Privacy Policy
Introduction
Educonnex Pty Ltd is a company based in NSW, Australia that sells and distributes software, primarily focused on school administration.
- Address: 15/1 Bounty Cl, Tuggerah, NSW Australia 2259
- Phone: +61 (02) 4304 3000
- Email: [email protected]
Educonnex is committed to protecting and respecting your privacy and as such are the Data Controller. We are subject to the privacy laws of the jurisdictions in which we operate, including the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (Regulation 2016/679) as it applies to Australia and the European Economic Area.
Purpose
The purpose of this Policy is to:
- explain the types of information that we may collect from customers or authorised users; and
- how that information will be processed by us or on our behalf.
This Policy does not apply to Personal Information that may be collected by a third party or how that third party may use, handle, store or disclose your Personal Information.
Definitions
For the purposes of this Policy, the following definitions apply:
- Customer means the educational institutions, whether public or private, which have subscribed to our product/s.
- Educonnex, we, our, us means Educonnex Pty Ltd; ACN 160 850 322.
- Our product/s means the suite of software produced and/or sold by Educonnex Pty Ltd.
- Personal information means a set of data that could be used to identify a specific person.
- School administrator/s means authorised school/organisation staff who have administration-level access to our product/s.
- User/s means individuals associated with our customers that have their data in our product/s.
Policy
Data Storage
Our servers used for PTO, SSO, and Educonnex are located within Microsoft Azure, Australia. Our servers used for Enrolled and the Forms module available within Educonnex are located within Amazon Web Services (AWS), Australia. Our structure meets all privacy policy at federal and individual state and territory levels in Australia.
How We Collect Data
- Data about users is supplied to our products by customers – either by school administrators or individual users. The information is needed in order to fulfil the purposeful functionality of the products.
- Additional information may be supplied by users, depending on the level of access granted to them by the school/organisation.
- Our customers are responsible for the maintenance and accuracy of information.
- Educonnex does not modify data, except when directly requested to do so by an authorised school administrator.
- When not logged in to our products, we collect anonymised information or details supplied voluntarily.
- The customer owns the data associated with their school/organisation.
- We retain information for a limited period. At any time, a school administrator can request that the data associated with their school/organisation be purged from our system.
- Requests to purge information of an individual user can be requested by a school administrator.
- We protect your information by using AES–256 encryption.
- We secure our website and other systems with technical and organisational measures against the loss, destruction, access, change or dissemination of your data by unauthorised persons.
How We Handle Data
- We do not sell personal information.
- We will not disclose any personal information stored in our products to any individual or organisation unless compelled to do so in connection with any legal proceedings or prospective legal proceedings, or where we have a commercial agreement with a supplier that protects user data as outlined in this policy.
- Access to use our products requires login credentials, such as a username and password, to identify the user.
- We record date and time of access, website URL, IP address, referrer URL, product and version information of the browser used.
- When a user is logged into our products, we record the actions being performed using those login details.
- Educonnex and its suppliers may use cookies or web beacons. These are used to provide a user with an active session of our products, and to monitor traffic on our websites and products.
- If a user chooses to not allow cookies, it may impair or prevent use of our products.
- We supply the nominated school administrators with login details to access their school’s/organisation’s instance of our product/s.
- Sensitive information is handled by our Australian team, who all have Working With Children Checks performed regularly within the jurisdiction of NSW, for the purposes of providing support as requested, and ensuring correct functionality of product.School administrators are responsible for the accuracy of the data uploaded for their school/organisation, as well as ensuring the correct users have access to the correct login details
- School administrators are responsible for the accuracy of the data uploaded for their school/organisation, as well as ensuring the correct users have access to the correct login details.
What data we handle
The data we handle will vary based on the product and how the school/organisation and user choose to use it.
