Privacy Notice pursuant to the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988 (Cth) (‚the Act‘)
Company: wondergarden premium early learning Pty Ltd (Contact details in Legal notice) ACN: 640 413 369
Data Protection Officer: Stuart Earl (firstname.lastname@example.org)
Wondergarden early learning Pty Ltd is an Australian company that follows the provisions of the Act and the GDPR to protect your privacy and personal rights. In this declaration , the terms "personal data" refer to data that allow conclusions to be drawn on your person and "non-personal data" data that does not permit unambiguous conclusions about your person (eg browser type, device type, Internet provider).
What is the GDPR?
Some texts and all definitions were taken from the text of the GDPR
1. Object and goals
This Regulation lays down rules for the protection of individuals with regard to the processing of personal data and the free movement of such data. This Regulation protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data. The free movement of personal data in the Union must not be restricted or prohibited for the protection of individuals with regard to the processing of personal data.
Suitable recitals (1) Data protection as a fundamental right (2) Respect of fundamental rights (3) Harmonization of data protection legislation sought by Directive 95/46 / EC (4) Consistency with other rights (5) Member States' cooperation on data exchange (6) Ensuring a high level of data protection despite Increase in data exchange (7) Legal framework and trust based on safety and control (8) Adoption into national legislation (9) Different standards of protection under Directive 95/46 / EC (10) Equivalent level of protection despite national discretion (11) Equal powers and sanctions (12 ) Authorization of the European Parliament and of the Council.
2. Definitions For the purposes of this Regulation
'Personal data' means any information relating to an identified or identifiable natural person ('the data subject'); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person; "Processing" means any process or series of operations performed with or without the aid of automated processes, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using disclosure by submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction; "Restriction of processing" means the marking of personal data stored in order to limit its future processing; "Profiling" means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal To analyze or predict preferences, interests, reliability, behavior, whereabouts or location of this natural person; "Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person; "File system" means any structured collection of personal data accessible by specific criteria, whether that collection is centralized, decentralized or organized on a functional or geographical basis;
'Controller' means the natural or legal person, public authority, body or body that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria of his appointment may be provided for under Union or national law; 'Processor' means a natural or legal person, public authority, body or body that processes personal data on behalf of the controller; 1 "Recipient" means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether or not it is a third party. However, any authorities which may receive personal data under Union or national law in connection with a specific investigation mission shall not be considered as beneficiaries; the processing of such data by the said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing;
"Third party" means a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data; "Consent" of the data subject to any expression of will, in an informed and unambiguous manner, in the form of a statement or other unambiguous confirmatory act by which the data subject expresses his understanding of the processing of the personal data concerning him agrees;
"Infringement of Personal Data" means a breach of security that results in destruction, loss or alteration, whether inadvertent or unlawful, or unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed were; "Genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unambiguous information about the physiology or health of that natural person and, in particular, obtained from the analysis of a biological sample of the natural person concerned; 'Biometric data' means personal data obtained by means of specific technical procedures on the physical, physiological or behavioral characteristics of a natural person which enable or confirm the unambiguous identification of that natural person, such as facial images or dactyloscopic data; 'Health data' means personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about their health status is derived; "Headquarters" in the case of a controller having branches in more than one Member State, the place of his head office in the Union, unless the decisions on the purposes and means of processing personal data are taken in another branch of the controller in the Union and that establishment is competent to have these decisions implemented; in this case, the establishment making such decisions shall be deemed to be the principal place of business; in the case of a processor with branches in more than one Member State, the place of his head office in the Union or, if the processor does not have a head office in the Union, the place of the processor in the Union where the processing activities are part of the activities of a processor of a processor take place in so far as the processor is subject to specific obligations under this Regulation; 'Representative' means a natural or legal person established within the Union who has been appointed by the controller or processor in writing in accordance with Article 27 and who represents the controller or processor in relation to the obligations incumbent upon him under this Regulation;
"Enterprise" means a natural or legal person who carries on an economic activity, whatever its legal form, including partnerships or associations regularly engaged in economic activity; "Group of companies" means a group consisting of a dominant company and its dependent company; "Mandatory internal data protection rules" means personal data protection measures that a controller or processor established in the territory of a Member State undertakes to comply with in respect of transfers of data or a category of personal data transfers to a controller or processor of the same group or group of undertakings that: engage in a common economic activity in one or more third countries;
