Data Protection and Privacy Policy

 

Updated: 21 April 2021

 

1.    About this Data Protection and Privacy Policy FAQ

 

The Alpha School System Pty Ltd and our associated company Edumate Pty Ltd (“TASS”, “we”, “us” or “our”), recognises the importance of data protection and privacy to our customers (“you”) and is committed to them both. 

 

This Data Protection and Privacy Policy outlines how we collect, hold, use, disclose and otherwise handle personal information in an open and transparent manner in accordance with Section 5 of the Federal Trade Commission Act in the USA, the General Data Protection Principals (GDPR) (EU) 2016/679, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and The New Zealand Privacy Principles contained in The Privacy Act 1993.

 

By providing us with your personal information you consent to us handling it in accordance with this Data Protection and Privacy Policy as we update it from time to time.

 

2.    Why we collect, hold, use and disclose personal information

 

We collect, hold, use and disclose personal information for purposes relating to the promotion and supply of our products and services. A feature of the products and services that we offer is to store and hold information, some of which may be personal.

 

For example, we may collect, hold, use and/or disclose your personal information for the purpose of:

 

·       Establishing identity within our products;

·       Performing necessary identity and security verifications within our products and services;

·       Processing transactions and conducting business;

·       Generally delivering products and services, such as providing customer support and services, such as training;

·       Providing a hosted application service;

·       Providing you with information such as product update notification;

·       Improving our products, services and service delivery, including for better understanding your needs, interests and suitability for various products and services;

·       Recommending specific products and services that may meet your needs;

·       Responding to issues, questions, and queries;

·       Converting personal information contained within product data from a third party or TASS product(s) into another TASS product(s).

·       Protecting you and us against errors or fraud; and

·       Complying with our legal or regulatory obligations.

 

3.    What kinds of personal information we collect and hold

 

The kinds of personal information about you that we may collect and hold include your contact details, payment details, bank account details, purchase history and service related information. Our products may also contain personal data including but not limited to, contact details, date of birth, interests, reading history, school details and images.

 

Where you do not provide us with all or some of your personal information that we request then we may not be able to supply our products or services that you require.

 

4.    What kinds of anonymous statistical information do we collect and hold

 

For licensing and support purposes we collect anonymised data including student counts, product usage statistics, error logs and other service-related information.

 

The collection of this information is controlled by System Administrators though a global setting, and cannot be disabled on a per user basis.

 

5.    What website visitor information we collect and hold

 

We use a range of third-party tools, including cookies and session tools, to collect information about visitors to our websites:

·       https://www.tassweb.com.au/

·       https://www.edumate.com.au/

 

or our Support Portals:

·       https://hub.tassweb.com.au/

·       https://helpdesk.edumate.com.au/

 

For example, when you visit one of our Websites or Support Portals (“Website”), we may collect your server address, domain name, operating system, browser type, pages accessed, documents downloaded, previous visits, referring website, and visit date and time. We collect and hold this information for the purpose of maintaining and improving our services and enhancing your experience browsing our Website.

 

You may set your browser to disable cookies, but some parts of our Website may not function properly if cookies are disabled.

 

6.    How we collect and hold personal information

 

We collect and hold your personal information either directly from you or from information entered into our products. For example, we may collect your personal information from you in person when you visit our office or by mail, telephone, facsimile, email, FTP, using our website or other communication with you.

 

Personal information is stored in our products through the standard operation of our products. In the course of supporting or delivering a required service we may also request system data or log files be sent to us. Your instances of our product(s) may also be hosted in an environment where we have access to system data and log files.

 

We may request data which contains personal information be supplied to us in the process of delivering a service such as a data conversion or when providing support.

 

We may also collect your personal information from a third party or publicly available source where it is unreasonable or impracticable to collect the information directly from you. For example, we may collect your personal information from a third party when we are appointed to act as your authorised representative for the purpose of administering or managing the supply of products or services which you require.

 

We hold personal information that we collect in both physical and electronic storage facilities including paper-based files and computer databases.

 

7.    How we disclose personal information

 

We may disclose personal information to our affiliates, subsidiaries, employees, contractors, agents, and service providers for purposes relating to the supply of our products and services. For example, we may disclose your personal information to:

 

·       Third party providers for the purpose of providing you with support for our products or services that you require; and

·       Third party suppliers in the course and for the purpose of providing a product or service that you require.

 

Some third-party providers may be located in jurisdictions other than yours.

 

We will not sell or rent your personal information to any third party for marketing purposes without your consent.

 

8.    How we protect personal information

 

We protect personal information that we hold from misuse, interference, and loss, and from unauthorised access, modification or disclosure using both physical and electronic security measures which include secure premises, locked cabinets, secure databases, password access, anti-virus software, data transfer encryption and firewalls.

