About this Policy This Privacy Policy explains how Edumarking Pty Ltd (ABN: 14 621 951 497) collects, uses, stores, and discloses personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We are committed to handling your personal information transparently and responsibly. This policy applies to information collected through our website (edumarking.com.au), our services, and any other interactions you have with us.

1. Who We Are

Edumarking Pty Ltd (“we”, “us”, “our”) is an Australian marketing agency specialising in services for the education sector. Our principal place of business is 18 Wadhurst Dr, Boronia VIC 3155, Australia. We operate the website located at edumarking.com.au.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. We are also mindful of our obligations in respect of individuals located in other jurisdictions, including the European Union (GDPR) and the United Kingdom (UK GDPR), where applicable.

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the details in Section 13.

 

2. What Personal Information We Collect

We may collect and hold the following categories of personal information:

2.1 Information You Provide Directly

• Contact and identity information: name, email address, phone number, job title, and organisation name.
• Account information: username, password (hashed and salted), profile settings, and preferences.
• Communications: messages, enquiries, and feedback you send us via contact forms, email, or telephone.
• Professional information: your role, business context, or project details shared in the course of engaging our services.

2.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, referral URLs, pages visited, and time spent on pages.
• Cookie and tracking data: see Section 5 for our full Cookies Policy.
• Log data: server logs recording your interactions with our website, including access dates and times.

2.3 Information from Third Parties

• Analytics providers (e.g., Google Analytics): aggregated usage and behavioural data about visitors to our website.
• Spam detection services: comment metadata and IP addresses processed by automated spam-filtering tools (e.g., Akismet).
• Social media platforms: if you interact with our social media pages or use social login features, the relevant platform may share profile information with us in accordance with their own privacy policies.
• Referral partners and lead generation sources: contact details of prospective clients referred to us.

We do not intentionally collect sensitive information (as defined under the Privacy Act 1988) unless it is directly relevant to our services and we have obtained your consent to do so.

 

3. Why We Collect Personal Information (Purpose of Collection)

We collect personal information for the following primary purposes:

• Providing our marketing, consulting, and education-sector services to clients and prospective clients.
• Responding to enquiries, requests, and feedback submitted via our website or other channels.
• Managing and administering accounts, including processing registrations and login credentials.
• Improving and personalising our website and digital products through analytics and performance monitoring.
• Sending marketing communications where you have opted in, or where we have a legitimate interest and applicable law permits (you may opt out at any time — see Section 9).
• Detecting, preventing, and investigating fraudulent activity, spam, or misuse of our services.
• Complying with our legal obligations, including record-keeping, regulatory reporting, and responding to lawful requests from government or law enforcement agencies.

Where we collect personal information for a secondary purpose that is not directly related to the primary purpose, we will only do so if you would reasonably expect it, or if we have obtained your consent.

 

4. How We Collect Personal Information

We collect personal information in the following ways:

• Directly from you when you use our contact forms, subscribe to communications, create an account, submit a comment, or otherwise provide information to us.
• Automatically through cookies, web beacons, and tracking technologies when you visit our website (see Section 5).
• From third-party services we use to operate our website and services, including analytics providers, spam detection tools, and marketing platforms.
• From publicly available sources, including professional networking platforms, where relevant to our legitimate business interests.

You are not required by law to provide us with personal information. However, if you choose not to provide certain information, we may not be able to provide you with all of our services or respond fully to your enquiries.

 

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyse site usage, and support our marketing activities. A cookie is a small text file stored on your device by your browser.

5.1 Types of Cookies We Use

Cookie Type	Purpose
Essential / Functional	Required for core site functionality (e.g., login sessions, security tokens, cookie consent preferences). Cannot be disabled without impacting site operation.
Preference	Remember your settings and choices (e.g., display preferences, language). Stored for up to 12 months.
Analytics	Collect anonymous data about how visitors use our site (e.g., Google Analytics). Help us improve content and user experience. May be disabled via cookie settings.
Marketing	Track interactions with our content across sites to measure campaign effectiveness. Only set where you have consented.

