The Hutchins School
Contact Support Sign In
The Hutchins School
Library
Browse
Loans
Saved
Sign In Browse Search Loans Saved Contact Support
Library Support Privacy Policy

Wheelers ePlatform Limited (“ePlatform”)
Privacy Policy

Wheelers ePlatform Limited (“ePlatform”) is committed to safeguarding your privacy. We will only use the information that we collect about you lawfully. This Policy describes how we treat personal data.

Who we are

Wheelers ePlatform Limited (“ePlatform”), company registration number is 9429045932007. We are a service provider to Schools, Colleges and Libraries.

Purpose and scope of this Policy 

The Policy is designed to provide an overview of how data protection is managed in the ePlatform Group. It sets out the following:

  • Data protection policy and objectives
  • How this policy affects you
  • The data protection framework
  • Legal compliance, including the requirements of the EU General Data Protection Regulation (GDPR)

This Policy is intended for circulation to ePlatform’s customers, end users, suppliers and other interested parties.

POLICY, OBJECTIVES AND SCOPE

Privacy Policy Statement

The Privacy Policy of ePlatform recognises, observes and protects the rights of individuals (data subjects) in regard to any of their personal data that the ePlatform Group collects, processes and stores, in accordance with all applicable legal, regulatory and contractual obligations. The Policy will be reviewed annually.

Objectives

The objectives of the Policy are to:

  • Communicate ePlatform’s Data Protection commitment to employees, customers and other third parties;
  • Summarise how ePlatform’s approach to data protection management is designed to be compliant with data protection legislation;
  •  Summarise governance arrangements for data protection management.

Scope

The scope of the Policy covers:

  • All personal data collected and / or processed by ePlatform in the conduct of its business, in any format;
  • All products and services developed and provided by ePlatform
  • All ePlatform staff.

HOW THIS POLICY AFFECTS YOU

What personal information we collect

We gather personal data to deliver our products, services, and related information to customers and end users. The specific personal data collected depends on your interaction with us.

The types of personal data we gather include:

  • For customers, potential customers, or end users, we may gather information such as your name, contact details including phone number and email address, library name, school name, class year, and location of school or library.
  • We refrain from collecting any unnecessary personal data from customers and end users (eg. date of birth, details on political or religious beliefs).
  • It's typically impractical for you to remain completely anonymous, as we may not be able to interact with you, grant access to the service, or respond to your inquiry if we can't identify you or collect your personal data.
  • We might also collect data about your interactions with us, and any additional information you choose to provide us with, such as interactions with our customer and technical support teams.

Customers, end users, and prospective customers who don't give consent (or have it given on their behalf) can't provide us with personal data and can't use our services. You can, however, withdraw your consent at any time.

How we collect and process your Personal information

We may gather your personal data through various methods, including:

  • Directly from you, unless it's unreasonable or impracticable;
  • From our customers in libraries/schools/educational institutions (e.g., teachers or administrators arranging access for their students and staff).

Individual end users registering independently must consent to provide us with personal details like their name, age, and email address at the time of registration. If they are under 13 or considered minors in their region, a parent or guardian must consent on their behalf.

Parents registering for their children need to consent at the registration time to provide us and their children's information.

Teachers or administrators registering for their class or school must also consent at registration time to provide us with their own name, school name, and email address, along with end user data. At the customers option this information can be reduced for students and patrons to simply a username as a minimum. Other details for end users/students are not mandatory.

We also seek customer consent at login time to use any collected personal data in accordance with this Privacy Policy and our Online Services Agreement. If a customer will not provide their consent, they can't agree to the Online Services Agreement and must not use the Services.

Use of your Personal information

The data we collect from customers, end users, or prospective customers can be used for several purposes:

  • Facilitating access to our products and services;
  • Managing potential purchases, subscriptions and payments, including providing quotes or offers;
  • Sending a confirmation notice to the customer upon registration; administering and managing accounts, including password resets, answering customers' queries, contacting customers regarding issues with their account or conduct on the service;
  • Delivering updates about our products and services;
  • Distributing ePlatform emails about the Site, including feature updates, planned outages, improvements, upgrades, new product development and service rules;
  • Utilising information for administrative, planning, product/service development, staff training, quality control and research purposes tied to our products and services;
  • Marketing purposes, only when we have explicit or implied consent or if the law otherwise permits us. Customers can opt out at any time using the specific instructions within the communications we send.

Our services do not offer any means for end users to communicate directly with each other. There are no chat rooms or forums associated with our services.

Our services may offer additional features where administrators, parents and teachers can consent, or consent on behalf of an end user, to access, disclose or use their personal or learning activity information.

