TCDA Privacy Policy v3r1
May 25, 2026 01:49 PM
TCDA Privacy Policy
Version 3, Revision 1, 6 January 2026
TCDA Pty Ltd ACN 617 607 253 ABN 93 656 571 166
TCDA Director: Paul Singh. Privacy Officer: Paul Singh
INTRODUCTION
Tamworth City Dance Academy (TCDA), ABN 93 656 571 166 is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (the Privacy Act).[^1] The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au. Before providing TCDA with any personal information, please read this Privacy Policy carefully. In providing TCDA with any personal information, you consent to its collection, use, storage and disclosure in accordance with this Privacy Policy.
[^1]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles.
PERSONAL INFORMATION COLLECTED
The personal information collected and maintained by TCDA generally comprises:
• our customers' names and contact details;
• our customers' dates of birth;
• our customers' credit or bank card details and/or bank account details;
• payment information for our products and services;
• names and addresses of directors, proprietors and any personal guarantors;
• names and contact details for trade referees;
• our current and past employees' names, contact details, employment and educational history and employee records required to be kept by law;
• our customers' feedback and enquiries;
• details of any complaints;
• details of any incidents and incident reports; and
• photo images of identifiable people, including children, for example, of our customers which were publicly posted by people on their Instagram, Facebook or other social media accounts and shared with public at large which images usually refer to TCDA products, activities or venues (refer to "TCDA Online" section below, in particular to "User Generated Content").
• CCTV footage from security cameras installed in common areas for safety and security purposes
PURPOSES OF COLLECTION OF PERSONAL INFORMATION
We collect and hold this personal information for the following purposes:
• supplying our products or providing our services in connection with TCDA's business activities;
• establishing and maintaining relationships with customers and potential customers;
• marketing our products and services to customers and potential customers;
• maintaining our customers' contact details for conduct of TCDA's business activities;
• receiving payments for the supply of our products and services;
• maintaining our employees' records;
• considering and dealing with our customers' enquiries and collecting feedback;
• improving our products and services to our customers and our web site(s);
• handling complaints; and
• preventing, managing and responding to any incidents.
Ancillary to our primary business activities, TCDA also collects, holds and maintains personal information from:
• our suppliers, contractors or agents, such as their names, addresses, other contact details and insurance details for the purpose of managing our relationships with them; and
• our potential employees, such as their resumes and contact details as part of our recruitment process.
HOW PERSONAL INFORMATION IS COLLECTED
TCDA generally collects personal information when you:
• communicate with us by telephone, email, text message, facsimile transmission or post;
• communicate with us via Facebook, X, YouTube, Instagram or other social media platforms;
• communicate with us via our website, including by accessing our website or by completing and providing to us any form available on our website or submitting any request or enquiry via our website;
• participate in User Generated Content of our website;
• meet with our representatives in person; or
• complete and submit to us any form necessary for us to provide to you our products and services or information about our products or services.
Occasionally TCDA may also receive personal information about an individual from sources other than that individual, for example from a referee for a job candidate or from a credit reporting agency.
CONSENT
TCDA obtains consent for collecting, using, and disclosing personal information in the following ways:
• Website Opt-In: Persons may be added to TCDA's mailing list or subscriber database by opting in and adding their details on our website.
• Enrolment Forms: By completing an enrolment form in which they provide consent for collection and use of their personal information.
Individuals may withdraw consent at any time by:
• Clicking the "unsubscribe" link provided in all our email communications
• Emailing paul@tamworthcitydance.com.au or kellie@tamworthcitydance.com.au
This consent process complies with the requirements of APP 3 and APP 6.[^2]
[^2]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 3 (Collection of solicited personal information) and APP 6 (Use or disclosure of personal information).
CHILDREN'S PRIVACY
TCDA recognises the importance of protecting children's privacy and takes additional measures when handling personal information from children under 18 years:
• Parental/Guardian Consent: All consent for children's personal information is managed by parents/guardians.
• Content Control: We carefully control our content to restrict harmful material accessible to children.
• Image Publication: Parents/guardians may request that images of their children not be published by contacting TCDA.
• Special Safeguards: We employ enhanced protection measures for all data related to children.
While Australian privacy law does not have child-specific provisions, our approach aligns with the enhanced protections required for sensitive information under APP 3.3[^3] and is informed by the NSW Children's Guardian Act 2019.[^4]
[^3]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 3.3 (collection of sensitive information). [^4]: Children's Guardian Act 2019 (NSW), which established the Office of the Children's Guardian and focuses on child protection in organisations.
