Privacy Policy

-Contents-

1.      About this Privacy Policy  

1.1 This Privacy Policy describes how we collect, hold, disclose and otherwise process personal information, and the steps that we take to secure such personal information.

1.2 We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the ‘Privacy Act’). We also comply with the EU General Data Protection Regulation (‘GDPR’) in relation to all personal data that we collect, hold, disclose and otherwise process, whether or not the personal data is within the scope of the GDPR.

1.3 If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal information and data we gather, how we might use that information, and whether we will disclose it to anyone. If you are a registered user of our platform, we will notify you of any changes to our Privacy Policy by sending an email to you using the email address that is saved in your platform account.

2.      Definitions  

2.1 In this Privacy Policy, words defined in the parentheses and are bold have the meanings given therein. In addition: a) ‘we’, ‘our’ and ‘us’ are all references to TeachMe2 Pty Ltd (ABN 53 640 004 413) of Suite 202B, 39 East Esplanade, Manly, New South Wales, 2095; and d) unless otherwise defined, words in capital letters have the meanings given to them in the TeachMe2 Terms and Conditions of Use available at www.teachme2online.com/terms-and-conditions

3.         TeachMe2online

TeachMe2online (https://www. teachme2online.com) is an online teaching facility that enables Teachers and Educators via the website located at teachme2online.com to prepare, schedule and deliver lessons, courses and/or periods of Instructions for up to (one hundred ) 100 Students (‘Platform’). The Platform has teaching tools and services available to Students which includes among other things; podcasts, webinars, workshops, presentations, live and pre-recorded lessons, including file and video sharing, student help desks, and messaging facilities (‘Platform Services’). There are only two categories of end users who can register for an account on the Platform; Educators and Teachers offering teaching activities and educational services (in this Privacy Policy, both Educators and Teachers are referred to as ‘Teachers’) and people seeking and receiving teaching activities by engaging Teachers in exchange for payment of fees (‘Students’) (collectively, ‘Users(s)’), ‘you’ and ‘your’). If you are under the age of 15, any reference to “you” is a reference to both you and your parent or legal guardian, as prescribed under applicable law. For the purposes of this Privacy Policy, a Teacher’s provision of teaching services to a Student via the Platform which utilises any of the Platform Services, is defined as ‘Teaching Services’.

4.       Personal data and personal information

4.1 In this Privacy Policy, ‘personal information’ has the meaning given to “personal information” in the Privacy Act or “personal data” in the GDPR (depending on which law is applicable).
4.2 The Privacy Act defines ‘personal information’ as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
4.2.1 whether the information or opinion is true or not; and
4.2.2 whether the information or opinion is recorded in a material form or not.
4.3 Article 4(1) of the GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

5.     Consent

5.1 We do not knowingly collect personal information from persons under the age of 15. As it is not practicable or reasonable for us to assess the age or capacity of individuals on a case by case basis due to the nature of our Platform and Platform Services, any person under the age of 15 without a legal guardian or parent is assumed to not have the capacity to consent and must not provide personal information to us or in the Platform. Persons over the age of 15 who have the capacity to consent are permitted to register as a User. For the avoidance of doubt, any person under the age of 18 is not permitted to register as an Educator and any person under the age of 15 is not permitted to register as a User and/or submit content and/or use the Platform and/or Platform Services, unless supervised.
5.2 We reserve the right to suspend and/or terminate any User account for unsupervised persons who are under the age of 15, and to remove and delete all and any copies of personal information collected from such Users, at any time without notice, at our discretion, subject to applicable law.

