Privacy Policy
1. INTRODUCTION
This document sets out the privacy policy of FILIT Pty Ltd (ACN 674 584 699) (referred to in this privacy policy as ‘FILIT’, ‘we’, ‘us’, or ‘our’).
This privacy policy applies whenever we collect your personal information and/or personal data (Personal Data) on our platform which will comprehensively profile, plan, track, report, analyse, review and support individuals with development, behaviour and wellbeing concerns in educational settings (Platform). By providing personal information (including sensitive information) to us, you consent to our storage, security, access, maintenance, use and disclosing of personal information in accordance with this privacy policy.
This includes between you, the visitor to this Platform (whether directly as an individual, or on behalf of your company, employer, organisation, government department or other legal entity), and us, the owner and provider of this Platform, and where we are directed by a third party to process your personal data.
We take our privacy obligations seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data in connection with your use of our Platform. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
2. THE PLATFORM
2.1 STORAGE OF YOUR PERSONAL DATA
All personal information we collect is stored on servers located in Australia and, for the most part, we do not disclose or transfer personal information overseas.
However, the cloud service providers we engage to provide us Australian-based servers may operate overseas disaster recovery sites or have personnel overseas who may access the personal data we hold to assist us in managing our servers.
2.2 SYSTEM ARCHITECTURE
Our Platform is accessed via a secure web browser connection, ensuring encrypted data transmission. To allow for a responsive and interactive user experience, we use an integration software which is securely connected to the Platform. To protect your personal data and store it securely, we use advanced data integrity checks in the Platform.
2.3 SECURITY
We take reasonable steps to ensure your personal data is secure and protected from misuse or unauthorised access. We have the following security measures in place to protect your private and/or sensitive information:
(a) We use a secure cloud environment software to host our services through the Platform. This software will assist by protecting your account against unauthorised access and potential threats.
(b) We use Multi-Factor Authentication (MFA) to verify any user identity and enforce our access policies that we have in place.
(c) We request access on all devices used at educational sites.
(d) We isolate each school’s data within dedicated environments. This provides another layer of security for your data privacy and compliance with local regulations, education standards, and relevant laws.
(e) We use software that allows us to maintain a separate secure environment for client-specific data and operations.
(f) We secure the Platform with HTTPS security to ensure all data transmitted is encrypted.
(g) We have a valid SSL certificate, confirming the Platform’s identity and enabling an encrypted connection.
Although we use a range of technology systems, administrative and technical measures to protect these systems, we cannot guarantee the security of your personal data.
2.4 ACCESS
There are different types of accounts, which will determine the relevant users’ access to the Platform. The access for each account type is set out in the FILIT Security Data Sheet, which can be found at https://FILITfiles.blob.core.windows.net/files/web/FILIT_Security_Data_Sheet.pdf.
We have outlined further information on access control below:
(a) We use role-based access control to ensure that users have access only to the data and features necessary for their role. This assists with minimising potential internal threats.
(b) We incorporated software into the Platform to:
(a) manage groups and permissions efficiently. This allows for granular control over the access ability of each user; and
(b) employ unique identifiers for each user, providing traceability and accountability for all actions within the system.
3. TYPES OF PERSONAL INFORMATION
The personal information we collect may include the following:
(a) name;
(b) mailing or street address;
(c) email address;
(d) age;
(e) date of birth;
(f) sensitive information (such as health information) as set out below;
(g) information about your personal circumstances;
(h) information in connection with client surveys, questionnaires and promotions;
(i) information about third parties; and
(j) any other information provided by you to us via our Platform or our online presence, or otherwise required by us or provided by you.
4. COLLECTION OF PERSONAL INFORMATION
We will collect your personal information in a lawful and fair way. We will only collect your personal information where you have consented to it, or otherwise in accordance with the law.
We may collect person data either directly from you, or from third parties, included where you:
(a) contact us through our Platform;
(b) engage us to perform services to you;
(c) submit any of our online enquiry forms, surveys and questionnaires; and
Third parties
To provide our Services, we may need to collect personal information (including sensitive information) about you from someone else. This will be applicable in the following circumstances:
(a) If you are under the age of 18 years (Minor), and we do not determine that you have the capacity to consent.