SENSITIVE INFORMATION
TCDA does not collect sensitive information unless permitted, required or authorised by an Australian law, or you consent to collection of such information.[^5] Sensitive information includes information about an individual's:
• political opinions and memberships or religious beliefs;
• sexual orientation or practices;
• criminal record;
• membership of professional or trade associations or unions; and
• health information.
TCDA may store information regarding whether a person identifies as Aboriginal or Torres Strait Islander, in order to meet the legislated NSW Child Safety Standards.[^6] Individuals may choose to not disclose this information if they wish.
[^5]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 3.3, which provides that sensitive information may only be collected with consent or under specified exceptions. [^6]: Children's Guardian Act 2019 (NSW), Part 3A - Child Safe Scheme, and the NSW Child Safe Standards, particularly Standard 5 concerning equity and diverse needs.
STORAGE AND MANAGEMENT OF PERSONAL INFORMATION
TCDA has internal controls which guide who within TCDA has access to and the ability to modify personal information. These controls are audited on an annual basis.
Personal information is stored in hard copy and in electronic form both onsite and offsite. Hard copy documents are a necessary means of collecting information from some of our customers.
Documents which contain personal information are only accessible by appropriate staff members and are routinely securely destroyed when no longer needed.
All information and communication technology holds the necessary up to date security and virus protection, SSL certification and all other relevant protections to ensure data security. We will not be liable for any loss of data or data breach in the circumstances where we followed necessary security measures and/or took reasonable steps to prevent any likely risk of serious harm to you due to any loss of data or data breach.
Offsite storage of data includes both local and overseas data warehouses. TCDA may disclose personal information to those overseas service centres for data storage and processing of transactions.
TCDA will take such steps as are reasonable to ensure that overseas recipients of an individual's personal information comply with the Australian Privacy Principles in relation to that information.[^7] Individuals should be aware that the overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
Data retention periods vary by type of information:
• Paper enrolment forms are kept for a 3-year period and then securely destroyed
• Digital records in our Client Management System (Dancebiz and Studio Pro) are maintained in accordance with our service provider's data policies
Child Safety Records: Personal information collected in relation to child safety matters (including incident reports, complaints, and reportable conduct investigations) is stored with enhanced security measures. Physical records are kept in a locked cabinet off-site, accessible only to the Director and Principal. Digital records are password-protected with restricted access. These records are maintained in accordance with the retention requirements under the Children's Guardian Act 2019 and may be required for future investigations or legal proceedings
TCDA uses Dancebiz and Studio Pro software as its client management systems (CMS) and its database is stored on its parent company's servers. Their privacy policy can be found at https://www.thinksmartsoftware.com/privacy-policy/au, and https://gostudiopro.com/privacy, and should be read in conjunction with their terms of service at https://www.thinksmartsoftware.com/terms-of-service/au, and https://gostudiopro.com/terms-and-conditions.
Where personal information we collect is no longer required, we securely delete such personal information or permanently de-identify it.[^8][^7]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 8 (Cross-border disclosure of personal information). [^8]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 11.2, which requires organizations to take reasonable steps to destroy or de-identify personal information that is no longer needed.
DATA BREACH NOTIFICATION
TCDA takes data security seriously and has established procedures to respond to potential data breaches:
1. Definition: A data breach occurs when personal information held by TCDA is lost or subjected to unauthorized access, modification, disclosure, or other misuse.
2. Response Procedure:
o Immediate containment of the breach
o Assessment of potential harm to affected individuals
o Internal reporting to the Privacy Officer (TCDA Director)
o Documentation of the breach and response actions
3. Notification Process:
o If a breach is likely to result in serious harm to affected individuals, TCDA will:
Notify affected individuals promptly
Provide recommendations to mitigate potential harm
Notify the Office of the Australian Information Commissioner (OAIC)
Complete required documentation
4. Preventative Measures:
o Regular security assessments
o Staff training on data protection
o System updates and monitoring
This process complies with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth) as amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017.[^9]
[^9]: Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), which introduced Part IIIC to the Privacy Act 1988 requiring organisations to notify affected individuals and the OAIC when a data breach is likely to result in serious harm.
