Last updated: May 2023
OWNA Corp Pty Ltd (ACN 613 387 474) (“OWNA” or “we” or “us”) is committed to protecting the privacy and security of our customers’ personal information. This Security Policy outlines how we protect our data generated and processed by our childcare management software – including our website, and mobile app (Software), from unauthorized access, use, disclosure, modification, or destruction.
OWNA aims to keep its Software and websites safe for everyone, and data security is very important to us.
User data encryption
OWNA Services usage is restricted to secure browsing to ensure all traffic between you and our server is encrypted and protected from being read and tampered with. We have privacy protections in code to ensure posts in relation to your children are only visible to their associated family and/or centre.
Security incident management
OWNA maintains an incident response plan that outlines steps to be taken in the event of a security incident (Plan). The Plan will include procedures for detecting, containing, investigating, and responding to security incidents including but not limited to threats, hacks, phishing, and any other related security breaches. The Plan will be reviewed and updated on a regular basis to ensure that it remains effective and up-to-date.
OWNA will promptly investigate all suspected or actual security incidents or breaches to determine the cause and extent of the incident and will take all appropriate steps to contain and mitigate the incident, including:
Employee training and awareness
All employees who have access to Personal Information must complete mandatory data security training which covers topics such as data security policies, best practices for data handling and storage, and how to respond to data breaches. OWNA management will periodically assess the effectiveness of its training programs and make updates as necessary.
OWNA’s privacy officer will implement access controls to ensure that only authorized employees can access Personal Information. Access controls will be based on the principle of least privilege, meaning that employees will only be granted access to the Personal Information necessary for them to perform their job functions.
The Software platform will require strong and unique passwords for all employee accounts and may implement multi-factor authentication where feasible. All OWNA employees are obligated to immediately report any suspected or actual data breaches to the Software platform’s designated privacy officer, IT department or OWNA management.
Data retention and disposal of personal information
OWNA will take all reasonable steps to ensure that your Personal Information is stored safely and securely. OWNA will protect your Personal Information by restricting access to your Personal Information and by securely destroying or de-identifying your information when it is no longer needed.
All Data collected or processed by OWNA must have a business purpose and be retained only for as long as necessary to fulfill that purpose. OWNA will establish retention schedules for each type of Data it handles, specifying the period for which the data will be retained and the criteria for determining when Data is no longer needed. In doing so, OWNA will ensure that all employees are aware of and comply with the retention schedules for the Data they handle.
When Data is no longer needed, it must be disposed of securely and promptly. OWNA will use appropriate disposal methods that are consistent with the sensitivity of the data being disposed of, such as shredding, wiping, or degaussing. OWNA will ensure that all employees are aware of and comply with the its disposal policies and procedures and will keep and maintain records of all its disposal activities.
OWNA will establish regular backup procedures to protect against Data loss or corruption. These backup storages will be stored securely, retained only for an appropriate period of time and will be accessible only to authorised OWNA personnel.
OWNA recognizes the sensitive nature of children's Personal Information and is committed to protecting it. Accordingly, OWNA will only collect and process Personal Information from or in relation to children with the explicit consent of their parent or legal guardian. OWNA will limit the collection of Personal Information from or in relation to children to that which is necessary for the provision of the OWNA’s Services. OWNA will not disclose Personal Information collected from children to third parties unless required to do so by law or with the express consent of the child's parent or legal guardian.
OWNA also takes reasonable steps to verify the identity of a child's parent or legal guardian before collecting Personal Information from or in relation to the child. OWNA will provide parents or legal guardians with the ability to review, edit, or delete their child's Personal Information. OWNA will promptly delete any Personal Information collected from or in relation to a child if the parent or legal guardian requests it or if the information is no longer necessary for the provision of the Services. OWNA will use appropriate technical and organisational measures to safeguard children's Personal Information, including but not limited to encryption, access controls, and regular security audits. OWNA will ensure that all personnel who handle children's Personal Information are trained in according to our policies and procedures for protecting such information.
Changes to this Security Policy
We reserve the right to modify this security policy at any time. If we make material changes to this policy, we will notify you by email, by posting a notice on our website or by posting the notice on the Platform prior to the change becoming effective. Your continued use of our Software after the effective date of any changes to this policy constitutes your acceptance of those changes.
Updating your personal information
You have the right to access, correct, delete, and restrict the processing of your data. You may also object to the processing of your data and withdraw your consent to receive marketing materials from us. To exercise your rights or make any requests related to your data, please contact us at firstname.lastname@example.org.
Please note that we may need to retain certain data for legal or administrative purposes, such as record- keeping or to comply with our legal obligations. If you wish to access, correct or update your personal information, please contact us on email@example.com.
|Version||Date Reviewed||Date Updated|
|2.0||May 2023||May 2023|
Send us an email at firstname.lastname@example.org if you have any questions.
© 2021 Owna Corp Pty Ltd - ACN 613387474