Privacy Policy

Last updated 15th October 2021

About BioBrain’s Privacy Policy

This webpage explains our privacy and security commitments in plain language.

  • BioBrain Learning Pty Ltd (“BioBrain” or “we”) knows your privacy is important to you and we are committed to providing a safe and secure user experience. This Privacy Policy is incorporated into the BioBrain Terms of Service, and applies to the use of BioBrain online at BioBrain.com.au, cottoneducationalconsulting.com, and on mobile devices (collectively, “BioBrain”), which are owned and operated by BioBrain. It describes how we collect, use, secure, and share information of our users and individuals whose payment details are used to purchase BioBrain (collectively, “you”). It also describes how to access, update and correct your personal information and the choices available to you regarding your personal information.
  • BioBrain is a global e-learning resource company. We produce and/or distribute a range of online resources and a website for BioBrain.
  • References to the Site in this Privacy Policy includes all products and resources that we produce and /or distribute.
  • BioBrain is committed to protecting the safety and security of our registered users, including students, teachers, school administrators and parents (collectively, Registrants) and we are sensitive to our Registrant’s concerns about the safety of the personal information provided to us. Please read this Privacy Policy carefully in order to understand how any personal information collected by us is used.
  • As a global company, our Privacy Policy has been developed in accordance with a range of legislation which applies to us. In addition, we have developed our privacy framework to assist our customers that are schools, districts and education bodies to comply with privacy legislation and regulations applicable to them and the way they manage personal information.
  • Collectively, this legislation includes, without limitation:
    • The Australian Privacy Act 1988
    • The New Zealand Privacy Act 1993
    • The United Kingdom Data Protection Act 2018
    • The United States Children’s Online Privacy Protection Act (“COPPA”) and Rule
      as administered by the Federal Trade Commission
    • The United States Family Educational Rights and Privacy Act (“FERPA”)
    • The Alberta Freedom of Information and Protection of Privacy Act
    • The Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”)
    • The Freedom of Information and Protection of Privacy Act (British Columbia) (“FIPPA”)
    • The Personal Information International Disclosure Protection Act (Nova Scotia) (“PIIDPA”)
    • The Municipal Freedom of Information and Protection of Privacy Act, Ontario (“MFIPPA”)
    • The Student Online Personal Information Protection Act, California (“SOPIPA”)
    • With effect from 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679)(“GDPR”).
  1. What personal information we collect from you
  2. What we will do with your information
  3. What we will not do with your personal information
  4. How we collect and process your information
  5. How long we hold your information
  6. Updating and accessing your personal information
  7. Keeping your personal information secure
  8. Data transfers, storage and processing globally
  9. Anonymous or aggregated information
  10. Social Media
  11. Cookies
  12. Revision of Privacy Policy
  13. Contact Us
  14. More privacy information
  15. Special information for users across Canada
  16. Special Information for users in the European Union

