We're hiring!

Privacy Policy

Australia and New Zealand

Wonde PtyLtd is a company incorporated in Australia, with ACN 631 042 307 (referred to as “we” “us” “our” and “Wonde” in this policy). Wonde is part of the Beyond group of companies (Beyond Group) including Wonde Limited (a company incorporated in England with the company number 14160647 (Wonde UK).

This Privacy Policy applies to the Australian and New Zealand operations of the Beyond Group via Wonde Pty Ltd ACN 631 042 307. Wonde provides its software comprising of its website, platforms and applications, including (but not limited to) our products and services which we operate through our website www.wonde.com and our school and application portals (“Site”) for those that visit our Site and those that access our Site as an authorised user (“Authorised User”).

Wonde UK has its own data protection policies and documents which sets out how it complies with relevant data protection legislation. To the extent that there are discrepancies between this Privacy Policy and those documents, this Privacy Policy will take precedence in relation to Wonde Pty Limited.

Overview

At Wonde, we take privacy very seriously and respect your privacy. We are committed to safeguarding your personal information in accordance with the requirements of the Australian Privacy Principles (“APPs”) in the Privacy Act 1988 Australia and the requirements of the Information Privacy Principles in the Privacy Act 2020 New Zealand, as well as other applicable data protection laws (together, “Data Protection Legislation”).

We are committed to ensuring that your personal information remains confidential and secure in accordance with applicable Data Protection Legislation.

This policy sets out how we deal with any personal information we handle, including if you are a:

  • Parent, guardian or student;
  • Member of staff of an education establishment such as a school or college;
  • An authority or state body; An Authorised User;
  • Visitor to our Site; or Supplier or business contact of Wonde.

This Privacy Policy describes the types of information that we collect from you, through the use of our products and services (“Services”), or the use of our Site, and how that information may be used or disclosed by us and the safeguards we use to protect it. The personal information that we collect is used for providing and improving our Services. We will not use or share your information with anyone except as described in this Privacy Policy, or otherwise permitted by law.

We provide schools and other education establishments (or other bodies that control such education establishments) (“Schools”) with a single portal from which they can maintain, manage and control the data they share with any third parties including but not limited to education applications (together “Edtech Apps“) whilst maintaining the highest levels of data security and integrity.

Unless notified otherwise, this Privacy Policy applies to all personal information that we may receive from or disclose about you.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

We may update this policy from time to time, and you can find our latest policy on our Site.

1. What does Wonde do?

We provide our software applications and platforms to help Schools better manage and securely control their information and data. For example, Wonde’s Data Sync platform integrates with a school’s student information system to allow schools to seamlessly transfer data to and from their Edtech Apps.

We also provide our own applications to schools for use, such as our Single Sign-On, Data Recovery and EduSync applications.

Accordingly, we collect and hold the information which is used for extraction purposes from Schools via the applicable school information system or school management system, to enable us to disclose it to the Edtech Apps which a School has approved and separately engaged with (for example, where a School has contracted with a maths application to provide mathematical software services to both staff and students). This means once a School has contracted with such an Edtech App, we then assist a School and the Edtech App to transfer your personal information, and that of students or other categories of individuals, to and from each other. In these cases, the School will at all times have control and shall be the entity responsible for deciding how and when your personal information is collected and used. Wonde can only transfer such information when a School expressly requests and approves Wonde to do so via the Wonde software. The School should provide you with their privacy policy setting out how the School uses your personal information and the lawful basis for doing so.

When you log in to our platform through our Site, visit our Site generally, or contact Wonde support, we will receive certain personal information directly from you, such as your name and email address. For this limited data only, we will be the party responsible for deciding how and when your information is used.

2. The personal information we collect and how we collect it

Depending on your relationship with us (for instance, whether you are a student, parent or a professional contact), we may collect, use, hold and disclose some or all of the following categories of personal information from the users of our Site or users of Wonde support:

  • Identity Information: your name. For students, we also collect year group and age information.
  • Contact Information: your email address, telephone number and postal address.
  • Other Categories’ Information: we also collect other categories of information depending on what the School requires such as characteristic data, demographic data.
  • Student Data: data held in Edtech Apps and school systems to which we are provided access.
  • Cookies Information: like many websites, we may use some “cookies” to enhance your experience and gather information about the visitors and number of visits to our Site. Please refer to our Cookie Policy about cookies, how we use them and what kind. You can find our Cookie Policy on our website.
  • Technical Log Information includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site.