PTO
Data collected depends on role – ‘administrator’, ‘teacher’, or ‘parent/carer’
- All users
- Name (mandatory, except in jurisdictions where legislatively anonymised for students)
- Code to identify individual profiles (optional)
- Students
- Class name and academic year level (mandatory)
- Flag to indicate if school/organisation staff recommend interview for a class (optional)
- Parents/Carers
- Email addresses (optional)
- Preferred login details (optional)
- Preferred phone number (optional)
- Teachers
- Physical or virtual location for meetings (optional)
- Preferred login details (optional)
SSO
Data collected depends on role – staff or student
- All users
- Name (mandatory)
- Login details (mandatory)
- Staff
- Email address (mandatory)
- Students
- Parent/Carer sign-off PIN (optional)
- Home teacher’s code (optional)
- Course Counsellor’s code (optional)
- Secondary identifier code (optional)
- School house (optional)
- Previous academic results and/or recommendations for selections
- Choices selected by or for the student from those made available by the school/organisation, answers to questions asked by the school/organisation
- Reasons supplied by the students and responses from staff for special considerations
- Record of payments made through connected BPoint service (no financial transactions take place within SSO, nor are any payment methods stored)
Educonnex
Data collected is based on utilisation by each school/organisation. Roles and associated permissions are customised for each school/organisation.
- A profile requires the following information at a minimum
- Name
- A profile may contain information with the following themes
- General information (such as date of birth, gender, languages spoken, religion, ethnicity, residential and citizenship status, indigenous status, disability, associations and related)
- Contact details (such as address details, phone numbers, email address and contact preferences)
- Relationships (such as carers, other relationships, living arrangements, guardians, and emergency contacts)
- Medical information (such as Medicare, ambulance fund, doctors, medical conditions, immunisations, medication consents and sick bay visits)
- Alerts (general and medical)
- Attendance records
- Awards, behaviour records, uploaded files and general note
- Certifications, extra-curricular activity
- Student details (such as classes, assessment results, academic reports and other schools)
- General school-determined permissions
- School calendar, diary and responses to forms
- Invoicing and transactions (no credit card or bank details)
- Results of Educonnex product training
- Tasks and government-required staff information (staff only)
Enrolled
Access to data is determined by role. A Parent/Carer can only see information to applications they have submitted. Interviewers can only see applications which have been assigned to them. Administrators can see all information for their school/organisation.
- Parents/Carers must provide details about themselves in order to create a profile that can submit an enrolment application (such as name, date of birth, gender, address and contact details)
- Parent/Carers must provide details about prospective students, including:
- The enrolment request (such as the starting academic year level and the starting date)
- The prospective student (such as date of birth, gender, who they live with, their emergency contacts, their guardian/s)
- Parents/Carers can provide information about themselves and others any others with a relationship to the prospective student, including nationality, ethnicity, languages, marital status, employment details and religion
- Parent/Carers can provide information about the prospective student, including
- Their relationship to others
- Nationality, ethnicity, languages, marital status, employment details and religion
- Medical membership numbers (such as Medicare, private health fund and ambulance)
- Doctor, dentist and other health contacts
- Medical conditions, medication and details of any disabilities and their severity and/or support requirements, and immunisation details
- Alerts for the school/organisation to be aware of (such as court orders and critical medical condition information)
- File uploads (such as profile photos, or other documentation requested by the school/organisation)
- Responses to questions (as requested by the school/organisation)
- Interviewers and administrators can provide information about the application, including:
- The status of the application
- Interview details (such as scheduling and interviewer notes)
Suppliers
Our products integrate with ClickSend to support delivery of SMS text messages
- ClickSend SMS API is used as a subprocessor to send SMS text messages generated by our customers from within our products.
- We may access this system internally for operational monitoring and troubleshooting only when necessary to support customer issues.
- We do not use this or any other service to contact non-administrative staff (like parents, students, or non-administrative staff) for the purpose of marketing.
- View ClickSend’s privacy policy here: https://www.clicksend.com/au/legal/privacy-policy
Our products integrate with Firebase to support delivery of push notifications
- Firebase is used as a subprocessor to transmit push notifications from within our products.
- Firebase identifies the device that a notification should be delivered to and delivers the notification.
- These notifications can be deactivated and reactivated at any time in the settings of the mobile device.
- We may access this system internally for operational monitoring and troubleshooting only when necessary to support customer issues.
- View Firebase’s privacy policy here: https://firebase.google.com/support/privacy
We use Google Analytics internally to monitor website traffic
- Google Analytics gives statistical information and user habits when interacting with our sites.
- We use this service to observe aggregate data about traffic to, and within, our websites.
- Google Analytics does not tell us individual user details.