1. What personal information we collect from you

  • We collect two main types of information – personal information and anonymous information – and we may use personal and anonymous information to create aggregate information (which does not identify and cannot reasonably be used to identify an individual student).
  • We collect the following categories of personal information:
    • As a customer, prospective customer, or user of our Site, we may collect information such as your name, contact information including phone number and email address, school name, class year and country or state of residence or school
    • We may also collect details of other interactions that you have with us, together with any other information that you choose to provide us with, for example, through your interactions with our customer and technical support teams.
    • If you sign in to BioBrain using your Facebook, Gmail, or other third party credentials, we will use that service to authenticate you.  We may also receive other information that you have agreed may be provided by that third party, such as your username, name, e-mail address, date of birth and gender.  We receive this information so that it can be used for the purposes explained in this policy.
    • We may supplement the information you provide to us with additional information gathered from other sources, such as publicly available information.
    • We also ask for certain, limited demographic information, including your first name, surname, gender, date of birth and education level.  Providing most of this information is optional.  We also allow you to upload a photo of yourself and select your preferences for training, language, and receiving email communications.
    • We do not however collect any unnecessary personal information from Registrants (for instance, information about religious beliefs).
    • In addition to the information you provide to us, when you use BioBrain, you may automatically submit information about the computer, mobile device, or other devices you use to access BioBrain and about how you use BioBrain.  For example, we receive data about the topics you navigate and your performance in those topics.  We may also receive information such as your browser type, IP address, language, the type of device you use, operating system version, unique device identifier (“UUID”), the date and time of your visit and files you viewed on our site (e.g., HTML pages, graphics, etc.), Internet service provider, clickstream data, the pages you view and the websites you visited immediately before and after visiting BioBrain.  In some cases, we link this automatically collected data to other information we collect about you.  We do this to improve the services and marketing we offer you. From time to time, we use push notifications in our mobile applications to send you messages about BioBrain or your account.  You may opt out from receiving push notifications through your device settings.  We do not access or track any location-based information from your mobile device.
    • It is impractical in most circumstances for you to remain anonymous, and we may not be able to interact with you, provide access to the Site, or answer your enquiry if we are not able to identify you or collect your personal information.
    • In the case of school/educational institution customers (School Customer), we seek consent from the School Customer to be provided with Registrant information for and on behalf of that student or teacher.
    • In the case of individual / home subscriptions (Home Customers) we seek consent from the Home Customer at the time of purchasing and registering the product to use the information collected. Where the Home Customer is a student who is a minor, we ask that permission be sought by that student’s parent / legal guardian.
    • Registrants who do not give this consent (or do not have this consent provided on their behalf) cannot provide us with their personal information and cannot use the Site. You can however withdraw your consent at any time.

2. What we will do with your information

  • The information collected from Registrants, customers or prospective customers may be used for the following purposes
    • to provide access to our products and services;
    • authenticating your login and processing your payments;
    • personalising your BioBrain experience and customising your training program;
    • allowing you to monitor your performance and progress in BioBrain, by, for example, presenting charts and graphs of your performance to you;
    • to manage prospective purchases, purchased subscriptions and payments including to provide quotes or offers for, and updates about, our products and services;
    • to send a confirmation notice to the Registrant of the registration; to administer and manage accounts, including password resetting, responding to questions raised by Registrants, providing customer support and to contact the Registrant about any problems with the Registrant’s account or conduct on the Site;
    • to send out a BioBrain newsletter or emails about the Site including information about current events, changes, improvements, upgrades, new product development and rules of the Site;
    • to publish the names of winners and high performers on the Site or in the BioBrain newsletter and to provide results data for each Registrant or school class;
    • to send prizes or certificates for participation and performance on the Site;
    • for administrative, planning, product or service development, staff training, quality control and research purposes relating to our products and services;
    • protecting our intellectual property or other rights;
    • we may share your information with certain third parties selected by us to help support our operations.  These include, for example, services that help us process payments, analyse web traffic, send emails, and track customer support requests.  In addition, we may share limited personal information to third parties that help us market or advertise BioBrain.  These third parties may have access to your information only for purposes of performing these tasks on our behalf and we contractually require them to protect your information consistent with this Privacy Policy.
    • for marketing purposes, but only where we have express or implied consent to contact someone or we are otherwise permitted by law to do so. Registrants may also opt out at any time by by navigating to your email notifications page or by following the unsubscribe instructions included in each email.  Please note you may not opt out of certain transactional emails, such as when we email you to confirm transactions, address account issues, or communicate about customer support; and following the specific opt out instructions within the communications that we send.
    • we may disclose your information when we believe we have your consent to do so, such as when you contact customer support and ask us about your account, or when we have the consent of someone we believe is authorised to consent on behalf of you, such as the individual associated with the payment method for your account.  If you have expressly agreed to participate in a research study with us or with a third party that incorporates your personal information collected by BioBrain, we also may disclose your information for the purpose of facilitating the research to which you have consented.