We may collect your personal information from different sources:

  • Direct interactions. This is information you consent to giving us about you when you fill in forms through the Site or by corresponding with us (for example, by email or chat). It includes information you provide when you register or subscribe to any of our Services, visit or use the Site when you create an account with us and finally when you report a problem with our Services, or the Site generally. If you contact us, we will keep a record of that correspondence.
  • We collect Identity Information, Contact Information, other Categories from the school(s) you are connected to.
  • We collect Student Data from Edtech Apps and school systems.
  • We collect Technical Log Information automatically when you interact with our Site or platform, by using cookies and other similar technologies. We may also receive technical information about you if you visit other Sites employing our cookies.
  • Information wecollect and use in writing. From time to time it may be necessary to collect information in writing, including in hard form or electronically.
  • Information we receive from other sources including third parties and publicly available sources. We may receive personal information about you from various third parties such as government bodies, local authorities, or public databases, but we will only use the personal information where we are allowed to do so.

Personal information collected by us will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless agreed otherwise, or where the use or disclosure of that personal information is allowed or required by law.

3. How we use your personal information

We will only use and disclose your personal information when the law allows us to.

The primary purpose for which we collect and use personal information is to enable us to provide our integration services via our data sync platform and to manage our relationships. We may also use your personal information for reasons associated with the primary purposes.

Where we use personal information for the purpose of providing our services to Schools, we do so on the documented instructions of the School, subject to a direct agreement with the School (and any third party relevant in the data relationship) which controls and limits how we may use the personal information.

We will only otherwise use your personal information when the law allows us to. Most commonly wewill use your personal information in the following circumstances:

  • To administer our goods and services.
  • To communicate with you.
  • Where you have consented to the use of the information.
  • The personal information was collected for that purpose (the primary purpose).
  • For a purpose other than the primary purpose, which is related to (and, in the case of sensitive information, directly related to) the primary purpose of collection as stated above, and you would reasonably expect us to use or disclose the information for that secondary purpose.
  • Where there is a permitted exception that applies under the Data Protection Legislation in relation to the use of the information.
  • Where we need to comply with a legal or regulatory obligation.

4. Disclosure of your personal information

We may need to disclose your personal information to the following third parties:

  • Our employees, subcontractors, authorised representatives, associated entities as required to fulfil their roles;
  • Our professional advisers, including lawyers, business advisors, accountants, auditors and insurers;
  • Other business support service providers for the purpose of the operation of our business who provide IT, hosting and system administration services, or who store data on our behalf.
  • Government bodies, regulators, law enforcement agencies and any other parties when required by law.
  • Our associated entities or in the case of any re-organisation, sale or merger of us or any of our related entities, such other entities that we propose to be acquired by or merged with.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Policy.

We will of course transfer personal information between Edtech Apps and Schools as instructed by the School.

Wonde will not share personal information with any third party without a School approval for the sharing of information with that third party except as referred in this Privacy Policy or in the following instances:

  • Wonde may transfer personal information via direct connections with a school’s existing database or other computer systems for the purpose of maintaining accurate and co-ordinated school records.
  • Wonde may transfer personal information to third parties including the Edtech Apps, upon approval by the School.
  • The disclosure is required or authorised by or under applicable law.
  • The disclosure is reasonably necessary for the enforcement of any criminal convictions.
  • Wonde has reasonable grounds to determine that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another individual.

Where any of your information is required for such a purpose, we will take all reasonable steps to ensure that it is handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Legislation.

We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to use or disclose your personal information for specified purposes and in accordance with our instructions, which include strict confidentiality and contractual terms.

5. International Transfers

Whilst your data will always remain in Australia, to enable us to optimise the delivery of Services to Schools, we may occasionally provide Wonde UK (being within the same corporate group and subject to the same information security and data protection systems and procedures) access to view your data for support and maintenance purposes. Wonde UK will comply with the Data Protection Legislation and, in addition, will always comply with any UK related data protection legislation.

