PRIVACY POLICY

Joyora Pty Ltd  ·  ACN 696 443 786

1  INTRODUCTION

This document sets out the privacy policy of Joyora Pty Ltd, an Australian business with ACN 696 443 786 (referred to in this privacy policy as 'we', 'us' or 'our'). We are an Australian business and this privacy policy is primarily intended to explain how we collect, use, store and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

We take our privacy obligations seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information in connection with your use of our website, app and related services. It also explains your rights in relation to your personal information and how to contact us or a relevant regulator if you have a complaint.

2  TYPES OF PERSONAL INFORMATION WE COLLECT

  1. (a)The personal data we collect may include:

2.1  Parent / Account Holder Information

  1. (a)name;
  2. (b)email address;
  3. (c)telephone number;
  4. (d)billing and payment information;
  5. (e)account login credentials.

2.2  Child Profile Information

Where a parent chooses to create a child profile, we may collect:

  1. (a)child's first name;
  2. (b)date of birth;
  3. (c)gender;
  4. (d)optional profile photograph;
  5. (e)information relating to personal growth, development or activities;
  6. (f)scheduling information entered by the parent.

Children do not independently provide information to us.

2.3  Health and Sensitive Information

If a parent chooses to enter it into the Platform, we may collect health-related information about a child, including:

  1. (a)medication details for scheduling reminders;
  2. (b)relevant medical notes entered by a parent; and
  3. (c)information relating to a child's routines, wellbeing, care preferences or similar matters entered by a parent or guardian.

Under Australian privacy law, health information is sensitive information. If an overseas privacy law applies to particular processing activities, that information may also be treated as a special category or otherwise protected class of data under that law.

We only collect such information where it is voluntarily provided by a parent or legal guardian for the limited purposes described in this policy.

We do not require parents to provide health information to use the core features of the Platform.

3  HOW WE COLLECT PERSONAL INFORMATION

We collect personal data:

  1. (a)directly from parents when they create an account;
  2. (b)when parents create and manage child profiles;
  3. (c)when parents voluntarily enter information into scheduling or notes fields;
  4. (d)through use of cookies, analytics and similar technologies;
  5. (e)from service providers who support payment processing or infrastructure.

We do not knowingly collect personal data directly from children without parental involvement.

We may also collect personal data from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, 'cookies' or other similar tracking technologies that allow us to track and analyse your website usage. For more information, please see our Cookie Policy.

4  USE OF YOUR PERSONAL INFORMATION

We collect and use personal data for the following purposes:

  1. (a)to provide and operate the Platform;
  2. (b)to enable scheduling, reminders and organisational features;
  3. (c)to provide account administration and support;
  4. (d)to improve our services and user experience;
  5. (e)to comply with legal obligations;
  6. (f)where you have opted in, to send newsletters, updates, downloadable activity packs and other direct marketing communications about our content, products or services.

If you opt in to receive direct marketing communications from us, you can unsubscribe at any time by using the unsubscribe link in the relevant email or by contacting us. You do not need a separate in-app opt-out control for email marketing provided each marketing message contains a functional unsubscribe mechanism.

5  Use of Health Information

Where parents choose to enter health or medication information:

  1. (a)The information is used solely to enable scheduling reminders, organisational tools and profile management features.
  2. (b)The information is not monitored, reviewed or analysed by medical professionals.
  3. (c)The Platform does not provide medical advice, diagnosis, treatment or health monitoring services.
  4. (d)We do not use health information for profiling, advertising, or automated decision-making.
  5. (e)Parents may delete health information at any time within the Platform.

6  ADDITIONAL RIGHTS WHERE OTHER PRIVACY LAWS APPLY

If and to the extent an overseas privacy law such as the GDPR or UK GDPR applies to a particular handling activity, the additional rights, obligations, lawful bases and safeguards required by that law will apply to that activity in addition to this policy.

  1. (a)Where an overseas privacy law applies, we may rely on performance of a contract, legitimate interests, legal obligations or consent, depending on the nature of the relevant processing activity.

Where a parent chooses to enter health or medication information, we will only handle that information for the limited purposes described in this policy. Where consent is required by applicable law, we may ask the parent or guardian to provide that consent by selecting a consent checkbox or taking a similar affirmative action.

