOU CORRECT YOUR PERSONAL INFORMATION:
14.1 If you wish to correct your personal information or have any concerns about how we handle such information, you may make a request to us in writing in the manner referred to in Clause 21 below, to correct that information.
14.2 Upon receipt of the request we will consider your request within a reasonable time and take such steps as are reasonable in the circumstances to correct that information to ensure that it is accurate, up to date, complete, relevant and not misleading.
14.3 If we have provided personal information about you to another APP entity and you request us to notify that other entity of the correction, we will, within a reasonable time, take such steps as are reasonable to notify that other entity, unless it is impracticable or unlawful to do so.
14.4 Provided however, if we do not correct your personal information we will provide you with a written notice setting out the reasons for the refusal (unless it is unreasonable to do so) and the mechanisms available to you to complain about that refusal. If so, you may make a complaint as outlined in Section 16 below.
14.5 We have in place procedures and systems whereby we regularly review the way we handle personal information for you. If we are satisfied in our review that the personal information we hold for you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take such steps as are reasonable in the relevant circumstances to correct that information.
14.6 Any users who have access to the information on request by you, and you request us to provide a statement accompanying the personal information, that the information is inaccurate, out of date, incomplete, irrelevant or misleading, we will make your statement apparent to any users of the information.
15 DIRECT MARKETING AND YOUR PERSONAL INFORMATION:
15.1 We disclose to you that we may use your personal information for direct marketing in either of the following circumstances:
(a) Where you are the parent of a child and you have voluntarily registered with us and have opted to receive such marketing communications; or
(b) You are an educational institution or an employee of an educational institution who have an account and contractual relationship with us to receive marketing communications.
15.2 We only provide your personal information for the purposes of direct marketing in the following circumstances where:
(a) We have collected the information from you.
(b) You would reasonably expect us to use and/or disclose the information for the purpose of direct marketing.
(c) We have provided you with a means by which you can easily request not to receive such marketing communications from us and you have not made such a request to us (the method to opt is on every direct marketing communication).
15.3 The simple means by which you can request not to receive direct marketing communications is by contacting us by either of the means referred to in Clause 21 of this Policy and informing us of that request.
15.4 We will provide the source of your personal information on request by you.
16 COMPLAINTS AND ENQUIRIES:
16.1 We have implemented a Complaints Handling Policy. If you think we have breached the Privacy Laws or this Policy, you may complain to us by following the Complaints Handling Policy in Schedule 2 which is attached. You will need to provide us with your name, address, email address and telephone number with your complaint and clearly describe its nature.
16.2 We have also implemented an Enquiries Handling Policy. If you wish to make enquiry about our compliance with the APP%u2019s or this Policy, for your personal information then you need to contact us in writing in the manner in accordance with Clause 21 of this Policy.
16.3 We may need to share your information with third parties to assist us in responding to any complaint or enquiry.
17 WHETHER WE ARE LIKELY TO DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS:
We draw to your attention to the fact that we have a centralised web site which is hosted overseas in the country of Singapore which and where the hosting entity is a recipient of your personal information and in circumstances where we have to disclose that personal information. In such circumstances we shall take such steps as are reasonably necessary in the circumstances to ensure that the overseas recipient of your personal information does not breach the APP's in relation to that information.
Provided however, we draw to your attention the fact that we do not need to comply with this Clause if:
(a) We believe either that the overseas recipient of your personal information is subject to a Law or Binding Scheme that has the effect of protecting your personal information in a way that is overall substantially similar to the way in which the APP%u2019s protect your personal information and there are mechanisms which you can access to take action to enforce the protection of that law or Binding Scheme; or
(b) You consent to the disclosure of the information and you consent to that disclosure after we inform you of the circumstances set out in Clause 17.1(a); or
(c) The disclosure of the information is required or authorised by or under an Australian Law or Court Order/Tribunal; or
(d) A Permitted General Situation exists in relation to the disclosure of your personal information by us.
18 ARE YOU ABLE TO USE A PSEUDONYM OR OPT OUT OF PROVIDING US WITH YOUR IDENTITY?
We disclose to you that you have an option of not identifying yourself or of using a pseudonym when dealing with us in relation to any personal information unless:
(a) We are required or authorised by or under an Australian Law or a Court/Tribunal Order to deal with a person who has identified themselves; or
(b) It is impracticable for us to deal with you where you have not identified yourself or you have used a pseudonym.
If you wish to use a pseudonym or remain anonymous then we may need to contact you to discuss this option with you.