- We are able to see broad information, like the number of users accessing our site from a city.
- View Google’s privacy policy here: https://policies.google.com/privacy
We use Hotjar to improve our public websites
- Hotjar is a service which shows how users navigate through a website.
- We use this service to see what information is of interest to users visiting our public websites.
- The information we collect lets us improve the information we offer, and the structure of our public websites.
- The information we receive does not contain any personal information of the user.
- View Hotjar’s privacy policy here: https://www.hotjar.com/legal/policies/privacy/
We use LiveChat to provide support services
- LiveChat is a service that allows a user to chat online with our support team.
- Our public websites require the individual to supply their name and email address if they wish to use LiveChat.
- For a customer’s instance of our product, LiveChat is only available to school administrators. Our product will pass the username, email address, and school organisation to LiveChat, to allow us to identify the school administrator who has messaged us.
- Usage of LiveChat is at the discretion of the individual/school administrator.
- View LiveChat’s privacy policy here: https://www.livechat.com/legal/privacy-policy/
Our products integrate SMTP2GO to deliver emails
- SMTP2GO is used as a subprocessor to send emails generated by our customers from within our products.
- A recipient of any email generated through this system can unsubscribe from further emails, by clicking the unsubscribe link at the bottom of any of these emails or contacting their school organisation.
- We may access this system internally for operational monitoring and troubleshooting only when necessary to support customer issues.
- View SMTP2GO’s privacy policy here: https://www.smtp2go.com/privacy/
Our products integrate with Wonde
- Wonde provide a service to transfer data to our PTO product from a school’s administration software.
- We may share the name and work email address only of a school administrator with Wonde.
- Subscription to, and usage of, Wonde is at the discretion of the customer.
- View Wonde’s privacy policy here: https://www.wonde.com/au/privacy-policy
We use Zoho CRM internally to maintain our sales database
- Zoho CRM is used to maintain sales records and to establish customer relationship management for business development purposes.
- Identifying and contact information is only stored where a person has contacted us directly to request information on our products.
- View Zoho’s privacy policy here: https://www.zoho.com/privacy
We use Zoho Campaigns internally to maintain our sales and marketing database
- Zoho Campaigns is used as a marketing database for our existing customers.
- We use Zoho Campaigns to let our customers know about updates to our products and any relevant business news and articles.
- A recipient of any email generated through this system can unsubscribe from further emails, by clicking the unsubscribe link at the bottom of any of these emails.
- View Zoho’s privacy policy here: https://www.zoho.com/privacy
Our staff, partners, and subcontractors are bound by policies and agreements to protect personal data as outlined in this policy, and are not permitted to make independent use of any personal information.
Children and Safe Access
- Our products are built primarily for use by school communities. This means that children may use our products.
- Our products do not require children to disclose personal details (such as name, address, phone number, email address, social media details etc).
- If schools/organisations subscribed to our products ask children to enter personal details, this is outside of our products’ minimum requirements. The school/organisation is responsible for the protection of this information outside of our products, prevention of misuse, and vetting of individuals who access this information.
- We actively promote that parents and carers monitor their child’s/dependent’s usage of our products, and the education of the child/dependent to not supply unnecessary information online.
- Where a parent/carer is not comfortable with personal information being requested of the child/dependent, they should contact the school/organisation to discuss the concern.
More Information
- This privacy policy may be updated from time to time. Check this page to see the latest information.
- We will advise school administrators when there are significant changes to this policy.
- If you do not accept any changes made to this privacy policy, please discontinue the use of our products.
Users should direct any questions, complaints or requests to change their data within their school’s/organisation’s instance of our product/s to that same school/organisation – this is because they are the owners and administrators ofthe data. The school/organisation may contact us to facilitate the response to your question or complaint, or we will respond directly to you where appropriate.- Users should direct any questions or complaints about their data on our public websites to us directly, at [email protected]
- We will respond to any question, complaint or request related to this policy within 2 business days. Any such items should be directed to us by emailing [email protected]. We will reply to the same email address that the contact was received from. We may be required to contact the relevant school/organisation for verification or to act as an involved third party in discussions.
- If you have submitted a complaint through the school/organisation or us and wish to take the matter further, you can do so by following the link on this page: https://www.oaic.gov.au/privacy/privacy-complaints/