Privacy Policy

Phoenix Support for Educators Pty Ltd (ABN 50 607 758 850) and Phoenix Cups IP Holdings Pty Ltd (ACN 633 355 487) (together referred to as “PSFE”, “we”, “us”, or “our”) are committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains what personal information we collect, how we collect it, why we collect it, and how we use and protect it. It also sets out your rights in relation to your personal information.

We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Where applicable, we also comply with the UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR) for individuals located in the United Kingdom and European Union.

This policy applies to all individuals who interact with PSFE, including clients, course participants, workshop attendees, event ticket holders, newsletter subscribers, and visitors to our website.

Phoenix Support for Educators Pty Ltd
ABN 50 607 758 850
The Office Hub, Shop 6, 2-20 Shore Street West, Ormiston QLD 4160, Australia

Phoenix Cups IP Holdings Pty Ltd
ACN 633 355 487

For all privacy-related enquiries, including access requests, corrections, complaints, and data protection matters:

Email: [email protected]
Phone: 1300 361 243
Website: www.phoenix-support.com.au

We collect only the personal information that is necessary for delivering our services and operating our business. This includes:

Identity and contact information

• Full name
• Job title and organisation name
• Email address
• Phone number
• Billing and delivery address
• Geographic location

Technical and usage data

• IP address
• Browser type and version
• Pages visited on our website, time and date of visits, and referring website

Professional and engagement data

• Pre- and post-workshop survey responses (used for feedback and service improvement)
• Personal reflections submitted through online courses, where voluntarily provided. We collect only what is necessary and do not request sensitive personal information through this channel.
• Testimonials and case study contributions, with your explicit consent
• Records of bookings, purchases, and course enrolments
• Recordings of online sessions, where you have given consent at the time of recording

Marketing preferences

• Your subscription status and communication preferences

We do not collect sensitive information such as health data, financial account details (credit card processing is handled securely by Stripe and we do not store card details), or any information about children. Our services are directed at adult professionals. Any case studies or examples used in our programs are fully de-identified.

We collect personal information through the following channels:

• Our website, including the contact form, newsletter signup, and the Phoenix Cups Quiz. The quiz collects de-identified demographic data only.
• Quote and invoice processing through our CRM system (Odoo)
• Online course enrolment and participation through our learning management system (Thinkific)
• Event registrations
• Direct communication by email, phone, video call, or in-person interaction
• Online session recordings, where you have provided consent at the time
• Social media platforms where you interact with our content
• Website analytics and advertising pixels (see Clause 10)

We do not collect additional personal information at in-person events beyond what is necessary to deliver the service or manage attendance.

We collect personal information to:

• Deliver our services, including workshops, online courses, coaching, mentoring, and events
• Process payments and issue invoices and receipts
• Confirm and manage bookings
• Communicate with you about your engagement with PSFE
• Provide access to online courses and resources you have purchased
• Respond to enquiries and provide support
• Send marketing communications, where you have explicitly opted in (see Clause 7)
• Improve our products and services through aggregated, de-identified survey analysis
• Conduct sector research or publish professional insights, where we seek your explicit consent separately at the time
• Meet our legal, regulatory, and tax obligations
• Operate and improve our website and digital platforms

We use your personal information only for the purposes for which it was collected, or for purposes that are directly related and that you would reasonably expect.

We will not use your personal information for a secondary purpose without your consent, unless we are required or authorised to do so by law.

We take reasonable steps to ensure that the personal information we hold is accurate, up to date, and complete. If you believe any information we hold about you is inaccurate or out of date, please contact us at [email protected].

We send two types of email communications:

Transactional communications include invoices, booking confirmations, course access details, and resources directly related to a service you have purchased. These are sent as part of delivering our services and do not require separate marketing consent.

Marketing communications include newsletters, professional learning updates, new course announcements, event invitations, and other promotional content. These are sent only to individuals who have explicitly opted in to receive them.

You can withdraw your marketing consent at any time by clicking the unsubscribe link at the bottom of any marketing email, or by contacting us at [email protected]. Unsubscribing from marketing communications will not affect the delivery of transactional communications related to your active services.

We use Odoo to manage our email communications. We do not sell, rent, or share your contact details with third parties for marketing purposes.

We do not sell, rent, or trade your personal information. We share your information only where necessary to deliver our services, with the following third-party providers:

Each of these providers operates under its own privacy policy and is responsible for compliance with applicable privacy law in its jurisdiction. We take reasonable steps to ensure that third parties with whom we share your information handle it appropriately.

Client data is shared only among PSFE’s internal team members on a need-to-know basis. It is not shared with external facilitators, contractors, or other third parties beyond what is set out above.

We may also disclose personal information where required by law, by a court order, or by a regulatory authority with lawful power to require disclosure.

Some of the third-party services we use are based outside Australia and may store or process your personal information overseas. In particular:

• Thinkific stores customer data on Amazon Web Services (AWS) and Google Cloud Platform (GCP) servers located in the United States. As a fully cloud-based platform, Thinkific operates globally distributed infrastructure rather than a single fixed location.
• Stripe processes payment data in the United States.
• Microsoft and Zoom may process data in multiple international locations, including the United States and European Union.
• Meta and Google process advertising and analytics data across international locations.

By engaging with PSFE and using our website and platforms, you acknowledge that your personal information may be transferred to and processed in these international locations. We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

PSFE delivers services in the United Kingdom. The UK is a service delivery location; we do not operate a separate data processing entity there. UK clients’ data is handled in accordance with this policy and with UK GDPR obligations (see Clause 16).

