EMS360 Data Protection Policy

EMS360 collects and stores personal details and records. We take privacy and data protection seriously and have guidelines and follow security procedures.

Terminology

Application refers to any application or software system that is owned by Education Management Solutions (EMS or "we") including, but not limited to EMS360.

Customer or client and the like, refers to you, the school or business using our applications.

Privacy

Our privacy assurance to you

We are committed to complying with the provisions relating to privacy and to the collection, use and disclosure of personal information contained in: The Privacy Act 1988, the National Privacy Principals (NPPs) set out in Schedule 3 to the Privacy Act

We publish this Privacy Statement to demonstrate our commitment to the privacy of users of our applications and to provide a clear and concise outline of how and when personal information is collected, stored and distributed.

Collection of information

There are two types of information collected for use by our applications; identifying personal details such as email address and first/last name, and personal information provided by users through the use of our applications.

Personal details for each staff member are usually collected from the (SIS) School Information System - the software used to manage internal operations of the school. These details are used for administrative purposes to configure our applications and are usually provided directly by schools.

Information provided by users is only available to permitted staff within their employment organization. This information is used solely for the purpose for which it is intended; professional development and staff review processes.

Storage of information

We take all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure.

We provide a very high level of security when you use our applications including 256 byte SSL encryption. We have physical, electronic and procedural safeguards to protect your information which is held by us. For example, your personal information is stored in secured office premises, in electronic databases requiring logins and passwords for access and/or at one or more secured data centers. Access to information stored electronically is restricted to staff whose job purpose requires access. We require all our employees to maintain the confidentiality of customer information and all employees sign and agree to strict confidentiality clauses in employment contracts.

Use and disclosure of personal information

Personal details and information collected by our applications will at no time be distributed to any parties other than supervisors and administrators.

Cookies

Cookies are an essential part of how our sites works.

We use cookies to enhance the user experience. Cookies are very small text files that a website can transfer to your computer's hard drive for record keeping. The only information stored as cookies by our applications is your user name (email address) - which makes logging on quicker and easier - and session data to provide secure connections to our servers. They are not harmful and do not contain any confidential information such as your home address, date of birth or credit card details. By using our sites, you also consent to the use of these cookies.

Are cookies safe?

Yes. The information stored in cookies is safe and anonymous. They do not contain any information which could personally identify you and your account security is never compromised. You can find more information about cookies at https://www.allaboutcookies.org

Data will be:

  • Treated with integrity and confidentiality
  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Protected against any unauthorized or illegal access by internal or external parties

Data will not be:

  • Communicated informally
  • Shared or distributed to any party other than the ones agreed upon by the data’s owner

Data Security

How we protect your data

We have physical, electronic and procedural safeguards in place to protect your information.

Secure for your business
  • Servers are owned by Education Management Solutions (not leased)
  • Servers are physically hosted in Melbourne, Australia
  • Servers are administered and maintained by Gieman IT Solutions (not outsourced)
  • Database and server backups are stored offsite in Australia
  • All cloud based services used by EMS are hosted in Australia
  • All environments are fully monitored access logged
Secure for your staff
  • Encrypted password protects personal information
  • Secure 256 byte SSL connections
  • Enterprise grade technology protects your data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases
Secure administrative access
EMS/Gieman IT Solutions employees:
  • Are trained in online privacy and security measures
  • Only access clients data when requested for support and maintenance
  • Have their access to databases and servers logged
  • Require login and passwords for administrative access
  • Sign and agree to strict confidentiality clauses in employment contracts
  • Are trained to monitor and report privacy breaches or data misuse

How you can protect your data

  • Be alert to cyber attacks and report suspicious emails or calls
  • Report losses of data as soon as possible
  • Ensure your personal device has appropriate security measure

A data breach:

Is unauthorised access or disclosure of personal information, or loss of personal information.

May be caused by malicious action (by an external or insider party), human error, or a failure in information handling or security systems.

Data Breach Management

Stategies for containing, assessing and managing data breaches

Any data breach or suspected data breach is serious, and each incident needs to be considered on a case-by-case basis to determine the appropriate response. As soon as EMS are aware of a data breach we will take immediate action to contain, assess and remediate the incident.
STEP 1: Contain

The data breach to prevent any further compromise of personal information. Immediate action to limit the breach may include changing passwords, revoking access privileges and recovering records.

STEP 2: Assess

The data breach by gathering the facts and evaluating the risks to individuals, school and business reputations.

  • The type or types of personal information involved in the data breach
  • The circumstances of the data breach, including its cause and extent
  • The nature of the harm to affected individuals, and if this harm can be removed through remedial action
STEP 3: Notify

The school of any suspected data breach. Assessment of the breach will determine whether individuals need to be informed and appropriate notifications, such as police or (OAIC) Office of the Australian Information Commissioner.

STEP 4: Review

The incident and consider what actions can be taken to prevent in the future. All stages of the data breach response are documented and a final report provided.