Limitations of use of your Personal information

ePlatform maintains the confidentiality of your personal information and will not sell or disclose your information to advertisers or external parties, except when:

  • Required by law or regulatory bodies, such as courts or regulators, to share your information;
  • Enforcing our Online Service Agreement or licence terms for accessing and using the service;
  • Disclosing to a third party that assists us, powers our service’s features or processes data for us, like a product distributor, a licensor, owner of a product we distribute, or a contracted service provider;
  • Involving transactions of our companies or assets, wherein a successor organisation inherits or operates the service and assumes the obligations of this Privacy Policy and our contractual commitments; or
  • Ensuring the safety and security of our customers and end users and our service.

We ensure third parties acting on our behalf respect this Privacy Policy, applicable privacy obligations and our contractual agreements.

Typically, your data stays within ePlatform, but in some cases, we share result data with government education departments, school bodies or schools themselves, particularly with School Customers who use our product features (such as performance reporting tools) for educational/teaching purposes. We obligate these parties to strictly comply with our guidelines, use the information solely for valid educational interests and avoid any commercial purposes.

We do not sell data to advertisers in any form - personal, anonymous or aggregated. We don't engage in targeted advertising to children, nor create personal profiles of students beyond supporting authorised educational/school purposes or as specifically permitted by a parent/student or school/educational institution customer.

We don't use cookies or third-party providers for behavioural targeting of advertisements to end users. For more details, refer to our Cookie Policy.

How long we hold your information

We hold the personal information collected from our customers and end users as long as necessary for providing Service access or managing their account. If your registration with our Service ends, or you choose to no longer receive communications from us, or if you request us to delete your information (or if a parent or guardian does so on your behalf if you are under 13 or legally a minor in your location), we take reasonable measures to delete the personal information of end users we have collected within 5 years or upon request, as per our Data Retention Policy. However, we may still keep and use personal information as needed to meet our legal and regulatory obligations, resolve disputes, and enforce our agreements. We might also retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytics, and for improving our products and services.

Customers and end users can ask for their personal information to be deleted by reaching out to dpo@eplatform.co

Updating and accessing your personal information

Customers and end users have the right to ask for a copy of the personal information we hold on them, and they can update this information at any point by getting in touch with ePlatform.

To receive a copy of this data, or wish to update or correct any information we hold about you, please send your request to our Data Protection Officer at dpo@eplatform.co.

Keeping your personal information secure

Refer to Safety and Trust area at https://www.eplatform.co/au/trust-and-safety/

Data transfers, storage and processing globally

Personal information from customers and end users is stored on servers maintained by Microsoft Azure, and are located in Australia. Please refer to our Safety and Trust area for more details on data hosting and processing. Additional information can be found in our Online Services Agreement Data Processing Addendum.

We operate on a global scale, which may sometimes require accessing your personal information from locations other than your own. This might occur when data is accessed by companies within the ePlatform Group for operational, administrative, and compliance reasons. Our sales, operational, or global customer support teams, are located in Australia, New Zealand, the United Kingdom, and Malaysia.

Anonymous or aggregated information

ePlatform collects anonymous data from customers and end users, in addition to personal information and results data. This anonymous data, unlinked to individual identities, is used for reporting, analytics, and resource enhancement.

Third-party providers assist with elements of our online advertising and marketing. They gather data about your actions on our site and other sites where our advertisements appear, which doesn't directly or personally identify you. This data might include viewed content, view times, purchased products, or location information tied to your IP address. Using this data, we and our third-party providers aim to display more relevant ePlatform ads to you (a practice known as "retargeting"). This involves collecting data on where and which ads you interact with, again without personally or directly identifying you. We do not direct this type of marketing or advertising at students or children.

By accepting the Online Services Agreement, customers and end users allow us to use this anonymous information for our purposes, such as generating statistical reports or improving our product content.

For more details on cookies, please refer to our 'Cookie Policy'.

DATA PROTECTION FRAMEWORK

ePlatform as Data Processor

ePlatform, and its associated companies and divisions, acts as a data processor with regard to the processing of personal data for the following categories of data subjects:

  • Persons who work or volunteer for organisations that buy products or services from ePlatform
  • Students/patrons: where ePlatform processes their data in order to provide services to the data controller (educational establishment customer or library)
  •  Customers:

Individual consumer customers

  • Education Establishment customers who require ePlatform to process personal data in order to deliver the services
  • Suppliers
  • Consultants
  • Staff working for organisations

ePlatform enacts its obligations as a data processor with regard to:

  • Legal requirements
  • Contracts
  • The Terms & Conditions of its products and services

Consent

ePlatform reflects legal requirements relating to consent in the following ways:

  • How consent is obtained, recorded and managed in its customer-facing systems
  • Data retention and deletion procedures
  • Terms & Conditions for products and services

Individuals’ Rights

In accordance with data protection legislation, ePlatform recognises that data subjects have specific rights that must be protected and observed.

Right to be informed

ePlatform provides employees, customers and other third parties with information about how personal data is collected, processed and managed. ePlatform seeks to provide this information in language that is clear, concise and intelligible. This information is intended to be easily accessible for internal and external users.

