New families: 25% off your first 4 weeks. Enrol and start by 31 Dec 2026. Book a tour →
Call Book a tour

Privacy & Confidentiality Policy

How we collect, use, store and protect personal information · Policy code MPOL4 · Last reviewed October 2024
Our approach in a nutshell: We only collect personal information we need to provide quality care for your child, comply with our legal obligations, and keep everyone safe. We store it securely, share it only when necessary or required by law, and we never sell your information to anyone.

What this policy covers

This policy applies to all personal information held by Roseville Kindergarten, which is operated by Eikoh Seminar Australia Pty Ltd (ABN 54 050 051 495). It covers information about children enrolled at the centre, their families and emergency contacts, our staff, volunteers, students on placement, committee members, and members of the community who interact with us.

It has been developed to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988, the Education and Care Services National Regulations, the Family Assistance Law, and the National Quality Standards.

What information we collect

We only collect personal information that you specifically and knowingly provide to us, such as when you enrol your child, pay fees, or share health and family information to support your child's care. Information available on a public website or social media profile is not considered personal information.

Depending on the relationship, we may collect:

  • Medical and health information: immunisation history, Medicare and health fund details, allergies, medical conditions, accident and injury records.
  • Contact details: name, address, phone numbers, email, and emergency contact information for the child and family.
  • Family information: employment status, marital status, nationality, and any relevant legal documents (e.g. court orders, parenting orders, AVOs).
  • Financial information: billing records, fee payment history, banking or credit card details (for direct debit and EFTPOS), Tax File Number, and Family Assistance / Child Care Subsidy (CCS) details.
  • Children's developmental records: observations, learning assessments, programming documents, and family communications.
  • Staff records: qualifications, Working with Children Check, criminal history check, payroll, contact and emergency information, health and immunisation, and any relevant medical or legal information.
  • Records of complaints and incidents: as required under the Education and Care Services Regulations.

Why we collect it

The reason we ask for each piece of information depends on what it's for:

  • Health and immunisation: to keep your child safe and meet our obligations under the NSW Public Health Act 2010 and Family Assistance Law.
  • Contact and emergency details: required under the Education and Care Services Regulation.
  • Financial and CCS details: required for fee processing, Family Assistance legislation, and Department of Education funding agreements.
  • Children's developmental records: required under the Education and Care Services Regulation, and to provide a high-quality educational program tailored to your child.
  • Legal information: only collected where it directly affects your child's care, supervision, or safety (e.g. custody arrangements).
  • Staff information: required under employment law, the Education and Care Services Regulation, and to verify Working with Children clearances.

We only use information for the purpose for which it was collected. We do not sell or trade personal information to any third party, ever.

How information is stored

We store personal information using two layers, depending on the type:

  • Hard copy records are kept in locked filing cabinets within the centre, which is itself secured outside operating hours.
  • Electronic records are kept on password-protected computers, on our company server at the Eikoh Seminar Australia head office, and (for app-related records) on the OWNA Corp Pty Ltd server. Records are backed up securely.

Credit card and EFTPOS information is handled in accordance with the Payment Card Industry Data Security Standards (PCIDSS).

We retain personal information for as long as needed for the purposes for which it was collected, and as required under privacy law and education and care regulations. Personal information that is no longer needed is archived or destroyed in accordance with those requirements.

Want to know more about how we use the OWNA app?

The app is how we share photos and updates with families during the day. Come for a tour and we'll show you how it works.

Book a tour

Who has access to information, and when we share it

Only authorised people have access to personal information held by the centre. We will not share information about a child, family, or staff member with anyone outside the centre except in the situations set out below, all of which are permitted under Education and Care Services National Regulation 181:

  • To the extent necessary for the education, care, or medical treatment of the child.
  • To the parent of the child the information relates to (this exception does not apply to staff records).
  • To the regulatory authority or an authorised officer.
  • Where authorised, permitted, or required by law.
  • With the written consent of the person who provided the information.

Our educators are bound by the Early Childhood Australia (ECA) Code of Ethics and sign a Confidentiality Statement on commencement. They do not share information about the centre, our families, or other educators without written permission or legal authority.

