PRIVACY POLICY
1
Scope
of this Policy
1.1
Linc-Technologies
Limited (we, us or our) provides Services which enable Education
Providers to upload information they have collected, which may include Personal
Information. This Policy sets out how we collect, hold, use and disclose any
Personal Information we receive.
1.2
If you
are an Education Provider, or you consent to an Education Provider using our
Services to collect, hold, use and disclose your Personal Information, then you
agree to us collecting, holding, using and disclosing your Personal Information
in accordance with this Policy and the General Data Protection Regulation (GDPR).
1.3
We require each Education Provider to obtain
consent from the individuals whose Personal Information they collect, hold, use
and disclose while using our Services. To the extent we are collecting,
holding, using and disclosing that information, we are acting only as the agent
of the Education Provider for the purposes of the GDPR and any
other applicable privacy law.
2
Definitions
and Interpretation
2.1
In this
Policy:
Education Provider means the school or other entity that has
subscribed for the Subscription that you rely on to access and use our
Services.
Personal Information means information about an identifiable
individual (a natural person).
Services means all products and services we provide from time to time and
includes our information sharing, information viewing, back office, support and
training services and software, the Website and our platform known as “Hero”.
Subscription means any subscription for our Services.
User means any person who is not an Education Provider but uses our Services
by relying on the same Subscription as the Education Provider. By way of
example only, a User may include a teacher or school administrator.
Website means the website at the domain “www.linc-ed.com” or any other website
operated by us.
3
Changes to this Policy
We may change this Policy at any time by uploading a revised Policy to
our Website. The changes will apply from the date we upload the revised Policy.
4
Collection
of Personal Information
4.1
Any Personal Information we collect has been
provided to us by the relevant Education Provider (and/or a User who has been
authorised to provide that information). We do not collect any Personal
Information from you directly.
4.2
The Personal Information we collect may include your
name, address, telephone number, email address, date of birth, national student
number, ethnicity and iwi affiliation, educational attendance and attainment
history, and relationship to an Education Provider, User or student of an Education
Provider.
5
How we may use Personal Information
We may use Personal Information to:
(a)
verify
your identity;
(b)
enable
the Education Provider and/or Users to communicate with you;
(c)
manage
the relevant Subscription and provide our Services to the Education
Provider;
(d)
improve our
Services;
(e)
bill the
Education Provider and collect money that the Education Provider owes to us;
(f)
protect
and/or enforce our legal rights and interests under the relevant Subscription;
(g)
monitor
use and performance of our Services; and
(h)
for any
other purpose authorised by you (whether such authorisation is given directly
to us or indirectly via the Education Provider).
6
Who
we disclose Personal Information to
We may disclose your Personal Information to:
(a)
the Education Provider;
(b)
any User that the Education Provider expressly
permits to access that information. We will not grant access to any User (or
subsequently revoke that access) without the Education Provider’s written
consent or as otherwise permitted by our terms of engagement with the Education
Provider;
(c)
any third
party that supports our Services, including any person that hosts or maintains
any underlying information technology system or data service that we use to
provide all or any part of the Services;
(d)
any
third party who, with the Education Provider’s written consent, provides products
and services that interact with our Services (such as third party applications
that integrate with the Hero platform);
(e)
a person
who can require us at law to supply your Personal Information;
(f)
any
other person with your consent (whether such consent is given directly to us or
indirectly via the Education Provider).
7
How
we store and protect Personal Information
7.1
We take reasonable steps to protect your Personal
Information against loss, unauthorised activity and other misuse. These steps
include:
(a)
using encryption to protect all information
uploaded to the Hero platform;
(b)
engaging an independent third party on an annual
basis to review our security measures and make recommendations for improvement
if required; and
(c)
password
protecting your access to our Hero platform. It is your responsibility to keep
the password safe.
7.2
All Personal Information provided to us is securely
stored on Microsoft Azure and AWS (Amazon Web Services) servers in Australia. The information is replicated
to three separate servers to ensure high availability. The servers are secure,
protected and not accessible by unauthorised users.
7.3
While we take reasonable steps to maintain
secure internet connections, the internet is not a secure environment and we
cannot give you absolute assurance that any information provided over the internet
will be secure at all times. Accordingly, where you provide Personal
Information about any person to us over the internet, you do so at your own
risk.
7.4
We keep
Personal Information for the duration of the relevant Subscription. Once the
Subscription has come to an end, we will delete the relevant Personal
Information after 30 days. We will also delete Personal Information when we are
no longer required or need to hold it.
8
Accessing
and correcting Personal Information
8.1
Subject to the grounds for refusal set out in
the GDPR (including where disclosure would unreasonably impact on
another person’s privacy), you have the right to access the Personal
Information we hold about you and to request a correction of this information.
8.2
Before you exercise these rights, we may need
evidence to confirm that you are the individual (or a representative of the
individual) to whom the Personal Information relates. We may also need to
arrange for the access and/or correction through the relevant Education
Provider.
8.3
If you want to exercise either of the above
rights, please refer to the “How you can contact us” section of this Policy
below. Please note that we may charge you our reasonable costs of providing to
you copies of your Personal Information or correcting that information.
9
Deletion and Portability
9.1
We uphold the individual’s right under the GDPR to request the erasure of data held on them. This is managed in conjunction with the school.
9.2
We uphold the individual’s right under the GDPR to request the portability of their data.
10
Third
party websites
The Services (and in particular the Website) may contain links to third
party websites. If you follow a link to a third party website, we take no
responsibility for the privacy practices or content of that website.
Google Workspace Data
The Company allows users to select and embed content from their own google drive for sharing in
posts. The Company will alter the permissions on the original document to ‘anyone with the link can
access’ so that Hero authenticated users can view the content. By selecting documents or files
from Google Workspace the user should adhere to the school's policy on appropriate sharing content. Users
must approve Hero to access their account to display and embed files from their Google Drive.
The Company will never share or use google data for any other purpose than stated here.
https://policies.google.com/privacy
Google Single Sign-On (SSO)
The Company allows users to sign into Hero using their Google Workspace account.
The Company requests the user's name and email address in order to bind a connection between the user's Google and Hero account.
The Company will never share or use google data for any other purpose than stated here.
11
Cookies
11.1
Cookies are small files that a website can send
to your computer which can be stored on your hard drive or in memory. Cookies
store information about your preferences on a particular website and remain on
your computer once you have exited from that website.
11.2
We use
cookies on our Website and other technical measures (including Google Analytics
and Google Ads) to help us improve our Website and to tailor advertising to
you.
11.3
We also
use cookies in relation to the Hero platform, these do not contain any personal
information or information that could be used to identify you.
11.4
You can
set your browser to refuse cookies, or to notify you when you receive a cookie
and to give you the opportunity to accept or refuse the cookie. However, if you
refuse our cookies, certain features of our Website or the Hero platform may
not function properly.
12
How
you can contact us
12.1
For further information about this Policy, our privacy
practices, or to make a request or complaint, please contact us using the
details set out below:
Paul Sibson
63 Mandeville Street,
Riccarton, Christchurch, New Zealand 8014
[email protected]
12.2
When
making a request or complaint, please include your name, email address and/or
telephone number and clearly describe your request or complaint. We will
acknowledge your communication and may ask you to verify your identity.
12.3
We will
respond to you regarding your request or complaint within a reasonable period
of time. If you think that we have failed to respond to your request or resolve
the complaint satisfactorily, we will provide you with information about the
further steps you can take.