Right of access

ePlatform provides data subjects with access to the personal data that it manages as a data controller. Data subjects for whom ePlatform is not the data controller but may process their personal data, should contact the data controller directly when requesting such access.

Right to rectification

ePlatform recognises the right of individuals to have inaccurate or incomplete data to be amended. ePlatform employees should initially make a rectification request to ePlatform ’s Human Resources department. Data subjects for whom ePlatform is not the data controller, should – in the first instance – contact the data controller when making a data rectification request. Queries or complaints should be made to support@eplatform.co

Right to erasure

ePlatform recognises the right of individuals to request for their data to be deleted or removed where there is no compelling reason for its continued processing. ePlatform will, in all cases, follow any guidance provided by relevant authorities (such as Australian Information Commissioner and Privacy Commissioner, the Office of the Privacy Commissioner (NZ) and the UK Independent Commissioner’s Office (ICO)) on how and when such a request should be observed.

ePlatform maintains a data retention schedule so that personal data is not retained for longer than is necessary with regard to the purpose for which the data was originally collected. This may include logging data that is temporarily retained for diagnostic purposes. However, some personal data may be required to be retained in order to observe other legal or regulatory obligations. In addition, in line with the ICO’s guidance on the constraints that exist when deleting data retained in digital back-ups, ePlatform will seek to place such back-ups beyond effective use.

Right to data portability

Where the right of portability applies, as defined by the ICO, ePlatform will provide data in a form that is structured, commonly used and in a machine readable form. In most cases, this will be the CSV format.

Data Security

ePlatform regards data security a critical component of data protection compliance.

A wide range of technical controls are used to protect data, including but not limited to:

  • Data encryption
  • Anti-virus and anti-malware software
  • Network monitoring
  • Access management
  • Vulnerability scanning and penetration testing
  • Asset management

A wide range of non-technical controls are used, including but not limited to:

  • Physical security controls at ePlatform offices
  • Security policies, including Data Classification & Handling, Data Protection, etc
  • Security training

The implementation of such controls may vary between specific products and services.

Data Breaches

All security incidents are logged on an internal security incident management system. They are reviewed and evaluated by a member of the security management team.

A security incident that involves personal data will initially be categorised as a Potential Data Protection Incident. If it is determined that a data breach has indeed occurred, this will trigger a formal Data Breach procedure.

If a data breach relates to employee data, ePlatform will inform the relevant authority in accordance with published guidance.

If the data breach relates to customer or supplier data, ePlatform will notify the relevant data controller.

Data we receive

Logging in to the school/library lending platform is managed through a variety of authentication methods including LDAP, SAML SSO, SIP2, OpenID and FTP. In a number of these cases the school/library we are contracted with, send user/patron data that will enable this authentication to occur accurately. Any personal data that is sent, is managed by the school/library itself. The school/library is the data controller and ePlatform is the Data Processor.

The data we receive on library/school patrons may include:

  • Barcode/username
  • Password
  • Year level, for restricting access of certain titles to certain age groups
  • Name, if barcode is not chosen by the school.
  • Email, used to notify availability of a title that has been reserved.

Legal Basis for Processing Data

The legal basis for ePlatform processing personal data varies according to the nature of the activity being undertaken:

  • Consent of the data subject, e.g. consent to receipt of marketing information
  • Necessary for the performance of a contract, e.g. storing of employee and basic student/patron data
  • Processing for compliance with a legal obligation, e.g. retention of some employee data
  • For the purposes of legitimate interests, e.g. direct marketing

Who we share information with

We share personal data with our Library customers, group companies and suppliers as necessary to run our business. For example, our parent company provides us with hosting, and helps us to fulfil loan requests.

Cookies

Cookies are small text files stored in your device’s cache by our servers. Our website sets some cookies itself to remember your choices and help the site to function. Please review our separate cookie policy where you can review cookie settings.

UPDATES TO THIS POLICY

Our privacy policy is regularly reviewed to make sure we continue to serve the privacy interests of our customers. We reserve the right to change and update the privacy policy and these changes will be posted to this page. We encourage you to visit this page from time to time to ensure you are aware of any changes we may have made. We will tell you about major changes by email.

If you have any concerns about this privacy policy or what we do with your personal data, please contact your Data Controller (school/library).

See our Online Service Agreement incorporating Data Processing Agreement

See our Trust and Safety Area for more detailed information.

Contact us

For any requests to access, update, or delete personal information, as well as inquiries or concerns regarding your personal information and this Privacy Policy, please reach out to us at dpo@eplatform.co

You may also send us a letter if you have a question or a complaint at the following address:

Privacy Officer
Wheelers ePlatform Limited
228/ 117 Old Pittwater Road
Brookvale, NSW, Australia 2100

Downloading

Cancel Download