KIDDO PRIVACY POLICY

Last Updated: 4th March 2026

KIDDO is operated by The University of Western Australia (UWA) (ABN 37 882 817 280).

This Privacy Policy explains how personal information is collected, used, disclosed and managed in connection with the KIDDO platform.

KIDDO operates within UWA’s broader privacy governance framework, including the UWA Information Privacy Policy (Policy Number UP14/10). This Privacy Policy explains how personal information is specifically handled within the KIDDO platform. Nothing in this Policy limits UWA’s obligations under applicable privacy legislation.

 

1. Legal Framework

Personal information processed through KIDDO is handled in accordance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • Applicable State legislation
  • The UWA Information Privacy Policy (UP14/10)

 

2. Roles and Responsibilities

Where KIDDO is used by a School or Early Childhood Education and Care (ECEC) service:

  • The School or ECEC service acts as Data Controller in respect of personal information of students, parents and staff.
  • UWA acts as Data Processor, processing personal information only for the purposes set out in the KIDDO User Agreement and on documented instructions from the School.

Schools and ECEC services are responsible for:

  • Obtaining appropriate parental or guardian consent;
  • Providing required privacy collection notices;
  • Determining the lawful basis for processing personal information.

UWA does not use KIDDO personal information for unrelated UWA business activities.

 

3. Personal Information Processed

3.1 Educators and School Staff

  • Name
  • Email address
  • Telephone number (if provided)
  • Organisation
  • Organisation address
  • Role
  • Login credentials
  • Account activity information

3.2 Students / Children (if provided)

  • Name
  • Date of birth
  • Gender (if provided)
  • School affiliation
  • Movement assessment data (if assessed)

3.3 Parents (where parent hub is enabled)

  • Name
  • Email address
  • Linked child information

3.4 Technical Information

  • IP address
  • Browser type
  • Device information
  • Usage data
  • Cookie identifiers
  • Website analytics information collected through tracking technologies on publicly accessible webpages

KIDDO does not knowingly collect government identifiers or detailed medical records.

 

4. How Personal Information Is Collected

Personal information is collected:

  • Directly from Schools, ECEC services and educators when entered into the platform;
  • During account registration;
  • Through webinar and workshop registrations;
  • Through system logs and technical monitoring.

On publicly accessible webpages, certain technical information may also be collected through cookies and tracking technologies to analyse website traffic and engagement.

Where users register for webinars, workshops or events via third-party platforms (such as Humanitix or Livestorm), personal information is collected directly by those platforms under their own privacy policies. KIDDO does not transfer KIDDO platform user data to those services.

KIDDO does not collect personal information directly from students.

 

5. Purposes of Processing

Personal information is processed to:

  • Provide access to the KIDDO platform;
  • Deliver movement assessment functionality;
  • Enable reporting to educators and parents;
  • Deliver professional development events and workshops;
  • Maintain system security;
  • Provide user support;
  • Comply with legal and regulatory obligations.

Personal information is not sold.

 

6. Communications

UWA may use educator and staff contact details, including email addresses, to provide information relating to:

  • Platform updates and feature releases;
  • Educational resources and support materials;
  • Professional development opportunities and workshops;
  • Operational or service-related communications.

Communications are sent in accordance with the KIDDO User Agreement.

Service-related communications (such as security notices, policy updates or system changes) are necessary for the operation of the platform.

Users may opt out of non-essential communications at any time by using the unsubscribe function included in email communications.

 

7. Marketing, Website Analytics and Tracking Technologies

KIDDO does not sell personal information and does not disclose personal information to third parties for independent advertising, marketing or profiling purposes.

KIDDO uses limited tracking technologies on publicly accessible webpages of the KIDDO website to help understand how visitors interact with the site and to improve the quality of information and services provided.

Tracking technologies are not implemented within the authenticated areas of the KIDDO platform (i.e. the logged-in dashboard) where educator, school or student information is processed.

Google Analytics

KIDDO uses Google Analytics to collect aggregated information about how visitors use the website. This may include information such as:

  • pages visited;
  • time spent on pages;
  • device and browser type;
  • general geographic location derived from IP address; and
  • referring webpages.

This information helps KIDDO understand website usage patterns and improve the design, performance and usability of the website.

Google Analytics data is analysed in aggregated form. KIDDO does not use Google Analytics to collect or analyse identifiable student or educator personal information, and advertising or remarketing features are not enabled.

Meta Pixel

The KIDDO website uses a Meta Pixel on publicly accessible webpages to help measure the effectiveness of communications and outreach activities relating to KIDDO programs, events and resources.

The Meta Pixel is not implemented within the logged-in KIDDO platform and does not have access to educator accounts, student data or assessment information stored within the platform.

Cookies

Some tracking technologies operate through cookies or similar technologies placed on a visitor’s device when they access the website. These cookies may collect technical information about website interactions.