'Supervisory authority' means an independent public authority established by a Member State in accordance with Article 51; "Supervisory authority concerned" means a supervisory authority concerned by the processing of personal data because: the controller or processor is established in the territory of the Member State of that supervisory authority; this processing has or may have a significant impact on data subjects residing in the Member State of that supervisory authority or a complaint has been filed with this regulatory authority; "Cross-border processing" either processing of personal data carried out in the context of the activities of branches of a controller or processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or processing of personal data carried out as part of the activities of a single establishment of a controller or processor in the Union but which has or may have a significant impact on data subjects in more than one Member State; 'Relevant and well-founded objection' means an objection to whether or not there is an infringement of this Regulation, or whether the intended action is against the controller or processor in accordance with this Regulation, the objection clearly stating the scope of the risks; which derive from the draft decision relating to the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data in the Union; 'Information society service' means a service within the meaning of Article 1 (1) (b) of Directive (EU) 2015/1535 of the European Parliament and of the Council¹; "International organization" means an international organization and its subordinate bodies or any other body created by or based on an instrument concluded between two or more countries. ¹ Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of information society services (OJ L 241, 17.9.2015, p. , Suitable recitals (15) Technology neutrality (24) Application to processors outside the Union when profiling data subjects within the Union (26) No application to anonymised data (28) Introduction of pseudonymisation (29) Pseudonymisation to the same controller (30) Online profiling of profiles and data Identification (31) Not applicable to authorities performing their official mission (34) Genetic data (35) Health data (36) Establishment of head office (37) Business group 3. Further information The text of the GDPR is available at: https://gdpr-info.eu/
Use of your personal information
1. Intended use
Personal data includes but is not limited to your name, telephone number, address, and any information you provide us. We collect and process your data for enquiries and as basis of our contractual relationship as well as for recordkeeping purposes and to enter into third party agreements. In this context, the service providers we use (eg IT providers, trustees, accountants, payment intermediaries) receive the necessary data. Your data will not be sold to third parties!
2. Data storage
Your specific data that you submit to us will be stored by our internet hosting and email service provider. With the enrollment request you get access to data stored about us about your person and your child. If you would like to remove your access, please contact our data protection officer (see also "Right of revocation and objection"). We expressly point out that we cannot clearly identify the location of each server that stores your data nor do we have access to modify this in any way, including permanent removal.
Your data will not be disclosed to third parties for promotional purposes. With your consent, you can subscribe to our newsletter and have it revoked at any time. The consent is regulated separately in the day care agreement. Nevertheless, we reserve the right to store your first and last name, postal address and - as far as we have received this additional information from you in the contractual relationship - for our own advertising purposes, eg to send interesting offers and information about our products mail. You can object to the storage and use of your data for these purposes at any time by sending a message to our data protection officer. If you have registered separately for our newsletter, your e-mail address and, if applicable, other personal data that you have voluntarily provided to us during registration (eg your name for the address) will be used for our own advertising purposes.
4. Revocation and right of objection
You can object to the use of your data at any time by informing us or by revoking your consent. We charge no costs for this. You can send your objection or revocation to our data protection officer.
5 . GDPR and Act conformity
We endeavor to secure GDPR and Act compliance by all providers and providers mentioned here.
Data collection during your visit:
You can visit our site without giving any personal information. When you visit our websites, certain information is collected and stored. We store non-personal information such as: the website from which you visit us, browser type, Device type, the name of your Internet service provider, Location and language and use data stored via the cookies. These data are evaluated and do not allow any identification back to your person. Only if you have given us your express consent can we store personal data. If we include third-party content on our sites (eg Google Maps or Google Ads or Analytics), they will receive your IP address solely for this purpose, otherwise the content can not be delivered to your browser.
Without your explicit consent, we will not use the tracking tools to collect personal information about you unnoticed, transmit such information to third parties and marketing platforms, or link the data to your personal information (name, address, etc.).
We use service providers who support us in advertising. These service providers may use so-called retargeting tools and profiling that store and evaluate anonymous data content . Only non-personal data is collected . If IP addresses are used, they will be shortened.
Dropbox and Onedrive
We may have installed on our website so-called pixels from Facebook Facebook (https://de-de.facebook.com/, operated by Facebook Ireland Limited Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland - "Facebook"). It is a tracking tool to collect anonymous and non-personal data for the evaluation of website visitors. This is linked to an advertising account on Facebook to determine a Facebook user and to record the visit to the website. We point out that we do not receive any binding knowledge of the content of the Facebook profiles of website visitors.
If you want to protect yourself, we recommend that you log out of social media before you visit a website.
Your data may be transmitted by encryption using SSL (Secure Socket Layer) or without. We create backups of the site and other systems through technical measures and make compliance requests to our service providers. You should always treat your access information confidentially.
Right to information
You have a right to information about your data and, if necessary, a right to rectification, blocking or deletion. If you have any questions, please contact our data protection officer.
Use of the Site implies consent to the collection of the tracking and non-personal information herein. The receipt of advertising and the collection of personal data requires your explicit consent, which must be obtained separately.
wondergarden premium early learning Pty Ltd
Date: 1 May 2020