JDR Software is committed to providing quality services and this policy outlines our ongoing obligations in respect of Personal Information that we have collected is managed.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of the Personal Information we have collected.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
2. Our Custodianship of Data
JDR Software provide services to a variety of clients, mostly tertiary education organisations, using a model known as Software as a Service (SaaS). Under this model, we provide software services for our clients. The majority of our services are related to tertiary education timetabling and class allocation. In order to provide the service, our software collects a variety of Personal Information on behalf of our clients. Under the terms of our contracts all data managed by our SaaS solutions is owned by our clients and not by us. As such we do not control any of the data that is collected by our software. We do however acknowledge our responsibilities under the Privacy Act to administer any data managed by our systems in accordance with the Privacy Act where possible.
3. What is Personal Information and why is it collected?
3.1 Personal Information
3.1.1 Personal Information is information or an opinion that identifies an individual.
3.1.2 Examples of Personal Information that we collect includes:
- student or staff id
- email address
- class enrolment and schedule
3.1.3 JDR Software obtains Personal Information via data transfer from our clients (files and other data interfaces) and via the websites provided to our clients;
3.1.4 JDR Software collects Personal Information for the primary purpose of providing student class allocation and timetabling services to our clients and their users (eg students, staff, etc);
3.1.5 It remains the responsibility of our clients as owners of all Personal Information stored by our services to explain to their users why this information is collected and how it will be used.
3.2 Sensitive Information
3.2.1 Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
3.2.2 If our clients store Sensitive Information in our services, as far as JDR Software is concerned, we will only use it for the primary purpose for which it was obtained. It remains the responsibility of our clients, as owners of all Sensitive Information stored by our services, to gain consent to use that information where required or authorized by law.
3.3 Disclosure of Personal Information
3.3.1 JDR Software will only disclose Personal Information, stored in our software, with the clients that own the information or where we are required or authorized by law.
3.4 Security of Personal Information
3.4.1 JDR Software will store all Personal Information in our services in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
3.4.2 When Personal Information is no longer needed, for the purpose for which it was obtained, JDR Software will take reasonable steps to destroy or permanently de-identify that Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 1 year.
3.5 Privacy Breach
3.5.1 A privacy breach is the loss of, unauthorized access to, or disclosure of, personal information. Under the Privacy Act, organizations are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach.
3.5.2 If JDR Software becomes aware of a privacy breach that meets the requirements of the Notifiable Data Breach (NDB) scheme, we will work with our clients to ensure that notification of the breach is done in accordance with the law. Refer to our Cyber Security Event Breach Policy and our Notifiable Data Breach Policy to determine the actions JDR Software will take in such an event.
3.6 Access to Personal Information
3.6.1 JDR Software will refer all requests for Personal Information to our clients as owners of this data. In order to protect Personal Information, we may require identification from anyone requesting Personal Information outside of the website or data transfer services.
3.7 Maintaining the Quality of Personal Information
3.7.1 JDR Software does not validate that the Personal Information managed by our services is accurate, complete or up to date. This is the responsibility of our clients, as owners of this data.
3.8 Policy Updates
3.8.1 This Policy may change from time to time and is available upon request.
3.9 Policy Complaints and Enquiries