This webpage explains our privacy and security commitments in plain language.
Swoosh Consulting Group is a Software company. Our products, services and resources, are owned and operated by Swoosh
Consulting Group Pty Ltd (and/or our subsidiaries or licensors) (collectively, ‘Swoosh’ or ‘us’ or ‘we’). References
as mentioned above.
Swoosh Consulting Group is committed to protecting the safety and security of our registered users, including
students, teachers, school administrators and outside school hours service providers (collectively, Users) and we are
sensitive to our User’s concerns about the safety of the personal information provided to us. Please read this Privacy
been developed in accordance with a range of legislation which applies to us. In addition, we have developed our
privacy framework to assist our customers that are schools, districts and education bodies to comply with privacy
legislation and regulations applicable to them and the way they manage personal information.
Capitalised terms defined in Swoosh Consulting Group’s Master Services Agreement have the same meaning in this
1. “Account Holder” means the primary Account Holder to which the Services are provided and has entered into the
Master Services Agreement
2. “Users” means registered users of the Service including partners, developers, and Administrators related to
the Account Holder
3. “Data Protection Laws” means the data protection and privacy laws applicable to the processing on Personal
Data that we are committed to comply with, including:
- the Privacy Act 1993 (New Zealand);
- the Privacy Act 1988 (Cth, Australia);
- the General Data Protection Regulation (EU); and
- any other applicable privacy legislation.
5. “process” or “processing” means any operation or set of operations which is performed on Personal Data, such
as collection, recording, organisation, structuring, storage, adaptation, use, disclosure, combination,
restriction, or erasure.
6. “Security Incident” means any unauthorised or unlawful breach of security that leads to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data.
Personal Data submitted by Account Holders through the Service.
4. Questions and concerns
If you have any questions or comments, or want to access, update, or delete the Personal Data we hold about you, or
have a privacy concern please write to us at:
The Privacy Officer Swoosh Consulting Group Holdings Pty Ltd Level 2/47 Warner St, Fortitude Valley QLD 4006 Australia
or by email to: firstname.lastname@example.org
Please provide sufficient detail about the information in question to help us locate it. We will respond to any
privacy request in compliance with the applicable Data Protection Law.
5. Collection of Personal Data
We may collect the following categories of Personal Data in in the following situations:
1. Personal Data you voluntarily provide to us: When you give us your Personal Data directly (whether
face-to-face, by telephone, email, post, through social media or by communicating with us in any way), when we
meet with an organisation wishing to do business with us and an individual from that organisation provides
Personal Data about themselves, when you apply for a job with us, or when you sign up or register to become an
Account Holder, or when you enter into a transaction with us you are voluntarily giving us the Personal Data
that we collect.
- Categories of Personal Data: The Personal Data we may collect includes your name, physical address, email
address, login for the Services, feedback and suggestions for the Services, IP address, phone number,
billing information in accordance with our Master Services Agreement, occupation, employer, job title, area
of responsibilities, employment history, and educational qualifications.
2. Our email marketing list: When you become an Account Holder, or where you elect to sign up to our email
marketing list, we may collect your name, email address, and email marketing preferences.
3. Personal Data we collect automatically: When you use our Service or browse our Website, we may collect
information about your usage and web browsing. We may collected the Personal Data as log files, or through
cookies or other tracking technologies (see the “Cookies and tracking” below for more information), store it
against the associated Account, and link it to the other Personal Data we hold about an Account.
- Categories of Personal Data: The Personal Data we may collect includes your IP address, your operating
system, your browser ID, time, date, your browsing activity, your interaction with the Service (including
any Content, comments, and location).
4. Personal Data uploaded and transferred to the Service by Account Holders: We collect Personal Data about
persons indirectly when Account Holders use the Service, such as when an Account Holder:
- creates a user, developer or partner Profile
- posts a comment or tags Content on the Service that contains Personal Data of another person.
In these situations any such Account Holder is a joint data-controller along with us in respect of such Personal
Data. We have no direct relationship with any person other than you, and for that reason, you are responsible for
making sure you have the appropriate permission for us to collect and process information about any such person.
Please see Part B (section 15) below which outlines your obligations in this regard.
1. Statistical information: We may collect statistical (non-personal) information about your use of the Website
and the Service to improve the features and overall user experience. This may include statistical information
such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and
Service visit times, browsers and operating systems, IP address, and cookies.
2. Cookies and tracking:
- We may use various technologies to collect and store information when you use our Service, and this may
include using cookies and similar tracking technologies, such as pixels and web beacons. You may control
- Personal Data may be collected as log files, or through cookies or other tracking technologies, stored against
associated Accounts, and linked to the other Personal Data we hold about associated Accounts.