6       The types of personal data we collect

6.1 Our policy is to minimise the amount of personal information we collect. Accordingly, we only collect personal information that is adequate, relevant and limited to what is necessary for the purpose for which it is to be processed and only where we are entitled by law to collect it. We may also use collected personal information for other related, directly related or compatible purposes (if and where permitted by applicable law).
6.2 We collect the following types of personal information:
6.2.1 Student Information: Specifically, we collect names, account login details, email addresses, education details (i.e. a Student’s school/educational institution, current grade and subjects enrolled in), as well as examination results and test scores, homework or feedback, any ratings and rankings that a Student provides to an Teacher. We will process this personal information in order to register Students as Users, to manage and provide the Platform and Platform Services, and to enforce our rights and comply with our obligations.
6.2.2 Transactional and Payment Information: For payment purposes, we may collect bank account details from teachers and students so that we can release the fees to our teachers upon completion of the teaching services, less our commission. However, credit and/or debit cards used by Students to pay for Teaching Services will not be stored by us (only then the last four digits of the credit card).
6.2.3 Teacher Information: As part of the registration process for Teachers, we will collect some or all of the following personal information: names, genders, telephone number, mobile number, residential addresses, professional references, character references, country of location, education and academic transcripts, employment history, skills and qualifications, profile pictures, expertise, teaching prices for Teaching Services charged and received, outlines for Teaching Services, feedback received for Teaching Services by Students, a teachers’s records of a Student’s learning progress, all and any Teaching Services, national police checks and criminal history records, child protection records, income received from the Teaching Services and bank account details.
6.2.4 Website analytics data: We collect and process personal information known as analytics data for analytical purposes, designed to measure and monitor how our Platform is being used and to highlight any areas for improvement, optimisation and enhancement of our Platform, including user location, IP addresses, information about devices accessing our websites (IP address, the type of device used to access our websites and the operating system), the amount of time a User spent on our Platform and in which parts of it, and the path they navigated through it. We will process this personal information in order to monitor and detect unauthorised use of our Platform, and to establish how our Platform is used and to highlight areas for potential improvement of our Platform. We often aggregate this data with other data. However, where the aggregated data is classified as personal information we treat it in accordance with this Privacy Policy.
6.2.5 Site comment data:When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. After approval of your comment by administration, your profile picture is visible to the public in the context of your comment.
6.2.6 Email address data: An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.

7    Who we collect personal information about

7.1 We collect personal information of:
7.1.1 our Users and people who download, transmit, share or upload content on and from our Platform and use the Platform Services;
7.1.2 our suppliers (and their officers, directors, agents, employees and subcontractors); and
7.1.3 any person where it is necessary to do so in order to provide the Platform Services that we are engaged by our Users to supply.

8    How we collect personal information

8.1 We collect personal information in the following ways:
8.1.1 when users apply for registration on the Platform;
8.1.2 when a party offers to provide us with services as our suppliers and contractors;
8.1.3 when our employees, agents, contractors and suppliers provide us with personal information;
8.1.4 when it is sent to us by our users in order for us to provide the Platform Services to our Users; and
8.1.5 where any person voluntarily discloses it to us (whether or not during the provision of our Platform Services).
8.1.6 when a user leaves a comment in the comment section (see 6.2.5)

9      How we hold and use personal information

9.1 We hold personal information that we collect in our offices, computer systems, and third party owned and operated hosting facilities. We use personal information for the following purposes:
9.1.1 to provide the Platform Services
9.1.2 in order to process registrations for User accounts on the Platform;
9.1.3 by hosting user data on our servers that may incorporate personal information;
9.1.4 in the course of supporting Platform Services (when receiving technical support calls or when accepting enquiries or requests);
9.1.5 when processing Student requests for Educators to provide Sessions, Courses and Period of Instructions and other Teaching Services on the Platform;
9.1.6 in order to identify Users when contacted with questions or concerns regarding the Platform and the Platform Services; and
9.1.7 to enforce our rights and comply with our contractual and other legal obligations.
9.2 How long do we hold your personal data?  
9.2.1 If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
9.2.2 For our registered users, we also store the personal information they provide in the user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username, or their TM2 ID code). Website administrators can also see and edit that information.

10      Disclosure of personal information

10.1 We will only disclose personal information that we collect to third parties as follows:
10.1.1 To provide the Platform Services via the Platform – for example, we need to disclose teachers’ names to their Students and potential Students so that Students and teachers  can engage in Teaching Services and to answer questions and concerns regarding the Platform and the Platform Services.
10.1.2 To the Australian Criminal Intelligence Commission and Accredited Bodies or any other law enforcement agency (such as state, territory or Federal Police) – for the purpose of obtaining a criminal history check for an existing or potential teacher  or a child protection record for any Student or for the purposes of verifying the identity of Users and conducting additional background screening checks;
10.1.3  To professional and character referees and other persons nominated by a person who applies to become an Educator (overseas or otherwise) – for the purpose of verifying professional experience and skills;
10.1.4 To our suppliers who host our files and databases in the cloud – we store backup copies of our computer files, software and databases in the cloud with our hosting providers who host those files, and that software and databases (including any personal information contained in them) on our third party hosting providers’ computer servers located in their data centres.
10.1.5  Handling claims, legal disputes and complaints – in which case we may disclose your personal information to our insurers, lawyers, accountants and other professional advisors;
10.1.6 In order to record billing details and process payments from our Users – in which case we will provide Users’ bank account and credit card details to our bank and merchant facility providers;
10.1.7  Mailing providers to conduct marketing – only with the written consent of Educators and Students, we may disclose your personal information to our marketing suppliers;
10.1.8 For professional advice – when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
10.1.9  Where a person provides written consent to the disclosure of his or her personal information; and
10.1.10 Where required by law.
10.2 We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the  following purposes:
10.2.1 To obtain or maintain insurance;
10.2.2 The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
10.2.3 To protect or enforce our rights or defend claims;
10.2.4 Enforcement of our claims against you or third parties;
10.2.5  Upon request by any child protection or similar agency;
10.2.6  The enforcement of laws relating to the confiscation of the proceeds of crime;
10.2.7  The protection of the public revenue;
10.2.8 The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
10.2.9 The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal; and
10.2.10 Where disclosure is required to protect the safety or vital interests of employees and our Users.

