study image
Explore Programs
We’ve updated our T&Cs – read the student-friendly overview here.
Explore Programs

Study Work Grow

Privacy Policy

1. Australian Privacy Principles

1.1 Study Work Grow Pty Ltd ABN 74 626 075 018 (“we”, “our”) are committed to maintaining the privacy and confidentiality of personal information. We believe that the responsible use of personal information collected is critical to our business objectives and reputation.

1.2 We have elected to follow the Commonwealth Privacy Act 1988 and accordingly will adhere to the Australian Privacy Principles (APPs) when collecting, using, disclosing, securing and providing access to personal information.

1.3 As part of our commitment to privacy, we have adopted this Privacy Policy which deals with the management of personal information.

1.4 By engaging with us, you consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy.

1.5 The contents of this Privacy Policy are subject to change and are not intended to create a contract between us and any individual or entity that provides us with personal information.

2. Personal Information Collection

2.1 Personal information is any information, including any opinion, about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in material form or not.

2.2 Sensitive Information is personal information which is given a greater level of protection under the Australian Privacy Principles, such as information about your health, criminal records, your religious beliefs or affiliations or political opinions. We only collect such information where we are permitted to do so under the Australian Privacy Principles and if such information is necessary to provide our services to you or where we are required to collect this information by law.

2.3 We may invite you to provide information about yourself so that we are able to provide our services to you. We may also collect information about you from your school, university, or students. We do not collect information about you from other external sources.

2.4 The extent and type of personal information we receive from you depends on the information you provide to us through our mailbox, website, smartphone application, telephone, face-to-face meetings and/or when you request services.

2.5 In order for us to provide you with our services or otherwise to deal with you we generally require your:

  • For school or organisation officials – name, email address, contact numbers;
  • For student and community users – official email address (provided by your school or organisation);
  • Information about your school and education records;
  • Any information that relates to you, that you provide to us directly through our website, email, questionnaires and phone conversations.

2.6 Where it is lawful and reasonable to do so, you can remain anonymous or use a pseudonym for general platform use, however accurate legal information is required for billing and payment purposes. Use of pseudonyms may reduce the type and quality of services we will be able to provide.

3. Use and Disclosure of Personal Information

3.1 We use the personal information which you provide to deliver services most suited to your needs.

3.2 We use your personal information to:

  • communicate with you and respond to your requests;
  • provide you with information about our services;
  • provide you with services;
  • administer and manage those services (including billing);
  • consult with your school or university;
  • market our services by promotional and educational material and invitations;
  • gather feedback on our services or our website;
  • upload or download information from our office management software; and
  • comply with any legal or regulatory obligations.

3.3 We only send marketing communications where you have opted in. You can opt out at any time via unsubscribe links in our messages or by contacting us directly.

3.4 The personal information you provide to us will be retained only for as long as necessary to fulfil the purposes for which the information was collected or as required by law.

3.5 Dormant accounts and associated personal data are deleted after 12 months of inactivity unless we are required to retain it by law.

3.6 We do not share personal information with third parties except:

  • where you have given your consent;
  • to contracted service providers (sub-processors) who are bound by confidentiality, privacy, and security obligations and who only process information on our instructions; or
  • where required by law or a valid legal process.

3.7 Any research we conduct using personal information is performed internally and only with de-identified or aggregated data.

3.8 We will release specific information about you or your account to comply with any valid legal inquiry or process such as a search warrant, subpoena, statute or Court order. We will also release specific information in special cases, such as if there is an attempted breach of the security of our website or systems, or a physical or property threat to you or others.

3.9 Information you enter when subscribing or making a purchase will be shared with payment processors, financial gateways, and your credit card company to authorise credit card payments. Such information may also be shared with necessary third parties solely for the purpose or carrying out the transactions.

3.10 By submitting information online through a website or questionnaire, you acknowledge that we cannot guarantee the security of such information.

4. Data Access and Quality

4.1 We take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date.

4.2 You can request a copy of your personal data in a portable format. If we are unable to provide you with access, we will explain why. We reserve our rights to charge a fee for searching for and providing access to your information.

4.3 You can contact us at any time to update your information and we recommend you do so as and when required. You can also advise us of changes by e-mail, telephone or letter using the details on our website.

5. Cookies

5.1 “Cookies” (small text files placed on your computer when you first visit our website) may be used on some parts of our website. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider.

5.2 Cookies are primarily used to enhance your online experience and are not used to track the navigational habits of identified visitors, unless we obtain your permission to do so. If you visit our website to read or download content, much of the information we do collect via cookies is statistical only (for example the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and is not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our site more useful and attractive to users.

6. Overseas Transfer

6.1 We use internet service providers that have servers located in Australia. We may also use, or use in the future, internet service providers that may have servers located elsewhere, including cloud service providers. This means that your personal information supplied to us online, for example through our website, smartphone application or our social media sites or office management software, may be transferred overseas for the purpose of storage on servers. If you elect to provide personal information to us through any of our online services you are deemed to consent to the possible overseas transfer of such information. If we are required to transfer your personal information to a server located outside of Australia we will notify you prior to this occurring.

6.2 Apart from the above we will only transfer your personal information overseas if:

  • we are required to do so by law;
  • we reasonably believe that the recipient will be required to uphold privacy principles which are similar to the Australian Privacy Principles;
  • you have consented to the transfer;
  • it is not practical to obtain your consent or the transfer is for your benefit and your consent is likely to be given;
  • the transfer of the information is necessary for the performance of a contract between you and us; or
  • we have taken reasonable steps to ensure that your personal information will not be held, used or disclosed by the overseas recipient in a way which does not comply with the Privacy Act and/or the APPs.

