Privacy Policy

This policy is for our Australian customers. Follow this link to view our USA privacy policy.

Privacy Policy

Effective Date: 1 February 2018

Tutor on Demand Pty Ltd ACN 149 712 881 (collectively, “Edrolo”, “we”, “us”, “our and similar expressions) is an online provider of educational resources to secondary school students, teachers and leaders.

By accessing our websites located at a domain or subdomain owned by us, including the website (“Website”), using our products or services, or otherwise providing us with personal information, you confirm that you have read and accept the terms of this Privacy Policy and expressly consent to the collection, storage, use and disclosure of your personal information in accordance with the terms of this privacy policy (“Privacy Policy”).

If you do not feel comfortable with any aspect of this Privacy Policy or do not agree to the terms of this Privacy Policy, you must immediately leave the Website and discontinue your use of our products and services. In order to fully understand your rights, we encourage you to read both this Privacy Policy and our Terms of Service.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we change this Privacy Policy in any material way, we will post a notice on our Website or services along with the updated Privacy Policy prior to the change becoming effective. You agree that you will regularly review this page for the latest information on our privacy practices.

Our Privacy Commitment

Your privacy is important to us. Your personal information will be collected, used, stored and disclosed by Edrolo in accordance with this Privacy Policy, and in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

If you have any queries relating to our Privacy Policy or the manner in which we handle your personal information, please contact our Privacy Officer using the contact details at the end of this document.

Information We Collect

So that we can provide you with our Website, products and services (collectively, “Services”), we may need to collect information from you or about your use of our Services as described below.

Please be aware that you can choose whether to provide us with the types of information described below, but your choices may affect our ability to offer you part of or all of our Services. If you do not provide us with the information we request, we may not be able to supply you with all or part of our Services. Any information that we do not require you to supply is information that you provide to us voluntarily.

  • Information you provide to us when accessing or using our Services. We collect information you provide to us, including, but not limited to:
  • Registration information. By registering with our Services, you authorise us to collect any information that you make available to us when accessing or using our Services. We collect information about you including your first and last name, email address, student identification number, school name, subject choices, year level, subject teachers, and contact details.
  • Order information. If you purchase products or services from us, our payment gateway provider may also require your credit card details and billing information to process your transaction. These credit card details are not stored in any form by us or on any internal or external databases that are accessible to us. Additionally, if you purchase a physical product from us, our delivery/shipping provider may also require your shipping address to allow us to fulfil your order.
  • Third party information. We may receive information about you from third parties that you have authorised to share such information with us. For example, if you link your social media account with our Services, we may receive information about you from your social media account.
  • Communications with us. When you communicate with us in any way we will collect your contact information and any other information you may choose to provide to us.
  • Information about your use of our Services. We also collect information about you passively when you use or access our Services. We will combine this information with information you give to us and information we collect from you. For example, we collect information which may include, but is not limited to:
  • Cookies and similar tracking technologies. We use both first-party and third-party cookies, and similar tracking technologies on our Services. A cookie is a small data file that is stored on your device and collects information, such as your IP address or information about your use of or your activities on our Services. Further information about this is detailed below in the section titled ‘Website Usage, Tracking Information and Cookies’.
  • Log data. We collect log data about your use of our Services, which may include your IP address, data, and time of your access or use of our Services, page views, the referring URLs, and any other information about your activities on our Services.
  • Third-party plugin. We may integrate third-party plugins into our Services and the use of such third-party plugins results in data collection by us and the relevant third party.
  • Accessing and using our Services in any other way. When you use or access our Services, we may collect information such as search terms, interactions with other users, and any other activities on our Services.

Why We Collect Personal Information

We collect personal information so that we can carry out our business activities in a professional and efficient manner, and improve our Services. We also collect your personal information for the purposes stated below:

  • set-up and configure customer accounts;
  • fulfil your requests and orders for products and services;
  • identify our customers, potential customers and people acting on their behalf;
  • improve our service offerings;
  • record and maintain user details and profile information;
  • provide information on services available to subscribers;
  • provide client and user support;
  • deliver marketing materials to you regarding new services and offers we believe may be of interest to you;
  • collect fees and payments owing to us;
  • comply with legal obligations;
  • resolve disputes;
  • enforce agreements with third parties;
  • detect, prevent, and investigate potential or actual fraud or other harmful activity to you, us, or any third parties;
  • respond to your enquiries and concerns and resolve disputes;
  • advertise our Services;
  • contact you regarding your use of our Services; and
  • compare information provided by you for accuracy and verify it with third parties,

and any secondary purposes related to the above.

Disclosure of Personal Information

In carrying out our business, we may disclose your personal information to others, including, but not limited to:

  • related entities of Edrolo;
  • service providers contracted by Edrolo, including information technology service providers, printers and distributors of marketing material, creditors, bankers, financiers, credit providers, mortgage insurers or trade insurers, and external business advisers (such as auditors and lawyers);
  • third parties authorised by you;
  • third parties as required by law, such as to comply with a subpoena or similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, to protect the safety of you, others, or us, to investigate, or to respond to a government or law enforcement request;
  • third parties involved in a business transaction with us, such as in the case of a merger, acquisition, or sale of all or a portion of our assets, as permitted by applicable law;
  • detect and prevent fraud;
  • protect the rights, property, and safety of Edrolo, you, and others;
  • enforce our policies and agreements;
  • teachers, school leaders and other students, for example, where you have opted-in to a particular user group, or where you take part in any interactive areas of the Websites or Services; and
  • any third-party plugins. Your interactions with third-party plugins will be governed by the privacy statement of the company providing the third-party plugin.

