Privacy and Data Security Policy
GradeXpert is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
GradeXpert respects the privacy of all schools and individuals. At times as part of our core business we may collect, store and use personal information for service and support purposes. We use this information to provide service and support for the GradeXpert suite of applications, and to enhance our relationship with our customers and suppliers. We do not sell or disclose any personal information to any third party under any circumstances. Anyone associated with any product or service supplied by GradeXpert may at any time ask to see any and all personal data held by us and request amendment, correction or deletion. We strive to protect the security of all personal data by use of appropriate measures and processes.
Information We May Collect or Store
Personal and sensitive information is collected from schools that GradeXpert has entered into a License Agreement with. The personal information GradeXpert collects from schools is only in relation to staff members, teachers and other software users (e.g. technical support staff), and then only for the purposes of service and software support (for example, name, email address, phone number).
GradeXpert does not collect but may be in the possession of personal and sensitive information such as student and parent details, only for the purposes of software support.
Under the Licence Agreement, the school may import information into the GradeXpert database via the school’s administration system, the state education department’s administration system, or a school staff member may input the information directly into the GradeXpert database.
The GradeXpert database is either held on the school network, or on a secure cloud service provider in Australia.
Metadata in relation to the use of GradeXpert may also be collected through the application itself of through our own internal processes and systems.
What Kind of Personal Information Does GradeXpert collect?
The kind of information GradeXpert may collect and/or store includes personal information, including sensitive information about the following:
Staff members and teacher information: personal (name, email, phone numbers) and demographic data.
Student information: personal (name, address, phone numbers), demographic data, medical information, custody information, special needs information, pastoral care information (including psychological information), and academic records.
Parent information: personal (name, address, phone numbers) and demographic data.
User metadata: including details such as your IP address/es and cookies, and only for the purposes of application service, support and development.
Management and Security of Personal Information
GradeXpert has processes in place to protect the personal information we hold from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including data connectivity restrictions and read-only access of the GradeXpert database.
We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The ways we do this, include:
where possible, using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information;
limiting physical access to our premises;
limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are provided access);
ensuring that we and any third-party providers have appropriate security safeguards to keep personal information secure; and
destroying or de-identifying personal information as required by law.
GradeXpert will only disclose your personal information to the extent required or authorised by applicable law, if ordered or required to do so by a court or enforcement authority as appropriate, or to ensure that we are in compliance with our legal obligations.
Your Rights, Complaints and Access Requests
GradeXpert is committed to ensuring we meet all Privacy and Personal Information Laws. In the event there is a Privacy Complaint or Request for Access to any personal information held, GradeXpert will:
Immediately respond with a written acknowledgement of receipt of any Complaint or Access Request.
Within 14 days, provide a full response answering all concerns related to the Complaint or Access Request. We will inform you about the type of personal information we hold about you and the purposes for which we hold it.
Enter into communication with the Complainant or Requestor to provide:
(i) access to all Personal Information and Data held, and
(ii) satisfy all concerns and remedy accordingly, and specifically in relation to any Privacy and Personal Information Laws. Part of the process will be to amend, correct, delete or cease to process personal information if that information proves to be factually inaccurate, incomplete, or irrelevant to the purpose(s) of our service provision.
If you have a Privacy Complaint or a Request to Access any Personal Information or Data, or if you have any questions at all regarding our commitment to Privacy of Personal Information and Data, please contact us using the details below:
PO Box 223, Forest Hill, VIC 3131, Australia
Telephone: 1300 762 455