Wonde Pty Ltd is a company incorporated in Australia, with ACN 631 042 307 (referred to as “we” “us” “our” and “Wonde” in this policy). Wonde is part of the Wonde group of companies (Wonde Group) including Wonde Limited (a company incorporated in England with the company number 08645640 (Wonde UK).
Wonde UK has its own data protection policies and documents which sets out how it complies with relevant data protection legislation. To the extent that there are discrepancies between this Privacy Policy and those documents, this Privacy Policy will take precedence in relation to Wonde Pty Limited.
Privacy Overview
At Wonde, we take privacy very seriously and respect your privacy. We are committed to safeguarding your personal information in accordance with the requirements of the Australian Privacy Principles (“APPs”) in the Privacy Act 1988 Australia and the requirements of the Information Privacy Principles in the Privacy Act 2020 New Zealand, as well as other applicable data protection laws (together, “Data Protection Legislation”).
We are committed to ensuring that your personal information remains confidential and secure in accordance with applicable Data Protection Legislation.
This policy sets out how we deal with any personal information we handle, including if you are a:
- Parent, guardian or student;
- Member of staff of an education establishment such as a school or college;
- An authority or state body;An Authorised User;
- Visitor to our Site; orSupplier or business contact of Wonde.
This Privacy Policy describes the types of information that we collect from you, through the use of our products and services (“Services”), or the use of our Site, and how that information may be used or disclosed by us and the safeguards we use to protect it. The personal information that we collect is used for providing and improving our Services. We will not use or share your information with anyone except as described in this Privacy Policy, or otherwise permitted by law.
Unless notified otherwise, this Privacy Policy applies to all personal information that we may receive from or disclose about you.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
We may update this policy from time to time, and you can find our latest policy on our Site.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the Data Protection Officer as follows:
Address: 204/3 Spring Street Sydney NSW 2000
Email address: support@wonde.com.
Contact number: +61 1800 064 506 for Australia or +64 04 488 1558 for New Zealand
1. What is MyLogin?
Wonde has created a way for students to log into their devices once, and access all their classroom apps at school or home quickly and securely which we operate either through our MyLogin Website https://mylogin.com/and our platform, collectively known as (“MyLogin Software”) or manually. This Privacy Notice governs those that access and use our MyLogin Software as an authorised user (“Authorised User”), those that are visitors to the MyLogin website and those that use our MyLogin services (“MyLogin”) generally.
We provide applications and platforms to help schools better manage and securely control their data. MyLogin provides an Identity Provider (IDP) service to allow simple login to devices and applications for students and teachers. We provide an API to allow third-party applications to integrate with us and grant one-click access to their applications from our student portal.
2. The personal information we collect
Depending on your relationship with us (for instance, whether you are a parent or a professional contact), we may collect, use, store and transfer some or all of the following data from the users of MyLogin or users of Wonde support:
- Identity Data: your name.
- Contact Data: your email address.
- Cookies Data: like many websites, we may use some “cookies” to enhance your experience and gather information about the visitors and number of visits to our Site. Please refer to our Cookie Policy about cookies, how we use them and what kind.
- Technical Log Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Evouchers;
You can withhold your personal data from us, but we may not be able to provide our services to you if you do so.
We may collect your personal data from different sources:
- We collect all of the types of data listed above directly from you when you interact with us. This includes when you register with the MyLogin Website Site, and when you login to the MyLogin Website or use Wonde support.
- We collect Identity Data, Contact Data from the school(s) you are connected to.
- We collect Technical Log Data automatically when you interact with the MyLogin Website or platform, by using cookies and other similar technologies.
3. How we use your personal information
We will only use and disclose your personal information when the law allows us to.
The primary purpose for which we collect and use personal information is to enable us to provide our services and to manage our relationships. We may also use your personal information for reasons associated with the primary purposes.
Where we use personal information for the purpose of providing our services to Schools, we do so on the documented instructions of the School, subject to a direct agreement with the School (and any third party relevant in the data relationship) which controls and limits how we may use the personal information.
We will only otherwise use your personal information when the law allows us to. Most commonly we will use your personal information in the following circumstances:
- To administer our goods and services.
- To communicate with you.
- Where you have consented to the use of the information.
- The personal information was collected for that purpose (the primary purpose).