5.2 Cookie Retention

• Session cookies: deleted when you close your browser.
• Login cookies: retained for 2 days (or 14 days if “Remember Me” is selected).
• Screen preference cookies: retained for 12 months.
• Comment opt-in cookies: retained for 12 months.
• Analytics cookies: typically retained for 13 months (per Google Analytics defaults).

5.3 Managing Cookies

You can control cookies through your browser settings or via our cookie consent tool (where implemented). Please note that disabling certain cookies may affect site functionality. For more information about managing cookies, visit www.aboutcookies.org.

We use Google Analytics to understand how visitors use our website. Google Analytics collects data anonymously and reports website trends without identifying individual visitors. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

 

6. Embedded Content from Other Websites

Pages on our website may include embedded content from third-party services (for example, videos, maps, social media posts, or articles). Embedded content from other websites behaves in the same way as if the visitor had visited those websites directly.

These third-party websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interactions with the embedded content — including if you are logged into their service. We do not control the privacy practices of these third parties and encourage you to review their privacy policies independently.

 

7. Use and Disclosure of Personal Information

7.1 Internal Use

We use your personal information only for the purposes for which it was collected (as set out in Section 3) or for a directly related secondary purpose that you would reasonably expect, or for another purpose with your consent.

7.2 Third-Party Disclosures

We may disclose your personal information to the following categories of third parties:

• Service providers: third-party technology vendors who assist us in operating our website and delivering our services (e.g., web hosting providers, email platforms, CRM systems, analytics providers). These parties are bound by confidentiality obligations and are only permitted to use personal information to perform services on our behalf.
• Spam detection and security services: automated services used to filter spam and protect our website (e.g., Akismet, Cloudflare).
• Marketing and communications platforms: where you have consented to receive marketing communications.
• Professional advisers: including lawyers, accountants, and insurers, where necessary.
• Regulatory and government authorities: where required or authorised by law, including in response to court orders, subpoenas, or regulatory inquiries.
• Business purchasers: in the event of a merger, acquisition, or sale of all or part of our business assets, personal information may be transferred as part of that transaction. We will notify you before personal information is transferred to a new entity with a different privacy policy.

We do not sell your personal information to third parties.

7.3 Cross-Border Disclosure

Some of our third-party service providers are located outside Australia. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle information in a manner consistent with the Australian Privacy Principles, including through contractual protections, data transfer agreements, or relying on adequacy determinations where applicable.

Relevant overseas jurisdictions may include the United States (e.g., Google, Meta), Ireland (EU cloud services), and Singapore (APAC cloud infrastructure), among others.

 

8. How Long We Retain Your Personal Information

Data Category	Retention Period
Website comments and metadata	Indefinitely (to support moderation and spam prevention), unless deletion is requested.
Account / user profile data	For the duration of the account, plus 7 years after account closure (for legal compliance).
Enquiry and contact form submissions	3 years from the date of submission, unless the enquiry leads to a client engagement.
Client engagement records	7 years from the end of the engagement (tax and legal obligations).
Marketing preferences and opt-in records	For the duration of the marketing relationship, plus 3 years.
Website analytics data	Aggregated data retained indefinitely; identifiable session data retained for up to 13 months.
Security and access logs	12 months, then deleted or anonymised.

Where personal information is no longer needed for the purpose for which it was collected, or is no longer required to be retained by law, we will take reasonable steps to destroy or de-identify it securely.

 

9. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in respect of your personal information:

9.1 Access

You have the right to request access to the personal information we hold about you. We will respond to access requests within 30 days. We may charge a reasonable administrative fee for providing access in certain circumstances, and we will notify you of any fee before proceeding.

9.2 Correction

If you believe the personal information we hold about you is inaccurate, incomplete, out-of-date, irrelevant, or misleading, you have the right to request correction. We will respond within 30 days.

9.3 Deletion (Erasure)

You may request that we delete personal information we hold about you. We will action deletion requests where we are not required by law or legitimate business need to retain the information. Note that we cannot delete information we are legally obligated to retain.

9.4 Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by clicking the “unsubscribe” link in any marketing email, by contacting us directly (see Section 13), or by updating your account preferences. We will process opt-out requests within 5 business days.

