PERSONAL DATA PRIVACY STATEMENT
REACH Boarding School System
Last Updated: 1st March 2016
All personal information collected by Touchline Connect is protected by the Commonwealth of Australia Privacy Act 1988. Information on the Privacy Act 1988 can be found at www.privacy.gov.au.
1) Collection of Personal Information
The type of information that Touchline Connect collects and holds, includes (but is not limited to) personal information, including sensitive information about:
- Students and parents and/or guardians (“Parents”) and hosts before and during the course of a student’s enrolment at a School;
- Staff and other people who come into contact with the School for the management of School Boarding House activities.
Personal Information about Parents, Students and Guardians;
Touchline Connect will collect personal information about an individual from schools who use REACH. Parents and Students will also have a capacity to update that information from time to time with secure, direct access to REACH.
Personal Information about School Staff and other third parties;
Touchline Connect will collect personal information about an individual staff member or third party associated with school boarding activities from schools who use REACH. These individuals may also have a capacity to update that information from time to time with secure, direct access to REACH.
Touchline Connect will, as part of the activities of REACH, utilise photographs of individuals provided by the School or by the individual themselves for system identification purposes. Photographs of school activities, staff, students and other personnel may be posted on REACH by authorised school administration staff for internal use and promotional use by the school.
Touchline Connect will not use any photograph provided by the school for anything other than its intended purpose without consent from the individual or individuals identified in the photograph.
2) Data Storage
REACH User Portals and applications are hosted in data centres that reside physically in Australia. This means that your data is at all times secured and processed exclusively in Australia. If you require more information regarding the specific server and hosting details for your school then please contact us.
3) Use of the personal information provided
The primary purpose of collection of personal information of students, parents, guardians, hosts and school staff is to enable REACH to provide an activity management system which assists schools to manage their boarding house activities and their duty of care. This data is maintained in a secure environment with multi-layered security protocols for data protection.
Access to this data is limited to authorised school personnel and to individuals whose personal data is on the system. An individual’s access to personal data is restricted by security protocols to their own information or information relating to individuals that the school has formally associated them with on REACH.
The purposes for which Touchline Connect uses the personal information of students, parents, guardians and staff include:
- Keeping Parents and staff informed about matters related to a student’s activities in the School Boarding House, through correspondence, and news alerts and activity notifications, and
- Satisfying the School’s legal obligations and allowing the School to discharge its duty of care.
Personal information collected by Touchline Connect will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless agreed otherwise, or where the use or disclosure of that personal information is allowed or required by law.
Images of individuals
Images of the School’s students, staff, parents, guardians and other visitors may be used in various instances by authorised school administration staff using REACH. Only authenticated users may insert photographs into the REACH system.
Touchline Connect will not use any photograph or images provided by the School without consent from the individual or individuals identified in the photograph or image.
4) Disclosure of personal information
Touchline Connect will not share personal information held about an individual with any third party without a school approval for the sharing of data with that third party except in the following instances;
- REACH may transfer personal information via direct data connections with a school’s existing database or other computer systems for the purpose of maintaining accurate and co-ordinated school records,
- The disclosure is required or authorised by or under law,
- The disclosure is reasonably necessary for the enforcement of the criminal law; or
- We have reasonable grounds to determine that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another individual.
5) Protection of personal information
Touchline Connect manages the security of personal information with physical, electronic and procedural safeguards.
We urge individuals to take every precaution to protect their personal data when connecting to REACH by regularly changing passwords, using alpha-numeric combinations and ensuring that a secure browser is used to access REACH.
Touchline Connect has in place a number of data protection steps to protect the personal information that is contained in REACH. These include ;
- Servers that are connected to UPS power and have RAID disk arrays for greater reliability
- Servers that are fully locked down, running only essential services, with CISCO firewalls and CISCO routers used to secure data
- Servers backed up daily and tapes stored in a fireproof safe
- Servers housed in premises on a secure floor with 24 hour PIN access
5) Checking and updating personal information held by REACH
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which REACH holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right, set out in the Act. Students will generally have access to their personal information through their Parents or Guardians.
Individuals with personal data on the REACH system and who are approved by the school administrator of REACH may have access to their own personal data and in some cases to other individuals with whom the school administrator has associated them to in REACH.
The Australian Privacy Principles require REACH to store personal information no longer than necessary. If a school ceases to use REACH then that school will be provided with their REACH database files. The school may be required to hold this data for a minimum specified period however all personal information relating to individual students, parents, guardians, hosts and staff will be removed from REACH and Touchline Connect will destroy any remaining digital records that it holds for that school.
6) Matters relating to use of the REACH Cloud-port and REACH web site
When you view and use the REACH web portal or the REACH website the following information is collected for statistical purposes:
- The Internet Protocol (IP) address of the machine from which you are connecting
- Your top level domain name (for example .com, .gov, .au, .uk etc)
- The date and time of your visit to the site
- The pages that you accessed and any documents downloaded
- The previous site you had visited
- The type of browser you are using and the operating system that it runs on.
Access to information collected:
The Office of the Federal Privacy Commissioner will not make an attempt to identify users or their browsing activities. However, in the event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect Touchline Connect’s web server logs.
Use of information collected:
Your email address and mobile phone number will only be used for the purpose for which it has been provided to us by the school or the individual. They will not be added to a mailing list or used for any other purpose without your consent.
The REACH web portal and the REACH web site use “Session” cookies to aid in the ease of browsing through the site. In this situation, the cookie identifies the browser, not the individual. No personal information is stored within the cookies of Touchline Connect.
You can manually disable cookies at any time. Simply check your web browser’s “Help” function to find out how to disable cookies in your web browser. Disabling cookies will not impact your ability to access the REACH web portal or the REACH website.
REACH User Portals are not monitored using any external tracking programs. In portal analytics are utilised to monitor user traffic flows and movements however all data is maintained within our own server network and the data is not shared with any third party.
Google Analytics is used by Touchline Connect to collect website visitor information for our various websites. This includes the REACH website but it does not include any REACH User Portals.
If any person believes that we may have breached their privacy they may contact us to make a complaint using the contact details below. In order to ensure that we fully understand the nature of any complaint and the outcome they may be seeking, we prefer that all privacy complaints are made in writing.
Touchline Connect undertakes to assess and resolve all privacy complaints diligently and in a timely manner.
If you have any enquiries or complaints about privacy, or if you wish to access or correct your personal information, please contact Mr Garry Jowett on Ph: 1300 215199 or on email at firstname.lastname@example.org
Last updated: 01 March 2016