Privacy policy

This privacy policy sets out how Loop Platform treats the privacy of users of Ziplet and others with whom we interact.  We regard protection of privacy as a fundamental part of our relationship with users and comply with GDPR (for EU users), COPPA and FERPA (for USA users) and the Privacy Act (for Australian users).

The privacy of students is particularly important to us. As explained in more detail below:

  • the only information that we collect from students to register for the Ziplet is their name, email address, and age (to determine if parental consent is required)
  • we do not sell or rent student information
  • we do not advertise on Ziplet

We do not collect, maintain, use or share student personal information beyond that authorized below or by the relevant student or their parent.

What personal information about you do we collect or hold?

We may hold the following personal information about you:

  • name
  • user name and password
  • email address
  • user category (you must register as a student user, teacher user or leader user)
  • your age at time of registration if you select student user (so that we know if we need to comply with age-related legal requirements)
  • phone number (if you provide it as a part of a website contact form)
  • images, if provided, or provided from Google or Microsoft if you connect your Google or Microsoft account
  • name of the institution or school (if any) that has paid for your access to Ziplet (Client) and any related class, faculty, department, campus, qualification, workplace, internship, or placement
  • depending on the questions asked by users via Ziplet - information about you contained in communications or responses by or from you or other users (whether or not sent to you) via Ziplet (Content), including feedback, comments, scoring scales and multiple choice responses of any kind about you
  • analytical data about your use of Ziplet, which we use solely for the purposes of encouraging your use of Ziplet, providing any Client Reports (as described below) and improving Ziplet.

If you are a teacher user we may also hold information about how you came to join Ziplet.

We may be unwilling to provide Ziplet to you if you do not provide some personal information.  For example, without name and email details it is impractical for us to provide Ziplet to you.

We do collect some non-personally identifiable information (either ourselves or using third party service providers) using website logins and cookies. We use this information for the purpose of providing and improving Ziplet, to monitor and analyze use of Ziplet, for Ziplet’s technical administration, to increase Ziplet’s functionality and user-friendliness, and to verify that users have the authorization needed for Ziplet to process their requests.

Please review your web browser “Help” file to learn the proper way to modify your cookie settings if you wish to do that. Limiting some cookies may hinder our ability to provide the Service to you.

When do we collect and store personal information?

The circumstances in which we collect and store personal information about you may include:

  • when you sign up to become a Ziplet user and for the purpose of assigning a User ID to you
  • when you or another user interact via Ziplet in a way that involves providing personal information about you
  • when you or another user sends an enquiry to us or makes a comment or other post through Ziplet or via email or social media
  • when you enter into a financial transaction with us
  • when you respond to a customer survey from us
  • as part of automated analysis of your usage of Ziplet
  • if you are the parent of a student user under age 13 at time of registration and provide your consent to us regarding them using Ziplet

Use and disclosure of personal information

We use the personal information about you for the purposes for which it was provided or collected, including the following purposes:

  • to provide and support or improve Ziplet
  • to respond to enquiries or support requests received from you
  • to perform any financial transactions with us that are initiated by you
  • to verify your identity and to assist you if you have forgotten any user ID, user name or password
  • to report to the relevant Client regarding usage of Ziplet (subject to the restrictions described below about us disclosing personal information about you to the Client)
  • for our internal administrative, marketing, planning, product development and research requirements
  • if you are a student user - to communicate with you but only to notify you of a failure to respond to a communication to you by a teacher user or leader user, or to notify you of a password reset or any change to our Terms of Service or Privacy Policy
  • if you are teacher user or leader user (and subject to your right to opt-out below) - to communicate with you (including to encourage your use of Ziplet) and provide you with information (whether by email or via Zipet) about Ziplet
  • to seek and respond to user or Client comments on Ziplet
  • to receive and address complaints about us, Ziplet, or any user (including regarding alleged misuse of Ziplet or unacceptable Content)
  • to protect our legal interests and fulfill our regulatory obligations (if and to the extent necessary).

All users and others with whom we interact may opt-out of receiving communications from us except as necessary or desirable for the operation of Ziplet (including notification of any password reset or any change to our Terms of Service or Privacy Policy)

We do not:

  • sell or license any personal information about you to any person
  • send any marketing communication to you at the request of any person
  • include any advertising on Ziplet (except for advertising of our premium service to teacher category users by us).

We do not build any personal profile of you (other than your basic details contained in your registration for use of Ziplet).

We do not provide any bulletin board, forum or other facility to make personal information publicly available via Ziplet.