We may provide you the opportunity to participate in contests or surveys, and those materials may request that you provide personal information or other demographic information.  Such information will be used for purposes of the survey or contest and otherwise as described in this Privacy Policy.  Please note that participation in these surveys or contests is completely voluntary and you may decline to provide such information. We also reserve the right to use non-personal information (e.g., de-identified or aggregate data) for any purpose.  For example, we may show aggregate performance measures to users to allow them to evaluate their performance against other BioBrain users.  Also, we may disclose performance statistics to school and university collaborators to evaluate, study, and improve the effectiveness of our programs.  In these situations, all data is disclosed either in aggregate form or with information that can identify you removed.  In addition, when we work with school and university collaborators, we contractually prohibit them from attempting to re-identify individuals from data that has been de-identified.

  • BioBrain leaderboards: BioBrain strives to provide a highly engaging Site for students. Given students have indicated their strong preference for their name to be shown publicly on our Sites in recognition of their achievements, we allow this – but we do not allow full names (i.e. First Name and Surname) to be shown publicly. In addition, all administrative user access to any Site permits the partial (to initials only) or full anonymising (by use of a pseudonym) of names, where preferred by the user. If you have any questions about the BioBrain leaderboards and managing the information that is disclosed, please contact us.
  • The Site does not provide students with any means to communicate directly with each other. There are no chat rooms connected with the learning resources.

3. What we will not do with your personal information

  • BioBrain will keep your personal information confidential and not sell or disclose your information to advertisers or any external third parties, unless:
    • we believe, in good faith, that we are required to share your information with a third party such as a regulator or court in order to comply with law, regulation, legal process, court order, or subpoena;
    • to enforce our Terms & Conditions or the terms of the licence granted to access and use the Site;
    • the disclosure is to a third party that acts on our behalf, powers certain aspects of our Sites or processes data on our behalf, such as a distributor of our products and services, the licensor or owner of a product or resource that we distribute, or to a contracted service provider;
    • in connection with any transaction involving our companies or assets, where another party acquires ownership or operation of the Site, in which case that successor organization will be subject to the obligations in this Privacy Policy and any contractual representations we have entered into; or
    • to protect the safety and security of our Registrants and our Site.
    • If third parties act on our behalf, we require them to hold, use and disclose your personal information in accordance with this Privacy Policy, applicable privacy obligations and our contractual obligations
    • Generally we will only use your information within BioBrain, however, sometimes we provide data on results to government education departments, peak bodies managing or representing schools, or schools themselves, especially in the case of School Customers, who use the features of our products (such as performance reporting tools) for educational / teaching purposes. We will require these third parties to comply strictly with our instructions, use the information only for legitimate educational interests and not for any commercial purposes
    • We do not sell data to advertisers (whether personal, anonymous or aggregated). We do not use data to engage in targeted advertising to children and we do not create or build personal profiles of students other than for the purpose of supporting authorized educational/school purposes or as otherwise specifically authorized by a parent/student or school/educational institution customer.

4. How we collect and process your information

  • We may collect your personal information in a number of ways, including:
    • directly from you (unless it is unreasonable or impracticable to do so);
    • from our school / educational institution customers (e.g. teachers or school administrators that purchase access to our Site for their students and teachers); or
    • from third parties such as our distributors (resellers and sales agents).
      • In order to register for BioBrain resources, students registering individually and not part of a school, must give their consent at the time of registration to provide us with their personal information such as their name, age and email address (or if they are under 13 years of age, or legally a minor in their relevant location, a parent or guardian must consent on their behalf).
      • Alternatively, parents registering on behalf of their child(ren), must give their consent at the time of registration to provide us with information about them and their child(ren).
      • Teachers or administrators registering for their class or school must give their consent at the time of registration to provide us with their own name, class name, school name and their email address, as well as the names of their students.
      • We also ask for Registrants’ consent to use any personal information collected in accordance with this Privacy Policy at the time of login to our Site. If a Registrant does not wish to provide us with their consent, they cannot agree to the Site Terms and Conditions and must not use the Site.

