Scroll Top

Privacy Policy

Privacy Policy

Purpose

Real Schools is committed to protecting the privacy, security and confidentiality of personal information held about employees, partner schools, contractors and third parties. This Privacy & Security Policy outlines how we collect, store, use, protect and disclose personal information in compliance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • The PDP Act
  • The HR Act
  • Relevant Education sector privacy standards
  • Essential 8 Maturity Level 1 requirements (ACSC)

This policy has been developed as part of Real Schools’ efforts to comply with its obligations under this legislation.

Scope

This policy applies to:

  • All personal and organisational data collected and stored by Real Schools
  • All staff and contractors who access Real Schools systems
  • All data stored in Real Schools platforms, including but not limited to Microsoft 365 and HubSpot
  • Any third-party service providers acting on behalf of Real Schools

Definitions

Personal Information
Identifies or could reasonably identify an individual, such as names, contact details, job titles, or survey responses.

Sensitive Information
A protected category of personal information under the Privacy Act. Real Schools does not collect sensitive case notes or student behavioural/mental health information.

Partner School Information
Professional and organisational information collected from partner school staff for partnership delivery (e.g., names, roles, emails, attendance records, schedules). Does not include individual student case data.

Data Breach
Unauthorised access, disclosure, or loss of personal information, whether accidental or intentional.

Third-Party Service Provider
Any external organisation engaged to support Real Schools services, including IT, storage, communication, and administrative systems.

Disclosure
Providing personal information to someone outside Real Schools, including to contractors or regulatory bodies when required.

Security Controls
Measures used to protect information, such as MFA, encryption, device protection, password requirements, and Essential 8 Maturity Level 1 practices.

Zero Trust
A security approach where all users must be authenticated and authorised before accessing any Real Schools systems or data.

Notifiable Data Breach
A data breach likely to cause serious harm and therefore must be reported under the Notifiable Data Breaches scheme.

 

Privacy Principles in detail

1. How do we collect your personal information and how do we use it?

We collect personal information directly from you when you register for an event or webinar,  complete forms on our website (or a website administered by Real Schools), if you contact us in person, by e-mail, in writing, over the telephone or via social media.

The personal information collected generally includes salutation, name, job title, contact details and payment details if you have made a purchase with us. We may also collect sensitive information about you such as membership of any professional associations, dietary requirements or information from a purchased list.

The information we collect is used only to:

  • Verify your identity.
  • Assist you to enrol for our events or to subscribe to our publications.
  • Promote our events to you.
  • Maintain and develop our database.
  • Share information from time to time with other professional organizations.

Financial information that is collected (like the customer’s account or credit card number) is used only to bill the user for services requested and any transaction details remain secure.

2. Disclosure of Personal Information

Personal information may be forwarded onto third parties only for the purpose to assist in the supply of services to you and for sponsorship purposes. At no time is the information collected disclosed to any third party for any other reason.

At times we use third party companies to collect personal information and communicate with you via email or telephone on our behalf, in accordance with the Act.  In all of these communications we ensure you will clearly be able to identify us.

We will only disclose personal information in accordance with the Act. This means that it will be disclosed if:

  • we told you when collecting it that it would be disclosed for that purpose or for a related purpose that you would reasonably expect;
  • we have your consent;
  • it is part of business assets which we are selling;
  • we are required by law to disclose it; or
  • it is otherwise permitted under the Act

We will endeavour to process any request for opting out as soon as possible, but you may receive communications from us or from third parties whilst we are processing your request.

Email communications are only sent to:

  • recipients who have opted to receive them
  • participants in our events unless they have asked us not to do so
  • those who enquire about our events unless they have asked us not to do so

In sending email communications, we ensure that you can identify us as the originator.

3. What are cookies and why do we use them?

We also use cookies to collect some statistical data about visitors to our websites.  Cookies are small pieces of data stored on the web browser on your computer.  This website and associated websites (including those you reach by clicking on advertising) may store cookies on your browser.  The cookie doesn’t track any personal information about you or provide us with any way to contact you, and the cookie doesn’t extract any information from your computer.

