The privacy of students is particularly important to us. As explained in more detail below:
- the only information that we collect from students to register for the Service is their name, email address, and age (to determine if parental consent is required)
- we do not sell or rent student information
- we do not advertise on the Platform
We do not collect, maintain, use or share student personal information beyond that authorized below or by the relevant student or their parent.
What personal information about me does Ziplet collect or hold?
We may hold the following personal information about you:
- user name and password
- email address
- user category (you must register as a student user, teacher user or leader user)
- your age at time of registration if you select student user (so that we know if we need to comply with age-related legal requirements)
- your age at time of registration, but only if you are a student category user
- phone number (if you provide it as a part of a website contact form)
- images if provided, or provided from Google if you connect your Google account
- name of the institution or school (if any) that has paid for your access to the Service (Client) and any related class, faculty, department, campus, qualification, workplace, internship, or placement
- depending on the questions asked by users via the Service - information about you contained in communications or responses by or from you or other users (whether or not sent to you) via the Service (Content), including feedback, comments, scoring scales and multiple choice responses of any kind about you
- analytical data about your use of the Service, which we use solely for the purposes of encouraging your use of the Service, providing any Client Reports (as described below) and improving the Service
If you are a teacher user, we may also hold information about how you came to join Ziplet.
We may be unwilling to provide our Service to you if you do not provide some personal information. For example, without name and email details it is impractical for us to provide the Service to you.
When do we collect and store personal information?
The circumstances in which we collect and store personal information about you may include:
- when you sign up to become a user of the Service and for the purpose of assigning a User ID to you
- when you or another user interact via the Service in a way that involves providing personal information about you
- when you or another user sends an enquiry to us or makes a comment or other post through our Platform or via email or social media
- when you enter into a financial transaction with us
- when you respond to a customer survey from us
- as part of automated analysis of your usage of the Service
- if you are the parent of a student user under age 13 at time of registration and provide your consent to us regarding them using the Service
Use and disclosure of personal information
We use the personal information about you for the purposes for which it was provided or collected, including the following purposes:
- to provide and support or improve the Service to you and other users
- to respond to enquiries or support requests received from you
- to perform any financial transactions with us that are initiated by you
- to verify your identity and to assist you if you have forgotten any user ID, user name or password
- to report to the relevant Client regarding usage of the Service (subject to the restrictions described below about us disclosing personal information about you to the Client)
- for our internal administrative, marketing, planning, product development and research requirements
- if you are teacher user or leader user (and subject to your right to opt-out below) - to communicate with you (including to encourage your use of the Service) and provide you with information (whether by email or via the Service) about the Service
- to seek and respond to user or Client comments on our Service
- to receive and address complaints about us, our Service or any user (including regarding alleged misuse of the Service or unacceptable Content)
- to protect our legal interests and fulfill our regulatory obligations (if and to the extent necessary).
We do not:
- sell or license any personal information about you to any person
- send any marketing communication to you at the request of any person
- include any advertising on the Platform (except for advertising of our premium Service to teacher category users by us).
We do not provide any bulletin board, forum or other facility to make personal information publicly available via the Services.
In relation to disclosure of personal information about you, this is separated into 3 cases:
- disclosure to other users
- disclosure to our service providers
- overriding permitted disclosures.
Disclosure to other users
If you provide Content via the Service, then the Service will make it clear if you can provide it on an anonymous basis.
If you provide Content on an anonymous basis, then we do not provide your name to any user in connection with that Content. However we do not vet the Content to prevent you disclosing personal information (including your identity or the identity of any other person) when you provide Content, which could occur in any of the following ways:
- (express) by you expressly including personal information in the Content
- (inferred from content) by you including other information in the Content from which your identity or personal information can be inferred or
- (inferred from limited numbers) by reason of your identity being able to be inferred due to a single or low number of users having been sent a communication to which you are responding when providing the Content, and as a result in the above circumstances any such personal information (whether express or inferred) may be disclosed or apparent to a user.
Where you do not provide Content on an anonymous basis, then your name and Content may be disclosed to other users.
Where a Client pays for access to the Service for their teacher and student users, we do not disclose the teacher or student users’ Content to the Client (or to any associated leader user), but we may make reports (Client Reports) available to them that include the following information:
- aggregate level of usage within a Client's environment, including the total number of teachers, students, responses, announcements and messages. None of this can be tracked to an individual user
- whether or not a teacher user has asked student users particular questions preloaded on Ziplet (either by the Client or Ziplet) in a calendar year
- whether or not a teacher has gathered responses on Ziplet in a calendar year
- whether or not a student has provided responses on Ziplet in a calendar year
All information above is for the purpose of demonstrating the platform's overall use to the Client. This reporting does not include any user’s Content.
