Specifically, in Australia, ESA is bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations such as ESA may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.
1 What is personal data?
“Personal data” is anything that discloses your identity, that is unique to you. For example: a name, an identification number, location data or an online identifier. It also includes “personal information” as defined in subsection 6(1) of the Privacy Act:
“information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
2 What personal data does ESA collect
When you register on the Website to participate in user research or to receive newsletters, ESA may collect the following personal data:
- your name;
- your email address; and
- your stakeholder group⃰.
⃰ Stakeholder groups comprise teachers and school leaders, teacher and school leader industrial body representatives and professional association representatives, teacher education faculties and education experts (including assessment experts and psychometricians), jurisdiction system owners and commercial vendors, state and territory education system representatives and non-government school sector curriculum authority representatives, education ministers and AESOC members.);
3 How does ESA collect your personal data?
ESA may collect your personal data when you:
- submit a form on the Website to receive a newsletter or to participate in user research;
4 Handling of Personal data
4.1 Remaining anonymous or using a pseudonym: are you required to provide personal data?
Where it is not impractical or unlawful, you may interact with ESA without identifying yourself or using a pseudonym. As a general principle, you provide ESA with your personal data voluntarily and there are generally no detrimental effects for you if you choose not to consent or to provide personal data.
4.2 Use of your personal data
ESA will only use your personal data for the stated purpose for which it was provided or otherwise in accordance with the law.
Therefore, ESA will use your personal data for the following purposes only ("Permitted Purposes"):
- providing services or things you have requested, for example receiving a newsletter or being contacted with respect to participating in user research;
- compliance with ESA’s legal obligations (such as record keeping obligations);
- for insurance purposes;
- for monitoring and assessing compliance with ESA’s policies and standards;
- to comply with ESA’s legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- to comply with court orders and exercises and/or defend ESA’s legal rights; and
- for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to ESA.
ESA will communicate with you via email after you have opted in on the Website to receive emails and ESA will provide you the opportunity to opt out anytime if you do not want to receive further communication from ESA.
4.3 With whom will ESA share your personal data?
ESA will not disclose your personal data to a third party without your consent unless otherwise authorised or required by law or to prevent or lessen a serious imminent threat to your life or health or that of another person.
ESA may share your personal data in the following circumstances:
- to instruct service providers within or outside of ESA, domestically or abroad, e.g. shared service centres, to process personal data for Permitted Purposes on ESA’s behalf and in accordance with ESA’s instructions only. ESA will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
- ESA may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help ESA develop its website and services.
- ESA has engaged Student Edge Pty Ltd to undertake user research for the Online Assessment Initiative project. In order to undertake user research, Student Edge Pty Ltd will collect, store and use personal data; Student Edge Pty Ltd is an Australian student advocacy service, founded in 2003 in Perth, Western Australia by university ;
- ESA may download personal data into secure offline formats for internal project work;
- ESA may share your personal information with the Commonwealth of Australia, the Australian Curriculum, Assessment and Reporting Authority (ACARA) and the Australian Institute for Teaching and School Leadership (AITSL) for the purpose of the Online Assessment project; and
- in relation to aggregated data and statistics, refer to 4.4 below.
Otherwise, ESA will only disclose your personal data when you direct ESA or give ESA permission or when ESA is required by applicable law or regulations to do so.
Usage statistics or patterns obtained from tracking the level and range of interest in the Website are collected in order to improve and develop the Website. This information will be connected to a user’s profile but will be de-identified prior to any use in reports.
Google Inc. uses this information for the purpose of evaluating your use of the Website, compiling reports on website activity for ESA and providing other services relating to website activity and internet usage. Google Inc. may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google Inc's behalf. Google Inc. will not associate your IP address with any other data held by Google Inc.
4.5 Personal data about other people which you provide to ESA
4.6 Security of your personal data
ESA takes reasonable steps to:
- protect personal data that it holds against misuse, interference, loss, unauthorised access, modification or disclosure by utilising up-to-date electronic and physical security controls that comply with relevant industry standards and guidelines; and
- destroy or permanently de-identify personal data if it is no longer required.
Personal data may be kept on ESA’s personal data technology systems, those of ESA’s contractors or in paper files.
Please note that:
4.7 Location of personal data
Personal data collected by ESA via this Website is stored in Australia; and not disclosed, accessed or transferred to overseas recipients.
5 Accessing and correcting personal data
If any of the personal data that you have provided to ESA changes, for example if you change your email address or if you wish to cancel any request you have made of ESA, or if you become aware that ESA has any inaccurate personal data about you, please let ESA know using the contact information in paragraph 8 below. ESA will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to it.
6 For how long does ESA retain your personal data?
ESA will delete your personal data when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and ESA is not legally required or otherwise permitted to continue storing such data.
7 Your rights
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which ESA holds, to have any inaccurate personal data corrected and to object to or restrict ESA using your personal data. You may also make a complaint if you have a concern about ESA’s handling of your personal data.
If you wish to do any of the above, please contact ESA using the contact information below. ESA may request that you prove your identity by providing ESA with a copy of a valid means of identification in order for ESA to comply with its security obligations and to prevent unauthorised disclosure of data.
ESA will consider any requests or complaints which it receives and provide you with a response in a timely manner. If you are not satisfied with ESA’s response, you may take your complaint to the relevant privacy regulator. In Australia, the relevant regulator is the Office of the Australian Information Commissioner.
8 Contact information for ESA for questions, comments, concern or complaints
If you have any questions, comments, concerns or complaints about ESA’s privacy practices for this Website, you can contact ESA by:
- Telephone: +61 3 92079600
- Post: Post Office Box 177, Carlton South, Victoria, Australia 3053; or
- Email: [email protected].