- The Website does not currently recognize Do Not Track (DNT) signals sent by our Users’ web browsers.
- In addition, third parties that have content embedded on the Website, such as videos or social media buttons,
may set cookies on a User’s browser and/or obtain information about the fact that a web browser visited the
Website from a certain IP address.
6. Use of Personal Data
We process Personal Data for the following purposes:
1. to administer Accounts.
2. to enable the features of the Services to be utilised and enjoyed, subject always to our Master Services
3. to analyse user behaviour (in respect of the Website) and Account Holder behaviour (in respect of the
Service) for the purposes of:
- determining Service developments;
- inviting users or Account Holders to explore other features within the Website or Service, and otherwise to
generally promote our Service;
- ensuring the security of the Website and the Service; and
- combating and preventing breaches of our Master Services Agreement, other user agreements, this Privacy
Policy and our other policies;
4. to respond to enquiries, feedback or complaints received from you;
5. to perform authorised financial transactions with you and to help us to manage our accounts and
6. to verify your identity;
7. for directly marketing to you (including by email, post, other means, or through functionality within the
Service) with information about our Service;
8. on an aggregated non-identifiable basis, to:
- help Swoosh Consulting Group understand its market position;
- assist with marketing our Services to others, including in respect of any online advertising; and
- deliver a statistical result to help with general Swoosh Consulting Group announcements;
9. to protect our legal interests and fulfil our regulatory obligations (if and to the extent necessary);
10. in other circumstances, provided we comply with applicable Data Protection Laws.
11. Lawful Basis for processing
Performance of a contract: You acknowledge and agree that the processing identified below is necessary for the
performance of a contract to which the data subject is party (being the Agreement):
- to carry out User and Account administration tasks;
- to manage and deliver the Service; and
- to manage any disputes (including disputes over invoices or delivery of Service).
direct marketing activities), such processing is necessary for the purposes of a legitimate interest pursued by
Swoosh Consulting Group, and we have assessed that such interests are not overridden by the interests or fundamental
rights and freedoms of the persons to whom the Personal Data relates.
You have the right to object to the way we processes your Personal Data where the processing is based on legitimate
interests. For more information see “Your Rights” section below. Data Processor: In respect of Personal Data uploaded
and transferred to the Service by Account Holders we are a joint data-controller alongside the relevant Account
Holder. However, the relevant Account Holder is responsible for determining the legal basis upon which that Personal
Data is processed. Please see Part B (section 15) below which outlines the Account Holder’s obligations in this regard.
7. Direct marketing
All those with whom we interact have the option to opt-out of receiving direct marketing communications from us. If
you do not wish to continue to receive direct marketing communications from us and/or selected third parties you
should opt-out by clicking on the “unsubscribe” link in any email communications that we might send you. Please
note that some features of the Service may involve us providing, through the functionality within the Service,
recommendations or suggestions for goods, services or benefits that we offer.
8. Retention and deletion of Personal Data
We will retain your Personal Data for as long as the Account associated with you is active, or as long as needed to
provide you with our Service. We take steps to regularly destroy Personal Data, however we may:
1. in some cases, retain a copy of your Personal Data to comply with our legal obligations, resolve disputes,
enforce our agreements and to comply with our trust and safety obligations. Personal Data retained for this
purposes will be archived and stored in a secure manner after your Account has been closed, and will not be
accessed unless required for any of these reasons; and
2. retain Personal Data in an aggregated, de-identified or otherwise anonymous form, such that there is no
reliable way of identifying you from the information.
3. Disclosure of Personal Data
We will not sell Personal Data to anyone.
We share Personal Data with third parties for limited purposes, such as to help us run our business and provide
the Website and Service. Those third parties can be categorised as follows:
1. Service providers: We share your Personal Data with our third party service providers, who help us provide
and support our Service. For example:
- Organisations who carry out credit, fraud and other security checks;
- Payment processors;
- Hosting services;
- Content delivery services;
- IT support providers; and
- Marketing businesses engaged by us to disseminate materials to which recipients have consented.
We limit the information we provide to third parties to the information they need to help us provide or facilitate
the provision of goods and services and associated purposes. We deal with third parties that are required to meet
the privacy standards required by law in handling your Personal Data, and use your Personal Data only for the
purposes that we give it to them.
1. Sale, merger, consolidation, liquidation, reorganisation, or acquisition: If Swoosh Consulting Group or
substantially all of its assets were acquired by a third party, Personal Data which we hold may be one of
the transferred assets (subject to the same constraints on use and disclosure as under this policy).
2. Legal obligation: If we are under a duty or have a legal right to disclose or share Personal Data in order
to comply with any legal obligation, or in order to enforce or apply our terms and conditions or to protect
our rights, property, or the safety of our personnel or third parties. This includes exchanging
information with other companies and organisations for the purposes of fraud protection, trust and safety
and credit risk reduction.