5. How long we hold your information

  • We retain the personal information that we collect from and about our Registrants for as long as it is needed to provide access to the Site or to manage that Registrant’s account. We take reasonable steps to delete the personal information we collect if your registration to use our Site lapses and you opt out of receiving further communications from us, or if you ask us to delete your information. We may however retain and use personal information as necessary to comply with our legal and regulatory obligations, to resolve disputes and to enforce our agreements, and we may retain and use anonymous and aggregated information for performance reporting, benchmarking and analytic purposes and for product and service improvement.
  • Registrants can request that their personal information be deleted by contacting the BioBrain Data Protection and Privacy Officer (contact us here).

6. Updating and accessing your personal information

  • Registrants can access, review, correct and delete your registration information through your Account page.  Registrants may also access or delete the personal information we have collected about you by contacting us at the contact information listed below.  Upon request, BioBrain will provide information about whether we hold Registrants personal information.  While we will make reasonable efforts to accommodate Registrants requests, if allowed by applicable laws, we reserve the right to impose certain requirements and restrictions on such requests, such as limiting our production of information to certain formats and not deleting information that is no longer identifiable.  We will respond to Registrants request to access in a reasonable timeframe, not longer than 30 days.
  • Registrants have a right to request a copy of the personal information we hold about them, and Registrants can also update their personal information at any time, in each case by contacting BioBrain.
  • If you wish to receive a copy of this information or to update or correct information held about you, please address your request to the Privacy and Data Protection Officer (contact us here). We will endeavour to deal with your request promptly.

7. Keeping your personal information secure

  • BioBrain is committed to information security. We will use all reasonable endeavours to keep the personal information we collect and use in a secure environment, and we have implemented appropriate technical, administrative and physical security measures that are designed to protect personal information from unauthorised access, disclosure, use and modification.
  • We have implemented and maintain reasonable security practices to protect against the unauthorised access, use, modification, destruction, or disclosure of your personal information.  For example, when you enter sensitive information on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).  We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it.  However, no method of transmission or storage is completely secure, and we therefore cannot guarantee absolute security.  If you have any questions about security on our website, please contact us using the contact information below.
  • BioBrain is committed to information security. We will use all reasonable endeavours to keep the personal information we collect and use in a secure environment, and we have implemented appropriate technical, administrative and physical security measures that are designed to protect personal information from unauthorised access, disclosure, use and modification. As part of our privacy compliance processes we review these security procedures to consider appropriate new technology and methods and engage independent third parties to review and audit aspects of our information security.
  • We provide our personnel with training about data security and privacy, and we require all our employees and contractors to comply with this Privacy Policy and their obligations of confidentiality. We will take appropriate actions to address breaches by employees and contractors of the obligations imposed by this Privacy Policy.

8. Data transfers, storage and processing globally

  • Registrants’ personal information is uploaded to and stored on servers that are maintained by third parties that comply with strict contractual privacy obligations. These servers are located in the Melbourne, Australia.
  • As we operate globally, if you access BioBrain outside of Australia, you fully understand and unambiguously consent to the transfer of your personal information to, and the collection and processing of such personal information in Australia. We may on occasion allow your personal information to be accessed in countries other than your own location. We may do this where data is accessed:
    • for operational, administrative and compliance purposes;
    • by one of our licensors (who owns, develops and hosts a particular product) or distributors (sales agents or resellers) who requires the information to set up, service or manage a customer account;
    • where a copy is sent to the Registrant itself at their request.
  • By consenting to the collection and use of their personal information, Registrants’ consent to their personal information being transferred and stored in this manner.
  • Registrants in Canada, please refer to our additional information about Canadian users. In accordance with various Canadian provinces’ privacy legislations applicable to many of our school customers we do not store Canadian students’ personal identifiable information outside of Canada. All the data pertaining to a student’s activity within the platform (non-identifiable data) is stored in the East US 2 region of Microsoft Azure. Access to the data is restricted only to the users themselves – and then only via our own applications. It is strictly inaccessible outside of the environment of a BioBrain resource account and each user only has access to their own data (or in the case of a school’s administrator or IT technician, the data within the school’s wider account).
  • Registrants in the EU, please refer to our additional information about EU users.
  • In the APAC region, we may record, with your express consent, customer service calls for quality and staff training purposes. If, with your consent, we record a customer service telephone call, that recording will be stored in data centres located in Australia and deleted when no longer required.

