Australia, Pacific and Asia Privacy Policy
PURPOSE
COLLECTION OF PERSONAL INFORMATION DATA STORAGE
Personal Information about Parents, Students and Guardians
Personal Information about School Staff and other third parties
Collecting & Processing personal data of individuals under 18 years of age
DATA STORAGE
USE OF PERSONAL INFORMATION PROVIDED
Usage of Images of individuals
Usage of Biometric Fingerprint Data
DISCLOSURE OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION
Checking and updating personal information held by Reach
USE OF THE REACH CLOUD PORTAL AND REACH WEBSITE
Access to information collected
DATA RETENTION
COMPLAINTS
CHANGES TO THIS PRIVACY POLICY
Purpose
This statement outlines the Personal Data Privacy Policy for the Reach Boarding School System (Reach) and Reach BioPad products developed and marketed by Touchline Connect Pty Ltd (Reach Student Life Management). It relates to the management of personal, private and sensitive information provided to or collected by Reach as the vendor of the system and hardware operation. It applies to all of Reach’s applications on web, mobile app and BioPad devices for use in Australia, New Zealand, Pacific Nations and South-East Asia.
Reach may from time to time review and update this Privacy Policy to take account of new laws and technology, changes to operations and practices, and to make sure it remains appropriate to the changing school environment.
Reach is committed to protecting the privacy of all personal information that we collect and use in the operation of Reach. This Privacy Policy embodies this commitment and applies to personal information collected by Reach and its contractors and agents.
All personal information collected by Reach is, in all circumstances, protected by the relevant personal data privacy laws governing the various regional jurisdictions in which Reach operates. This policy takes into consideration all of the sovereign jurisdictions where Reach operates and sets the framework for our compliance with those regulations.
Collection of Personal Information Data Storage
The type of information that Reach receives and holds includes, but is not limited to, personal information, including sensitive information about:
- Students and parents and/or guardians (“Parents”) and hosts before and during the course of a student’s enrolment.
- Staff and other people who come into contact with the School for the management of School or Boarding House activities.
- Student medical records collected by the school and shared with or stored in Reach.
- Personal biometric fingerprint data in the form of unique digital binary codes converted from fingerprint images provided and approved by individuals using the Reach BioPad.
Personal Information about Parents, Students and Guardians
Reach will collect personal information about an individual from schools who use Reach. Parents and students will also have the capacity to update that information from time to time with secure, direct access to Reach and Reach BioPad.
Personal Information about School Staff and Other Third Parties
Reach will collect personal information about an individual staff member or third party associated with the school or boarding house from schools who use Reach. These individuals will have the ability to update that information from time to time with secure, direct access to Reach.
We may also collect and use Personal Information from individuals where they provide that information in forms provided on our website, in phone conversations, or in email messages with Reach representatives. We may also collect and use Personal Information about individuals that is publicly available for the purpose of a legitimate interest in Reach.
Photographs
Reach will, as part of the activities of Reach, utilise photographs of individuals provided by the school or by the individual themselves for user and system identification purposes.
Photographs of school activities, staff, students and other personnel may be posted on Reach by authorised school administration staff for internal use and promotional use by the school.
Reach will not use any photograph provided by the school for anything other than its intended purpose without knowledge and consent from the individual or individuals identified in the photograph.
Biometric Fingerprints
When implemented, the Reach BioPad captures images and measurements of fingerprints to extract unique biometric data of individuals in the Reach ecosystem. It uses a complex set of algorithms to identify and apply unique, minute measurements into an encrypted binary number template and no fingerprint images are retained in Reach.
Collecting and Processing Personal Data of Individuals Under 18 Years of Age
Personal information for children under the age of 18 may be uploaded into Reach by customers using Reach services where the customer is data controller and Reach is the data processor. The customer is responsible for ensuring that disclosing such information is done in accordance with applicable law, legal processes and regulations. For example, obtaining consent from their parents or legal guardians if applicable under the GDPR. Reach will not control such information and will act only as a processor of this data.