Visitors may manage or disable cookies through their web browser settings, although doing so may affect some functionality of the website.

Purpose of Tracking Technologies

Tracking technologies used on the KIDDO website are intended to:

  • understand website usage patterns;
  • improve website functionality and performance;
  • support communication about KIDDO programs, workshops and resources; and
  • measure the effectiveness of public communications.

Tracking technologies are not used to monitor student activity or analyse personal information contained within the KIDDO platform.

 

 

8. Research and De-Identified Data

In accordance with the KIDDO User Agreement:

UWA may use de-identified and aggregated data derived from the platform for research, benchmarking and educational purposes.

De-identified data will not contain information that reasonably identifies any individual, School, ECEC service, educator or student.

Research activities are subject to UWA ethics review and approval processes where applicable.

 

9. Artificial Intelligence

Personal information processed through KIDDO is not used to train or develop artificial intelligence or machine learning models, in accordance with the KIDDO User Agreement.

Members of the University Community must not disclose personal information into publicly available AI systems.

 

10. Disclosure of Personal Information

Personal information may be disclosed to:

  • Authorised School or ECEC staff;
  • Parents linked to a student (where enabled);
  • UWA staff administering the platform;
  • Approved third-party service providers (sub-processors);
  • Government agencies or regulators where required by law.

KIDDO personal information is not disclosed for third-party marketing purposes.

 

11. Sub-Processors

UWA engages selected third-party service providers to support hosting, communications and payment processing.

These may include providers responsible for:

  • Application management and technical maintenance;
  • Managed cloud hosting infrastructure;
  • Email communication services;
  • Payment processing services.

A current list of sub-processors, including:

  • Organisation name;
  • Purpose of processing;
  • Data types disclosed;
  • Location of processing;

is available on the KIDDO Sub-Processor Disclosure page.

KIDDO does not transfer KIDDO platform user data to webinar or event platforms where users independently register.

 

12. Overseas Disclosure

Personal information processed through KIDDO may be disclosed to service providers located in:

  • Australia;
  • United States;
  • Member states of the European Union.

These disclosures occur where sub-processors operate infrastructure or services in those jurisdictions.

Where required, appropriate transfer mechanisms (including Standard Contractual Clauses or equivalent safeguards) are implemented.

UWA takes reasonable steps to ensure that overseas recipients are subject to appropriate contractual and technical safeguards consistent with the Australian Privacy Principles.

Details of the specific countries associated with each sub-processor are set out on the KIDDO Sub-Processor Disclosure page.

 

13. Data Security

UWA implements reasonable technical and organisational measures to protect personal information, including:

  • Encryption in transit;
  • Encryption at rest;
  • Role-based access controls;
  • Logging and monitoring;
  • Secure hosting infrastructure;
  • Documented patch management processes.

While reasonable steps are taken, no system can be guaranteed completely secure.

 

14. Data Retention

14.1 Active Subscription

Identifiable personal information is retained while a School or ECEC service subscription remains active.

14.2 Inactive Subscription (Grace Period)

Upon expiry or termination:

  • The account is placed in inactive status;
  • Identifiable personal information is retained for up to 12 months to allow potential reactivation;
  • During this period, account access is suspended and no new processing occurs.

14.3 Post-Grace Deletion

If the subscription is not renewed within 12 months:

  • Identifiable personal information will be deleted or de-identified within 90 days;
  • Backup data may be retained for up to an additional 90 days due to automated lifecycle processes before permanent overwrite.
  • Following the deletion of identifiable personal information associated with an inactive Organisation account, UWA will provide written confirmation of deletion to the Organisation.

14.4 De-Identified Data

De-identified and aggregated data may be retained indefinitely for research and statistical purposes.

 

15. Data Breach Notification

UWA manages suspected and actual data breaches in accordance with:

  • The Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme; and
  • UWA’s internal breach management framework.

Where KIDDO becomes aware of a suspected data breach, UWA will:

  • Take immediate steps to contain the breach;
  • Conduct an assessment to determine whether it is an eligible data breach;
  • Notify the Office of the Australian Information Commissioner (OAIC) where required by law;
  • Notify affected individuals where required; and
  • Notify the relevant School or ECEC service without undue delay where the School or ECEC service acts as Data Controller.

 

16. Access and Correction

Individuals may request access to or correction of personal information held by UWA in relation to KIDDO.

KIDDO Administration
admin@kiddo.edu.au

Requests are handled in accordance with applicable privacy legislation and UWA procedures.

 

17. Complaints

If you believe personal information has been mishandled, you may contact:

UWA Privacy Office
privacy@uwa.edu.au

If you are not satisfied with the outcome, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

 

18. Changes to This Policy

This Privacy Policy may be updated from time to time.

Where material changes are made, users will be notified and required to acknowledge the updated Policy before continuing to use the platform.