Privacy Policy
Privacy Policy
EduSuite CRM (“we”, “our”, “us”) understands how important your privacy is. We take care in how we handle all personal information collected through our website and CRM platform. This Privacy Policy sets out how we collect, use, store, and disclose personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information We Collect
We collect information you provide directly (contact details, billing details, account data, support requests), information automatically collected (IP address, device, analytics, cookies), and information uploaded by our clients into their CRM accounts (“Client Data”). We act as a data processor for Client Data.
1.1 Information You Directly Provide
This may include:
- Your name
- Email address
- Phone number
- Business or organisation name
- Billing and payment details
- Login information
- Communications you send us (support requests, enquiries, feedback)
- Preferences for marketing or notifications
1.2 Information Collected Automatically
When you use our website or CRM platform, we automatically receive:
- IP address
- Browser details
- Device information
- Site or platform usage data
- Cookie identifiers
- Analytics information from tools like Google Analytics and Meta Pixel
This helps us understand how people use our services and improve them.
1.3 Information We Process on Behalf of Our Clients
Because EduSuite CRM is a platform used by businesses (including RTOs), our clients may upload or store personal information about their own customers, students, leads, contacts, or staff.
Examples include:
- Names and contact details
- Enrolment or training details
- Notes, uploads, tags, or communication logs
- Automation and workflow data
In these situations:
- Our clients control the information
- We process it only on their instructions
- We do not use or access this information unless required for support or security
2. How We Use Personal Information
We use personal information to provide and maintain our CRM services, process payments, respond to support requests, send service updates, deliver marketing (with consent), monitor performance, and meet legal obligations.
We use personal information to:
- Provide and maintain the EduSuite CRM platform
- Create and manage user accounts
- Process payments through secure third-party payment processors
- Respond to support requests quickly and effectively
- Send important updates about system changes or outages
- Deliver newsletters and marketing messages you’ve opted into
- Improve our website and platform experience
- Monitor performance and maintain security
- Meet legal and regulatory requirements
We do not sell your personal information.
3. Legal Basis
We process personal information based on consent, contractual necessity, legitimate business interests, and legal compliance.
Depending on your interaction with us, we process your information based on:
- Consent (e.g., email marketing opt-ins)
- Contractual necessity (e.g., providing your CRM subscription)
- Legitimate business interests (e.g., service improvement, fraud prevention)
- Compliance with legal obligations
4. Cookies and Tracking
We use cookies and similar tracking technologies to enable platform functionality, analytics, security, and marketing. Cookies can be disabled in browser settings.
Cookies may help with:
- Logging in
- Remembering preferences
- Analytics
- Security
- Advertising and re-marketing
You can disable cookies in your browser settings, although some features may not work correctly.
5. Payments
Payments are securely processed through Stripe and eWay. We do not store full card details.
Stripe and eWay handle personal and financial information under their own policies and global security standards.
These can be found here:
6. AI Features
EduSuite CRM may provide AI-powered tools, such as content generation and workflow automations.
These features may process:
- Text or prompts you enter
- Contact or lead data used inside workflows
- Actions used to automate communication
We ensure AI processing follows strict confidentiality rules and complies with the Privacy Act.
7. Storage and Security
Your data is hosted on secure third-party cloud infrastructure. To keep your information safe, we use:
- Encrypted connections (HTTPS/SSL)
- Access restrictions
- Multi-factor authentication (where supported)
- Monitoring for suspicious activity
- Regular updates and patching
- Backup and redundancy systems
While we take security seriously, no online system is entirely risk-free. You’re responsible for keeping your login details private and secure.
8. Disclosure of Information
We may share personal information with:
- Our secure hosting and technology infrastructure provider
- Payment processors (e.g., Stripe)
- Email/SMS delivery services
- Analytics and monitoring tools
- Professional advisers (legal, accounting)
- Regulators or law enforcement when required by law
We never share client CRM data unless legally compelled or instructed by the client.
9. Sub‑Processors
As part of providing a modern cloud-based CRM, we may use approved sub-processors to support:
- Hosting and server operations
- Email/SMS communication
- Analytics
- Customer support
- AI features
Each sub-processor must follow strict confidentiality and security requirements.
A list of sub-processor categories is available on request.
10. International Transfers
Some of our service providers or infrastructure may be located outside Australia.
Where this happens, we take reasonable steps to ensure the overseas provider meets Australian privacy expectations and includes appropriate safeguards.
11. Access, Correction and Rights
You can request:
- Access to your personal information
- Corrections to inaccurate or incomplete information
- Deletion of certain personal information
- Updates to your marketing preferences
Important:
For information uploaded by our clients into their CRM accounts, you must contact the account holder directly, as we cannot modify or delete that data without their instructions.
You may request access, updates, or deletion of your personal information by contacting privacy@edusuite.au.
12. Anti‑Spam Compliance
We comply with the Spam Act 2003 (Cth).
We will only send marketing emails or SMS if you:
- Have opted in, or
- Have an existing relationship with us where marketing is permitted
You may unsubscribe at any time by:
- Clicking the “unsubscribe” link in an email
- Replying STOP to an SMS
- Contacting us directly
13. Data Retention
We keep personal information only for as long as it is reasonably required for:
- Providing services
- Legal and regulatory obligations
- Resolving disputes
- Account management
- Security and fraud prevention
When your account is closed:
- Direct account information is deleted or anonymised
- Client CRM data is removed according to the account closure process
- Some records may be retained where required by law
14. Data Breaches
If a breach occurs, we will investigate, take corrective action, and notify affected individuals and the OAIC where required.
We will:
- Investigate the incident
- Take steps to reduce any harm
- Notify affected individuals where required
- Notify the OAIC (Office of the Australian Information Commissioner) if legally required
We will always act promptly and transparently.
15. Children
Our platform is designed for adults and professionals. We do not knowingly collect information from anyone under 16 years of age.
If you believe a child has provided information, please contact us.
16. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at: https://edusuite.au/privacy-policy
If the changes are significant, we may notify users by email or website notice.
17. Contact
Privacy Officer – EduSuite CRM
Email: privacy@edusuite.au
Postal: PO Box 175, Hornsby NSW 1630
Version 1.0 – November 2025
Legal Entity: RTO Coaching and Consultancy Pty Ltd (ABN 55 604 855 816)