comp.page

Privacy Policy

Version 2026-04-02 | Effective: 2 April 2026

This Privacy Policy sets out how NSJS Group Pty Ltd (ABN 20 620 383 726), operating the comp.page platform ("Platform"), collects, holds, uses and discloses personal information of users of the Platform. This policy is issued in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

1. Information Collected

1.1 Account Information

Upon registration, we collect:

  • Full name (legal and preferred)
  • Email address
  • Password (stored in encrypted form)
  • Timestamp and version of your agreement to these terms

1.2 Official Profile Information

Officials may provide the following additional information:

  • Phone number
  • Date of birth
  • Postcode and pronouns
  • School or institutional affiliation
  • Debating experience, qualifications and experience level
  • Availability for competitions
  • Emergency contact details
  • Conflicted schools and reasons for conflict

1.3 Safeguarding Check Data

Users may provide safeguarding check information through the Platform, including but not limited to:

  • Safeguarding check number (e.g. WWCC number, Blue Card number or equivalent)
  • Check expiry date
  • Verification status as recorded by authorised personnel
  • Supporting documentation
  • Verification notes recorded by authorised safeguarding officers

Safeguarding data is treated as sensitive information and is subject to the additional protections set out in Section 8.

1.4 Performance and Administrative Records

Authorised personnel (competition organisers, chief officials and administrators) may record the following information about you through the Platform:

  • Performance observations, feedback and reviews relating to your officiating
  • Restrictions, blacklists and bans, including the reason, the person who imposed the action, and any expiry date
  • Assignment history and attendance records

This information is visible to authorised personnel within the relevant organisation and competition. It is not visible to other officials or to the general public. Where a restriction or ban has been imposed, you may not have visibility of the record through the Platform — see Section 6 regarding your right to request access.

1.5 Technical and Usage Data

We automatically collect:

  • IP address and browser type
  • Pages visited and features accessed
  • Login timestamps and session data
  • Device information

2. Use of Information

We use the information collected for the following purposes:

  • Account creation and management
  • Display of user profiles and credentials to authorised Platform users in accordance with the role-based access controls described in Section 4
  • Competition administration, including official scheduling, assignment, panel management and credential verification
  • Enabling competition organisers and safeguarding officers to record and review safeguarding check information as described in Section 8
  • Communications regarding Platform updates, competition logistics and notifications
  • Platform security and integrity
  • Responding to support requests and enquiries
  • Generation of anonymised, aggregated usage statistics
  • Maintenance of audit trails for security and accountability

3. Basis for Collection

  • Consent: You consent to the collection and use of your personal information when you register for an account and agree to this Privacy Policy and our Terms of Service. Additional consent is obtained when you voluntarily enter safeguarding data into the Platform. You may withdraw consent at any time by contacting us, subject to any applicable data retention requirements. Withdrawal of consent may affect your ability to use the Platform.
  • Platform operation: The collection of personal information is necessary for the provision of the Platform's administrative functions for competition management.
  • Child safety: Competition organisers are required by law to verify that adults engaged in child-related work hold valid safeguarding clearances (e.g. WWCC in NSW, Blue Card in QLD). The Platform collects and stores safeguarding data to assist competition organisers in their record-keeping.

4. Disclosure of Information

4.1 Role-Based Access

The Platform employs role-based access controls. The categories of users who may access your information, and the scope of that access, are as follows:

  • Officials: may view and edit their own profile, documents and safeguarding information.
  • Competition convenors and chief officials: may view official profiles and availability for their assigned competition.
  • Safeguarding officers: may view safeguarding check numbers, expiry dates and verification status for officials within their assigned competition.
  • Administrators: may view all user data for Platform management and audit purposes.

Access to your information is determined by the roles and permissions configured by the relevant competition organiser, not by us.

4.2 Third-Party Processors

Your information may be processed by the following third parties:

  • Hosting providers: Vercel (application hosting, with edge servers that may process requests in the United States, European Union and other jurisdictions) and Supabase (database hosting, primary region: Sydney, Australia).
  • Email service providers: for transactional and notification emails.

4.3 Cross-Border Disclosure

In accordance with APP 8 of the Privacy Act 1988 (Cth), we disclose that your personal information may be processed in jurisdictions outside Australia, including the United States and the European Union, through our hosting providers (Vercel and Supabase). We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the APPs, including by selecting providers that maintain appropriate security standards and contractual data protection commitments.

4.4 Disclosure Required by Law

We may disclose your information where required by:

  • Australian law or court order
  • A government safeguarding authority (e.g. the Office of the Children's Guardian in NSW) in connection with safeguarding verification or child protection matters

We do not sell, rent, or trade personal information to any third party.

5. Data Storage and Security

We implement reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These measures include:

  • Encryption of data at rest and in transit
  • Role-based access controls enforced at the database level
  • Documents stored in private, access-controlled storage with no publicly accessible URLs
  • HTTPS for all connections
  • Audit logging of data access and modifications
  • Session management controls including inactivity timeouts
  • Content Security Policy headers

Our primary database is hosted in Australia (Sydney, ap-southeast-2) via Supabase. Application hosting is provided by Vercel, whose global edge network may process requests in jurisdictions outside Australia during content delivery. We select providers that maintain appropriate security standards.

