1. Definition of Personal Information

Under the Privacy Act 1988 (Cth), "personal information" refers to any data or opinion about an identified individual, or an individual who is reasonably identifiable, irrespective of whether the information is true or recorded in any form. Information that does not disclose an individual's identity is generally excluded from this definition and is not subject to this policy.

2. Collection of Personal Information  

The type of personal information collected depends on how the website is used. Vivedus may collect details such as:  

  • Contact name and telephone number
  • School name and address
  • Numbers of staff and students  

Additionally, when using the Vivedus SaaS platform, the following information may be collected:

  • Full names, usernames and email addresses for all users
  • Information about classes, subjects and year levels taught
  • Lesson planning information, including content and metadata
  • Learning support information including support plans and student support requirements
  • User preferences and settings
  • User-generated content, such as comments and feedback  

3. Methods of Collection  

Personal information is obtained through:  

Direct input on the website or SaaS platform - The use of cookies that track website usage to enhance user experience. These cookies, however, do not generally enable personal identification.  

4. Purpose of Collection  

The primary reasons for collecting personal information include:  

Delivering an optimised and responsive service experience - Assisting prospective schools and individuals seeking further information about Vivedus - Facilitating direct marketing communications, where consent has been provided. Sensitive information is never used for direct marketing. Each marketing message includes a straightforward option to opt out. - Sharing information only with authorised service providers and support personnel who help operate the website and SaaS platform  

5. Access and Correction

In line with the Australian Privacy Principles (APP 12 and APP 13), individuals are entitled to access the personal information held by Vivedus and request corrections to any inaccuracies. Requests for access or corrections should be directed using the contact details provided in Section 10.  

6. Complaint Procedure  

Should there be any concerns regarding the handling of personal information, complaints should be addressed to the Managing Director, Paul Browning, at Vivedus Pty Ltd using the contact details in Section 10 of this document. Upon receiving a complaint, further details may be requested to clarify the matter. If the complaint is found to be valid, corrective measures will be implemented in consultation with the complainant. If the resolution is unsatisfactory, the matter may be referred to the Office of the Australian Information Commissioner.  

7. Overseas Transfers

Personal information is not transferred outside Australia unless explicitly requested. In instances where an individual requests that their data be sent overseas, it is important to note that the receiving party may not be bound by the Australian Privacy Principles, and Vivedus Pty Ltd cannot assume responsibility for any subsequent mishandling of such information.  

8. General Data Protection Regulation (GDPR)  

For individuals residing in the European Union, additional protections under the General Data Protection Regulation (GDPR) may apply. Should personal information be processed in a manner that does not align with the GDPR, affected individuals may be entitled to additional rights and remedies.  

9. Subprocessors  

Vivedus Pty Ltd engages several subprocessors to support and enhance its service offerings. The following paragraphs provide details about each subprocessor, including their purpose, the types of data disclosed, the lawful basis for processing, and the jurisdictions in which data may be processed or stored.  

Google Analytics:  

Google Analytics is employed to gather usage data and statistics from the Vivedus website and SaaS platform, including tracking user interactions. The lawful basis for this processing is Vivedus's legitimate interest in optimising service performance and user experience. Data may be processed and stored in jurisdictions where Google operates.  

Website: [https://analytics.google.com] | Privacy Email: privacy@google.com

Microsoft Azure:  

Microsoft Azure is utilised for file storage, including backups and SaaS application file storage, processing only anonymised user files. The lawful basis here is contractual necessity, ensuring the reliable operation of file storage services. Data is processed and stored within Australia.  

Website: [https://azure.microsoft.com] | Privacy Email: privacy@microsoft.com

fly.io:  

fly.io provides cloud hosting services for the SaaS platform within the ANZ region, handling all platform code and data (excluding application file storage managed by Microsoft Azure). The processing is based on contractual necessity to ensure efficient and secure hosting services, with data processed and stored within Australia.  

Website: [https://fly.io] | Privacy Email: privacy@fly.io

Cloudflare:  

Cloudflare delivers essential services such as DDoS protection, web application firewall (WAF), content delivery network (CDN), and rate-limiting for the SaaS platform. The lawful basis for processing is Vivedus's legitimate interest in maintaining robust security and high performance. Data may be processed or stored in multiple jurisdictions.  

Website: [https://www.cloudflare.com] | Privacy Email: privacy@cloudflare.com

Turso:  

Turso acts as the production database provider, offering secure-at-rest hosting and backups for the SaaS platform's production database. The lawful basis for processing is the legitimate interest in ensuring secure and reliable database operations. All data is processed and stored within Australia.  

Website: [https://turso.tech] | Privacy Email: privacy@turso.tech

AWS:  

Amazon Web Services (AWS) supports the Vivedus SaaS platform by sending automated emails via Amazon Simple Email Service (SES). The processing of the contents of these non-sensitive emails is based on contractual necessity, ensuring effective communication with users. Data may be processed and stored within Australia.  

Website: [https://aws.amazon.com] | Privacy Email: aws-privacy@amazon.com

Freshworks:  

Freshworks is used for the support portal, ticketing system, and customer relationship management (CRM) functions. It processes data such as user email addresses and support request details, along with other personal information in the CRM. The lawful basis is contractual necessity for providing customer support and maintaining customer relationships. Data may be processed or stored in various jurisdictions.  

Website: [https://www.freshworks.com] | Privacy Email: privacy@freshworks.com

Algolia:  

Algolia is responsible for storing anonymised lesson planning content from the Vivedus platform. The processing is founded on the legitimate interest in enhancing service delivery through data analysis, while ensuring user anonymity. Data is processed and stored within Australia.  

Website: [https://www.algolia.com] | Privacy Email: privacy@algolia.com

OpenAI:  

OpenAI processes anonymised lesson planning content to provide tailored recommendations. The lawful basis for this processing is Vivedus's legitimate interest in enhancing user experience via data-driven insights. Data may be processed or stored in multiple jurisdictions.  

Website: [https://openai.com]| Privacy Email: privacy@openai.com

Sentry:  

Sentry is employed for performance monitoring and error detection on the SaaS platform, processing application logs that include anonymised user data. The lawful basis for this processing is the legitimate interest in maintaining platform reliability and performance. Data may be processed or stored in various jurisdictions.  

Website: [https://sentry.io] | Privacy Email: privacy@sentry.io

Clerk:  

Clerk provides authentication services for customers not integrated with Azure Active Directory. The processing of user login credentials and session tokens is based on the legitimate interest in ensuring secure access and authentication. Data may be processed or stored in various jurisdictions.  

Website: [https://clerk.com] | Privacy Email: privacy@clerk.com

10. Contact Details  

For any inquiries regarding this Privacy Policy, requests for access to personal information, or any concerns about privacy practices, please contact Vivedus Pty Ltd at: Email: privacy@vivedus.com