Parents may withdraw any consent they have given for optional processing at any time by deleting the relevant information, updating their settings where available, unsubscribing from the relevant communication or contacting us. Withdrawal of consent does not affect processing already carried out lawfully before that withdrawal.

7  SHARING YOUR DATA

We do not sell personal data.

We may share your personal data in certain circumstances, as follows:

In particular, we may disclose personal information to third-party service providers who help us operate our business and services, including Glide, Squarespace, Zapier, Airwallex, Xero, cloud hosting providers, analytics providers, IT support providers, professional advisers and other service providers we use from time to time.

  1. (a)hosting and cloud infrastructure providers;
  2. (b)payment processors;
  3. (c)IT and technical service providers;
  4. (d)professional advisers;
  5. (e)regulators or authorities where required by law;
  6. (f)in connection with a business sale or restructuring.

Health information is only shared with core infrastructure providers strictly as necessary to provide hosting and storage services.

We do not share children's information with advertisers or data brokers.

8  SECURITY

We implement appropriate technical and organisational measures to protect personal data, including:

  1. (a)encrypted transmission (where applicable);
  2. (b)secure cloud hosting environments;
  3. (c)restricted access controls;
  4. (d)password protection and authentication mechanisms;
  5. (e)internal access limitation on a need-to-know basis.

While we take reasonable steps to protect personal data, no system is completely secure and we cannot guarantee absolute security.

If we become aware of an eligible data breach affecting personal information, we will take the steps required by applicable law, which may include investigating the incident, containing the breach and notifying affected individuals and regulators, including by email or in-app notice where appropriate.

9  LINKS

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

10  YOUR RIGHTS

You have rights in relation to your personal information under Australian privacy law, and additional rights may apply where another privacy law applies to the relevant processing.

  1. (a)Access and correction: You may request access to the personal information we hold about you and ask us to correct that information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
  2. (b)Complaint: You may complain to us if you think we have handled your personal information in a way that breaches applicable privacy law.
  3. (c)Direct marketing opt-out: If you have opted in to receive direct marketing from us, you may opt out at any time using the unsubscribe link in the relevant email or by contacting us.
  4. (d)Deletion requests: You may request deletion of your account or certain personal information. We will consider each request in light of our legal, regulatory, accounting, fraud prevention, dispute resolution and backup retention obligations.
  5. (e)If you are in Australia and believe we have interfered with your privacy, you may lodge a complaint with the Office of the Australian Information Commissioner. If another privacy law applies to the relevant processing, you may also have the right to complain to the regulator in that jurisdiction.
  6. (f)Where another privacy law applies to the relevant processing, you may also have any additional rights that are mandatory under that law, including rights relating to objection, restriction, portability or withdrawal of consent to the extent applicable.

You may, at any time, exercise any of the above rights, by contacting our email address provided below.

11  RETENTION, INACTIVE ACCOUNTS AND DELETION

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including to provide our services, maintain our systems, resolve disputes, enforce our agreements and satisfy legal, accounting, tax and reporting requirements.

If your membership is cancelled or your account becomes inactive, account data may remain available in the app for up to 90 days unless you delete your account earlier. After that period, we may delete or de-identify the relevant information, subject to our backup retention cycles and any legal obligation or legitimate need to retain it for longer. If you use the delete account function or otherwise request deletion, we will action that request within a reasonable time, subject to those same limitations.

12  OVERSEAS DISCLOSURE AND STORAGE

Some of our service providers may store or process personal information outside Australia. This can occur, for example, where we use third-party providers such as Glide, Squarespace, Zapier, Airwallex, Xero, cloud hosting providers or other service providers with personnel, infrastructure or subcontractors located overseas.

Where we disclose personal information overseas, we will take reasonable steps to ensure the recipient handles the information in a manner consistent with applicable privacy law, while acknowledging that overseas recipients may be subject to different privacy regimes.

You can contact us using the details below if you would like more information about our use of overseas service providers or our cross-border data handling practices.

13  CONTACT US

For further information about our privacy policy or practices, or to access or correct your personal data, or make a complaint, please contact us using the details set out below:

Email: support@joyora.com.au

We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy. Where we make any significant changes, we will endeavour to notify you by email.