Overseas Disclosure of Personal Information

As a global organisation, we may store, use, transfer, and otherwise process your personal information in countries outside of the country of your residence. By using our Services, you consent to Edrolo’s transfer to and handling of your personal information in a jurisdiction which may have different (and less stringent) data protection rules than the country in which you reside.

Edrolo stores customer data in the cloud (it would be basically impossible to deliver our resources to students and teachers without doing so). Staff at Edrolo have secure access to this data, and tiered levels of staff access to this information, too. Our databases (containing Name, Contact Details and Subject Enrolments) are stored with Amazon Web Services (AWS) in the Asia Pacific Region (Sydney). Schools can take confidence from our deliberate choice of reliable, high-quality providers, like AWS, who set the industry standards for information security, and operate under the strongest compliance standards and industry certifications. It is of paramount importance to both AWS and us that your data is private and secure. If you have further questions regarding AWS standards and protocols, AWS house a comprehensive set of compliance resources on their website which can be accessed here.


Where we use your personal information to send you marketing and promotional information, you will be provided with an opportunity to opt-out of receiving such information. Unless you exercise your right to opt-out of such communication, you will be taken to have consented to the receipt of similar information and communications in the future.

Website Usage, Tracking Information and Cookies

We collect limited information about people who use our Services so that we can track the use of those resources, maintain and improve our Services, and understand how our users navigate through and use our Services. We do not use these technologies for tracking of any information about your use of other websites or services. Information we collect may include:

  • server and/or internet protocol (IP) addresses;
  • top level domain names;
  • the date, time and duration of your visit;
  • pages accessed and documents downloaded;
  • referring and exit pages;
  • whether you are a returning visitor;
  • the type of browser used,
  • the hardware type and operating system of the device used,

(collectively, “Usage Information”).

In order to collect Usage Information, we may use software embedded in our Websites (such as JavaScript) and we may place small data files (cookies) on your computer or other device. We may also use similar means, including third party services such as Google Analytics, to track Usage Information in relation to our products and services.

Unless you have registered for an account with us and are logged in to our Services, we will not link Usage Information to your personal information such as your user name. If you register for an account with us, Usage Information while you are logged in to the Services will be associated with your registration data. If you do not register for an account with us, Usage Information will be aggregated with that of other unregistered users and will not be associated with an identifiable person.

You may decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of our Websites, products and services. You can refer to the ‘help’ section of your browser or installed applications for instructions on blocking, disabling or deleting cookies.

“Do-Not-Track” Signal

You may disable cookies through your browser settings, but at this time we do not honour “Do-Not-Track” signals.

Storage of Personal Information

We will retain your information for as long as permitted under the Privacy Act 1988 (Cth), or to comply with our legal obligations. When we dispose of personal information, we ensure that it is destroyed or de-identified in a secure fashion according to industry standards and as required by law.

Security of Personal Information

We take all reasonable steps to keep the personal information we hold about you secure and free from loss, misuse or interference. Personal information we collect and store is stored on secure servers, and is only accessible by those persons who need access to the information in order to carry out their business functions. We also maintain physical security measures to protect the use and storage of physical records containing personal information. However, you acknowledge that no method of transmission or electronic storage is completely secure, and we cannot control the security of data collected, stored, and disclosed on third party platforms. You transfer and store your information at your own risk. You are also responsible for the security of your personal information by taking precautionary measures, such as keeping your account password confidential and using secure wireless connections.

Accessing Your Personal Information

You may request that we provide you with access to the personal information we hold about you by contacting us using the contact details provided at the end of this Privacy Policy. However, privacy and data legislation in your jurisdiction may set out certain circumstances where we may deny, or only partially comply with such a request. These circumstances may include, for example, where:

  • access would pose a serious threat to the life, safety or health of any individual or to public health or public safety;
  • access would have an unreasonable impact on the privacy of other individuals;
  • the request is frivolous or vexatious;
  • denying access is required or authorised by a law or a court or tribunal order;
  • access would be unlawful; or
  • access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

If you require access to any information we hold about you, we request that you identify, as clearly as possible, the type of information requested. We will respond to your request to provide access to your personal information within a reasonable period after the request is made, and you agree we may charge you our reasonable costs incurred in supplying you with this information as permitted under the Privacy Act 1988 (Cth).

Updating Your Personal Information

We take such steps as are reasonable in the circumstances to ensure that:

  • the personal information we collect and store, is accurate, up to date and complete; and
  • the personal information we use and disclose is accurate, up to date, complete and relevant.

If you believe that information we hold about you may not be up to date, complete and accurate, you may notify us by contacting us using the contact details below.

You accept that we will take reasonable steps to verify your identity if you contact us with such a request.

Anonymity and Pseudonymity

If you are making a general enquiry only, you may deal with us on an anonymous basis or through the use of a pseudonym. However, we will not be able to provide you with any specific information about your account if you fail to identify yourself to us.

Third-Party Links

Our Website, products, and services may include links to other websites whose privacy practices may differ from ours. If you provide your personal information to any of those sites, your information is governed by their privacy policies.

Queries, Concerns and Complaints

If you have any queries, concerns or complaints about the manner in which we have collected, stored, used or disclosed your personal information, please contact the Edrolo Privacy Officer using the details below:


Privacy Officer
321 Exhibition St, Melbourne VIC 3000
Email: [email protected]

We will treat your complaint confidentially and, after investigating your complaint, discuss the ways in which we can remedy the situation. We will ensure that we respond to your complaint within a reasonable time (and in any event within the time required by privacy and data protection legislation in your jurisdiction).