Photos, social media, and the OWNA app

We use a centre app (developed in partnership with OWNA Corp Pty Ltd) to share photos, learning stories, and important information with families about their child's day. Only authorised people have access to information in the app, and all authorised people hold a Working with Children Check.

What you'll be asked at enrolment:

  • Whether you give permission for your child's image to be used within the OWNA app and on our centre's social media (e.g. Facebook).
  • If you do not want your child's image visible to other families in the app, we use the app's lock feature so their photos are only visible to you. Your child is still fully included in everything we do.

Access to the app: Only families currently enrolled at the centre can access the app. When your child leaves the centre, you'll be able to access the app for four weeks from the date we receive your written notice, after which the account becomes inactive.

We don't publish information about educators, children, or families to social media or the public website without the written consent of that individual or their family.

Website and online privacy

You don't need to provide any personal information to browse this website. If you choose to send us information via email or our online tour-booking form, we use it only to respond to your enquiry, send you the information you've asked for, or follow up about a tour or enrolment.

Our website may automatically log basic technical information about your visit (e.g. IP address, date and time of the visit, pages viewed, referring site, browser and operating system, search terms, and cookies your browser sends). We use this information only for statistical analysis to maintain and improve the site. It is not shared with any other organisation.

If you've enquired with us by email, you can ask us at any time to stop sending you information by writing to us at the email address below.

If something goes wrong: data breach response

If personal information held by the centre is lost (paper or electronic), accessed without permission, or disclosed without authorisation in a way that's likely to cause serious harm to one or more people, we follow our Data Breach Response Plan.

That plan, in short:

  • Staff notify the Approved Provider or Nominated Supervisor as soon as a breach is suspected.
  • The breach is assessed within 30 days (and as quickly as possible) to determine the nature and extent of the breach and whether serious harm is likely.
  • Steps are taken to contain the breach and prevent recurrence. External experts are engaged where needed (e.g. for cybersecurity issues).
  • If serious harm is likely, we notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as possible, with details of the breach and steps people can take to reduce the risk.
  • We keep a record of every breach, even if no notification is required, and review our response to identify improvements.

"Serious harm" means physical, psychological, emotional, financial, or reputational harm. We assess this based on the type and sensitivity of the information, how it was protected (e.g. encryption), how long it has been accessible, and how likely it is that the information could be used to cause harm.

Your rights

You can ask to:

  • See the personal information we hold about you or your child.
  • Update or correct any information that is incomplete or inaccurate.
  • Have information deleted, subject to our legal record-keeping obligations.

Requests must be made in writing to our Director. We'll take reasonable steps to verify your identity before granting access or making changes.

In some circumstances, we may not be able to provide access. The most common reasons are:

  • Sharing the information would compromise another person's privacy.
  • The information is subject to a legal hold (for example, custody or guardianship matters).
  • The request is frivolous or vexatious.

If we deny a request, we'll explain why in writing.

If you have a privacy complaint

If you believe we've breached your privacy or mishandled your personal information, please raise it with our Director first, either in person, by phone, or in writing. We'll assess your complaint within 14 days and discuss the outcome with you.

If your information is incorrect, we will correct it. Where a serious breach has occurred, we'll work with you to agree on appropriate next steps in line with our Complaints Procedure.

If you're not satisfied with how we've handled your complaint, you can also complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact us

If you have questions about this policy, want to access your personal information, or want to make a complaint, please contact us:

Sourced from the Australian Privacy Principles, the Privacy Act 1988, the Education and Care Services National Regulations, the National Quality Standards, the Early Childhood Australia Code of Ethics, and Centre Support. Last reviewed October 2024.

Related policies

Positive behaviour guidance

How we support children's behaviour with respect, patience, and consistency.

Sleep & rest procedures

How we support children's rest and relaxation during the day.

All centre policies

Browse our featured policies and the full Eikoh document library covering everything else.

Come and see how it works in practice.

Privacy is one thing on paper. Seeing how we genuinely look after children and their families day to day is another. Book a tour, you're welcome to bring your child.

Preferred days
Prefer to talk? Call 02 9416 3002 or email director@rosevillekindy.nsw.edu.au