Thank you for choosing StepsWeb ("we," "us," or "our"). This comprehensive Privacy Policy is designed to provide a detailed understanding of how we collect, use, disclose, and protect your personal information. By accessing or using our services, you agree to the terms outlined in this policy.
Compliance with Australian and New Zealand Privacy Legislation
StepsWeb complies with the most recent versions of the Privacy Act 1988 (Australia) and the Privacy Act 2020 (New Zealand). Our collection, storage, and use of personal information are managed in accordance with these Acts to ensure transparency, security, and lawful processing of all personal data.
Compliance with UK and EU GDPR
StepsWeb (The Learning Staircase Ltd) is the data controller (the organisation that determines the purposes and means of processing your personal information) for the services we provide. This Privacy Policy applies to all users, including those in the European Union (EU) and the United Kingdom (UK). We adhere to the requirements of the EU and UK General Data Protection Regulation (GDPR) to protect the rights and data of users in these regions.
We have appointed a Data Protection Officer (DPO), Mike Lugg (mike@stepsweb.com), who is responsible for overseeing privacy matters. You can contact him if you have any questions or concerns about how we handle your data.
For this document, an “Educator” is defined as a parent and/or teacher user on a StepsWeb account.
We may collect and hold various types of personal information, depending on your relationship with us. You may fit under multiple categories.
Contact information about StepsWeb Educators will be visible to other Educators who share the same school account.
Purpose of holding that information:
Legal basis
To perform our contract with you (we need this information to provide the StepsWeb service and manage your account).
Origin of information:
Supplied by you when you create your account on StepsWeb.
Purpose:
Helps us understand which parts of the product are used and how. It helps us make decisions such as the types and ages of devices we need to support, or which features are important to customers so we can plan future updates.
Legal basis
Legitimate interests (we use this data to improve our services and user experience, ensuring this does not override your rights).
Origin:
Automatically collected as you use our services.
Purpose:
Legal basis
To perform our contract and comply with legal obligations (we need these details to set up and bill your account, and to meet record-keeping requirements).
Origin:
Supplied by you when you create a School account on StepsWeb.
Purpose:
Record of purchases.
Legal basis
To perform our contract and comply with legal obligations (we use this information to process payments and maintain proper financial records).
Origin:
Collected during purchases. Note that credit card details are never stored.
A student’s personal data is supplied by an Educator on the same account. Pseudonyms can be used if desired.
Information about StepsWeb students is available to Educators on the same account.
Purpose:
Shown to the user when they log in and is always visible in the title bar. This allows teachers to easily confirm that the student is logged into their own account. It is also visible to Educators when viewing learning data.
Legal basis
Consent and contractual necessity (a teacher or parent provides this data and consents on the student’s behalf, and it is needed to deliver the student’s learning experience).
Origin:
Supplied by Educator.
Purpose:
Legal basis
Consent (this is optional information provided for convenience, and we only use it if you choose to give it)
Origin:
Supplied by Educator.
Purpose:
Legal basis
Consent (this date of birth info is optional and only used to tailor the service if provided).
Origin:
Supplied by Educator.
Purpose:
Helps us understand which parts of the product are used and how. It helps us make decisions such as the types and ages of devices we need to support, or which features are important to customers so we can plan future updates.
Legal basis
Legitimate interests (we improve our educational services by understanding how students use them, without compromising student privacy).
Origin:
Automatically collected as you use our services.
Purpose:
Legal basis
To perform our contract (tracking learning progress is necessary to provide the educational service).
Origin:
Collected as students complete learning activities within StepsWeb.
Purpose:
Legal basis
To perform our contract (we calculate this to personalise the learning experience as part of the service).
Origin:
Determined by the student’s usage within StepsWeb, and/or via the Placement Test.
We do not disclose visitor information to anyone outside our organisation.
Purpose:
Legal basis
Consent (you provide this information so we can respond and personalise your experience).
Origin:
Form submissions.
Purpose:
Origin:
Form submissions.
Purpose:
In addition to above, if you contact us directly then we may collect:
Purpose:
Used to manage our interactions with you.
Legal basis
Consent (you provide this information so we can respond and personalise your experience).
Origin:
Supplied by you when contacting us.
Purpose:
Provides context for future contact. For example, negotiation of sales that take place between different staff members.
Origin:
Supplied by you when contacting us.
When you contact us, we may collect:
- Correspondence
- Contact information
Student accounts are typically created by teachers, school administrators or parents. By creating student accounts on StepsWeb, teachers/parents provide consent and authorisation for StepsWeb to store and process personal data about those children.
StepsWeb Educator Personal Information
Educators may request access to and correction of their own personal information. Please make any request via email, using the same address that you use for your StepsWeb account. Requests can be made to info@stepsweb.com.
StepsWeb Student Personal Information
Student data may be requested by Educators on the same account. It may also be requested by associated professions, such as specialist teachers supporting that account. However, in those cases, we require verification from the account owner that this person has the account owner’s permission to access the student’s data.
If, as an Educator, you want to make a request for information from us, please make the request via email, using the same address that you use for your StepsWeb account.
