Privacy Policy

Introduction

1. What information do we collect?

The kind of Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:

name; date of birth; contact telephone numbers and email addresses; residential and business postal addresses; bank account details and/or credit card details; health information, related to physical or mental health, illnesses, disabilities, treatments, medical history; demographic information, such as age, gender, income, employment information, marital status, ethnicity and race, household composition, religion or cultural beliefs information; social media information; identifiable information such as passport and/or driver's license details; residency and work visa details, police check details, working with children check details, insurance details, qualifications and experience, and other relevant checks; your computer and connection information, such as your device ID, device type, geo-location information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information; information provided when registering through any forms; and any information that you otherwise share with us.

1.1 For Carers/Candidates:

• (a) Full name, date of birth, and contact details;
• (b) Working with Children Check (WWCC) status and reference number;
• (c) Employment history, qualifications, and references;
• (d) Professional certifications and training records;
• (e) Health information where relevant to workplace safety;

1.2 For Clients:

(a) Contact details and billing information;

(b) Children's information including:

• (i) Age and developmental needs;
• (ii) Medical conditions and allergies;
• (iii) Emergency contacts;
• (iv) Special care requirements;
• (v) Service preferences and booking history

1.3 For Platform Users:

• (i) Device information and IP address;
• (ii) Browser type and settings;
• (iii) Platform usage patterns and preferences;
• (iv) Location data where permitted

1.4 For Platform Users:

(i) We may collect information which may include criminal records, driving history, professional qualifications, certifications, and other background information as required by law or for assessing suitability.

2. Types of information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

• (a) whether the information or opinion is true or not; and
• (b) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as "Personal Information" and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record for employment purposes, or medical history and conditions.

We will only collect and use Sensitive Information where:

• (a) you have provided explicit consent for its collection (such as through checkbox selection, electronic confirmation, written consent, or other verifiable means);
• (b) the information is reasonably necessary for one or more of our functions;
• (c) collection is required or authorised by Australian law; and
• (d) we have implemented appropriate security measures to protect such information from unauthorised access, modification, or disclosure.

3. How we collect your Personal Information

(a) We may collect Personal Information from you when you use this site, including (without limitation) when you:

• (i) purchase any services through this website, app or any other platform owned by us;
• (ii) complete an online contact form to contact us;
• (iii) provide information to us by telephone or through marketing or competition application forms; or
• (iv) send us an email or other communication.

(b) We use cookies to enhance your experience on our Website. Cookies are small text files stored on your device that help us provide and improve our services. The data collected through cookies may include your IP address, browser type, device information, pages visited, time spent on pages, and interaction patterns. The types of cookies we use include:

• (i) Essential Cookies: These are necessary for the Website to function properly and cannot be switched off. They enable core functionality such as security, account authentication, and shopping cart features.
• (ii) Analytical/Performance Cookies: These help us understand how visitors use our Website, allowing us to improve our services. They collect anonymous information about page visits and popular features.
• (iii) Functionality Cookies: These remember your preferences and choices to enhance your browsing experience.
• (iv) Marketing/Targeting Cookies: These track your browsing habits to deliver targeted advertising relevant to your interests.

(c) Third-party cookies may be placed on your device by our partners and service providers. These companies have their own privacy policies and may use the collected information for their own purposes. We recommend reviewing their privacy policies for more information.

(d) You can modify cookie preferences through your browser's privacy settings, including options to reject non-essential cookies. We provide a cookie preference center accessible via the Website footer for granular control over different cookie categories. However, please note that rejecting cookies may limit your ability to use our Website fully. In particular, essential cookies must be enabled to:

• (i) Place orders and complete purchases
• (ii) Access secure areas of the Website
• (iii) Use the shopping cart functionality
• (iv) Access personalized content and features

(e) We may collect Sensitive Information when you apply for or register with us, and during our interview and screening processes. This collection will only occur with your explicit consent and is necessary to ensure the safety and quality of our services. Any Sensitive Information collected will be handled in accordance with the preceding paragraph regarding its use and protection.

(f) Information may be stored by our platform provider, Enginehire, which is based in Canada. Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.

(g) For questions about this Cookie Policy, contact us at legal@nanniesbynature.com.au

(h) This Cookie Policy may be updated periodically. Continued use of the Platform constitutes acceptance of any changes.

4. Purpose of collection

(a) We collect Personal Information for the following purposes:

• (i) Providing, customising, optimising and delivering the services requested;
• (ii) Processing purchases made through the site, including sending confirmations and invoices;
• (iii) Communicating technical notices, updates, notifications, security alerts and support and administrative messages;
• (iv) Providing and enhancing our customer service when addressing questions, comments and requests;
• (v) Meeting our internal management requirements;
• (vi) Enhancing business and our users' experience, including performing analytics, conducting research and advertising and marketing;
• (vii) Conducting marketing activities including communicating with you about products, services, offers, promotions and events offered by Nannies by Nature;
• (viii) Managing surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
• (ix) Any other purpose you have consented to; and
• (x) Any use which is required or authorised by law.

(b) We customarily only disclose Personal Information to our service providers who assist us in operating the Website. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.

(c) By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.

(d) You may specify your marketing preferences through our preference centre, where you can select which types of communications you wish to receive (such as newsletters, product updates, or promotional offers). You can modify these preferences at any time through your account settings or by contacting us directly. We will honour your preferences and only send marketing communications that align with your selected choices. Any new marketing initiatives beyond your original consent will require separate explicit approval.

