Privacy Policy

1. Introduction

Amaze Active Outside School Hours Care Ltd (ABN: 59 604 428 953), trading as Our Patch OSHC, is committed to complying with the Australian Privacy Principles as contained in the Privacy Act 1988 (Cth) (Privacy Act).

We only collect information necessary for our operations. This document outlines how we collect and manage personal information, ensuring transparency and protecting your privacy rights. If you have any questions, please contact us.

This Policy appears on our website and we will also provide a copy of this Policy to anyone who makes a request, free of charge.

2. Information management overview

2.1. APP Entity

Our Patch OSHC operates as an APP Entity under the Australian Privacy Principles. Occasionally, we may collect and manage personal information as an Agency under privacy arrangements required by government contracts. For further clarification, please contact us.

2.2. What is personal information?

Personal information is defined in the Privacy Act to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Personal information can include sensitive information.  Sensitive information is defined in the Privacy Act as information or an opinion about a person’s race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health information, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.

Personal information can also include credit information.

2.3 Information flow

We collect personal information to provide our services, comply with legal obligations, operate programs, and promote learning under the National Quality Framework. This may involve sharing information with relevant authorities (e.g. Family Assistance Office for CCS payments).

When managing your personal information, we:

• take reasonable steps to ensure it is accurate, current, complete, and relevant
• take reasonable steps to securely store it in our information systems
• allow access or corrections in line with APPs 12 and 13
• destroy or de-identify it when no longer needed, unless it forms part of a Commonwealth Record.

3. Personal information that we collect and hold

3.1. General

Information collected:

• name
• address and other contact details such as email address and telephone number
• credit card details.

3.2 Customers

Information collected:

• personal details: name, contact information (including address, email address and telephone number), child’s information, medical history
• attendance and payment records
• special care or inclusion needs.

3.3. Job applicants/employees

Information collected:

• personal details: name, contact information (including address, email address and telephone number), qualifications, references
• background checks: police checks, working with children checks, right to work status
• employment records: tax file numbers, superannuation details, performance reviews
• training needs, complaints, or investigations
• work-related claims.

3.4. Business partners/suppliers

Information collected:

• names, contact details (including address, email address and telephone number), site specifications
• feedback on services or candidates.

3.5. Referees

Information collected:

• contact details (including email address and telephone number) and authority to provide references

4. How your personal information is collected

4.1. Information collection generally

We generally collect personal information in the following ways:

• information that you give to us (for example through direct communication, our website, via email, via telephone or through completion of forms)
• information that we get from your use of our website
• information that we receive from third party service providers, distributors and related entities
• publicly available sources
• using cookies and similar technologies.

4.2. Customers

Collected via enrolment forms, the Our Patch OSHC app, attendance records, schools, or direct communication.

4.3. Job applicants/Employees

Collected through application forms, recruitment forms, references, direct updates, performance feedback, and publicly available sources (e.g. social media).

4.4. Business partners/Suppliers

Collected through direct communication, conferences, referrals, or publicly available sources.

4.5. Referees

Collected during reference checks or from publicly available sources.

5. Technology and online transactions

Our Patch OSHC uses cookies, web tracking, and cloud services for analytics, communication, and operational purposes.

• Browsing data: Our website collects data like IP addresses, pages viewed, and browser type.
• Cookies: These monitor website usage and personalise experiences. You can disable cookies via browser settings.
• Cloud services: Used for secure data storage, ensuring compliance with privacy laws.
• Emails and logs: Communications are logged but used only for their intended purposes.
• Web bugs: Not used for sensitive data; users will be informed of their presence.
• Teleconferences/Video conferences: Recorded only with consent for specific purposes.
• Paperless office: Documents may be digitised, and originals securely destroyed.

