Privacy Policy

Last Updated: 23/09/2025

This Privacy Policy explains how Schoolzine Pty Ltd (“Schoolzine”, “we”, “our”, “us”) collects, uses, stores, and protects personal information. It applies to:

End Users — visitors to school websites, newsletters, or other content powered by Schoolzine.
Customer Account Holders — school staff, diocesan staff, students, or others who hold a Schoolzine login.

We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and align our information security practices with ISO27001 standards. We work with governing bodies around data handling and privacy to ensure safe and secure use for all users and Schoolzine staff.

1. Information collected from End Users (Visitors)

When you visit a website, newsletter, or service powered by Schoolzine, we may collect limited technical and usage information, including:

Country or region you are located in.
Pages/URLs visited (counted in aggregate, not detailed browsing histories).
Type of browser or device used.
Accessibility preferences detected from your system (e.g. text size, contrast).
Clicks or interactions on websites or newsletters.
Time spent on school web pages or newsletters.

We collect this information to help schools and communities understand how their content is accessed and engaged with, so they can improve communication and ensure parents and community members are better informed.

Account holders defined in section 2 may collect information outside of this scope by way of web forms, polls, surveys using the system.

2. Information collected from Customer Account Holders

Some users hold accounts in Schoolzine systems (for example, school staff, diocesan staff, or students). For these accounts, we may collect and process:

Identity details: Name, email address, position/role, school affiliation.
Login and authentication data: Username, encrypted password, session activity.
Usage and audit logs: Date, time, and details of access or changes made within the system.
User Behaviour: Frequency of login, newsletter sends, website updates and other metrics

Sports Tracker Users

Where schools use the Sports Tracker module to organise athletic carnivals or similar events, additional data may be collected to support event management, including:

Date of birth
Sex (Male, Female, Other)

This data is only visible to authorised school staff. Any user, including Schoolzine staff accessing this information with have their access logged and audited.

3. How information is used

We use personal information to:

Provide, maintain, and improve Schoolzine services.
Enable schools to manage their communication, events, and content delivery.
Ensure system security and auditing.
Meet legal and regulatory obligations.
Operate the system, (e.g. place students in correct sporting events based on date of birth automatically)

4. Legal Grounds for processing

Legal grounds for processing

Schoolzine collects and processes personal information only where reasonably necessary for the operation of our services. The main legal grounds include:

Contractual necessity — to deliver services contracted by schools and account holders.
Legitimate interests — to maintain security, monitor usage, and improve platform reliability and performance.
Consent — where you actively provide personal information (for example, subscribing to a newsletter, completing a survey, or registering for an event).

We do not use personal information for unrelated secondary purposes without consent, unless required or authorised by law.

5. Special handling of student and sports data

In some modules, such as Sports Tracker, additional personal information may be collected to support the organisation of school events (e.g. date of birth and sex).

This information is not defined as “sensitive information” under the Privacy Act 1988 (Cth).
However, because it relates to students and could be used in combination with other identifiers, Schoolzine treats this information as high sensitivity.
Access is limited to authorised school staff, and every access is logged for audit purposes.
We apply heightened security controls consistent with ISO27001 to protect this data.

6. Storage and security

We are committed to protecting your information. Personal data is stored securely and protected with technical, administrative, and physical safeguards consistent with ISO27001 information security standards.

Where data is hosted or processed by third-party providers (e.g. cloud hosting, email distribution), we require those providers to handle it in accordance with the APPs and equivalent safeguards.

Data is stored within secure Data Centres in Australia
Protect data at rest using disk encryption
Protect data in transit using SSL certificates
Perform regular data backups

7. Access, correction, and deletion

You may request access to, correction of, or deletion of the personal information we hold about you at any time.

End Users: Please contact your school for information they collect and publish, for question about the points collected in Part 1 please contact Schoolzine Support.
Account Holders: Please contact Schoolzine Support.

We will respond to requests within a reasonable timeframe and in accordance with the Privacy Act.

8. Complaints

If you believe we have breached the Australian Privacy Principles, please contact us. We will investigate promptly. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

9. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. We will do our best to inform all stakeholders whenever this happens from time to time.

10. Third-Party Subprocessors

The following third-party service providers (“subprocessors”) support the delivery of Schoolzine services. They process only the minimum necessary personal data under contractual agreements, aligned with the

Provider	Purpose	Data Types Processed	Data Location(s)	ISO27001	SOC 2
Amazon Web Services (AWS)	Cloud hosting and secure data storage	Account data, content data, technical logs	Primarily Australia	✅	✅
Cloudflare	Security & performance (DDoS, WAF, TLS, caching)	Network traffic, IP addresses, device/browser info	Global transit, AU primary	✅	✅
Xero	Billing & accounting	Customer contact details, invoice and payment info	Australia/NZ	✅	✅
HubSpot	Ticket tracking, customer support & sales	Customer contact info, support tickets, usage data	USA/EU (with safeguards)	✅	✅
Grafana Cloud	System monitoring and log processing	Technical metadata (no sensitive personal data)	Global	✅	✅
3CX	VoIP telephony for support & customer calls	Caller ID, call metadata (not recordings unless explicitly enabled)	EU/Global	✅	✅
Microsoft (Office 365)	Internal communication, email, and file storage for Schoolzine	Staff emails, support docs, internal files	Australia & Global replication	✅	✅

All subprocessors are contractually bound to process data only on behalf of Schoolzine.
We require each subprocessor to maintain ISO27001 and/or SOC 2 compliance (where available).
Data may be stored or transit internationally, but safeguards (such as encryption, TLS, and access controls) are in place to ensure compliance with the Australian Privacy Principles (APPs).

11. Contact

To contact Schoolzine regarding your personal data and data protection, including to make a subject access request, please use the following details:

Schoolzine Pty LtdABN: 79 123 804 991
Phone: 1300 795 503
Email address: dpo@schoolzine.com or support@schoolzine.com