(e) We may use Personal Information for direct marketing purposes, such as sending promotional materials or updates about our services, in compliance with the Spam Act 2003 (Cth). Individuals can opt-out of receiving direct marketing communications by following the instructions provided in the communication or by contacting us.

(f) We use Personal Information to:

• (a) Facilitate matching between Carers/Candidates and Clients
• (b) Process bookings and payments;
• (c) Verify identity and qualifications;
• (d) Provide customer support;
• (e) Meet regulatory obligations

(B) Secondary purposes - we may also use personal information for:

• (a) Service improvement and development;
• (b) Marketing communications (with consent);
• (c) Analytics and research;
• (d) Legal compliance and risk management

(C) Disclosure to Third Parties - We may disclose Personal Information to:

• (a) Payment processors and technology providers;
• (b) Identity verification services;
• (c) Government agencies where required by law;
• (d) Professional advisers and insurers;
• (e) Emergency services in critical situations;

5. Security, Access and correction

We store your personal information in a manner that reasonably protects it from unauthorised access, misuse, modification, or disclosure. Although no method of transmitting data over the internet or storing information on commercial servers can be guaranteed as completely secure, we take all reasonable steps to minimise risk and to safeguard the security, integrity, and confidentiality of the personal and sensitive information you provide to us. We also regularly review and update our security measures to reflect current technologies and best practices.

Across the platform, personal and sensitive information is stored electronically by our third-party platform provider, Enginehire. All data is secured during transmission via HTTPS and stored in AWS (Amazon Web Services), which maintains industry-leading security protocols. Computer and network security systems with firewalls, anti-virus software, email filters, and passwords protect the devices used by Nannies by Nature to control and restrict access to authorise staff for approved purposes.

(a) The Australian Privacy Principles:

• (i) permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and
• (ii) allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).

(b) We aim to process all requests for access to personal information promptly. However, requests involving substantial volumes of information or archived data may require additional processing time. While we may recover reasonable costs associated with information retrieval, we will never charge an application fee for access requests. There are certain circumstances where we may decline access to personal information, including situations where access would:

• (i) Contravene legal requirements (such as where information is protected by legal professional privilege);
• (ii) Unreasonably impact the privacy rights of other individuals;
• (iii) Compromise an ongoing investigation into unlawful activity;
• (iv) Relate to current or anticipated legal proceedings where the information would not be available through normal discovery processes.

Should we need to refuse access to your personal information, we will provide you with a detailed explanation of our reasons.

(c) Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.

(d) We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once Personal Information is no longer required, we will take reasonable steps to destroy or de-identify it securely.

(e) Our staff undergoes training through the Government's IPC e-Learning portal for online training modules to provide training across privacy and government information access legislation. We take reasonable steps to remain up to date with information relevant to the security of our systems and networks by maintaining our status as an ASD Business Partner.

(f) However, no data transmission over the internet or electronic storage method can be guaranteed as completely secure. We cannot ensure or warrant the security of any information transmitted to us or stored on our systems. Furthermore, while we will always strive to keep your information as secure as possible, any data transmitted to our platform manager, Enginehire, is ultimately subject to their terms and conditions. A link to those terms and conditions can be found below; https://enginehire.io/terms-and-conditions/

Notwithstanding any other condition, you as the User acknowledge that the website is hosted by Enginehire and therefore, the information is stored by Enginehire.

6. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by our Director and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

7. Overseas transfer

Your Personal Information may be transferred to recipients located in Canada, including our third-party service provider Enginehire, who hosts and manages our platform data. Enginehire follows strict global privacy and security standards, including GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), SOC 2 Type II, and ISO/IEC 27001:2022 standard compliance. We have taken reasonable steps to reduce the risk for any overseas recipient of personal information to not breach the Australian Privacy Principles (APPs).

Canada has data protection laws which protect Personal Information in a way which is at least substantially similar to the Australian Privacy Principles, and there will be mechanisms available to you to enforce protection of your Personal Information under that overseas law.

We implement industry-standard encryption protocols and secure data transfer mechanisms when transferring your Personal Information overseas. These measures include robust encryption during transit and at rest, secure file transfer protocols, and regular security audits of our international data flows. We maintain contractual agreements with our overseas recipients that require them to: (a) implement equivalent technical security measures; (b) notify us immediately of any data breaches; and (c) assist in addressing any privacy-related complaints. By using our services, you consent to your personal information being transferred, stored, and processed overseas in accordance with these protections.

You have the right to withdraw or modify your consent for overseas data transfers at any time. To exercise this right, contact us as on the contact details set out at the bottom of this policy. Upon receiving your request, we will: (a) acknowledge your opt-out within 3 business days; (b) cease transferring any new Personal Information to overseas recipients; and (c) where technically feasible, repatriate or delete your existing Personal Information from overseas systems. Please note that withdrawing consent may impact our ability to provide certain services. We will notify you of any service limitations before processing your opt-out request and work with you to find alternative solutions where possible.

8. GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available to you under the GDPR if your Personal Information is handled in a manner inconsistent with that law. Enginehire is committed to the privacy and security of Client data, and meets a high level of security and compliance by maintaining GDPR certification.

9. LINKS

Our Platform may contain links to other Platforms. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked Platforms and we suggest you review the privacy policies of those Platforms before using them.

10. How to contact us about privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: legal@nanniesbynature.com.au.