 

You provide us with your personal information over the Internet at your own risk as the security of such information cannot be 100% guaranteed.

 

We destroy or de-identify personal information in a secure manner when we no longer need it for any of our purposes unless we are authorised or required by law to retain it.

 

9.    How you may access, correct, and update your personal information

 

You have the right to request access to, and correction of, any of your personal information that we hold. You should promptly notify us if you become aware that any of your personal information that we hold is inaccurate or out-of-date.

 

If you wish to access, correct, or update any of your personal information that we hold, please either contact our Helpdesk using the contact details below or directly amend the information stored within our products.

 

10. How we update this Data Protection and Privacy Policy

 

We may update this Data Protection and Privacy Policy from time to time to take into account changes in our information handling practices by publishing an amended Data Protection and Privacy Policy on our Website. You should regularly review the most recent version of this Data Protection and Privacy Policy available on our Website.

 

11. Where we store data

 

Where we provide services to host our products in the cloud, we store data in data centres in your nominated region, all of which comply with ISO 27001, ISO 9001, ISO 27018 and IRAP.

 

12. Where we transfer data

 

Your data will be stored and processed within your nominated region and we will not copy your data outside of your nominated region without your prior explicit written permission. For example, data hosted in Australia is not copied outside of Australia, data hosted in the USA is not copied outside of in the USA and data hosted in Europe remains in Europe.

 

13. Our data protection processes

 

We have an internal data protection policy which is reviewed annually. All staff who have access to data are trained annually to ensure they are aware of their responsibilities and best practices. An inventory of all personally identifiable information is kept along with the reasons for why the data is needed. This is reviewed annually, and data not strictly required is removed. A range of general data security measures are in place and these are available on request. TASS also leverages the resources provided by Open Web Application Security Project (OWASP) to perform:

 

Developer induction, and subsequent yearly training covering awareness of the current OWASP top 10, along with understanding of the mitigations currently in place within our products.

 

Regular audits assessing TASS products against online threats, guided by the OWASP top 10.

 

An annual Data Protection Impact Assessment (DPIA) is completed on all data collection methods.  This is also done for any new methods of data collection or other large projects that occur between these annual assessments.

 

In addition to practices outlined above, our practices include:

 

a)     processing personal information only where this is strictly necessary for legitimate organisational purposes;

b)     collecting only the minimum personal information required for these purposes and not processing excessive personal information;

c)     providing clear information to individuals about how their personal information will be used and by whom;

d)     only processing relevant and adequate personal information;

e)     processing personal information fairly and lawfully;

f)      maintaining an inventory of the categories of personal information that we process;

g)     keeping personal information accurate and, where necessary, up to date;

h)     retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes;

i)      respecting individuals’ rights in relation to their personal information, including their right of access;

j)      only transferring personal information outside the originating region in circumstances where it can be adequately protected, and with consent of the customer;

k)     the application of the various exemptions allowable by data protection legislation;

l)      developing and implementing an Information Management System to enable the policy to be implemented;

m)   where appropriate, identifying internal and external stakeholders and the degree to which these stakeholders are involved in the governance of our data management;

n)     the identification of workers with specific responsibility and accountability for the Personal Information Management Systems;

o)     the regular training of staff who may have access to Personally Identifiable Information on best data security and privacy practices;

p)     promptly notifying customers in the event that any unauthorised person has obtained or attempted to obtain personally identifiable information.

 

14. TASS products and data privacy requirements

 

Our products are extremely flexible, and as a result it is possible to configure them in ways which may or may not conform to data privacy requirements in your organisation and/or in your jurisdiction. It is your responsibility to configure the products appropriately. Where you need assistance to enable the product to comply with your specific business or regional legislative requirements, you may contact us for product assistance (see below for contact details).

 

15. How to make an enquiry or complaint

 

If you have an enquiry or complaint about our handling of your personal information, please contact our support team who has responsibility for being the first point of contact with such enquiries and complaints.

 

16. How complaints are processed

 

All complaints are initially handled by the support representative. If you are not satisfied with the outcome, you may request that it is escalated to the TASS’s management team. A member of the management team will contact you regarding your complaint. Ultimately the issue may be escalated to the General Manager of The Alpha School System.

 

17. How to contact us

 

You may contact our Helpdesk using the contact details below:

 

TASS:

support@tassweb.com.au

+61 7 3020 7900

 

Edumate:

the.team@edumate.com.au

+61 2 8313 2700

 

18. Data Protection Officer

 

TASS has a Data Protection Officer.

 

In each main geographic region, we also have a Data Protection Owner. These details are available on request.