OWNA Corp Pty Ltd (ACN 613 387 474) (“OWNA” or “we” or “us”) is committed to protecting the privacy and security of our customers’ personal information. This Security Policy outlines how we protect our data generated and processed by our childcare management software – including our website, and mobile app (Software), from unauthorized access, use, disclosure, modification, or destruction.

OWNA aims to keep its Software and websites safe for everyone, and data security is very important to us.

Definitions

• “Data” or “Content” means any Personal Information that is collected and stored.
• “Personal Information” has the meaning given to that term in the Privacy Act.
• “Privacy Act” means the Privacy Act 1988 (Cth)
• “Service/s” means Our Software, Products, Website, Centre Portal or associated goods and services We make available to You through the website.
• “Software” means Our software licensed as part of the Services.
• “Website” or “Application” means this website, Owna.com.au and other websites We have or establish for Your use.
• “You” or “Your” means any user of the Website or Services.

User data encryption

OWNA Services usage is restricted to secure browsing to ensure all traffic between you and our server is encrypted and protected from being read and tampered with. We have privacy protections in code to ensure posts in relation to your children are only visible to their associated family and/or centre.

Security incident management

OWNA maintains an incident response plan that outlines steps to be taken in the event of a security incident (Plan). The Plan will include procedures for detecting, containing, investigating, and responding to security incidents including but not limited to threats, hacks, phishing, and any other related security breaches. The Plan will be reviewed and updated on a regular basis to ensure that it remains effective and up-to-date.

OWNA will promptly investigate all suspected or actual security incidents or breaches to determine the cause and extent of the incident and will take all appropriate steps to contain and mitigate the incident, including:

• isolating affected systems and devices;
• shutting down network access;
• notifying relevant enforcement and security authorities; and
• communicate with affected individuals, including providing notifications and updates as necessary.

Employee training and awareness

All employees who have access to Personal Information must complete mandatory data security training which covers topics such as data security policies, best practices for data handling and storage, and how to respond to data breaches. OWNA management will periodically assess the effectiveness of its training programs and make updates as necessary.

OWNA’s privacy officer will implement access controls to ensure that only authorized employees can access Personal Information. Access controls will be based on the principle of least privilege, meaning that employees will only be granted access to the Personal Information necessary for them to perform their job functions.

The Software platform will require strong and unique passwords for all employee accounts and may implement multi-factor authentication where feasible. All OWNA employees are obligated to immediately report any suspected or actual data breaches to the Software platform’s designated privacy officer, IT department or OWNA management.

Data retention and disposal of personal information

OWNA will take all reasonable steps to ensure that your Personal Information is stored safely and securely. OWNA will protect your Personal Information by restricting access to your Personal Information and by securely destroying or de-identifying your information when it is no longer needed.

All Data collected or processed by OWNA must have a business purpose and be retained only for as long as necessary to fulfill that purpose. OWNA will establish retention schedules for each type of Data it handles, specifying the period for which the data will be retained and the criteria for determining when Data is no longer needed. In doing so, OWNA will ensure that all employees are aware of and comply with the retention schedules for the Data they handle.

When Data is no longer needed, it must be disposed of securely and promptly. OWNA will use appropriate disposal methods that are consistent with the sensitivity of the data being disposed of, such as shredding, wiping, or degaussing. OWNA will ensure that all employees are aware of and comply with the its disposal policies and procedures and will keep and maintain records of all its disposal activities.

OWNA will establish regular backup procedures to protect against Data loss or corruption. These backup storages will be stored securely, retained only for an appropriate period of time and will be accessible only to authorised OWNA personnel.

Children’s data

OWNA recognizes the sensitive nature of children's Personal Information and is committed to protecting it. Accordingly, OWNA will only collect and process Personal Information from or in relation to children with the explicit consent of their parent or legal guardian. OWNA will limit the collection of Personal Information from or in relation to children to that which is necessary for the provision of the OWNA’s Services. OWNA will not disclose Personal Information collected from children to third parties unless required to do so by law or with the express consent of the child's parent or legal guardian.

OWNA also takes reasonable steps to verify the identity of a child's parent or legal guardian before collecting Personal Information from or in relation to the child. OWNA will provide parents or legal guardians with the ability to review, edit, or delete their child's Personal Information. OWNA will promptly delete any Personal Information collected from or in relation to a child if the parent or legal guardian requests it or if the information is no longer necessary for the provision of the Services. OWNA will use appropriate technical and organisational measures to safeguard children's Personal Information, including but not limited to encryption, access controls, and regular security audits. OWNA will ensure that all personnel who handle children's Personal Information are trained in according to our policies and procedures for protecting such information.

Changes to this Security Policy

We reserve the right to modify this security policy at any time. If we make material changes to this policy, we will notify you by email, by posting a notice on our website or by posting the notice on the Platform prior to the change becoming effective. Your continued use of our Software after the effective date of any changes to this policy constitutes your acceptance of those changes.

Updating your personal information

You have the right to access, correct, delete, and restrict the processing of your data. You may also object to the processing of your data and withdraw your consent to receive marketing materials from us. To exercise your rights or make any requests related to your data, please contact us at support@owna.com.au.

Please note that we may need to retain certain data for legal or administrative purposes, such as record- keeping or to comply with our legal obligations. If you wish to access, correct or update your personal information, please contact us on support@owna.com.au.