🌿
NS Compliance Hub
Privacy Policy
Last updated: 31 May 2026
This policy applies to personal information collected and managed by The Hills Montessori (the Centre) through the NS Compliance Hub platform. We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who We Are
The Hills Montessori is an approved provider of early childhood education and care services in Queensland, operating under the Education and Care Services National Law (Qld) and the Education and Care Services National Regulations.
The NS Compliance Hub is an internal platform used to manage educator records, compliance obligations, incident reporting, risk assessments, and child safety requirements.
2. What Information We Collect
We collect personal information to manage employment relationships and meet our regulatory obligations, including:
- Identity information: Full name, date of birth, contact details (email, phone, address)
- Employment information: Role, qualifications, RTO details, start date, employment status, availability, hourly rate
- Compliance credentials: Working With Children Check (WWCC) number, state and expiry date; First Aid, Anaphylaxis, and Asthma training dates and certificates
- Health information: Immunisation status (where consent is provided), as required under workplace health and safety obligations
- Incident and risk information: Records involving staff, children, or visitors as part of mandatory regulatory reporting
- Digital signatures and acknowledgements: Captured during onboarding and policy acknowledgements
- Personal preferences: Optional fields such as love language, favourite snack, and shoe size, used solely for workplace wellbeing purposes
3. How We Use Your Information
Your personal information is used to:
- Manage your employment record and HR administration
- Track and report compliance with the National Quality Standard (NQS) and National Regulations
- Fulfil mandatory reporting obligations under Queensland child protection law
- Send automated reminders about expiring credentials (WWCC, First Aid, etc.)
- Support rostering and staffing ratio calculations
- Manage risk assessments and incident records as required by law
4. Who We Share Information With
We do not sell or trade your personal information. We may share it only in the following circumstances:
- Regulatory bodies: ACECQA, the Queensland Department of Education, or other regulators where required by law
- Service providers: Our hosting and database infrastructure providers (subject to confidentiality obligations); email delivery services for compliance reminders
- Legal requirements: Where disclosure is required by law, court order, or to protect the safety of children or staff
5. Data Storage and Security
All personal data is stored in a secured PostgreSQL database with access controls, encrypted connections, and session-based authentication. The platform employs the following security measures:
- HTTPS-only access with secure, HTTP-only session cookies
- Role-based access control (director and educator roles)
- Rate limiting on all authentication and API endpoints
- No plaintext passwords — all credentials are hashed using bcrypt
- Uploaded documents (certificates, policy files) are stored as encrypted binary data in the database
6. Data Retention
We retain personal information for as long as necessary to fulfil regulatory and employment obligations:
- Employment records: Retained for 7 years after the employment relationship ends, as required under the Fair Work Act 2009
- Incident records: Retained for a minimum of 3 years, or until the youngest child involved turns 25, whichever is longer
- WWCC and qualification records: Retained for the duration of employment plus 7 years
- Session logs: Automatically purged after 8 hours of inactivity
7. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate, incomplete, or out of date
- Request deletion of your record (subject to our legal retention obligations)
- Complain if you believe your privacy has been breached
To exercise any of these rights, contact the Director using the details below. We will respond within 30 days.
8. Complaints
If you believe we have handled your personal information in a way that breaches the Australian Privacy Principles, you may lodge a complaint with us first. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
9. Contact Us
For privacy-related enquiries, access requests, or corrections:
← Back to login