In relation to disclosure of personal information about you, this is separated into 3 cases:

  • disclosure to other users
  • disclosure to our service providers
  • overriding permitted disclosures.

Disclosure to other users

If you provide Content via Ziplet, then Ziplet will make it clear if you can provide it on an anonymous basis.

If you provide Content on an anonymous basis, then we do not provide your name to any user in connection with that Content.  However we do not vet the Content to prevent you disclosing personal information (including your identity or the identity of any other person) when you provide Content, which could occur in any of the following ways:

  • (express) by you expressly including personal information in the Content
  • (inferred from content) by you including other information in the Content from which your identity or personal information can be inferred or
  • (inferred from limited numbers) by reason of your identity being able to be inferred due to a single or low number of users having been sent a communication to which you are responding when providing the Content, and as a result in the above circumstances any such personal information (whether express or inferred) may be disclosed or apparent to a user.

Where you do not provide Content on an anonymous basis, then your name and Content may be disclosed to other users.

Where a Client pays for access to Ziplet for their teacher and student users, we do not disclose the teacher or student users’ Content to the Client (or to any associated leader user), but we may make reports (Client Reports) available to them that include the following information:

  • aggregate level of usage within a Client's environment, including the total number of teachers, students, responses, announcements and messages. None of this can be tracked to an individual user
  • whether or not a teacher user has asked student users particular questions preloaded on Ziplet (either by the Client or us) in a calendar year
  • whether or not a teacher has gathered responses on Ziplet in a calendar year
  • whether or not a student has provided responses on Ziplet in a calendar year

All information above is for the purpose of demonstrating the Ziplet's overall use to the Client.  This reporting does not include any user’s Content.

Note that we do not control the subsequent use or any disclosure (including to any Client) that may be made by any user of any Content (whether anonymous or non-anonymous) made available to them in accordance with the above.  A user may choose, or be required by law (e.g. where any form of mandatory reporting applies), to use or disclose all or part of the Content received from you, even if you have not agreed to that use or disclosure

Without limiting the above, where a Client pays for access to Ziplet for their teacher and student users, they may be entitled to appoint one of their personnel as an additional teacher user for any class or subject (even if the additional teacher user is not in fact a teacher of the class or subject), who may then provide to the Client any or all Content visible on Ziplet to teacher users in that class or subject.  The existence and name of any such additional teacher user will be visible to the other teacher user(s) for that class or subject.


Disclosure to our service providers

We may share your personal information with third parties who help us to provide the Ziplet (Service Providers).  All disclosures to Service Providers are subject to us being satisfied about their reputation, and the Service Provider agreeing to:

  • obligations to keep your personal information secure that are consistent with (or more onerous than) the security measures described in this privacy policy; and
  • confidentiality obligations that in practice prevent the Service Provider from:
    - using your personal information other than for the educational purposes that Ziplet    facilitates; and
    - retaining or doing anything else with your personal information in a way that would be inconsistent with this privacy policy

You can view our list of Service Providers here, including what information they collect.

Overriding permitted disclosures

Despite any other provision of this policy, we may (but are not obliged to) disclose personal information, including your name or any Content provided by you, to any third party (including, where applicable, another user or a Client):

  • where we have your express permission to do so
  • if required by law (including in relation to any freedom of information request)
  • if in our opinion it is necessary or desirable in order to respond to any allegation or query by any Client (or by any user not connected with a Client) of misuse of Ziplet (including any alleged unacceptable Content)
  • if in our opinion it is necessary or desirable in order to protect the health or safety of any person (including you) or to prevent, report or investigate the damage or destruction of any property or breach of any law
  • in order to enforce or apply our terms and conditions or to protect our rights, property, or safety of our personnel, customers or users (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction)
  • in connection with a sale or proposed sale of Loop Platform, or substantially all of our assets, to a third party, in which case any personal information about you that we disclose will be subject to the same constraints on use and disclosure as under this policy.

Apart from Client Reports, we may provide to Clients, potential Clients, users or the public generally:

  • de-identified case studies and de-identified Content; and
  • information based on anonymized usage data and aggregated Content,

but in every case what is provided will not refer to any teacher or student user, or be able to be attributed to any teacher or student user.

Children under 13

Where a child under 13 wishes to become a student user and use Ziplet we require consent to them doing so from a parent (or other person with the relevant legal authority, which may include the child’s teacher if a parent has given them authority) in a form acceptable to us. Please see our Student Privacy Best Practices and Parent Consent Form for guidelines on how parents and teachers can provide consent.