7. GDPR Compliance

7.1 If you are in the European Economic Area (EEA), we treat your information in accordance with European laws and regulations including the GDPR which governs how we may collect and process your information, and the rights you have in relation to it.

7.2 Without limitation, if you are in the EEA we will collect and use your information only where:

  • We need it to provide you with our services and fulfil our obligations to you, including providing you with advice on career options and resources;
  • It is justified because of a legitimate interest such as for internal research (using only de-identified or aggregated data) or to improve our services, but only where our legitimate interest isn’t overridden by your interest in protecting your data;
  • You consent to us using your information in a certain way; or
  • It is necessary for compliance with our legal obligations.

7.3 Where we transfer your information to a third party provider that is not located in the EEA, and is not subject to an adequacy decision by the EU Commission, we will require those third party providers to enter into an appropriate data processing agreement.

7.4 You will be asked to consent to the use of your information for the purposes set out in this Privacy Policy and our applicable terms and conditions at the time of engaging with us or entering our website or questionnaire. You may withdraw that consent at any time by emailing us.

7.5 You have a right to:

  • Receive information which you supplied in a structured, commonly used, machine-readable format and to transmit that data to another entity, where the data is processed electronically;
  • require us to delete your information in certain circumstances such as when the information is no longer necessary for the purpose for which it was collected, or you withdraw your consent; and
  • object to the processing of your information verbally or in writing.

7.6 If you require us to delete your information, you withdraw your consent or you object to certain use of your information, it may mean that it is not possible for you to continue using our services.

8. Data Security

8.1 We are committed to protecting your personal information from misuse and loss, and from unauthorised access, modification and disclosure, and will take reasonable steps to do so.

8.2 Our personnel who have access to personal information have been trained to maintain the confidentiality of such information.

9. Sub Processors

9.1 We will notify you in writing of any new sub-processors or changes to data storage locations before they take effect.

9.2 Hosting – SiteGround provides our Australian hosting for the service, including application files, databases, logs and backups. In doing so, SiteGround may process account information, usage data, IP addresses and content stored in the service. The purpose is to host and secure the platform, ensure availability, and maintain backups. Our lawful basis is performance of a contract (to provide the service) and our legitimate interests in security and reliability. Data is processed and stored in Australia.

9.3 Email – MailerLite is used only if a user or school chooses to receive optional communications such as newsletters or product updates. It is not required to use the service. When enabled, MailerLite processes names, email addresses and email engagement events for the purpose of delivering those messages. The lawful basis is consent for marketing communications and performance of a contract for essential service notifications where requested. MailerLite is based in the European Union and processes data in Germany and the Netherlands.

9.4 Backups – Amazon Web Services (AWS) Sydney is used for off-site encrypted backups and disaster recovery. In doing so, AWS may process account information, user data, assessment records and stored content for the purpose of secure backup storage and disaster recovery. Our lawful basis is performance of a contract (to provide the service) and our legitimate interests in data resilience and business continuity. Data is processed and stored in Australia (AWS Region ap-southeast-2).

9.5 School management (no student data) – Notion is used to manage school relationships. Notion processes school-level information only, including school name, administrator contact details (names, email addresses, roles) and membership information. No student personal data is stored in Notion. The purpose is customer relationship management and service coordination. The lawful basis is performance of a contract and our legitimate interests in effective account management. Data is processed in the United States.

9.6 Billing and accounting (no student data) – Xero helps us manage billing and financial records for schools. Xero processes school name, contact name, contact email (or accounts email where invoices are directed), ABN (when supplied) and membership information. No student personal data is stored in Xero. The purpose is billing administration and financial record-keeping. The lawful basis is performance of a contract and legal obligation (financial record-keeping). Data is processed in the United States.

Sub-processor Applicable services Nature and purpose of processing Categories of personal data Location of processing Security / reference
SiteGround Primary hosting Cloud hosting, security, logging, backups Account info, usage data, IP addresses, service content Australia SiteGround Security
MailerLite Optional communications Email delivery for newsletters and product updates Names, email addresses, engagement events European Union (Germany, Netherlands) MailerLite Security
Amazon Web Services (AWS) – Sydney Off-site backups Encrypted backup storage; disaster recovery Account info, user data, assessment records, stored content Australia (ap-southeast-2) AWS Compliance
Notion School management (no student data) Customer relationship management, service coordination School name, administrator contact details, membership information United States Notion Security
Xero Billing and accounting (no student data) Billing administration, financial record-keeping School name, contact details, ABN (when supplied), membership information United States Xero Security & Privacy

10. Further Information

10.1 We recognise our responsibility for protecting the privacy of your personal information. If you have a complaint or objection about our administration of your personal information, please contact us at schools@studyworkgrow.com. You may also use this address to communicate any questions or comments you may have regarding compliance with our Privacy Policy.

10.2 We will provide at least 7 days’ advance notice of any changes to this Privacy Policy or our Terms & Conditions. We will notify you in writing via email sent to the registered account email and by posting a notice on the Website.

10.3 If you are not satisfied with how we handled your complaint, you can lodge a complaint with us or with the Office of the Australian Information Commissioner at:
Telephone 1300 363 992
Post GPO Box 5218 Sydney NSW 2001
Facsimile +61 2 9284 9666
Email enquiries@oaic.gov.au
Website www.oaic.gov.au

Last updated: 12 November 2025
Effective: 19 November 2025