USE AND DISCLOSURE OF PERSONAL INFORMATION
We use and disclose your personal information for the legitimate business purposes for which it was disclosed to us at the time of collection. Your personal information may be used for related purposes that you would reasonably expect without the need to obtain your prior permission.[^10]
We will not sell, rent or trade your personal information. We may, however, share your personal information within our organisation, with our related bodies corporate and with our service providers, for use for the same purpose for which your personal information was provided to us. In some cases it will be necessary to pass certain personal information to our professional advisors or other third parties in order to comply with reporting and statutory obligations. This may include our employees, agents, contractors, auditors, insurers and tax, financial and legal advisors.
We may also disclose your personal information to service providers and contractors who provide services to us in connection with provision of our products and services to you.
While personal information may be provided to these service providers and contractors to enable them to perform agreed tasks, we will generally require such parties to protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
We will not otherwise use or disclose your personal information unless the use or disclosure is authorised under or not prohibited by the Privacy Act 1988 (Cth) and/or the Australian Privacy Principles.
[^10]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 6.1 and 6.2, which govern the use and disclosure of personal information for the primary purpose of collection or for related secondary purposes.
THIRD-PARTY DATA SHARING
When TCDA shares data with third parties, we implement the following safeguards:
• Selection Process: We conduct due diligence before engaging third-party service providers who may access personal information.
• Contractual Protections: We require service providers to agree to privacy and security terms that meet or exceed our own standards.
• Ongoing Monitoring: We regularly review our third-party relationships to ensure continued compliance with privacy requirements.
• Limiting Access: We only share the minimum information necessary for the required purpose.
Our primary third-party data relationship is with Dancebiz/Thinksmart Software as our client management system provider and Xero as our accounting software provider. Their privacy practices are governed by their own privacy policy and terms of service.
These measures comply with our obligations under APP 8 regarding cross-border disclosure and APP 11 regarding security of personal information.[^11]
[^11]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 8 (cross-border disclosure) and APP 11 (security of personal information).
PHOTOGRAPHS AND VIDEO
Photographs and video recordings may be taken by TCDA staff or their agents during TCDA events and classes and reproduced in print, online, displayed on screen or transmit for the purpose of promotion and education.
DEALING WITH TCDA ONLINE
If you visit TCDA's website to browse, read or download information, register as a member or purchase our goods or services, our system will log your movements. We use these website logs to assist us in providing and marketing relevant products or services to you and in the other ways described in this Policy.
Some of the websites operated by us contain links to third party websites, such as advertisers, sponsors and other companies with whom we have relationships. Although a web site may be linked to a website operated by us, we are not responsible for the privacy practices of the linked third party's website. Any concern that you have with respect to the privacy policies of a linked third party's website should be directed to the operator of that website.
In addition, from time to time we may have relationships with other companies that we allow to place advertisements on web pages that we operate. As a result, when you visit a website operated by us, server companies may collect information such as your domain type, IP address and click stream information. It is our understanding that generally it is not likely that your personal information is easily identifiable from such collected information.
Our website may contain User Generated Content ("UGC"), which is links to information (including photos usually referring to TCDA's products, services or activities) you or other people upload to their accounts in social media and make available to the general public. Information which is disclosed by way of UGC may be displayed by TCDA on our website for promoting and improving our products and services to our customers. Such UGC may contain personal information including photo images of identifiable people. However, as a user of social media (e.g. Instagram or Facebook) has already made such information publicly available on their social media account TCDA cannot be responsible for any alleged breach of privacy. TCDA is not responsible for any privacy policies of Instagram, Facebook or other social media entities. Any enquiry or concern you may have with respect to privacy of Instagram, Facebook or other social media should be directed to them.
For detailed information about appropriate use of social media by staff, students, volunteers and parents in relation to TCDA, please refer to our Social Media Policy available on our website and at the studio office.
COOKIES
A cookie is a small data file that contains information about your visit to our website. Your computer provides this information during your first visit to our web server. The server records this information in a text file and stores this file on your hard drive. When you visit our website again, the server looks for the cookie and structures itself based on the information provided.
Most browsers are initially set up to accept cookies. We use cookies to help us improve our service to visitors to our website and to ensure that our website is easy to navigate and useful. If you do not wish cookies to be used, you can reset your browser to refuse all cookies or to warn you before accepting cookies. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie.
