Our Privacy Policy
Why does
Studentnet® collect personal information?
Studentnet
® collects personal information about
our customers, suppliers, contractors and others, to understand and meet their
needs, to conduct our activities and to meet legal obligations. The personal
information we collect may be obtained by way of forms filled out by
individuals (including online registration), emails, telephone conversations,
face-to-face meetings and interviews. Some more detailed information is
collected when assisting schools on particular issues.
What kinds of personal information do
we use, collect and disclose and for what purposes?
In general, Studentnet
® uses personal information
for the following purposes:
- to set up accounts and/or allocate UserIDs and Passwords using names,
emails and other contact information on our website and in our products
- to identify and authenticate individuals via UserIDs and Passwords to
provide access to our products
- to monitor and maintain the security of our systems by logging
requests to our systems, including the source IP address
- to communicate and respond to issues and inquiries that have been
raised
- to provide information about our products or services via telephone,
email and in person
- to comply with legal obligations
Studentnet
® will not disclose your personal
information other than as necessary to perform the above tasks, or as required
or authorised by law, or with your permission.
Secure data handling procedures for
personal information
Studentnet
® implements a number of measures to
ensure the secure handling of personal information, including ensuring
appropriate controls are in place for user and customer data and account
segregation, and ensuring data is encrypted in transit and at rest.
Data retention and deletion
policy
Studentnet
® maintains regular backups of system
data, which may include personal information, for operational and disaster
recovery purposes. Such information is only retained for so long as is
necessary to provide a reliable service to our customers and their users.
Sensitive information is subject to
greater restrictions
The APPs impose stricter rules on the collection and handling of sensitive
information, which is information about a person's racial or ethnic origin,
religion, membership of political bodies or trade unions, sexual preferences
or activities, criminal record, state of health and medical history.
Documents asking for sensitive information will include information about
the collection and intended use of the information.
Management of personal information
Studentnet
® expects its employees who handle personal
information to respect the confidentiality of customer and other contact
information. We regard privacy seriously and will take appropriate action in
response to breaches of the obligations imposed by the APPs.
Updating personal information that
Studentnet® holds about you
Studentnet
® endeavours to ensure that the
personal information it holds is accurate, complete and up-to-date. Please
contact us if you believe that the information
Studentnet
® holds about you requires changing or
becomes out-of-date.
You may have a right to access
personal information we hold about you
Under the APPs, you may be able to obtain a copy of any personal information
which Studentnet
® holds about you. The APPs
provide some exceptions to your rights in this regard, for example we will not
provide information when this would have unreasonable impact upon the privacy
of others. To make a request to access this information, please contact us in
writing. Studentnet
® will require you to verify
your identity and to specify what information you require.
Complaints about Privacy
If you wish to complain about a breach of privacy, please
contact Studentnet® by
email, phone or post. We take your concerns very seriously and, depending upon
the circumstances and the information involved, will address your
issues appropriately as soon as possible.
Our Security and Privacy Credentials
Commendations
- Australian Privacy Awards 2008 – Highly Commended, Microsoft Small Medium Business category
- Australia New Zealand Internet Awards (ANZIA) 2011, Finalist, Security and Privacy
Industry Associations
Studentnet Data Sub-Processors
Security Standards Bodies
- ASD Australia Partner – registered with Australian Government’s Defence Department Australian Signals Directorate, as part of Australia’s Critical Infrastructure
- Joint Cyber Security Centre (JCSC) – Sydney JCSC partner, an initiative of Cert Australia
- Australian Internet Security Initiative (AISI) – Studentnet was the first education-related organisation to participate in and comply with AISI
- APNIC DASH - Dashboard for Autonomous System Health
- Payment Card Industry – Data Storage Standard (PCI-DSS) – Studentnet’s facilities have been audited to comply with standard required for storage of credit card and financial data, even though we do not retain any such data
- Notifiable Data Breach (NDB) – scheme participant
Secure Protocol Standards
- SAML 2
- oAuth 2
- Shibboleth
- OpenID Connect
Technology Facilities
- Amazon Web Services
- PolarSeven (AWS Advanced Consulting Partner)