Note that we do not control the subsequent use or any disclosure (including to any Client) that may be made by any user of any Content (whether anonymous or non-anonymous) made available to them in accordance with the above. A user may choose, or be required by law (e.g. where any form of mandatory reporting applies), to use or disclose all or part of the Content received from you, even if you have not agreed to that use or disclosure
Disclosure to our service providers
We may share your personal information with third parties who help us to provide the Service (Service Provider). All disclosures to Service Providers are subject to us being satisfied about their reputation, and the Service Provider agreeing to keep personal information confidential. You can view our list of Service Providers here, including what information they collect.
Overriding permitted disclosures
Despite any other provision of this policy, we may (but are not obliged to) disclose personal information, including your name or any Content provided by you, to any third party (including, where applicable, another user or a Sponsor):
- where we have your express permission to do so
- if required by law (including in relation to any freedom of information request)
- if in our opinion it is necessary or desirable in order to respond to any allegation or query by any Client (or by any user not connected with a Client) of misuse of the Service (including any alleged unacceptable Content)
- if in our opinion it is necessary or desirable in order to protect the health or safety of any person (including you) or to prevent, report or investigate the damage or destruction of any property or breach of any law
- in order to enforce or apply our terms and conditions or to protect the rights, property, or safety of Ziplet, its personnel, customers or users (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction)
- in connection with a sale or proposed sale of Ziplet, or substantially all of its assets, to a third party, in which case any personal information about you that we disclose will be subject to the same constraints on use and disclosure as under this policy.
Apart from Client Reports, we may provide to Clients, potential Clients, users or the public generally:
- de-identified case studies and de-identified Content; and
- information based on anonymised usage data and aggregated Content,
but in every case what is provided will not refer to any teacher or student user, or be able to be attributed to any teacher or student user.
Children under 13
Where a child under 13 wishes to become a student user and use the Service we require consent to them doing so from a parent (or other person with the relevant legal authority, which may include the child’s teacher if a parent has given them authority) in a form acceptable to us.
If you are a parent of a child under 13 who is a student user then you may request access and correction, or deletion, of personal information we hold in relation to your child and (subject to us verifying that you are a parent) we will respond in the same way as described below. You may also withdraw your consent to further collection of your child’s personal information (in which case we will cancel your child’s registration and they will cease to be able to use the Service).
Disclosure and transfer of information overseas
We hold your personal information in our databases. Unless agreed otherwise with your Client (if any), the database is stored on a secure server in Australia operated by a third party.
We do not disclose or transfer your personal information outside Australia, except:
- where you use our Service outside Australia, in which case personal information may be sent to your device as a necessary part of your use of the Service;
- in the course of sending emails to you, as the emails may be sent from a server in the United States; or
- in the course of sending push notifications to you, as the notifications are sent from overseas servers as used by the providers of the Apple and Android platforms.
We treat the security of our Platform and credit card transactions seriously and endeavour to provide a secure and safe way for you to use them.
We take reasonable steps to protect our databases, including by internal and external security and restricting access within our organisation to personal information to those who have a need to know. We implement and maintain technological products to protect against unauthorised computer access and regularly review our technology to maintain security.
Access and correction
You may request access to personal information we hold about you by writing to Ziplet’s Privacy Officer at either below. Please provide sufficient detail about the information in question to help us locate it.
Except where we have reasonable grounds for refusing (e.g. it would involve disclosing personal information about somebody else), we will provide you with access within one month of receipt of your request, together with any other information required by law. If we refuse your request then we will give you a written statement setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.
We will provide access in the form you request if it is reasonable and practicable to do so. If your requested form of access is not reasonable and practicable then we will endeavour to provide you with a suitable range of choices as to how you access it (e.g. emailing or mailing it to you).
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading and provide a sufficient description of it (or the circumstances in which it was provided) in order to enable us to locate it readily, then you may request amendment of it. We will consider if the information requires amendment and respond to you within one month of receipt of your request. If we do not agree that it should be amended, then we will add a note to the personal information stating that you disagree with it and will also give you a written statement one month of receipt of your request setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.
Our contact details are:
The Privacy Officer
Level 19, 567 Collins Street
Melbourne, Victoria 3000, Australia
We will delete or de-identify personal information that we hold about you when any of the following occurs:
- when requested by you, unless by law we may retain it for a further period – and in either case we will notify you within one month of receipt of your request of any action taken
- when it is no longer needed for any purpose for which we may use it
- automatically 7 years after your last interaction with the Ziplet platform.
Any questions about this policy, or any complaint regarding treatment of your privacy by Ziplet, should also be made in writing to the address above.
If you lodge a complaint, we will let you know the name of the individual responsible for taking care of it, and will tell you when we will provide a full response.
We encourage you to review this policy from time to time.
Last update: 3 April 2021