If you are a parent of a child under 13, then you may also withdraw your consent to further collection of your child’s personal information. In the case of a registered student, please advise the Ziplet Privacy Officer (below) and we will cancel your child’s registration and they will cease to be able to use Ziplet. If a student is not a registered user, you may withdraw your consent via your child’s teacher who will not provide a GO pin to your child.

Disclosure and transfer of information overseas

We hold your personal information in our databases.  Unless agreed otherwise with your Client (if any), the database is stored on a secure server in Australia operated by a third party.

We do not disclose or transfer your personal information outside Australia, except:

  • where you use Ziplet outside Australia, in which case personal information may be sent to your device as a necessary part of your use of Ziplet;
  • in the course of sending emails to you, as the emails may be sent from a server in the United States; or
  • in the course of sending push notifications to you, as the notifications are sent from overseas servers as used by the providers of the Apple and Android platforms.  

Security

We treat the security of Ziplet and credit card transactions seriously and endeavour to provide a secure and safe way for you to use them.

We maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of your personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

Some key security practices include, but are not limited to:

  • All data is encrypted both in-transit and at-rest
  • Market-leading data center physical and infrastructure security
  • Employee best practices including, but not limited to, training, multi-factor authentication on all third-party employee accounts, confidentiality agreements and restricted, role-specific access to systems and administration functionality
  • Comprehensive documented incident response methodology
  • Compliance with FERPA guidelines for data management

Additional queries about security practices may be directed to help@ziplet.com.

Access and correction

You may request access to personal information we hold about you by writing to Ziplet’s Privacy Officer at either below.  Please provide sufficient detail about the information in question to help us locate it.  

If you are a parent of a student user who is attending a primary, elementary or secondary school then you may request, or may authorize your child’s teacher or school to request, access and correction, or deletion, of personal information we hold in relation to your child and (subject to us verifying that you are a parent) we will respond in the same way as described below.  Again, please provide sufficient detail about the information in question to help us locate it.

Except where we have reasonable grounds for refusing (e.g. it would involve disclosing personal information about somebody else), we will provide you with access within one month of receipt of your request, together with any other information required by law.  If we refuse your request then we will give you a written statement setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.

We will provide access in the form you request if it is reasonable and practicable to do so.  If your requested form of access is not reasonable and practicable then we will endeavour to provide you with a suitable range of choices as to how you access it (e.g. emailing or mailing it to you).

If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading and provide a sufficient description of it (or the circumstances in which it was provided) in order to enable us to locate it readily, then you may request amendment of it.  We will consider if the information requires amendment and respond to you within one month of receipt of your request.  If we do not agree that it should be amended, then we will add a note to the personal information stating that you disagree with it and will also give you a written statement one month of receipt of your request setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.

Our contact details are:

Mail:
The Privacy Officer
Loop Platform Pty Ltd
Level 19, 567 Collins Street
Melbourne, Victoria 3000, Australia

Email:
help@ziplet.com

Deletion

We will delete or de-identify personal information that we hold about you when any of the following occurs:

  • when requested by you, unless by law we may retain it for a further period – and in either case we will notify you within one month of receipt of your request of any action taken
  • when it is no longer needed for any purpose for which we may use it
  • automatically 7 years after your last interaction with Ziplet.

Complaints

Any questions about this policy, or any complaint regarding treatment of your privacy by Ziplet, should also be made in writing to the address above.

If you lodge a complaint, we will let you know the name of the individual responsible for taking care of it, and will tell you when we will provide a full response.

Miscellaneous

In this policy:

  • “including” means “including but not limited to”.
  • “Loop Platform" (and “we” or “us”) means Loop Platform Pty Ltd (ACN 610 813 648)
  • “personal information” means information or an opinion about an identified individual, or an individual who is directly or indirectly identifiable.
  • “Ziplet” means our apps, website and related services.

Changes to our privacy policy

We may amend or replace this privacy policy from time to time by posting the updated version on our website.  Subject to the following, any updated version becomes effective as soon as it is posted on the website (or on any later date indicated in the post).  If an updated version includes a material change and you are a registered user, then the updated version will not apply to you until we notify you of it via email and in the Ziplet app, and you agree to it in the Ziplet app (or, if you are under 13, parental/teacher consent is provided in accordance with section 4 above). If you do not agree to the revised policy, you may refrain from using Ziplet.

Last update: 30 August 2021