9.5 Complaints

If you believe we have breached our obligations under the Privacy Act 1988, you may lodge a complaint with us in writing. We will acknowledge receipt within 5 business days and aim to resolve the complaint within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

10. How We Protect Your Personal Information

We take the security of personal information seriously and implement a range of technical and organisational safeguards to protect it from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption: data transmitted between your browser and our servers is protected by SSL/TLS encryption (HTTPS). Passwords are hashed using industry-standard algorithms and are never stored in plaintext.
• Access controls: access to personal information is restricted on a need-to-know basis. Staff and contractors with access are subject to confidentiality obligations.
• Infrastructure security: our web hosting and cloud infrastructure providers maintain ISO 27001-certified or equivalent security controls, including firewalls, intrusion detection systems, and regular security patching.
• Software security: we use reputable content management systems (CMS) with regular security updates and apply patches in a timely manner.
• Third-party vetting: we conduct due diligence on key third-party service providers to assess their data security practices before engaging them.
• Regular reviews: we periodically review our privacy and security practices to ensure they remain fit for purpose.

Despite these measures, no method of data transmission or storage over the internet is completely secure. We cannot guarantee absolute security, and we encourage you to take steps to protect your own information, including using strong, unique passwords.

 

11. Data Breach Response Procedures

In the event of an actual or suspected data breach involving personal information, we will:

• Contain the breach and take immediate steps to limit further exposure of personal information.
• Assess the nature and scope of the breach, including what information was affected and how many individuals may be impacted.
• Where an eligible data breach is identified under the Notifiable Data Breaches (NDB) scheme (Privacy Act 1988, Part IIIC), notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable, and in any event within 30 days of becoming aware of the breach.
• Conduct a post-incident review and implement remediation measures to reduce the likelihood of recurrence.

An “eligible data breach” is one that is likely to result in serious harm to individuals whose personal information is involved. The assessment is conducted in accordance with the NDB scheme criteria.

Notification to affected individuals will include, at minimum: a description of the breach, the type of information involved, steps we recommend individuals take to protect themselves, and contact details for further assistance.

 

12. Children’s Privacy

Our website and services are not directed to children under the age of 15 years, and we do not knowingly collect personal information from children under 15 without verifiable parental or guardian consent.

Given our focus on the education sector, we may on occasion receive information about young people in the context of our client engagements with educational institutions. In those cases:

• We process any such information strictly in accordance with the instructions of the relevant educational institution (as the data controller).
• We do not use information relating to students for any purpose other than delivering the services contracted by the institution.
• Educational institutions remain responsible for obtaining appropriate consents from parents, guardians, or students (as applicable) before providing us with any student-identifiable information.

If you believe we have inadvertently collected personal information from a child without appropriate consent, please contact us immediately at the details in Section 13 and we will take prompt steps to delete that information.

 

13. Automated Decision-Making and Profiling

We do not currently use automated decision-making processes (including profiling) that produce legal effects or similarly significant effects on individuals. Our use of analytics and tracking technologies is for the purpose of understanding aggregate website usage trends and improving our services, not for making automated decisions about individuals.

Where this changes in the future, we will update this Privacy Policy accordingly and, where required by law, seek your consent or provide you with the ability to opt out.

 

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Privacy Officer Edumarking Pty Ltd Address: 18 Wadhurst Dr, Boronia VIC 3155, Australia Email: admin@edumarking.com.au Website: edumarking.com.au

We will respond to all privacy-related enquiries within 5 business days.

 

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Effective Date” at the top of this policy.
• Where reasonably practicable, provide notice via our website homepage or by email to registered users.

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes are posted constitutes your acceptance of the updated policy.

The current version of this Privacy Policy supersedes all prior versions.

 

Regulatory Framework

This Privacy Policy is prepared in accordance with the following legislative and regulatory framework:

• Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
• Notifiable Data Breaches (NDB) Scheme (Part IIIC, Privacy Act 1988).
• Spam Act 2003 (Cth) (in relation to commercial electronic messages).
• Do Not Call Register Act 2006 (Cth) (in relation to telemarketing).
• To the extent applicable: the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR for individuals located in those jurisdictions.

This document does not constitute legal advice. We recommend you seek independent legal advice if you require clarification of your rights or obligations under applicable privacy law.