Privacy Policy

Effective date: [15 January 2026]
Who we are: [Little School Brassall] (ABN [35 603 796 694]) (“we”, “us”, “our”)
Contact: admin@littleschoolbrassall.com.au

We are committed to protecting the privacy of children, families, employees and visitors. We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What this policy covers

This policy explains how we collect, use, disclose, store and protect personal information through our website and our enrolment, waitlist, parent-communication and staffing systems. It also explains your rights to access and correct information..

2. The information we collect

We only collect what we reasonably need to provide education and care, meet legal obligations, ensure safety, and operate our service:

  • Child information: name, DOB, gender, medical/health info (allergies, medications, care plans), dietary needs, additional needs, cultural or language background, enrolment details, attendance, observations and learning documentation.

  • Parent/guardian information: names, contact details, relationship to child, court orders, emergency contacts, authorised pick-up persons, payment details.

  • Staff/visitor information: identity and contact details, emergency contacts, working with children/blue card, qualifications and training, rosters and timesheets.

  • Website & device data: IP address, browser type, pages viewed, form submissions, cookies/analytics, and optional website chat logs.

  • Media & site security: photographs/video (with consent), incident reports, and optional CCTV at service premises (if used, clearly sign-posted).

We take extra care with children’s information. Capacity to consent is assessed case-by-case; generally a parent/guardian consents for younger children.

3. How we collect information

  • Directly from you via website forms, enrolment packs, emails, phone calls, centre visits and parent apps.

  • From authorised third parties (e.g., medical practitioners in an emergency, government agencies where required by law).

  • Automatically via cookies and analytics on our website (see “Cookies & analytics” below).

We collect information by lawful and fair means and, where reasonable, with your knowledge or consent, consistent with APPs 1–5.

4. Why we collect and use information

  • To deliver education and care, ensure health and safety, and tailor learning programs.

  • To manage enrolments, waitlists, fees and payments, and Commonwealth funding or benefits where applicable.

  • To meet obligations under the National Law/Regulations (e.g., attendance, incident and medical records; keeping records secure).

  • To communicate with you (service updates, compliance notices, learning updates).

  • With consent, for limited marketing to our own families (you can opt out at any time).

5. Required record-keeping and retention (early childhood)

We must keep certain records securely and for specific periods under the Education and Care Services National Law and Regulations (incl. Regs 177–183), such as Child enrolment, attendance, medication, education records and incident reports.

6. Disclosure to others

We may share personal information with:

  • Regulators and agencies where required (e.g., state Regulatory Authority, the Australian Government for funding compliance).

  • Emergency services or health practitioners where necessary to protect life, health or safety.

  • Service providers that help us operate (e.g., enrolment/parent-app platforms, billing gateways, IT support, email/SMS services) under contracts that require confidentiality and security.

  • Courts, tribunals or legal advisors when required or authorised by law.

We do not sell personal information. If we disclose outside Australia (e.g., cloud hosting), we take reasonable steps so recipients comply with APP 8 (cross-border disclosure).

7. Website cookies & analytics

Our website may use first-party and third-party cookies/analytics to improve site performance, measure traffic and understand user interactions. You can control cookies in your browser. We do not combine analytics data with identifiable enrolment records unless you submit a form on our site. Direct-marketing emails comply with the Spam Act 2003 (unsubscribe any time).

8. Photography, video and social media

We seek written consent at enrolment (and you can change it anytime). Images used for learning documentation or centre communications are handled securely. Public-facing uses (e.g., website or social media) occur only with explicit consent or as otherwise permitted by law.

9. Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Measures include secure record systems, role-based access, encryption where appropriate, staff training, audit logs, and safe disposal at end-of-retention. This aligns with APP 11 and sector guidance on keeping records secure.

10. Data breaches

If a data breach is likely to result in serious harm, we will promptly assess it and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme, including steps you should take.

11. Access and correction

You can request access to your (or your child’s) personal information and ask us to correct it if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We’ll respond within a reasonable time. We may need to verify identity and, where permitted, may charge a reasonable fee for access.

12. Children’s privacy

We handle children’s data with extra care. Where practical, we consider a young person’s capacity to understand and consent; otherwise we obtain consent from a parent/guardian. You may withdraw consent (e.g., for images) at any time. Australia is also developing a Children’s Online Privacy Code—if/when in force, we will update this policy accordingly.

13. Third-party links and services

Our website or communications may link to third-party sites (e.g., enrolment forms, payment gateways). Those services have their own privacy notices. Review them before providing personal information.

14. How to contact us or make a complaint

If you have questions or wish to make a privacy complaint, contact our Privacy Officer:
Email: uc@playandlearn.com.au|

15. Changes to this policy

We may update this policy to reflect changes in law or our practices. The latest version will always be available on our website, with the effective date shown at the top.