- For a purpose other than the primary purpose, which is related to (and, in the case of sensitive information, directly related to) the primary purpose of collection as stated above, and you would reasonably expect us to use or disclose the information for that secondary purpose.
- Where there is a permitted exception that applies under the Data Protection Legislation in relation to the use of the information.
- Where we need to comply with a legal or regulatory obligation.
4. Disclosure of your personal information
We may need to share your personal data when using your personal data as set out in the table above. We may share your personal data with the following third parties:
- Our professional advisers, including lawyers, auditors and insurers.
- Service providers who provide IT and system administration services, or who store data on our behalf.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Legislation.
We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to use or disclose your personal information for specified purposes and in accordance with our instructions, which include strict confidentiality and contractual terms.
5. International Transfers
Whilst your data will always remain in Australia, to enable us to optimise the delivery of Services to Schools, we may occasionally provide Wonde UK (being within the same corporate group and subject to the same information security and data protection systems and procedures) access to view your data for support and maintenance purposes. Wonde UK will comply with the Data Protection Legislation and, in addition, will always comply with any UK related data protection legislation.
Like any other established software business, we may use third party service providers for example to optimise our services, improve internal efficiencies and assist with providing data controls. To that end, we may also transfer your personal information to such third parties providing services to us who are based outside of Australia such as to the United Kingdom without obtaining your specific written consent. Specific examples of this include to facilitate services supporting Wonde, providing IT administration services and hosting services, and parties providing assistance with managing our databases. We will only engage such third party providers after undertaking due diligence and we only work with reputable and established brands who offer high levels of protection of data. If we do this, we will always look to limit the amount of data and if possible, anonymise any data that is transferred to such parties from time to time.
Whenever we transfer your personal information outside of Australia or New Zealand, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(a) we reasonably believe that the recipient of the personal information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Data Protection Laws protect the information, and there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme;
(b) we take reasonable steps to ensure that the foreign entity does not breach the Data Protection Laws in relation to the disclosed information;
(c) you consent to the transfer;
(d) the disclosure is required or authorised by applicable law; or
(e) the disclosure is otherwise permitted under the Data Protection Laws.
6. Retention period
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
For more details of our specific retention periods, please contact us.
7. Information Security
Wonde hosts the personal information and data in Australia via our server provider Amazon Web Services. Information security is of great importance to us, and to protect your information we have put in place suitable physical, electronic and managerial procedures to safeguard and secure any personal information that is collected and used or disclosed through our Site, which includes multi layered security protocols for data protection.
We have implemented significant security measures to maintain a high level of security. We are accredited with ISO27001 to demonstrate our commitment to data security.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If we give you a password upon registration on our Site, you must keep it confidential. Please don’t share it.
8. Accessing and correcting your personal information
You may contact us to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.
We are not obliged to correct any of your personal information if it does not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
If you do request access to your personal information, we may require certain information from you to identify you and to confirm you are entitled to make the request.
9. Children and/or Special Category Information
In the circumstances where we do collect and use personal information relating to children or special category information, we recognise that we need to have further justification for the collection, storing and use of this information. In those circumstances, we do so only on the careful instructions of the school or education establishment and solely in accordance with the Data Protection Legislation and specifically the APPs.
We have in place appropriate policies and safeguards when processing such data as referred to in this Privacy Policy.
10. What if you have a complaint?
If you have any concerns or complaints about the way your personal information has been collected or handled by Wonde, please contact the Data Protection Officer at support@wonde.com. We will seek to address your concern or complaint and will consider and endeavour to respond to your complaint no later than 14 days after such a concern or complaint has been raised by you.
It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response:
- In Australia you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. Further information about the application of the Australian Privacy Act, and how to contact the Commissioner, can be found at www.oaic.gov.au.
- In New Zealand you may contact the New Zealand Privacy Commissioner who may investigate your complaint further. Further information about the application of the New Zealand Privacy Act, and how to contact the Commissioner, can be found at www.privacy.org.nz.
11. Contact us
If you have any questions about this Privacy Policy or any concerns or complaints, you may contact us on +61 1800 064 506 for Australia or +64 04 488 1558 for New Zealand, via mail addressed to 204/3 Spring Street Sydney NSW 2000, Australia or via email at support@wonde.com.