9. Anonymous or aggregated information

  • In addition to personal information and results data, BioBrain also collects anonymous information about Registrants and the activities of Registrants on the Site. Anonymous information is information that is not linked to the name or identity of a user. This information is used for educational performance reporting and analytics and to assist us in enhancing the learning resources. The information remains anonymous at all times.
  • BioBrain utilises third-party providers to power certain elements of the Company’s online marketing and advertising. These service providers collect data about your activities that does not personally or directly identify you when you visit our website or the websites and online services where we display advertisements (i.e. publishers). This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We use the information we and these third party service providers collect to serve you more relevant advertisements regarding BioBrain resources (referred to as “retargeting”). We collect information about where you saw the ads and what ads you clicked on. This is data that does not personally or directly identify you.
  • When agreeing to the Term and Conditions, Registrants grant us the right to use this anonymous information for our own purposes, such as the preparation of statistical reports or to improve and change the content of our products.

10. Social Media

  • Blog.  Our website offers publicly accessible blogs.  Some blog posts allow comments via Facebook.  You may need to login or contact Facebook both to post comments and to delete personal information that previously was posted in the comments.  You can review Facebook’s privacy policy at this link: https://www.facebook.com/policy.php.
  • Referrals and contacts.  We allow you to refer your friends and contacts to BioBrain, either by manually entering their email addresses or by importing contacts from email accounts you have with third parties.  If you choose to utilise these features, we will use and store the email addresses only for purposes of sending the invitation emails you have requested.  If you utilise these features, the friends or contacts that you refer may contact us at the contact information listed below to request that we delete their personal information.  Please note that we do not collect the username and password to your email accounts; the import features route you to the third-party email provider to log in through their services.
  • Social media widgets.  Our website and mobile devices applications may include social media features, such as Facebook, WhatsApp, LinkedIn, and Twitter buttons.  Such features may collect your IP address and information about the page you are visiting, and may set cookies to function properly.  Your interactions with these features are governed by the privacy policies of the company providing them.

11. Cookies

  • A cookie is a little piece of information handed to a web browser from a web server that contains information that can be retrieved from the server later. When you visit the Site the server may attach a cookie to your computer’s memory. BioBrain uses cookies only to the limited extent to recognise the Registrant when they visit the Site and pairing that Registrant with the account (and account preferences) that the Registrant created. We use cookies to better display our website, to save you time, to provide better technical support and to track website usage. For example, cookies help us to:
    • Keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you;
    • Remember your settings on the pages you visit, so that we can display your preferred content the next time you visit;
    • Customise the function and appearance of the pages you visit based on information relating to your account; for example, in order to default you to a particular grade level, or to remember customised settings for a report.
  • To obtain further information about our use of cookies on our websites and within our products, please refer to our Cookies page.