6. The purposes for which Our Patch OSHC collects, holds, uses and discloses personal information.

We may collect, hold, use and disclose personal information for the following purposes:

• to supply our education and care services and to conduct our other business activities
• process Child Care Subsidy (CCS) payments
• manage learning and inclusion programs
• to respond to requests and inquiries
• to contact individuals, via email, regular mail, telephone or otherwise
• to provide you with information that we believe may be of interest to you or that you have requested
• assess job/candidate suitability
• direct marketing and business development
• to develop and improve programs, products, services and content
• website usage analytics
• for security and occupational health and safety purposes
• to investigate or report suspected unlawful activity
• to protect someone’s life, health, safety or welfare
• to assess your eligibility for credit (if offered)
• to collect payments that are overdue to us
• to comply with a law or regulation, or a court order or other legal process
• for internal administration and management purposes related to the above.

7. Disclosure

We may disclose personal information to:

• our related entities
• contractors we use to support our business (including IT support and other IT services, delivery services and financial institutions)
• our suppliers
• our lawyers, accountants and other business advisers
• your referees
• law enforcement officers, regulators, courts and government agencies – if required by law or regulation, court order or other legal process, or in order to our rights, property, or if necessary to prevent a threat to any person’s life, health or safety
• any other entity to which we are required or authorised by or under law to disclose such information.

8. Direct marketing

We will never use or disclose any sensitive information for marketing or advertising purposes.

We may use and disclose your personal information (other than sensitive information) to provide you with information about products or services offered by us or other parties.

If at any time you do not wish to receive marketing communications from us or you do not want your personal information disclosed for marketing or advertising purposes, please contact us and we will remove your details from our marketing database.

9. Disclosure overseas

We are unlikely to disclose your personal information overseas.

10. Government-related identifiers

We do not use any government-identifiers, such as tax file, Medicare, driver’s licence or passport numbers, as its own identifier of any individual.  We will not use or disclose any government-related identifiers other than in accordance with the Privacy Act and other applicable laws.

11. Information security

We take reasonable steps to protect personal information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Measures include:

• staff training on privacy policies
• password protection and clean-desk policies
• secure disposal of physical documents.

Our IT security measures are delivered by Canary. Canary is ISO27001 certified, which means we have the strictest controls in place across all aspects of managing and accessing our clients’ environments. Canary manages all our devices and provides end-user support. Canary will do all the patching and updates to our devices, ensure there are no compromised accounts, and respond accordingly should an account be compromised. 

12. Automated decision-making systems

No personal information collected by us will be used by us in conjunction with the operation of a computer program or artificial intelligence to make or do a thing that is substantially and directly related to making a decision that could reasonably be expected to significantly affect the rights or interests of an individual. 

13. Access and correction

13.1. Access policy

You are entitled to have access to and seek correction of any personal information that we may hold about you, subject to the grounds for refusal under the Privacy Act.

You may request access to your personal information by contacting the Customer Care Manager. Contact details are provided below in section 14.  

Before correcting or providing access to personal information in response to a request, we will require your identity to be confirmed.

We aim to respond within 20 business days. If we deny your request, we will provide you with a written notice detailing the reasons for the refusal and the process for making a complaint about the refusal to grant your request.

We do not impose a charge for making a request for access; however, we may charge for reasonable administrative costs incurred in providing access.

13.2. Correction policy

We take reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, up-to-date and complete.  We encourage individuals to assist us with this by contacting us if you are aware that any of your personal information is not accurate, up-to-date or complete.

If inaccurate or outdated information is shared with third parties, we will notify them, where practicable.

14. Complaints

If you believe your privacy has been compromised, you can submit a complaint in writing to:

• Customer Care Manager: 1300 018 310 or customercare@ourpatchgroup.com
• Office of the Australian Information Commissioner

      GPO Box 5218

      SYDNEY  NSW  2001

      Telephone:  1300 363 992

      Fax:  02 9284 9666

      Website:  www.oaic.gov.au

Our response process includes:

1. acknowledgment of your complaint
2. clarification and investigation of issues.
3. target proposed resolution within 30 days. We will contact you if we need more time.

15. Privacy policy

This policy may change due to updates in privacy laws or business practices. Please check our website regularly for updates.

This policy does not create any legally enforceable obligations on the part of Our Patch OSHC, and does not grant to any individual any rights beyond the rights created under the Privacy Act.

This policy was last updated in [February 2025].