By using our services, Schools control and instruct Wonde to facilitate the transfer of data to and from Edtech Apps. There may be circumstances, for example, where a School has chosen to engage and use an Edtech App that is located outside of Australia. In this scenario, therefore, Wonde may be instructed by the School to transfer this personal information to such overseas recipients. Whilst Wonde will comply with data protection and information security requirements and will undertake its own due diligence of such third party Edtech Apps, ultimately, Wonde is relying on the School and its instructions to transfer such information. It is important to note that such information transfer to such recipient would occur ordinarily even if Wonde was not providing such Services to a School because that Edtech App would require such information directly from the School (whether by CSV file transfer or such other methodology from time to time) to provide its own services to such School from time to time. It is also important to note that a School always remains in control of any such data transfer to an Edtech App whilst using the Services from time to time.

Like any other established software business, we may use third party service providers for example to optimise our services, improve internal efficiencies and assist with providing data controls. To that end, we may also transfer your personal information to such third parties providing services to us who are based outside of Australia such as to the United Kingdom without obtaining your specific written consent. Specific examples of this include to facilitate services supporting Wonde, providing IT administration services and hosting services, and parties providing assistance with managing our databases. We will only engage such third party providers after undertaking due diligence and we only work with reputable and established brands who offer high levels of protection of data. If we do this, we will always look to limit the amount of data and if possible, anonymise any data that is transferred to such parties from time to time.

Whenever we transfer your personal information outside of Australia or New Zealand, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • (a) we reasonably believe that the recipient of the personal information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Data Protection Laws protect the information, and there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme;
  • (b) we take reasonable steps to ensure that the foreign entity does not breach the Data Protection Laws in relation to the disclosed information;
  • (c) you consent to the transfer;
  • (d) the disclosure is required or authorised by applicable law; or
  • (e) the disclosure is otherwise permitted under the Data Protection Laws.

6. Retention period

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

For more details of our specific retention periods, please contact us.

7. Information Security

Wonde hosts the personal information and data in Australia via our server provider Amazon Web Services. Information security is of great importance to us, and to protect your information we have put in place suitable physical, electronic and managerial procedures to safeguard and secure any personal information that is collected and used or disclosed through our Site, which includes multi layered security protocols for data protection.

We have implemented significant security measures to maintain a high level of security. We are accredited with ISO27001 to demonstrate our commitment to data security.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If we give you a password upon registration on our Site, you must keep it confidential. Please don’t share it.

8. Accessing and correcting your personal information

You may contact us to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.

We are not obliged to correct any of your personal information if it does not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.

We will respond to all requests for access to or correction of personal information within a reasonable time.

If you do request access to your personal information, we may require certain information from you to identify you and to confirm you are entitled to make the request.

9. Children and/or Special Category Information

In the circumstances where we do collect and use personal information relating to children or special category information, we recognise that we need to have further justification for the collection, storing and use of this information. In those circumstances, we do so only on the careful instructions of the school or education establishment and solely in accordance with the Data Protection Legislation and specifically the APPs.

We have in place appropriate policies and safeguards when processing such data as referred to in this Privacy Policy.

10. What if you have a complaint?

If you have any concerns or complaints about the way your personal information has been collected or handled by Wonde, please contact the Data Protection Officer at [email protected]. We will seek to address your concern or complaint and will consider and endeavour to respond to your complaint no later than 14 days after such a concern or complaint has been raised by you.

It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response:

  • In Australia you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. Further information about the application of the Australian Privacy Act, and how to contact the Commissioner, can be found at www.oaic.gov.au.
  • In New Zealand you may contact the New Zealand Privacy Commissioner who may investigate your complaint further. Further information about the application of the New Zealand Privacy Act, and how to contact the Commissioner, can be found at www.privacy.org.nz.

11. Contact Us

If you have any questions about this Privacy Policy or any concerns or complaints, you may contact us on +61 1800 064 506 for Australia or +64 04 488 1558 for New Zealand, via mail addressed to 204/3 Spring Street Sydney NSW2000, Australia or via email at [email protected].