Book & Branches Pty Ltd – Privacy Policy
Effective Date: 24 November 2024
Last Updated: 22 November 2025
Book & Branches Pty Ltd (trading as Bush Kindy Learning, Bush Kindy Teaching, and Bush Kindy Shop) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
By accessing our website, enrolling in a program, purchasing resources, or using digital tools, you agree to this Privacy Policy, our Terms & Conditions, and our Website Disclaimer.
1. Information We Collect
We collect personal information necessary to deliver our programs, products, and services, including:
1.1 Contact & Identity Information
Names, email addresses, phone numbers
Organisational details (service name, role, educator status)
Parent/guardian details for children’s programs
1.2 Child Information (Teaching Programs Only)
Collected only with parental or service authorisation:
Child name and age
Medical conditions, allergies, behavioural information
Emergency contact details
1.3 Program, Purchase & Operational Information
Booking details
Attendance records
Payment and invoicing information
Order history (Shop)
1.4 Digital & Website Information
IP address, browser data, and cookie information
Website analytics
Form submissions
Emails or messages you send to us
1.5 Reflection & AI Tool Inputs (Optional)
For adult learning only:
Written reflections
Responses to prompts
Names/emails only if voluntarily submitted
1.6 Sensitive Information
We collect sensitive information (e.g., medical or health details) only with your explicit consent, and solely for safety, risk management, and emergency purposes.
2. How We Collect Information
We collect information when you:
Register for programs or training
Purchase from Bush Kindy Shop
Complete forms, surveys, or feedback
Communicate by email, phone, or social media
Interact with digital reflection or AI tools
Visit our website
Participate in Teaching or Learning programs
Child information is collected only through authorised adults.
3. Why We Collect Personal Information
We collect and use information to:
Deliver programs, professional development, and resources
Process orders and payments
Provide safety management and medical/emergency response
Communicate program updates, changes, or notices
Provide customer support
Meet WHS, NQF, and operational requirements
Manage bookings and participation
Improve our programs, website, and digital tools
Comply with legal, insurance, and funding obligations
Provide optional reflective learning or follow-up support to adults
We do not use personal information for automated decision-making or profiling.
Where program data is shared with funding partners or stakeholders, it is provided in de-identified or aggregated form unless you have provided explicit consent for identifiable information to be shared.
4. Access & Use Restrictions
Access to personal information is restricted to authorised staff and contractors who require the information to carry out their duties. All staff receive privacy and data-handling training.
All personal information is stored within our central customer relationship management (CRM) system, with access limited to authorised personnel and restricted according to operational necessity. Information stored in the CRM is segmented by purpose, and data relating to Bush Kindy Teaching, Bush Kindy Learning, and Bush Kindy Shop is accessed only where required to deliver the specific service you have engaged.
We do not cross-use information between Bush Kindy Teaching, Bush Kindy Learning, and Bush Kindy Shop unless required for operational delivery or where you have provided explicit consent.
5. Disclosure to Third Parties
We do not sell or rent personal information.
We may disclose personal information to:
trusted service providers (payment processors, IT platforms, analytics tools)
insurers, auditors, or legal advisers
funding bodies where reporting is required (in de-identified form unless consented otherwise)
emergency services where required for safety
regulatory authorities where legally required
All third parties must handle information under Australian privacy standards.
6. Overseas Storage & Cloud Providers
Some service providers (e.g., Zoho, Google Workspace, Xero, Stripe) may store or process data overseas. We take reasonable steps to ensure these providers comply with the APPs and protect your information with appropriate safeguards.
7. Children’s Privacy
We collect information about children only:
with consent from a parent, guardian, or authorised service
for the purpose of delivering children’s programs safely
We do not publish children’s images or details without written consent, which may be withdrawn at any time.
No child data is collected through AI tools, reflection tools, or digital learning.
Additional consent requirements apply to photographs and video.
Images or videos of children will never be captured, stored, or used without explicit written consent from a parent, guardian, or approved provider.
8. Medical & Emergency Information
We collect medical and emergency information to:
support risk assessment
enable basic first aid
contact emergency services where required
notify your nominated emergency contact
You remain responsible for ensuring medical details are accurate and up to date.
9. Cookies, Analytics & Tracking
Our website uses cookies and analytics tools to:
understand visitor behaviour
improve functionality and user experience
support marketing and communication activities
Cookie use can be controlled through your browser settings.
10. Data Security & Retention
We take reasonable steps to protect personal information from loss, misuse, unauthorised access, disclosure, or modification.
Data is stored in secure, access-controlled systems.
We retain information for up to 7 years or as required by:
the Privacy Act
insurance compliance
financial reporting laws
Records relating to participation in children’s programs may be retained for longer than 7 years where required for insurance, safeguarding, or legal compliance.
When no longer required, information is securely deleted or anonymised.
11. External Links
Our website may contain links to external sites. We are not responsible for their privacy practices or content. Users are encouraged to review the privacy policies of those sites.
12. Social Media & Integrations
Interactions with platforms such as Facebook, Instagram, LinkedIn, YouTube, or other integrated tools are subject to each platform’s privacy settings and policies.
We recommend checking your personal privacy settings on those platforms.
You may opt out of newsletters or promotional communications at any time by using the unsubscribe link provided or by contacting us directly.
13. Your Rights
You may request:
access to your personal information
corrections to inaccurate data
deletion of information (where legally permitted)
withdrawal of consent for future data use
limitations on how we use certain information
We will respond to all requests within 30 days.
14. Data Breaches
In the event of a data breach likely to cause serious harm, we will:
take immediate steps to contain the breach
assess the impact
notify affected individuals
notify the OAIC where required
provide guidance on protecting your information
15. Reflection Tools & AI Services
Optional reflective tools may be offered to support adult learning and community leadership.
Participation is voluntary
Reflections are visible only to you and the facilitator
Data is not used for assessment or profiling
Any public sharing is fully anonymised unless consented
No child data is collected through these tools
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect operational, legal, or technical changes.
The current version will always be available on our website.
Your continued participation or use of our services constitutes acceptance of updated policies.
