Principle 1

You can only collect personal information if it is for a lawful purpose and the information is necessary for that purpose. You should not require identifying information if it is not necessary for your purpose.

Office of the Privacy Commissioner

Personal information is only collected in Hero for the use of the school, the schools decides what information to collect in conjunction with the requirements of the Ministry of Education. Personal information is not used by LINC-Technologies for any other purpose.

Principle 2 - Source

You should generally collect personal information directly from the person it is about. Because that won’t always be possible, you can collect it from other people in certain situations. For instance, if: • the person concerned gives you permission • collecting it in another way would not prejudice the person’s interests • collecting the information from the person directly would undermine the purpose of collection • you are getting it from a publicly available source.

Office of the Privacy Commissioner

All personal information in Hero is collected by the individual schools via an enrolment form and is either entered by a caregiver completing an online application form or by school administrators directly.

Principle 3 - Why information is being collected

When you collect personal information, you must take reasonable steps to make sure that the person knows: • why it’s being collected • who will receive it • whether giving it is compulsory or voluntary • what will happen if they don’t give you the information. Sometimes there may be good reasons for not letting a person know you are collecting their information – for example, if it would undermine the purpose of the collection, or if it’s just not possible to tell them.

Office of the Privacy Commissioner

Schools advise caregivers or students what information is being collected through their enrolment process. It is the responsibility of the school to let caregivers know if additional information is being collected or recorded for the students or caregivers. Hero affords the option for schools to create their own fields for data collection.

Principle 4 - How information is collected

You may only collect personal information in ways that are lawful, fair and not unreasonably intrusive. Take particular care when collecting personal information from children and young people.

Office of the Privacy Commissioner

The collection of data is through the school’s enrolment form or other methods that they choose to employ to gather information and record this in Hero.

Principle 5 - How the information is stored

You must make sure that there are reasonable security safeguards in place to prevent loss, misuse or disclosure of personal information. This includes limits on employee browsing of other people’s information.

Office of the Privacy Commissioner

Hero databases store information such as accounts, student details, posts, goals, attendance and assessment data and pupil billing information. These are replicated to separate servers so that redundancy is always maintained. Daily snapshots are taken, which are maintained for seven days. All files are stored on Azure Blob Storage, which is managed by Microsoft Azure. This is designed to be highly available with a 99.99% uptime guarantee. This data store is configured to be replicated to 3 different servers within the same datacenter, with geo-replication enabled in the event of a localised disaster at our primary datacenter. Outside of this, an additional backup process is run every night with the same storage configuration, that is, locally and geo-replicated to data centres in NSW (AUS) and Victoria (AUS). All services are stateless, load-balanced, and redundant.

Principle 6 - Right to request access

People have a right to ask you for access to their personal information. In most cases you have to promptly give them their information. Sometimes you may have good reasons to refuse access. For example, if releasing the information could: • endanger someone’s safety • create a significant likelihood of serious harassment • prevent the detection or investigation of a crime • breach someone else’s privacy.

Office of the Privacy Commissioner

Linc-technologies is the custodian of the data. Any requests for access to information must be made to the individual school as they are the legal entity responsible for the data.

Principle 7

A person has a right to ask an organisation or business to correct their information if they think it is wrong. Even if you don’t agree that it needs correcting, you must take reasonable steps to attach a statement of correction to the information to show the person’s view.

Office of the Privacy Commissioner

The school can update information within Hero upon request.

Principle 8 - Accuracy of information

Before using or disclosing personal information, you must take reasonable steps to check it is accurate, complete, relevant, up to date and not misleading.

Office of the Privacy Commissioner

Schools are responsible for the accuracy of information stored within Hero.

Principle 9 - Length of time data is stored

You must not keep personal information for longer than is necessary.

Office of the Privacy Commissioner

Data is stored for seven years in accordance with the requirements of the Ministry of Education.

Principle 10 - Limits of use

You can generally only use personal information for the purpose you collected it. You may use it in ways that are directly related to the original purpose, or you may use it another way if the person gives you permission, or in other limited circumstances.

Office of the Privacy Commissioner

Linc Technologies will not use the data for any other reason than making it available to the school. Individuals can actively consent to Hero using the information for other, specified reasons. The school may choose to use the information in other ways and would be responsible for informing students and caregivers if this is the case.

Principle 11 Limits of disclosure

You may only disclose personal information in limited circumstances. For example, if: • disclosure is one of the purposes for which you got the information • the person concerned authorised the disclosure • the information will be used in an anonymous way • disclosure is necessary to avoid endangering someone’s health or safety • disclosure is necessary to avoid a prejudice to the maintenance of the law.

Office of the Privacy Commissioner

Linc Technologies will only disclose data if verified permission has been obtained from the person concerned.

Principle 12

You can only send personal information to someone overseas if the information will be adequately protected. For example: • the receiving person is subject to the New Zealand Privacy Act because they do business in New Zealand • the information is going to a place with comparable privacy safeguards to New Zealand • the receiving person has agreed to adequately protect the information – through model contract clauses, etc. If there aren’t adequate protections in place, you can only send personal information overseas if the individual concerned gives you express permission, unless the purpose is to uphold or enforce the law or to avoid endangering someone’s health or safety.

Office of the Privacy Commissioner

Linc-Technologies will not send personal information overseas except for storage within the Micrsosoft Azure data centres in Australia. These servers are secure, protected and not accessible by unauthorized users.

Principle 13

A unique identifier is a number or code that identifies a person in your dealings with them, such as an IRD or driver’s licence number. You can only assign your own unique identifier to individuals where it is necessary for operational functions. Generally, you may not assign the same identifier as used by another organisation. If you assign a unique identifier to people, you must make sure that the risk of misuse (such as identity theft) is minimised.

Office of the Privacy Commissioner

Unique identifiers are required for the operation of the Hero platform. We use the UUID (universally unique identifiers) for all our identifiers. These are therefore not able to be used by other organisations for the same person.