Data Storage
Reach User Portals and applications that are cloud hosted are contained in secure data centres that physically reside in servers provided by the Google Cloud Platform which is ISO 27001, ISO 27017 and ISO 27018 certified for cloud based data security. Primary storage locations for Reach portals are in Australia, USA, UK, Singapore and Hong Kong.
| Server Location | Data Sources |
|---|---|
| Australia | Australia, New Zealand, Pacifica, Asia, Africa |
| Hong Kong | China |
| Canada | Canada |
| USA | USA, South America |
| UK | UK, EU, Africa, Middle East, India |
If you require more information regarding the specific server and hosting details for your data, please contact us.
Biometric Fingerprint Data Storage
Biometric fingerprint images are not stored in Reach BioPads or on Reach data servers. Each fingerprint image is immediately converted to a unique binary number template and the binary number is stored as an identifier for an individual user’s profile in Reach. At no time are fingerprint images stored in Reach. The unique binary numbers are created by and readable only by the specific fingerprint reader and unique image conversion algorithm that is provided by Reach.
Use of Personal Information Provided
The primary purpose of collection of personal information of students, parents, guardians, hosts and school staff is to enable Reach to provide an activity management system which assists schools to manage their duty of care for school and boarding house activities. This data is maintained in a secure environment with multi-layered security protocols for data protection.
Access to this data is limited to authorised school personnel and to individuals whose personal data is on the system.
An individual’s access to personal data is restricted by security protocols to their own information or information relating to individuals that the school has formally associated them with on Reach.
The purposes for which Reach uses the personal information of students, parents, guardians and staff include:
- Keeping parents and staff informed about matters related to a student’s activities in the school and boarding house, through correspondence, news alerts and activity notifications.
- Satisfying the school’s legal obligations and allowing the school to discharge its duty of care.
- Providing user identity verification for access to and utilisation of Reach modules and activities.
Personal information collected by Reach will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless agreed otherwise, or where the use or disclosure of that personal information is allowed or required by law.
Usage of Images of Individuals
Images of the school’s students, staff, parents, guardians and other visitors may be used in various instances by authorised school administration staff using Reach. Only authenticated users may insert photographs into the Reach system. Reach will not use any photographs or images provided by the school without consent from the individual or individuals identified in the photograph or image.
Usage of Biometric Fingerprint Data
Biometric Fingerprint Data is used for the sole purpose of user identity verification to enable access to various application activities within the Reach ecosystem only. Reach will not use any Biometric Fingerprint Data outside of the Reach ecosystem or for any purpose other than to verify an individual user’s identity.
Disclosure of Personal Information
We will only use or share personal information that we collect if we have a lawful basis to do so, including:
- Where you have given us your consent.
- Where processing of your personal information is necessary for the delivery and performance of our services and business activities.
- To meet our legal obligations.
- To pursue our legitimate business interests.
We will only use or disclose your personal information:
- For the purposes for which we collected it, and related purposes which would be reasonably expected by you.
- For other purposes to which you have consented.
- As otherwise authorised or required by law.
- For our administrative, marketing, planning, product or service development, quality control, survey and research purposes.
Third-Party Subprocessors
Reach uses third-party entities to process customer and user personal information in order to deliver Reach product, services and business activities. A list of third parties that we engage to assist in providing Reach services and business activities is accessible at https://subprocessor-list.reach.cloud.
Protection of Personal Information
Reach manages the security of personal information with physical, electronic and procedural safeguards.
We urge individuals to take every precaution to protect their personal data when connecting to Reach by regularly changing passwords, using alpha-numeric combinations, not sharing usernames or passwords with other users (including family members) and ensuring that a secure browser is used to access Reach.
Reach has in place a number of data protection steps to protect the personal information that is contained in Reach. These include:
- Servers that are connected to UPS power and have RAID disk arrays for greater reliability.
- Servers that are fully locked down, running only essential services, with CISCO firewalls and CISCO routers used to secure data.
- Servers backed up daily and tapes stored in a fireproof safe.
- Servers housed in premises on a secure floor with 24 hour PIN access.
Biometric Fingerprint images are not stored in Reach. An encrypted binary template (that is, measurements taken from the fingerprints captured) is created from fingerprint images and used to establish the characteristic for each unique identity and this is verified when replica binary prints are identified. Importantly, this encrypted binary template is only usable in the Reach system.
