Privacy and Data Security Policy
GradeXpert is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
GradeXpert respects the privacy of all schools and individuals. At times as part of our core business we may collect, store and use personal information for service and support purposes. We use this information to provide service and support for the GradeXpert suite of applications, and to enhance our relationship with our customers and suppliers. We do not sell or disclose any personal information to any third party under any circumstances. Anyone associated with any product or service supplied by GradeXpert may at any time ask to see any and all personal data held by us and request amendment, correction or deletion. We strive to protect the security of all personal data by use of appropriate measures and processes.
Information We May Collect or Store
Personal and sensitive information is collected from schools that GradeXpert has entered into a License Agreement with. The personal information GradeXpert collects from schools is only in relation to staff members, teachers and other software users (e.g. technical support staff), and then only for the purposes of service and software support (for example, name, email address, phone number).
GradeXpert does not collect but may be in the possession of personal and sensitive information such as student and parent details, only for the purposes of software support.
Under the Licence Agreement, the school may import information into the GradeXpert database via the school’s administration system, the state education department’s administration system, or a school staff member may input the information directly into the GradeXpert database.
The GradeXpert database is either held on the school network, or on a secure cloud service provider in Australia.
Metadata in relation to the use of GradeXpert may also be collected through the application itself of through our own internal processes and systems.
What Kind of Personal Information Does GradeXpert collect?
The kind of information GradeXpert may collect and/or store includes personal information, including sensitive information about the following:
- Staff members and teacher information: personal (name, email, phone numbers) and demographic data.
- Student information: personal (name, address, phone numbers), demographic data, medical information, custody information, special needs information, pastoral care information (including psychological information), and academic records.
- Parent information: personal (name, address, phone numbers) and demographic data.
- User metadata: including details such as your IP address/es and cookies, and only for the purposes of application service, support and development.
Management and Security of Personal Information
GradeXpert has processes in place to protect the personal information we hold from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including data connectivity restrictions and read-only access of the GradeXpert database.
We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The ways we do this, include:
- where possible, using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information;
- limiting physical access to our premises;
- limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are provided access);
- ensuring that we and any third-party providers have appropriate security safeguards to keep personal information secure; and
- destroying or de-identifying personal information as required by law.
GradeXpert will only disclose your personal information to the extent required or authorised by applicable law, if ordered or required to do so by a court or enforcement authority as appropriate, or to ensure that we are in compliance with our legal obligations.
Upon your written request and within 14 days we will inform you about the type of personal information we hold about you, the purposes for which we hold it and the possible recipients or types of recipients. Upon written request and within a reasonable period of time we will also amend, correct, delete or cease to process personal information if that information proves to be factually inaccurate, incomplete, or irrelevant to the purpose(s) of the processing.
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may bring a complaint internally through our complaints process or you may decide to make a formal complaint with the relevant privacy regulator.
If you would like to contact us, or have questions regarding our privacy statement, please contact us using the details below:
PO Box 223, Forest Hill, VIC 3131, Australia
Telephone: 1300 762 455