The main reasons we store cookies are to:

  • Gather statistics such as number of visits, pages viewed, types of transactions conducted, time online and documents downloaded to improve site usability
  • Enable us to present customised and appropriate messages from our events and third parties such as targeting more relevant advertisements to you

If you wish to disable or remove cookies, please visit the ‘Help’ section of your browser or mobile device.  Please be aware however, that parts of the website may not function correctly as a result of disabling cookies.

4. Maintaining accurate records

The main purpose for collecting personal information is to enable Real Schools to market its events and products. Real Schools takes all reasonable precautions to ensure that the information we collect, use and disclose is accurate, complete and up-to-date. The accuracy of the information, however, depends to a large degree on the information provided to us.

If you have any questions about the security or accuracy of your stored personal information you can contact us at the details provide below.

You can help us to protect your privacy by contacting us immediately if your contact details change.

5. Current and past Real Schools Partner Schools

In order to deliver a successful partnership, Real Schools collects and manages limited personal and organisational information from partner school staff. This may include staff names, roles, emails, contact details and partnership-related documentation such as schedules, session attendance records, survey responses (including School Culture, Parent Perception and Student Climate surveys), and relevant communication logs.

Real Schools does not collect or store individual student behaviour case files, mental health notes or any other sensitive case-specific information. Information is collected only through legitimate service activities, such as onboarding forms, email communication, portal registration, support requests and survey participation.

Real Schools does not use this additional personal and organisational information for advertising, marketing unrelated to your partnership, or selling data to third parties. We do not profile individual staff or students, and we do not use partnership information to generate targeted advertising, commercial insights, or promotions from external organisations. Real Schools also does not use school-specific information beyond what is required for secure service delivery. All partner school information is used strictly for supporting your partnership and improving the services we provide—nothing else.

This information is used solely for partnership management, delivery of professional learning (PL), administrative processes, secure portal access, invoicing, reporting, and communication. All personal information is stored in secure systems including Microsoft 365 (SharePoint and OneDrive) and HubSpot, with backups managed through approved tools such as Acronis Cyber Protect. These platforms may store data in Australian, European or United States regions, all of which comply with relevant international privacy and security standards. Real Schools and its contracted service providers operate under strict confidentiality and access requirements.

To protect the security of partner school information, Real Schools applies a Zero Trust approach, Essential 8 Maturity Level 1 controls, and multiple technical safeguards. These include multi-factor authentication, encryption of data in transit and at rest, device protection requirements (antivirus, regular updates, no local data storage), patch management and continuous activity monitoring. Access to partnership information is strictly role-based, reviewed quarterly, and removed immediately when no longer required. Contractor access is time-limited, logged and controlled.

Personal information is disclosed only to authorised Real Schools staff, approved service providers involved in partnership delivery, or regulatory bodies where legally required. At all times, Real Schools limits disclosure to what is necessary for service delivery and maintains compliance with the Privacy Act 1988, Australian Privacy Principles and sector-specific obligations.

6. How does Real Schools protect the security of your information?

Real Schools employs strict security procedures to ensure that information will not be misused, and to prevent unauthorized access modification or disclosure.

We also ensure that any personal information no longer needed by us is either destroyed or modified so that you can no longer be identified.

7. Opt Out

We give you the right to opt out from receiving communications from us, whether by email, mail or phone by emailing info@realschools.com.au, by calling us on 1300 789 422 or writing to us at the address below.

8. Data Breach Response Process

Real Schools follows the Notifiable Data Breaches (NDB) Scheme under the Privacy Act 1988. A data breach includes any unauthorised access, disclosure, or loss of personal information.

Contain
Act immediately to secure systems, stop unauthorised access, and protect affected accounts or devices.
Assess (within 30 days)

Determine:

  • what information was involved
  • who is affected
  • the likelihood of harm

Assessment is led by the CEO and IT support.

Notify (if required)
If serious harm is likely:

  • notify affected individuals
  • lodge a statement with the Office of the Australian Information Commissioner (OAIC)

Review
Identify the cause of the breach and implement improvements to prevent recurrence.

9. Privacy Enquiries & Complaints

Privacy Officer
Real Schools
3/28 Diane Street
Mornington, VIC, 3931

Phone: 1300 789 422
Email: info@realschools.com.au