3. Trans-border Personal Data flows
All Personal Data relating to use of our Service is hosted in Australia.
Some limited Personal Data may be provided to companies located outside of Australia who offer software as a service
products that process content for inclusion on the Service (for example, conversion of images and videos to make
them suitable for viewing online/ through a web browser). Those third parties located overseas are not permitted
to (and are contractually obligated to not) access or use the Personal Data provided except for those limited
purposes. We only choose reputable service providers and have agreements with such third parties that prevent
them from using or disclosing to others the Personal Data we share with them, other than as is necessary to assist
In respect of the transfer of Personal Data to Australia, the USA and other countries, we will use reasonable
efforts to obtain assurances from any third parties that they will safeguard personal information consistent with
to the local courts, law enforcement and national security authorities in a foreign jurisdiction.
9 Security of Personal Data
We take all reasonable steps to protect Personal Data, including through internal and external security, restricting
access to Personal Data to those who have a need to know, maintaining technological products to prevent unauthorised
computer access and regularly reviewing our technology to maintain security. We choose technology partners based on
their security and privacy policies and practices.
Personal Data stored in our system is protected by electronic and procedural safeguards. We take reasonable precautions
to protect Personal Data (and other content) from accidental loss and theft by storing it in secure data centres with
off-site backups. Communication between Account Holders and our servers is encrypted via industry-standard secure
sockets layer (SSL).
The Service is protected by a secure and encrypted password. Account Holders should never share their passwords.
Swoosh Consulting Group is not responsible for any loss of data or breach of privacy if an Account Holder shares
their password with someone else. We do not store your password on our servers. Because internet transmissions
cannot be guaranteed to be 100% secure, you acknowledge and agree that you use the Service at your own risk.
In case of a Security incident or any other breach of security safeguards, such as the loss of, unauthorised access
to or unauthorised disclosure of Personal Data under Swoosh Consulting Group’s control, we will respond in accordance
with applicable Data Protection Laws.
10. Your Rights
You have the right to:
1. access and correct your Personal Data that is held by us at any time.
2. request the erasure of any or all of your Personal Data;
3. restrict or object to the processing of any or all of your Personal Data;
4. request the porting of any or all your Personal Data to another organisation;
5. withdraw any consent to processing that you have previously given in respect of any or all of your
6. lodge a complaint regarding our data processing activities as they relate to your Personal Data with the
supervisory authority in your member state.
Requests for such access and correction requirements can be made to the contact details in section 4 of this
Please note that where we are not, or are no longer, in a position to identify you within the information we hold
(including because of any de-identification techniques we may have employed), then your rights as described above
shall not apply.
We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws
where you are resident.
We will respond to any request made in respect of the above without delay, but in any case within one (1) month of a
request, or two (2) months where the requests are complex or numerous (in which case, we will inform you of such
Part B: Your Responsibilities
11. Uploading and transferring other people’s Personal Data through the Service
You acknowledge and agree that, in respect of other people’s Personal Data that you upload and transfer within the
Service, you are acting as a joint data-controller along with Swoosh Consulting Group in respect of such Personal Data.
By accessing and using the Service to upload and transfer other people’s Personal Data, you agree that you:
1. Comply with all Data Protection Laws: will comply with your obligations under all applicable Data
2. Obtain consent: have obtained (or shall obtain) all consents necessary under Data Protection Laws, for Swoosh
Consulting Group to process the Personal Data through the Service as you direct, and that such consent is
obtained from the correct person;
3. Withdrawn consent or objection to processing: must notify us without undue delay if any Account Holder
withdraws their consent, or any part of their consent, or objects to any processing of Personal Data
through the Service.
4. Accuracy of Personal Data: will make sure that you are frequently updating any Personal Data stored within
your Account that relates to another person when requested to do so by that person;
5. Security breach: upon becoming aware of a Security Incident, or any other breach, or suspected breach, of
your security safeguards, must notify us without undue delay and shall provide timely information relating
to the security incident as it becomes known or as is reasonably requested by us;
6. Sensitive data: will not upload or transfer “sensitive data” (as that term is defined in applicable Data
Protection Laws) to the Service;
7. Secure use of the Service: are responsible for your secure use of the Service, including securing your
Account authentication credentials, protecting the security of Personal Data when in transit to and from
the Service and taking any appropriate steps to securely encrypt or backup any Personal Data uploaded to
8. Evaluation of the Service: are responsible for reviewing the information made available by Swoosh
Consulting Group relating to data security and making an independent determination as to whether the Service
meet your requirements and legal obligations under Data Protection Laws.
progress and development and that Swoosh Consulting Group may update or modify its Master Services Agreement