To provide us with personal and/or sensitive information on behalf of someone, you must have the consent of that person to provide their personal and/or sensitive information to us to be collected, stored, used, and disclosed in accordance with this privacy policy. We reserve the right to request evidence of this consent.
If you are providing personal and/or sensitive information on behalf of a Minor, you must be that Minor’s parent or legal guardian and you must provide consent for the Minor’s personal and/or sensitive information to be collected, stored, used and disclosed in accordance with this privacy policy.
5. USE OF YOUR PERSONAL INFORMATION
We collect and use personal information for the following primary purposes:
(a) to provide services or information to you;
(b) for record keeping and administrative purposes;
(c) to provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing goods or services to you;
(d) to improve and optimise our service offering and customer experience;
(e) to comply with our legal obligations, resolve disputes or enforce our agreements with third parties; and
(f) to send you administrative messages, reminders, notices, updates, security alerts, and other information requested by you.
We may also use your personal information for:
(g) any other purpose for which we receive consent from you; or
(h) any other purpose which is permitted or required under applicable privacy laws.
6. SHARING YOUR PERSONAL INFORMATION
We respect your privacy, and we will take reasonable steps to keep your personal information confidential and protected.
We may also disclose personal information to third party contractors as required for us to provide our services to you, such as cloud-service providers, IT professionals and debt collection agencies.
We take care to work with such third parties who we believe maintain an acceptable standard of data security and require them not to use your personal information for any purpose except for those activities we have asked them to perform on our behalf.
We will not otherwise disclose your personal information unless:
(a) you have consented to us disclosing your personal information for particular circumstances;
(b) as needed in an emergency or in investigation suspected criminal activity;
(c) we are required to disclose under a subpoena, court order or other mandatory reporting requirements;
(d) we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
(e) it is reasonably necessary for the establishment, exercise or defence of a legal claim; or
(f) it is otherwise authorised or required by law.
7. SENSITIVE INFORMATION
We may collect sensitive information about you during the course of providing you our goods and services. We will only collect this sensitive information where you consent to such collection and either directly provide us with this information or it is provided by a referring health care provider.
When providing personal and/or sensitive information to us on the Platform, you can choose to include the clients personal and/or sensitive information, or you can choose to generate an identification number that will represent the Client in the Platform. We have included this to provide you with another privacy protection as no identifiable personal information will be visible to the users of the account.
Types of sensitive information:
The sensitive information we collect may include the following:
(a) behaviour information;
(b) health information, history and reports;
(c) referring specialist and associated referral documents;
(d) any other sensitive information provided by you or a third party to us via our Platform, or otherwise provided by you or a third party to us.
Using your sensitive information:
Your sensitive information will only be used for the purpose of:
(e) providing you with our goods and services;
(f) complying with our legal obligations, resolving disputes or enforcing our agreements with you;
(g) sending you messages, reminders, notices, updates, security alerts, and other information requested by you; or
(h) any other purpose which is permitted or required under applicable privacy laws.
Disclosing your sensitive information
Your sensitive information will only be disclosed to third parties for the purpose of:
(a) with your consent, providing you with services (and other related purposes, for example liaising with other support providers);
(b) any other purpose which is permitted or required under applicable privacy laws.
8. LINKS
Our Platform may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.
9. YOUR RIGHTS
You have various rights with respect to our use of your personal information:
(a) Access: You have the right to obtain access to your information and certain other information (similar to that provided in this privacy notice). This is so that you’re aware and can check that we’re using your information in accordance with data protection law.
(b) Be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this privacy policy.
(c) Rectification: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
(d) Objecting: You also have the right to object to processing of your personal data in certain circumstances.
(e) Restricting: You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further.
(f) Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
(g) Portability: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
(h) Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority.
(i) Withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal data for marketing purposes.
10. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely destroy your personal data in accordance with applicable laws and regulations.
If you would like further information about our specific retention periods for your personal data, please contact us using our email address provided below.
11. CONTACT US
For further information about our privacy policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:
Name: Kelly Oldfield
Email: support@FILIT.com.au
Our privacy policy was last updated on 27 March 2024.
We may change this privacy policy from time to time by posting an updated copy on our Platform and we encourage you to check our Platform regularly to ensure that you are aware of our most current privacy policy. Where we make any significant changes, we will endeavour to notify you by email.