19 ACTIVITY INFORMATION, COOKIES AND OTHER TECHNOLOGIES:
19.1 When you contact us and access our services electronically or otherwise, we may collect certain information from such access. For example, to permit you to connect to our services, our servers receive and record information about your computer, device, browser (including potentially your IP address, browser type and other software or hardware information). If contacting us electronically, we will require you to provide your consent to join our email lists electronically but you may opt out at any time.
19.2 If you access our services from a mobile or other such device we may collect a unique device identifier assigned to that device, geo location, data or other transactional information.
19.3 Cookies and other tracking technologies often include an Identifier or anonymous unique identifier. These technologies also include and collect other information from sites that you have visited. Most browsers initially accept cookies but you can change your settings to notify yourself when a cookie is being set or updated or to block cookies altogether. However, if you block one or all of the cookies you may not have access to certain features, content or personal information available through our services.
19.4 The benefit of using your personal information that you provide us electronically is as follows:
(i) we can use the information provided to constantly improve our websites and make it easier and more rewarding for customers to use our services. We measure the number of users to different sections of our electronic sites which helps make the sites more useful to you;
(ii) cookies and other tracking technologies help us with knowledge of the number of people visiting and accessing our sites together with other information that could assist and improve our technologies;
(iii) when you access our electronic sites you will find certain links to other sites that we do not monitor or control. We strongly urge that if you are a child, that you check with your parent before you access such linked sites and we encourage you to access the Privacy Policies in respect of these sites before navigating through them.
20 ACCESS BY TEACHERS, PARENTS AND CHILDREN:
It is our concern to ensure that the privacy of teachers, parents and children is respected at all times. To that end the following occurs:
20.1 When teachers register for our online services, they receive their owner username and password established during that process during the registration process. We put you on notice if you are a teacher that you need to ensure that this password is kept confidential at all times but that from time to time our authorised employees may need to access using a master password to resolve any outstanding issues.
20.2 If you are a parent, you need to understand that there are many activities on our web sites that children can participate in and enjoy without having to share personal information. If our activities require personal information be disclosed, then we will not require a child to disclose more personal information that is reasonably necessary to administer the relevant activity. If your child wins a competition on one of our sites, we will indicate no more than your child%u2019s first name, first initial of your last name, State, age or grade. We encourage you as a parent to monitor your children%u2019s online use and educate your children to use online services appropriately, however you should caution your child or children to ask your permission before providing any personal information.
20.3 If you are a child, always ask your parent for their consent before giving out any personal information including when you want to enter any of our online competitions. As a further guideline, you should be aware that before you download anything from your computer, you should ask your parents' consent.
21 UPDATING AND CHANGING OUR POLICY:
In accordance with the requirement that our Policy be current at all times, we give you notice that this Policy may change from time to time and therefore such changes will be made where required to comply with the Law via our website http://www.scholastic.com.au.
22 HOW YOU CONTACT US:
(a) To Customer Service by:
i email at email@example.com; or
ii. telephone on (02)4328 3523 (8.00 a.m. to 5.30 p.m. Monday to Friday).
The primary purposes for which we collect personal information to:
1. Provide you with products and services that you request.
2. Process payments of your accounts by credit card only.
3. Provide you with information about compatible or related products that we offer.
4. Better administer and manage customer accounts to ensure the very best in customer services.
5. Process and fulfil orders for products and services.
6. Administer and manage Club memberships.
7. Provide information in connection with contests, web stakes, games, surveys, forums, prescription registrations, contents submissions, classroom activities, requests for suggestions and visitors%u2019 requests for information.
COMPLAINTS HANDLING POLICY
If you have a complaint, then we handle it in the following manner:
1.2 We will then review your complaint.
1.3 We will respond to your complaint within a reasonable time, and in any event within seven (7) business days of receiving your complaint. We will do so by providing a response to you in writing within that time frame.
1.4 We will inform you:
(a) Whether we accept your complaint; and
(b) Whether we need further information from you before we can further consider your complaint or reject your complaint.
1.5 If we need further information from you we will then require you to provide it within a reasonable time, not in excess of five (5) business days.
1.6 We will then further review your complaint and provide you with a response within a reasonable time frame, and in any event within seven (7) business days of receiving the further information.
1.7 If we then accept your complaint we will take action within a reasonable time to provide you with information as to how we will deal with your complaint, and the next steps designed to resolve it.
1.8 If we reject your complaint and you are not satisfied with our response you may at any time refer your complaint to the OAIC.