Formee Education

Formee Education ("Formee Education", "we", "our", "us") is committed to protecting the privacy of institutions, staff, students, and all users of our AI-powered education technologies. This Privacy Policy explains how we collect, process, use, disclose, store, and protect personal information when you use:

·      Our website

·      Our Services and AI tools

·      Our Learning Management System (LMS)

·      Our Software modules and integrations

Collectively referred to as the "Platform".

This Privacy Policy complies with:

·      Privacy Act 1988 (Cth)

·      Australian Privacy Principles (APPs)

·      GDPR (EU)

·      UK GDPR

·      Relevant global data protection laws

1. Scope of this Privacy Policy

This Privacy Policy governs how we handle personal information when you ("User") or your institution access the Formee Education Platform.

1.1 Definitions

Customer – The institution (e.g., higher education provider, vocational training organisation) that purchases or subscribes to our Services.

Authorised User – Staff, students, contractors, or other individuals who are granted access by a Customer.

Platform – Our website, Services, AI systems, software tools, and LMS.

We are the data controller for personal data we collect directly (“Other Information”). For institutional data (“Customer Data”), Formee Education generally acts as a data processor, processing data only under Customer instructions.

2. Identifying the Data Controller and Data Processor

Different jurisdictions define roles regarding data control:

Controller

A Controller decides how and why personal data is processed.

·      For Customer Data, the Customer (your institution) is the Controller.

·      For Other Information we collect directly (analytics, logs, account data), Formee Education is the Controller.

Processor

A Processor acts only on the Controller’s instructions.

·      Formee Education is the Processor of Customer Data.

Additional Representatives (GDPR)

If required under GDPR, Formee Education may appoint an EU/UK representative for data protection enquiries. Details will be provided in the Data Processing Agreement (DPA).

3. Personal Information We Process

We collect two broad categories of information:

3.1 Customer Data (Processed as a Data Processor)

This includes:

·      Student enrolment details

·      Academic records

·      Course content, curriculum, assessments

·      Risk assessment inputs

·      Staff professional development data

·      Uploaded documents, files, videos, or images

·      Data provided via API integrations

Customer Data is controlled by the Customer institution.

3.2 Other Information (Collected as a Data Controller)

Contact Information

·      Name, email, phone number

·      Title and institutional affiliation

Financial and Billing Information

·      Payment details (processed via secure third-party processors)

·      Billing history

Account Information

·      Username, password (encrypted)

·      Profile details

·      User settings

Usage Information

·      Pages visited

·      Features used

·      Time spent in modules

·      Learning analytics and LMS interactions

Technical Information

·      IP address

·      Browser type

·      Device characteristics

·      Log files

·      Approximate location (derived via IP)

AI Content Inputs and Outputs

·      Prompts used for AI generation

·      Generated documents, assessments, content

Cookie and Tracking Information

Used for authentication, analytics, and platform performance.

Other Information You Provide

·      Feedback

·      Survey responses

·      Support requests

·      Job applications

·      Interaction with social media or marketing communications

4. Purposes and Legal Bases for Processing

Formee Education processes data under multiple lawful bases depending on the jurisdiction.

4.1 Processing Customer Data (as Processor)

We process Customer Data strictly:

·      Under Customer instructions

·      Under a valid contract

·      In compliance with applicable law

4.2 Processing Other Information (as Controller)

A. Contractual Necessity

We process data to:

·      Provide access to the Platform

·      Enable AI tools, LMS, SMS, and integrations

·      Authenticate users

·      Provide customer support

·      Manage accounts and subscriptions

·      Process payments

B. Legitimate Interests

We process data to:

·      Improve platform performance and reliability

·      Enhance our AI models (using anonymised or synthetic data only)

·      Monitor usage for security and fraud prevention

·      Prevent unauthorised access

·      Ensure compliance and service quality

·      Conduct platform analytics

C. Legal Obligations

We may process personal information to:

·      Comply with the Privacy Act 1988 (Cth)

·      Respond to lawful requests from regulators or law enforcement

·      Comply with tax, billing, audit, or reporting obligations

D. Consent

We rely on consent only when required, including:

·      Marketing communications (where required by law)

·      Optional features requiring personal data

Consent may be withdrawn at any time.

5. Cookies and Tracking Technologies

We use cookies to support:

·      Authentication

·      Performance and load balancing

·      Analytics

·      Security monitoring

Users may manage cookie preferences using browser settings.

6. Disclosure of Personal Information

We do not sell or rent personal information.

We may disclose information to:

6.1 Service Providers

Including hosting, analytics, security, payment processors, and AI infrastructure providers.

6.2 Institutional Integrations

At Customer request, we may disclose data to:

·      LMS systems

·      SMS/CRM platforms

·      Communication tools

6.3 Regulators and Legal Authorities

Where required or permitted by law.

6.4 Business Transfers

In case of mergers, acquisitions, restructuring, or asset sales.

7. International Data Transfers

Data may be processed in:

·      Australia

·      EU/EEA

·      United States

·      Other regions as selected by a Customer

When transferring internationally, we use:

·      APP 8 compliant frameworks

·      Standard Contractual Clauses (SCCs)

·      Adequacy decisions (where available)

8. Data Security

We maintain strict security measures, including:

·      Encryption in transit and at rest

·      Multi-factor authentication (MFA)

·      Role-based access controls

·      Continuous monitoring

·      Penetration testing

·      Secure development practices

9. Data Retention

We retain:

·      Customer Data according to the customer’s instructions

·      Other Information as long as required for legal, operational, or support purposes

Upon service termination, Customer Data is:

·      Returned or exported to the Customer upon request

·      Deleted or anonymised according to the DPA

10. Children’s Privacy

Our Services are designed for vocational and higher education institutions. We do not knowingly collect data from children without institutional authorisation.

11. User Rights

Depending on jurisdiction, Users may:

·      Access their data

·      Request correction or deletion

·      Request data portability

·      Restrict or object to processing

·      Withdraw consent

·      Request clarification on automated decision-making

Requests must generally be submitted through the Customer (controller of Customer Data).

12. Data Breaches

Formee Education complies with the Notifiable Data Breaches Scheme under Australian law.

We will:

·      Notify affected Customers promptly

·      Provide details about the breach

·      Comply with regulator requirements

13. Changes to This Policy

We may update this Privacy Policy periodically. Material updates will be communicated directly to Customers.

14. Contact Us

For privacy enquiries or data rights requests:

Formee Education

41 Boundary Rd, North Melbourne VIC 3051

contact@formeeeducation.com