Our website uses cookies and tracking technologies to improve your experience, understand how our website is used, and support our advertising activities. We use the following:

• Google Analytics - to collect data on website traffic, user behaviour, and performance. This data is aggregated and used to improve our website.
• Meta (Facebook/Instagram) Pixel - to measure the effectiveness of our advertising on Facebook and Instagram, and to show relevant ads to people who have visited our website.
• Google Ads - to measure advertising performance and support remarketing to past website visitors.
• Thinkific cookies - to manage course access, track affiliate referrals, and support the functionality of our online learning platform.

When you first visit our website, you will be presented with a cookie consent banner. You may choose to accept or decline non-essential cookies at that point. Essential cookies required for basic website functionality are always active.

You can manage or withdraw your cookie preferences at any time through your browser settings. Please be aware that disabling certain cookies may affect the functionality of our website or online course platform.

We retain personal information for as long as it is necessary to fulfil the purpose for which it was collected, or as required by law. As a general guide:

• Client records (invoices, bookings, and correspondence) are retained for a minimum of five (5) years from the date of the last transaction, in accordance with Australian taxation and record-keeping obligations. Records relating to ongoing relationships or licensing arrangements may be retained indefinitely while the relationship continues and for a reasonable period afterwards.
• Thinkific course accounts may be closed after twelve (12) months of inactivity. Data associated with closed accounts is subject to Thinkific’s own data retention and deletion practices.
• Marketing subscription data is retained for as long as you remain subscribed. If you unsubscribe, your marketing data will be suppressed from future sends. You may request deletion of your information separately.

We are in the process of formalising a comprehensive data retention and deletion policy. Where you wish to request deletion of your personal information, please contact us at [email protected] and we will respond within thirty (30) days.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:

• Two-factor authentication (2FA) on our CRM (Odoo) and Microsoft 365 platforms
• Secure, cloud-based data storage for our CRM, hosted in Australia via Google Cloud Platform (GCP) Sydney
• Limiting internal access to personal information to those team members who require it to perform their role
• Cyber liability insurance, ensuring our capacity to respond promptly and effectively to any data security incident

While we take every reasonable precaution, no system is entirely immune from risk. In the event of a data breach that is likely to result in serious harm to any individual, we will act promptly in accordance with our obligations under the Notifiable Data Breaches scheme and, where applicable, the UK GDPR.

You have the right to request access to the personal information we hold about you, and to request that we correct any inaccurate, incomplete, or out-of-date information.

To make a request, please contact us at [email protected]. We will acknowledge your request promptly and respond within thirty (30) days. In some circumstances, we may be unable to provide access to certain information - for example, where doing so would unreasonably affect the privacy of another individual, or where we are required by law to retain the information.

Where you request deletion of your personal information, we will take reasonable steps to comply, subject to our legal record-keeping obligations. We are in the process of formalising our access, correction, and deletion request procedure and will provide a clear documented process in due course.

In the event of a data security incident involving your personal information, PSFE will:

• Act promptly to contain and assess the nature and extent of the incident
• Notify affected individuals where the breach is likely to result in serious harm
• Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), where required
• For UK clients, notify the Information Commissioner’s Office (ICO) in accordance with UK GDPR obligations, where required

We are in the process of formalising a comprehensive data breach response procedure to ensure consistent and timely action. Our cyber liability insurance provides additional capacity to respond to and manage data security incidents.

If you believe your personal information held by PSFE may have been compromised, please contact us immediately at [email protected].

PSFE’s services, courses, and digital platforms are directed at adult professionals working in early childhood education and care. We do not knowingly collect personal information about children.

Any case studies, examples, or scenarios used in our programs, publications, or professional development content that may be inspired by real situations are fully and completely de-identified. No identifying information about any child is collected, stored, or used by PSFE at any point.

If you are a parent or guardian and you believe a child under your care has inadvertently provided personal information through our platforms, please contact us at [email protected] and we will take immediate steps to remove that information.

PSFE delivers services in the United Kingdom and to individuals internationally, including through online courses and digital content. Where personal information is collected from individuals located in the United Kingdom or European Union, PSFE complies with the UK GDPR and EU GDPR respectively.

Your rights under UK GDPR / EU GDPR

If you are located in the UK or EU, you have the following rights in relation to your personal data:

• The right to access your personal data
• The right to rectification (correction of inaccurate or incomplete data)
• The right to erasure (“right to be forgotten”), subject to our legal obligations
• The right to restrict processing
• The right to data portability
• The right to object to processing based on legitimate interests
• The right to withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please contact [email protected]. We will respond within thirty (30) days.

Lawful basis for processing

We process personal data under the following lawful bases:

• Contract - where processing is necessary to deliver services you have engaged us to provide
• Consent - for marketing communications and any optional data collection
• Legitimate interests - for website analytics, security monitoring, and service improvement, where these interests are not overridden by your rights

International data transfers

Where your personal data is transferred outside the UK or EU, including to third-party providers based in the United States (such as Thinkific, Stripe, and Meta), we take reasonable steps to ensure that appropriate safeguards are in place. We are reviewing our data processing agreements with key third-party providers to ensure ongoing GDPR compliance.

If you have a concern or complaint about the way we have handled your personal information, we encourage you to contact us in the first instance so we can attempt to resolve the matter directly.

Contact us: [email protected] | 1300 361 243

We will acknowledge your complaint promptly and aim to respond in full within thirty (30) days.

If you are not satisfied with our response, you may escalate your complaint to the relevant authority:

Australia
Office of the Australian Information Commissioner (OAIC)
W: www.oaic.gov.au
P: 1300 363 992

United Kingdom
Information Commissioner’s Office (ICO)
W: www.ico.org.uk
P: 0303 123 1113

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. The current version will always be published at www.phoenix-support.com.au/privacy.

Where material changes are made, we will endeavour to notify existing clients and subscribers. We encourage you to review this policy periodically.

This policy supersedes all previous versions of PSFE’s Privacy Policy.