12. Revision of Privacy Policy

BioBrain reserves the right to change, modify, or revise this Privacy Policy in order to comply with any applicable laws, to reflect changes in our processes or for any other reason at any time. Material changes in our Privacy Policy will be communicated to Registered Users and customers you either by email, by posting a notification on BioBrain or by posting an updated privacy policy on BioBrain thirty (30) days in advance of the effective date of the updated TOS.  Please note that, for existing users, unless otherwise provided by applicable law, your continued use of BioBrain following the effective date means that you agree with, and consent to be bound by, the updated TOS. We also encourage our Registrants to check the Privacy Policy periodically to read about any changes, modifications, or revisions. Registrants may wish to check it each time they submit personal information. You will be deemed to have consented to such variation by your continued use of the Site following any changes being made.

13. Contact Us

  • All requests to access, update and delete personal information as well as questions and concerns about your personal information and this Privacy Policy should be directed to the BioBrain Support Team. We will endeavour to respond to your query as quickly as possible.
  • If you are not satisfied with the response you receive, you may have the right to contact the regulator responsible for privacy in your home country.

14. More privacy information

15. Special information for users across Canada

  • BioBrain is committed to providing access to our resources through an environment that is compliant with all national and provincial privacy requirements applicable to us, and those requirements that apply to our School Customers across Canada.
  • This Privacy Policy has been developed with the standards required to be compliant with the Alberta Freedom of Information and Protection of Privacy Act, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information International Disclosure Protection Act (Nova Scotia) (“PIIDPA”), the Freedom of Information and Protection of Privacy Act (British Columbia) (“FIPPA”) and the Municipal Freedom of Information and Protection of Privacy Act, Ontario (“MFIPPA”).
  • We sometimes transfer school information to others, including to affiliated entities or unrelated companies (“service providers”), that carry out certain functions on our behalf such as order fulfilment, accounts receivable and data processing. Student names or other personally identifiable information, however, remains in Canada. In those cases where we do need to use the services of a third party, we require them not to use or disclose the information for any purpose other than as directed by BioBrain.
  • We take all reasonable contractual or other measures to protect your personal information while processed or handled by these service providers. If the information is located outside Canada it will be subject to legal requirements in those foreign countries applicable to our service providers, however the information they have will not be personal in nature.

16. Special Information for users in the European Union

  • BioBrain welcomes the EU General Data Protection Regulation (GDPR) as an essential set of regulations to affirm our commitment to data protection across the European Union. We are committed to ensuring:
    • Personal data is processed fairly, lawfully and in a transparent manner
    • Personal data is collected and processed only for specified and lawful purposes
    • Processed data is adequate, relevant and not excessive
    • Processed data is accurate and, where necessary, kept up to date
    • Personal data is not kept longer than necessary
    • Personal data is processed in accordance with an individual’s rights
    • Personal data is kept secure
    • Personal data is not transferred to countries outside of the EU without adequate protection
  • The information below should be read in addition to our Privacy Policy, and outlines specific information relevant to certain aspects of our GDPR compliance. BioBrain Learning Pty Ltd is a company registered in Australia trading as BioBrain with Australian Company Number (ACN) 644 545 040. (https://biobrain.com.au).
  • Lawfulness of processing: BioBrain collects personal information in a number of contexts and for a number of purposes. Please refer to the “What personal information we collect”, “What we will do with your information” and “How we collect and process your information” sections of the Privacy Policy. Our processing activities are based either on consent or legitimate interests pursued by BioBrain and our school and district customers in delivering learning resources for use by schools, teachers, parents and students which are designed to improve learning outcomes and inspire a love of learning.
  • Is personal information transferred outside of the European Union? Yes, personal information in relation to Registered Users and customers located in the EU may be transferred outside of the EU in 2 main situations:
    • User data is uploaded to and stored on our servers located in Melbourne, Australia.
    • In most instances, personal data about our EU based customers is collected, accessed and managed by our sales, operational and customer support teams in Australia. Very occasionally however, such information may be shared with our employees in one of our offices outside of the Australia e.g. to respond to an urgent customer support query outside of normal hours or for internal reporting processes.
  • For further information, please contact the BioBrain Data Protection and Privacy Officer.