DIRECT MARKETING
From time to time we may use your personal information to provide you with information about our products or services. By providing TCDA with information or seeking its products or services or accessing its website, you consent to receiving direct marketing in connection with TCDA's products or services. If any phone number(s) you have provided to us is registered on the Do Not Call register, you consent to TCDA or its direct marketing providers calling that number(s). TCDA may continue to contact you for an indefinite period until you advise us otherwise.
OPTING OUT OF DIRECT MARKETING
You may opt out of receiving direct marketing at any time by:
• Clicking the "unsubscribe" link at the footer of our marketing emails
• Emailing paul@tamworthcitydance.com.au or kellie@tamworthcitydance.com.au
• Contacting us via phone or mail using the contact details at the end of this policy
If you do not wish to receive marketing material, please note that TCDA will still contact you in relation to the ongoing relationship and the products or services we provide to you.
ACCESS TO YOUR PERSONAL INFORMATION
You have a right to request access to your personal information and request its correction.[^12] Upon your request to us, and to the extent permitted by law or as required by the Australian Privacy Principles, we will provide to you details of any personal information disclosed to us and/or cease to make use of your personal information for the purposes described above.
To request access to or correction of your personal information:
• Email paul@tamworthcitydance.com.au or kellie@tamworthcitydance.com.au
• We will respond to your request within 10 working days
• The Director or Principal will manually make corrections and notify you when completed
If there are disagreements about corrections, TCDA's Complaint Handling Policy will be enacted to resolve the matter.
If we are not able to give you the access you requested, we will notify you and provide you with the reasons for our inability to give you that access, as required by APP 12.9.[^13]
[^12]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 12 (access to personal information) and APP 13 (correction of personal information). [^13]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 12.9, which requires organizations to provide reasons when refusing access to personal information.
ACCURACY OF YOUR PERSONAL INFORMATION
We will take all reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact TCDA's Director if any of the details you have provided change or if you believe the information we have about you is inaccurate, incomplete or out-of-date.
PRIVACY IMPACT ASSESSMENTS
TCDA conducts privacy impact assessments every three years to identify and mitigate privacy risks. These assessments:
• Evaluate how personal information is collected, used, and stored
• Identify potential privacy risks in current and proposed processes
• Develop strategies to address identified risks
• Document compliance with privacy principles
Additional assessments may be conducted when implementing significant new systems, processes, or changes that affect personal information handling.
While not explicitly required by legislation, these assessments form part of our reasonable steps to ensure compliance with APP 1.2.[^14]
[^14]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 1.2, which requires entities to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the APPs.
EMPLOYEE TRAINING
Privacy awareness and compliance is addressed in our teacher induction training. All staff members receive instruction on:
• Their obligations under this privacy policy
• Proper handling of personal information
• Security measures to protect data
• Procedures for recognizing and reporting potential privacy breaches
• Appropriate responses to privacy-related inquiries
This training supports our compliance with APP 1.2 and the security requirements of APP 11.[^15]
[^15]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 1.2 (implementing practices, procedures, and systems) and APP 11 (security of personal information).
PRIVACY POLICY REVIEW
This privacy policy is reviewed annually to ensure it remains current with legislative requirements and organizational practices. Significant changes to this policy will be communicated to individuals through email notifications and/or notices on our website.
This regular review process helps ensure our compliance with APP 1.3, which requires privacy policies to be clear, up-to-date, and readily available.[^16]
[^16]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 1.3, which requires entities to have a clearly expressed and up-to-date privacy policy.
PRIVACY COMPLAINTS
If you have a complaint about privacy, please contact our TCDA's Director and let us know nature and details of your complaint in writing and we will promptly acknowledge and investigate your complaint.
This complaints process is consistent with our obligations under APP 1 to implement practices, procedures, and systems to ensure compliance with the APPs and to enable complaints about our compliance with the APPs to be made and responded to.[^17]
[^17]: Privacy Act 1988 (Cth), Schedule 1 - Australian Privacy Principles, APP 1.2(b), which requires entities to have processes to deal with inquiries or complaints about the entity's compliance with the APPs.
CHANGES TO THIS PRIVACY POLICY
We may make changes to this Policy from time to time for any reason. We will publish those changes or an updated Privacy Policy on our website.
CONTACT US
If you would like further information regarding this Policy or wish to contact us, please do so via any of the following means: Email: paul@tamworthcitydance.com.au Address: 184 Peel Street, North Tamworth, NSW, 2340