No method of transmission or storage is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

6. Access, Correction and Deletion

6.1 Your Rights

In accordance with APPs 12 and 13 of the Privacy Act 1988 (Cth), you may:

  • Access your personal information at any time through the Platform, or by making a written request.
  • Correct inaccurate information by updating your profile directly, or by contacting us.
  • Request deletion of your account and associated data, subject to the retention requirements in Section 7.
  • Withdraw consent for data processing. Withdrawal of consent for safeguarding data may affect your eligibility to officiate at competitions requiring a valid safeguarding check.

6.2 Access to Restriction and Feedback Records

Where a restriction, blacklist, ban or performance record has been recorded about you, you may request access to that information under APP 12. We will provide access except where:

  • Disclosure would reveal the identity of a complainant or confidential source in a safeguarding matter;
  • Disclosure could compromise an ongoing investigation;
  • An exemption under APP 12.3 of the Privacy Act 1988 applies.

Where we refuse access to specific information, we will provide written reasons for the refusal.

6.3 How to Make a Request

Requests should be directed to support@comp.page. We may require verification of your identity before processing a request. We aim to respond within 30 calendar days.

7. Data Retention

  • Account data is retained for the duration of your account. Upon account deletion, personal data will be deleted or anonymised within 30 days, except where retention is required by law or permitted under this Section.
  • Safeguarding verification records (the fact that a check was verified, by whom, when and the outcome) are retained for the duration of your account and for a period of seven (7) years following account deletion, to support the record-keeping obligations of competition organisers under section 9A of the Child Protection (Working with Children) Act 2012 (NSW). The safeguarding check number itself (e.g. safeguarding check number) and any uploaded documents are deleted or anonymised within 30 days of account deletion, as they are not required for statutory record-keeping.
  • Consent records (including agreement version and timestamp) are retained indefinitely as evidence of consent.
  • Audit logs (including records of who accessed your data and when) are retained for three (3) years from the date of the logged event, after which they are deleted or anonymised.

8. Safeguarding Data Handling

Safeguarding check data (e.g. Working With Children Check numbers, Blue Card details or equivalent clearances) is treated as sensitive information and is subject to the following additional protections:

8.1 Purpose of Collection

Safeguarding data is collected and stored solely to:

  • Assist competition organisers in maintaining records of official safeguarding check status for the purposes of applicable child protection legislation (e.g. Child Protection (Working with Children) Act 2012 (NSW)).
  • Display safeguarding status and expiry information to authorised personnel for competition administration.
  • Provide expiry notifications to affected users.
  • Maintain audit trails of safeguarding data access and modifications.

8.2 Access Controls

  • Safeguarding data is accessible only to users with designated roles (safeguarding officer, competition convenor, chief official, administrator) within the scope of their assigned competitions.
  • Officials may view only their own safeguarding data.
  • All access to safeguarding data is recorded in an audit log, including the identity of the user, the time of access, and the action performed.

8.3 Storage

  • Safeguarding data is encrypted at rest.
  • Safeguarding documents are stored in private, access-controlled storage not accessible via public URLs.
  • Safeguarding check numbers are not used as internal user identifiers.

8.4 Limitation of Platform Role

The Platform stores and displays safeguarding data as reported by users. The Platform does not independently verify safeguarding clearances with any government authority and is not a substitute for official verification systems.

The legal obligation to verify that individuals engaged in child-related work hold valid safeguarding clearances rests with the employer or relevant competition organiser under applicable child protection legislation. That obligation cannot be discharged by reference to data stored on this Platform.

The Platform provides tools to record verification outcomes (such as "cleared", "barred" or "expired") but does not make, endorse or warrant those determinations.

9. Cookies

  • Essential cookies: used for session management and authentication. These are necessary for Platform operation and cannot be disabled.
  • Analytics: anonymised analytics may be used to monitor Platform performance. No personally identifiable information is included.

We do not use advertising cookies or tracking pixels and do not share cookie data with third parties.

10. Data Breaches

In the event of an eligible data breach under Part IIIC of the Privacy Act 1988 (Cth) (the Notifiable Data Breaches scheme), or a breach that is likely to result in serious harm to affected individuals, we will:

  1. Take immediate steps to contain the breach.
  2. Assess the nature and scope of the breach.
  3. Notify the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of the breach, as required by law.
  4. Notify affected individuals as soon as practicable, including a description of the breach, the categories of information involved, and recommended steps for affected individuals.
  5. Where the breach involves safeguarding data, notify the relevant government safeguarding authority (e.g. the Office of the Children's Guardian in NSW).

11. Contact and Complaints

Questions, concerns or complaints regarding this Privacy Policy or the handling of personal information should be directed to:

Privacy Contact
NSJS Group Pty Ltd
ABN 20 620 383 726
Email: support@comp.page

We aim to acknowledge complaints within five (5) business days and provide a substantive response within thirty (30) calendar days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the version number and effective date at the top of this page and notify you through the Platform. You will be required to review and accept the updated policy before continuing to use the Platform.

If you do not agree to the updated policy, you may request account deletion by contacting us.

<