Students themselves, or guardians of those students, must request information from an Educator on that account. They can only request information directly from us with verified permission from an account Educator. This information is limited to their own personal information and does not include information about any other student on the account.
Non-StepsWeb Personal Information
Upon verifying your identity, you may request access and correction of your personal information via email to info@stepsweb.com.
We are committed to protecting your personal information and only retaining it for as long as necessary.
For users located in New South Wales, Australia, personal information will be permanently deleted after 6 months, in accordance with local regulatory requirements.
Backups and archival copies may be retained for a limited period beyond the deletion date, solely for system integrity, audit, or legal compliance purposes.
Where required by regulation or upon request, StepsWeb will issue a certificate confirming secure and permanent deletion of data.
We do not sell student or user personal information, and do not release personal information collected or received to any unrelated third parties for promotional purposes. We may, however, share aggregated product usage data with unrelated third parties, and share personal information only as described below:
Service Providers
We may share your information with our service providers—that is, organizations providing services to support StepsWeb functions, such as our hosting services provider, mail and email processing providers, payment processing providers, and research and support providers. All such service providers are bound by contract to refrain from using the personal information we collect from you for any purpose other than providing the specified services to StepsWeb. These service providers act as our data processors (they process personal data only on our behalf and under our instructions). We ensure they uphold the same privacy standards and security measures that we do.
In our commitment to privacy and tailored experiences, HubSpot tracking is specifically employed for teacher interactions, not students, ensuring a focused educational environment free from monitoring. For site and login analytics, Google Analytics is used, excluding the app post-login to safeguard student privacy. Additionally, Datadog supports our system's reliability and performance, without involving personal data, maintaining a secure and efficient service for all users.
Distribution Partners
If we have a distribution partnership with a company for your region, then we may disclose information to them for sales and support purposes.
AWS
Website: https://aws.amazon.com
Purpose: They provide the infrastructure for StepsWeb to operate, and host all of our data including all personal data. All data stored and processed on AWS is in Australia and under Australian Law. All data stores are encrypted. AWS meets ISO 27001 (Information Security Standard), ISO 27017 (Cloud Security), ISO 27701 (Privacy and information Management), ISO 27018 (Cloud Privacy) and others that can be seen at: https://aws.amazon.com/compliance/data-protection/
Google Analytics
Website: https://analytics.google.com
Purpose: They provide metrics on customer facing website and login page. We do not track students inside the app, and they do not store any Personally identifiable information (PII). Google states that all data is collected at a local datacentre and anonymised, before being processed and stored at a different and possibly international datacentre, this meets GDPR and EU regulations.
Datadog
Website: https://www.datadog.com
Purpose: Datadog is a monitoring and analytics tool for DevOps teams that can be used to determine performance metrics as well as Event monitoring for infrastructure and the web application. All personal information is obscured from any logs that it processes, and all data is stored encrypted. Logs data is stored in the US, and falls under US laws. Datadog has ISO 27701 (Privacy and Information Management), ISO 27001 (Information Security Standard) more information on their privacy can be found at: https://www.datadoghq.com/privacy/
Hubspot
Website: https://www.hubspot.com
Purpose: Hubspot our CRM and website, it contains records of all our customer interactions, it does not store any student information. Hubspot has tracking for conversion tracking, it reports that information to Facebook and Google Ads. We do not load any Hubspot tracking for students. All data is stored in the US on AWS. Information on Hubspot security and privacy can be found at: https://legal.hubspot.com/security
International Data Transfers
Your personal data may be transferred to and stored in countries outside of your own (including outside the EU or UK). For example, our main servers are in Australia, and some of our service providers are based in the United States. When we transfer data internationally, we ensure it remains protected to the standards of EU/UK law. This means that if we send your data overseas, we use safeguards such as Standard Contractual Clauses (SCCs) (standard legal agreements to protect your data) or rely on countries deemed to have adequate data protection laws (for instance, New Zealand is recognised for having privacy laws that protect personal data similarly to the EU). These measures ensure your data is safeguarded wherever it is processed. All student data is kept within Australia.
Under data protection laws like the GDPR, you have several important rights regarding your personal information. These include:
To exercise any of these rights, please contact us at info@stepsweb.com (or reach out to our DPO at the email above). We will be happy to help and will respond within one month, or sooner if possible.
If you wish to make a complaint about any privacy issues to do with StepsWeb or, if you are unhappy about anything contained in this Privacy Policy, you can file a complaint by contacting us at info@stepsweb.com. We will promptly investigate and address your concerns. . If you are in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.
We reserve the right to update this Privacy Policy to reflect changes in our practices. We will notify users of any material changes through the appropriate channels.
For any questions or concerns regarding this Privacy Policy, please contact us at info@stepsweb.com.
For legal purposes, the governing law of this policy aligns with the jurisdiction described in our Terms and Conditions
The best way to contact us is by email at one of the following email addresses:
info@stepsweb.com
technical@stepsweb.com
The Learning Staircase Ltd
PO Box 582
Rangiora 7440
New Zealand
