1. Scope of this Policy
1.1. Linc-Technologies Limited (we, us or our) provides Services which enable Education Providers to upload information they have collected, which may include Personal Information. This Policy sets out how we collect, hold, use and disclose any Personal Information we receive.
1.2. If you are an Education Provider, or you consent to an Education Provider using our Services to collect, hold, use and disclose your Personal Information, then you agree to us collecting, holding, using and disclosing your Personal Information in accordance with this Policy and the General Data Protection Regulation (GDPR).
1.3. We require each Education Provider to obtain consent from the individuals whose Personal Information they collect, hold, use and disclose while using our Services. To the extent we are collecting, holding, using and disclosing that information, we are acting only as the agent of the Education Provider for the purposes of the GDPR and any other applicable privacy law.
2. Definitions and Interpretation
2.1. In this Policy:
Education Provider means the school or other entity that has subscribed for the Subscription that you rely on to access and use our Services.
Personal Information means information about an identifiable individual (a natural person).
Services means all products and services we provide from time to time and includes our information sharing, information viewing, back office, support and training services and software, the Website and our platform known as “Hero”.
Subscription means any subscription for our Services.
User means any person who is not an Education Provider but uses our Services by relying on the same Subscription as the Education Provider. By way of example only, a User may include a teacher or school administrator.
Website means the website at the domain “www.linc-ed.com” or any other website operated by us.
3. Changes to this Policy
We may change this Policy at any time by uploading a revised Policy to our Website. The changes will apply from the date we upload the revised Policy.
4. Collection of Personal Information
4.1. Any Personal Information we collect has been provided to us by the relevant Education Provider (and/or a User who has been authorised to provide that information). We do not collect any Personal Information from you directly.
4.2. The Personal Information we collect may include your name, address, telephone number, email address, date of birth, national student number, ethnicity and iwi affiliation, educational attendance and attainment history, and relationship to an Education Provider, User or student of an Education Provider.
5. How we may use Personal Information
We may use Personal Information to:
(a) verify your identity;
(b) enable the Education Provider and/or Users to communicate with you;
(c) manage the relevant Subscription and provide our Services to the Education Provider;
(d) improve our Services;
(e) bill the Education Provider and collect money that the Education Provider owes to us;
(f) protect and/or enforce our legal rights and interests under the relevant Subscription;
(g) monitor use and performance of our Services; and
(h) for any other purpose authorised by you (whether such authorisation is given directly to us or indirectly via the Education Provider).
6. Who we disclose Personal Information to
We may disclose your Personal Information to:
(a) the Education Provider;
(b) any User that the Education Provider expressly permits to access that information. We will not grant access to any User (or subsequently revoke that access) without the Education Provider’s written consent or as otherwise permitted by our terms of engagement with the Education Provider;
(c) any third party that supports our Services, including any person that hosts or maintains any underlying information technology system or data service that we use to provide all or any part of the Services;
(d) any third party who, with the Education Provider’s written consent, provides products and services that interact with our Services (such as third party applications that integrate with the Hero platform);
(e) a person who can require us at law to supply your Personal Information;
(f) any other person with your consent (whether such consent is given directly to us or indirectly via the Education Provider).
7. How we store and protect Personal Information
7.1 We take reasonable steps to protect your Personal Information against loss, unauthorised activity and other misuse. These steps include:
(a) using encryption to protect all information uploaded to the Hero platform;
(b) engaging an independent third party on an annual basis to review our security measures and make recommendations for improvement if required; and
(c) password protecting your access to our Hero platform. It is your responsibility to keep the password safe.
7.2 All Personal Information provided to us is securely stored on Microsoft Azure and AWS (Amazon Web Services) servers in Australia. The information is replicated to three separate servers to ensure high availability. The servers are secure, protected and not accessible by unauthorised users.
7.3 While we take reasonable steps to maintain secure internet connections, the internet is not a secure environment and we cannot give you absolute assurance that any information provided over the internet will be secure at all times. Accordingly, where you provide Personal Information about any person to us over the internet, you do so at your own risk.
7.4 We keep Personal Information for the duration of the relevant Subscription. Once the Subscription has come to an end, we will delete the relevant Personal Information after 30 days. We will also delete Personal Information when we are no longer required or need to hold it.
7.5. Hero uses multiple systems to power our platform including some systems that hold data about schools, a full list of these can be found at https://stackshare.io/linc-technologies/hero.
8. Accessing and correcting Personal Information
8.1. Subject to the grounds for refusal set out in the GDPR (including where disclosure would unreasonably impact on another person’s privacy), you have the right to access the Personal Information we hold about you and to request a correction of this information.
8.2. Before you exercise these rights, we may need evidence to confirm that you are the individual (or a representative of the individual) to whom the Personal Information relates. We may also need to arrange for the access and/or correction through the relevant Education Provider.
8.3. If you want to exercise either of the above rights, please refer to the “How you can contact us” section of this Policy below. Please note that we may charge you our reasonable costs of providing to you copies of your Personal Information or correcting that information.
9. Deletion and Portability
9.1 We uphold the individual’s right under the GDPR to request the erasure of data held on them. This is managed in conjunction with the school.
9.2 We uphold the individual’s right under the GDPR to request the portability of their data.
10. Third party websites
The Services (and in particular the Website) may contain links to third party websites. If you follow a link to a third party website, we take no responsibility for the privacy practices or content of that website.
Google Workspace Data
The Company allows users to select and embed content from their own google drive for sharing in posts. The Company will alter the permissions on the original document to ‘anyone with the link can access’ so that Hero authenticated users can view the content. By selecting documents or files from Google Workspace the user should adhere to the school's policy on appropriate sharing content. Users must approve Hero to access their account to display and embed files from their Google Drive. The Company will never share or use google data for any other purpose than stated here. https://policies.google.com/privacy
Google Single Sign-On (SSO)
The Company allows users to sign into Hero using their Google Workspace account. The Company requests the user's name and email address in order to bind a connection between the user's Google and Hero account. The Company will never share or use google data for any other purpose than stated here.
11. Cookies
11.1. Cookies are small files that a website can send to your computer which can be stored on your hard drive or in memory. Cookies store information about your preferences on a particular website and remain on your computer once you have exited from that website.
11.2. We use cookies on our Website and other technical measures (including Google Analytics and Google Ads) to help us improve our Website and to tailor advertising to you.
11.3. We also use cookies in relation to the Hero platform, these do not contain any personal information or information that could be used to identify you.
11.4. You can set your browser to refuse cookies, or to notify you when you receive a cookie and to give you the opportunity to accept or refuse the cookie. However, if you refuse our cookies, certain features of our Website or the Hero platform may not function properly.
12. How you can contact us
12.1. For further information about this Policy, our privacy practices, or to make a request or complaint, please contact us using the details set out below:
Paul Sibson
22 Moorhouse Avenue, Addington, Christchurch, 8011
privacy@linc-ed.com
12.2. When making a request or complaint, please include your name, email address and/or telephone number and clearly describe your request or complaint. We will acknowledge your communication and may ask you to verify your identity.
12.3. We will respond to you regarding your request or complaint within a reasonable period of time. If you think that we have failed to respond to your request or resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.