REACH Privacy Policy  |  Australia

PERSONAL DATA PRIVACY STATEMENT

REACH Boarding School System
Last Updated: 1st March 2016

This statement outlines the Personal Data Privacy Policy for the REACH School Boarding House System (REACH) developed and marketed by Touchline Connect.  It relates to the management of personal information provided to or collected by REACH and Touchline Connect as the vendor of the system.

Touchline Connect may from time to time review and update this Privacy Policy to take account of new laws and technology, changes to the operations and practices and to make sure it remains appropriate to the changing school environment.

Touchline Connect is committed to protecting the privacy of personal information. This Privacy Policy embodies this commitment and applies to personal information collected by Touchline Connect and its contractors and agents.

All personal information collected by Touchline Connect is protected by the Commonwealth of Australia Privacy Act 1988. Information on the Privacy Act 1988 can be found at www.privacy.gov.au.

1) Collection of Personal Information

The type of information that Touchline Connect collects and holds, includes (but is not limited to) personal information, including sensitive information about:

    • Students and parents and/or guardians (“Parents”) and hosts before and during the course of a student’s enrolment at a School;
    • Staff and other people who come into contact with the School for the management of School Boarding House activities.

Personal Information about Parents, Students and Guardians;

Touchline Connect will collect personal information about an individual from schools who use REACH.  Parents and Students will also have a capacity to update that information from time to time with secure, direct access to  REACH.

Personal Information about School Staff and other third parties;

Touchline Connect will collect personal information about an individual staff member or third party associated with school boarding activities from schools who use REACH.  These individuals may also have a capacity to update that information from time to time with secure, direct access to REACH.

Photographs:

Touchline Connect will, as part of the activities of REACH, utilise photographs of individuals provided by the School or by the individual themselves for system identification purposes. Photographs of school activities, staff, students and other personnel may be posted on REACH by authorised school administration staff for internal use and promotional use by the school.

Touchline Connect will not use any photograph provided by the school for anything other than its intended purpose without consent from the individual or individuals identified in the photograph.

2)  Data Storage

REACH User Portals and applications are hosted in data centres that reside physically in Australia. This means that your data is at all times secured and processed exclusively in Australia.  If you require more information regarding the specific server and hosting details for your school then please contact us.

3)  Use of the personal information provided

The primary purpose of collection of personal information of students, parents, guardians, hosts and school staff is to enable REACH to provide an activity management system which assists schools to manage their boarding house activities and their duty of care. This data is maintained in a secure environment with multi-layered security protocols for data protection.

Access to this data is limited to authorised school personnel and to individuals whose personal data is on the system.  An individual’s access to personal data is restricted by security protocols to their own information or information relating to individuals that the school has formally associated them with on REACH.

The purposes for which Touchline Connect uses the personal information of students, parents, guardians and staff include:

    • Keeping Parents and staff informed about matters related to a student’s activities in the School Boarding House, through correspondence, and news alerts and activity notifications, and
    • Satisfying the School’s legal obligations and allowing the School to discharge its duty of care.

Personal information collected by Touchline Connect will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless agreed otherwise, or where the use or disclosure of that personal information is allowed or required by law.

Images of individuals

Images of the School’s students, staff, parents, guardians and other visitors may be used in various instances by authorised school administration staff using REACH. Only authenticated users may insert photographs into the REACH system.

Touchline Connect will not use any photograph or images provided by the School without consent from the individual or individuals identified in the photograph or image.

4) Disclosure of personal information

Touchline Connect will not share personal information held about an individual with any third party without a school approval for the sharing of data with that third party except in the following instances;

    • REACH may transfer personal information via direct data connections with a school’s existing  database or other computer systems for the purpose of maintaining accurate and co-ordinated school records,
    • The disclosure is required or authorised by or under law,
    • The disclosure is reasonably necessary for the enforcement of the criminal law; or
    • We have reasonable grounds to determine that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another individual.

5) Protection of personal information

Touchline Connect manages the security of personal information with physical, electronic and procedural safeguards.

We urge individuals to take every precaution to protect their personal data when connecting to REACH by regularly changing passwords, using alpha-numeric combinations and ensuring that a secure browser is used to access REACH.

Touchline Connect has in place a number of data protection steps to protect the personal information that is contained in REACH. These include ;

    • Servers that are connected to UPS power and have RAID disk arrays for greater reliability
    • Servers that are fully locked down, running only essential services, with CISCO firewalls and CISCO routers used to secure data
    • Servers backed up daily and tapes stored in a fireproof safe
    • Servers housed in premises on a secure floor with 24 hour PIN access

5) Checking and updating personal information held by REACH

Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which REACH holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right, set out in the Act. Students will generally have access to their personal information through their Parents or Guardians.

Individuals with personal data on the REACH system and who are approved by the school administrator of REACH may have access to their own personal data and in some cases to other individuals with whom the school administrator has associated them to in REACH.

The Australian Privacy Principles require REACH to store personal information no longer than necessary.  If a school ceases to use REACH then that school will be provided with their REACH database files. The school may be required to hold this data for a minimum specified period however all personal information relating to individual students, parents, guardians, hosts and staff will be removed from REACH and Touchline Connect will destroy any remaining digital records that it holds for that school.

6) Matters relating to use of the REACH Cloud-port and REACH web site

Information Collected:

When you view and use the REACH web portal or the REACH website the following information is collected for statistical purposes:

    • The Internet Protocol (IP) address of the machine from which you are connecting
    • Your top level domain name (for example .com, .gov, .au, .uk etc)
    • The date and time of your visit to the site
    • The pages that you accessed and any documents downloaded
    • The previous site you had visited
    • The type of browser you are using and the operating system that it runs on.

Access to information collected:

The Office of the Federal Privacy Commissioner will not make an attempt to identify users or their browsing activities. However, in the event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect Touchline Connect’s web server logs.

Use of information collected:

Your email address and mobile phone number will only be used for the purpose for which it has been provided to us by the school or the individual. They will not be added to a mailing list or used for any other purpose without your consent.

Cookies:

The REACH web portal and the REACH web site use “Session” cookies to aid in the ease of browsing through the site. In this situation, the cookie identifies the browser, not the individual. No personal information is stored within the cookies of Touchline Connect.

You can manually disable cookies at any time. Simply check your web browser’s “Help” function to find out how to disable cookies in your web browser.  Disabling cookies will not impact your ability to access the REACH web portal or the REACH website.

Google Analytics:

REACH User Portals are not monitored using any external tracking programs.  In portal analytics are utilised to monitor user traffic flows and movements however all data is maintained within our own server network and the data is not shared with any third party.

Google Analytics is used by Touchline Connect to collect website visitor information for our various websites. This includes the REACH website but it does not include any REACH User Portals.

Google Analytics uses first-party cookies and JavaScript code to help analyse how users use the site. It anonymously tracks how visitors to these sites interact with the websites. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser.

7)  Complaints

If any person believes that we may have breached their privacy they may contact us to make a complaint using the contact details below. In order to ensure that we fully understand the nature of any complaint and the outcome they may be seeking, we prefer that all privacy complaints are made in writing.

Touchline Connect undertakes to assess and resolve all privacy complaints diligently and in a timely manner.

Contact Us

If you have any enquiries or complaints about privacy, or if you wish to access or correct your personal information, please contact Mr Garry Jowett on Ph: 1300 215199 or on email at support@touchline.com

Changes to this privacy policy

Please note that the privacy policy may change from time to time.

Last updated: 01 March 2016