11 Notifiable data breaches

 11.1 Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner (‘OAIC’), except where limited exceptions apply. For the purposes of the GDPR, certain types of data breaches must also be reported to affected individuals if the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms. In addition, the GDPR requires organisations to report certain types of data breaches to the relevant supervisory authority. We will notify affected individuals, the OAIC and relevant supervisory authorities of any data breach where we are required to do so in accordance with our legal obligations.

12 Automated decision making

12.1 We do not use automated-decision making in our business. The Platform does not utilise profiling, psychometric evaluations or automated decision-making processes such as automatic algorithms on personal information collected, processed or stored therein.

13 Lawful basis of processing

13.1 Under the GDPR, GDPR Data can only be processed where there is a lawful basis to do so. We will only process GDPR Data where we have a lawful basis to do so. Except where specified otherwise in this Privacy Policy to the contrary or implied in this Privacy Policy to the contrary, we will only process personal information where necessary for our legitimate interests (to keep our records updated and to study how Users use the Platform, to recover debts and enforce our legal rights, to protect the vital interests of the data subject or of another natural person), or where we are required to do so pursuant to a contract or other legal obligation.

14 Third part website and platforms

14.1 Our Platform may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website or platform operators comply with applicable data protection laws. You should consider the privacy policies of any relevant third party websites prior to sending your personal information to them.

15  Security   

15.1 We take reasonable steps to protect personal information that we hold from unauthorised access, modification and disclosure and implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed, as follows:
15.1.1  Use of SSL encryption.
15.1.2  Anti-virus and security controls for email and other applicable, computer software and systems – We use firewall and password protection. For email security, we use Gmail for sending and receiving emails.
15.1.3 Data backup and response plans – To ensure the safety of the data stored, transmitted and/or uploaded into the Platform, we have data backup and archiving processes in place which ensures that both short and long term data is stored periodically through the cloud to assist with disaster recovery where required.
15.1.4 Data breach response plans – To prevent data breaches we implement the following:
15.1.4.1 HTTPS protocols;
15.1.4.2 we ensure that the Platform is kept up-to-date and ensure that all software and third party tools used by us are updated in timely manner;
15.1.4.3 we apply minimum criteria for Users’ passwords;
15.1.4.4 the system restricts the uploading and/or downloading of files that the system identifies as malicious;
15.1.4.5 we use parameterised queries; and
15.1.4.6 we securely lock the Platform’s directory and file permissions to restricted personnel.
15.1.5 Password and access control procedures – we have a strict password access procedure (i.e. when a User forgets their password there is a password reset feature).
15.1.6 Security audits for electronic and physical infrastructure – we use AWS to host the Platform and rely on its security infrastructure.
15.1.7 Confidentiality regimes with employees and contractors – We require our suppliers and developers to keep personal information confidential. Additionally, Users will be required to accept our Terms and Conditions of Use which has confidentiality provisions therein.
15.1.8 Security testing – we perform security testing to identify vulnerabilities, threats, risks in webapps and mobile apps in order to prevent malicious attacks from intruders. The main objective of security testing is to identify all possible loopholes and threats regarding web apps and mobile apps so that there is no exploitation.
15.1.9 Antivirus management and firewalls – we provide a security system that monitors and controls the incoming and outgoing network traffic of the Platform based on a defined set of security rules.
15.1.10 Hardcopy files and in electronic form in offices and other access-controlled premises – all files in the Platform are uploaded on an AWS server and only we have access to it.
15.1.11 Third party data storage providers that are password protected, locked cupboards or offsite storage providers – We use AWS servers and all security features relating to online record management of the Platform will be handled by the AWS server.
15.2 Despite these security measures, we cannot guarantee the security of personal information.