Checking and Updating Personal Information Held by Reach
In accordance with the Privacy Act 1988, an individual has the right to obtain access to any personal information which Reach holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right, set out in the Act for minors. Students will generally have access to their personal information through their Parents or Guardians.
Other individuals with personal data on the Reach system and who are approved by the school’s system administrator may have access to their own personal data and in some cases to other individuals with whom the school administrator has associated them in Reach.
Use of the Reach Cloud Portal and Reach Website
Information Collected
When you view and use the Reach web portal or the Reach website the following information is collected for statistical purposes:
- The Internet Protocol (IP) address of the machine from which you are connecting, and your top level domain name (for example .com, .gov, .au, .uk).
- The date and time of your visit to the site.
- The pages that you accessed and any documents downloaded.
- The previous site you had visited.
- The type of browser you are using and the operating system that it runs on.
Access to Information Collected
No identifying data is provided to any parties other than the relevant portal administrators and authorised operators. In the event of an investigation where a law enforcement agency may exercise a warrant to inspect our internet web server logs, then access to information collected will be provided in accordance with any legal requirements.
Use of Information Collected
Email addresses and phone numbers collected will only be used for the purpose for which they have been provided to us by the school or by the individual. They will not be added to marketing or mailing lists or used for any other purpose without your consent other than for the provision of information relevant to the operation of the Reach system.
Cookies
The Reach web portal and the Reach website use “Session” cookies to aid in the ease of browsing through the site. In this situation, the cookie identifies the browser, not the individual. No personal information is stored within the cookies of Reach.
You can manually disable cookies at any time. Simply check your web browser’s Help function to find out how to disable cookies in your web browser. Disabling cookies will not impact your ability to access the Reach web portal or the Reach website.
Google Analytics
Reach User Portals are not monitored using any external tracking programs. In portal, analytics are utilised to monitor user traffic flows and movements however all data is maintained within our own server network and the data is not shared with any third party.
Google Analytics is used by Reach to collect website visitor information for our various websites. This includes the Reach website but it does not include any Reach User Portals. Google Analytics uses first-party cookies and JavaScript code to help analyse how users use the site. It anonymously tracks how visitors to these sites interact with the websites. The information generated by the cookies about your use of the website, including your IP address, will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser.
Data Retention
If a customer ceases to use the Reach system then the customer will be provided with their current and historic Reach database and backup files in compressed format. The customer may be required to hold this data for a minimum specified period however all personal information relating to individual students, parents, guardians, hosts and staff these records will be stored in backup files only.
Sensitive Information Removal
Information classified as “sensitive information” by the Privacy Act 1988 includes student medical records and fingerprint biometric data. This data is treated more diligently than general personal data. Whereas personal data may be contained and hidden from view and access to system users when an individual is deleted (hidden) or retired (graduated) from the Reach system, sensitive information will be removed so that it is no longer contained in the Reach system within seven (7) days of an individual being deleted (hidden) or retired (graduated) from a customer’s Reach portal.
Once removed from a customer’s Reach portal, any sensitive data relating to an individual will remain only in compressed and encrypted backup files for a customer’s Reach portal where it is retained as relevant, historic data records. The sensitive data will not be accessible from any live Reach portals and if the customer is no longer using Reach then all encrypted backup files will be removed entirely from the Reach storage environment and provided to the customer for future storage or destruction.
Complaints
If any person believes that we may have breached their privacy, they may contact us to make a complaint using the contact details below. In order to ensure that we fully understand the nature of any complaint and the outcome they may be seeking, we prefer that all privacy complaints are made in writing.
Reach undertakes to assess and resolve all privacy complaints diligently and in a timely manner.
Contact Us
If you have any enquiries or complaints about privacy, or if you wish to access or correct your personal information, please contact Mr Garry Jowett on Ph: +61 1300 215199 or on email at garry@touchline.com.au.
Changes to This Privacy Policy
Please note that the privacy policy may change from time to time. A notice will be provided to all Reach clients no less than 7 days before there is any change to this policy with access to the intended updated policy for review.
Any Reach users who are not happy with intended changes to this policy can use the Contact Us details listed above to lodge concerns with Reach.
Need more information?
Let's Connect!
We can answer your questions, and review all of the features and benefits that Reach can provide to complement your Student Life program.