16 If you refuse to provide us with personal information

16.1 If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe the services that we make available, and our Contact Us page. However, when you submit a form on our website, register for a User account or otherwise enter into a business relationship with us, we need to collect personal information from you in order to identify who you are, so that we can provide you with services, and for the other purposes described in this Privacy Policy. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our services, but not if you wish to actually obtain our services (unless you are under the age of 15). The Platform may not be used by any person who provides us with false personal information (unless they are under the age of 15)

17 Spam email

17.1 We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, contact clients, or to send our newsletter to people who subscribe. Transaction-based e-mails are automatically generated. Anytime a User or visitor receives an e-mail from us, they can request that we do not send further e-mails by contacting us through our “Contact Us” options.

18 Offshore data transfers

18.1 We may transfer your personal information to our contractors and service providers who assist us with providing our services, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. 18.2 We currently store personal information that we collect and hold in Australia only. 18.3 Provided that we comply with applicable law, including the provisions of Australian Privacy Principle 8 (Cross-border disclosure of personal information), and the GDPR – in relation to information governed by the GDPR, we may transfer your personal information to our offshore contractors and service providers as well if we ever decide to do so, who may be located outside the European Union (EU) or the European Economic Area (EEA).

19 Retention and de-identification of personal information

19.1 It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests).
19.2 Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
19.3 However, we do not control when search engines update their search indexes or caches, which may contain certain summaries, profiles or other personal information that has since been removed from our Platform.
19.4 The Platform does not identify or verify any personal information uploaded by a User. Our Platform does not authenticate the personal information with respect to the eligibility criteria of a Student or Educator with a registered user account on the Platform. However, we reserve the right to carry out background checks and request relevant documents and certificates to confirm the authenticity of any Educator’s personal information that they upload into the Platform.

20 Your rights under the GDPR

20.1 Under the GDPR, you have a number of rights, including:
20.1.1 The right to be informed
20.1.2 The right of access
20.1.3 The right to rectification
20.1.4 The right to erasure
20.1.5 The right to restrict processing
20.1.6 The right to data portability
20.1.7 The right to object
20.1.8 Rights in relation to automated decision making and profiling.
20.2 Please contact us if you wish to exercise any of your rights under the GDPR (if your personal information is governed by the GDPR). We will handle all such requests in accordance with our legal obligations. If you withdraw your consent for processing, object to the processing of your personal information or request us to erase your personal information and as a result it is not possible or practical for us to continue providing you with our services, we may elect to terminate our business relationship with you or suspend and/or terminate your account on the Platform.

21 How to access and correct personal information held by us

21.1 Please contact us if you wish to access the personal information that we hold about you (and not public profile information that is accessible and amendable through your account) using the details set out at the end of this Privacy Policy. We will handle your request for access to your personal information in accordance with our statutory obligations.
21.2 Users can amend personal information listed on their account at any time, by logging into their account. If you would like to have personal information that is not available on your public profile removed or amended, please contact our Privacy Officer. Further, we conduct regular review of User’s profiles and flag any profiles that are inconsistent with our business or are of concern. We will notify you if your account is deemed a concern to us and provide you with an opportunity to address our concern.
21.3 We will provide you (or if you wish, another controller) with a copy of the personal information we hold about you in a structured, commonly used and machine-readable format free of charge, unless we specify otherwise. However, we will not charge any fee to access your personal information where the GDPR prohibits us from doing so. You have the right to request that we send to you or to another organisation, that requested copy of your personal information. If you would like us to provide you, move, copy, or transfer your information in this manner, please let us know. We will respond to you within one (1) month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
21.4 If you no longer wish to use the Platform you may close your account directly in the account settings portion of your account. Your deregistration as a User will be effective immediately.
21.5 If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

22 Other Privacy Issues

22.1 Use of Media uploads. If you upload images to our website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
22.2 Embedded content from other websites
22.2.1 Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
22.2.2 External websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
22.3 Cookies
22.3.1 If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
22.3.2 When you use our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
22.3.3 When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
22.3.4 If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

23 Our contact details

23.1 If you wish to contact us for any reason regarding our privacy practices or the personal information that we hold about you, please contact us at the following address:

Privacy Representative and Data Protection Officer

Dr Jeffrey Sewell
Privacy Representative
Suite 202B, 39 East Esplanade, Manly, New South Wales, 2095

or contact us using the options available through the “Help and Support” page on this site.
23.2 We will use our best endeavours to resolve any privacy complaint within ten (10) business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.
23.3 If you are not satisfied with the outcome of a complaint or you with to make a complaint about a breach of the Australian Privacy Principles you may refer the complaint to the OAIC who can be contacted using the following details:

Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218, Sydney NSW 2001
In relation to personal information governed by the GDPR, you may lodge a complaint with any relevant supervisory authoritY.