Introduction
The Educational Assessment Australia (EAA) is a prime provider of quality educational measurement and assessment services in Australia, New Zealand, Asia and the Pacific region. It has been involved in educational measurement in Australia since 1967 and is the largest independent provider of school tests in the region.
EAA is one of the five principal business units within NewSouth Global Pty Ltd (NSG), the international education, training and consultancy arm of the University of New South Wales (UNSW). NSG is a wholly-owned subsidiary of UNSW.
Purpose
Educational Assessment and Testing Services (M) Sdn Bhd (EATS), is committed to providing the highest levels of customer service. Implicit in this is the protection of personal privacy.
Policy
This policy sets out EATS Privacy Protection Principles. These are the principles that EATS has adopted in order to protect information about individuals. These principles deal with the collection, use and disclosure of personal information, as well as access to information and intrusion issues.
It also sets out the principles that EATS will adopt when considering the introduction of new technology or services.
Much of this policy appears in the NSG Privacy Policy which reflects details contained in the UNSW Privacy Management Plan.
Legislation
The EAA is covered by the Federal Privacy (Private Sector) Amendment Act 2000. The Act sets out privacy principles that regulate the way EAA deals with personal information.
General
Personal Information
Personal information is information that relates to an identifiable person and includes, for example, names, addresses, phone numbers, photographs, dates of birth, passport numbers, student admission or ID numbers, and tax file numbers.
Identification
As a general practice, information regarding students, consultants, contractors, customers or staff is not disclosed to a third party without that individual’s consent. In the case of an emergency or in exceptional circumstances such as a legal requirement, the General Manager or a delegated officer, at his or her discretion, may authorise the release of personal information.
Access To Personal Information
EATS has in place mechanisms and normal administrative practices which allow the routine handling of requests for access to information, such as statements of results or for alterations to information such as changes of address.
An individual may request access to their personal information or for their personal information to be amended so that it is accurate, complete and not misleading.
Complaints
A person who has a complaint in relation to a privacy matter is entitled to request EATS to carry out an internal review.
An application for an internal review must be made in writing, with a return address, to EATS, within 6 months of the time the applicant becomes aware of a contravention of the Privacy Policy. The applicant should identify the conduct which is the basis for the application, and be as specific as possible about the details of the grievance.
Fees
There are no fees for lodging an application but fees may be charged for the conduct of the review on the same basis as those allowed under the Freedom of Information Act – Australia – 1989. Payment may be required in advance.
Privacy Principles
Collection
EATS will only collect personal information directly from the individual and it will be reasonably necessary for the purpose it is being collected. The method of information collection will be lawful, fair and not unreasonably intrusive.
The individual will be informed as to why their personal information is being collected, what will be done with it, the consequences of not supplying it (if any) and their right of access to, and correction of, the information.
Use And Disclosure
EATS will not use personal information for any purpose (the secondary purpose) other than the primary purpose of collection, unless it could be reasonably expected to be used for the secondary purpose, the individual has consented, there is an opt out option (applies to direct marketing), it is necessary for health research, there is a threat to life or health, it is required or authorised by law, or it is reasonably necessary for law enforcement.
Data Quality
EATS will take reasonable steps to ensure personal information is accurate, complete and up-to-date.Security
EATS will take reasonable steps to protect personal information from misuse, loss or unauthorised access, modification or disclosure. Personal Information will be disposed of securely when it is no longer of use.
Openness
EATS has a policy on handling personal information. Reasonable steps will be taken to inform people how their personal information is handled and make the information available on request.
Access And Correction
An individual has the right of access to their personal information, unless there is a threat to life or health or other people’s privacy, the request is frivolous or vexatious, there are legal proceedings in train, negotiations would be prejudiced, access is unlawful, denying access is required or authorised by law, it would prejudice investigation of an unlawful activity or law enforcement or for National security reasons.
If access is denied a reason will be given.
Identifiers
A government identifier cannot be used as the organisation’s identifier. For example, identification numbers or tax file numbers cannot be used as an EATS identification number.
Anonymity
Where lawful and practicable, EATS will do business with people without requiring identification. For example, EATS will not require a person visiting our website to provide us with personal information, until they make a request which requires information in order to meet their request.
Trans-Border Data Flows
EATS cannot send personal information out of the country, unless the recipient is subject to information privacy laws substantially the same, the individual consents, it is necessary to perform the contract between the individual and the organisation or reasonable steps have been taken to ensure the recipient will deal with the information in line with policies in Malaysia.
Online Activities
While users of the EATS website are covered by the same privacy principles, however, EATS undertakes some additional agreements:
We do not use personal information for any other purpose, however, we do retain your name and address to ensure all transactions are processed correctly and the appropriate service is delivered. From time to time we may use the name and address to inform you of new publications or information. EATS customers are covered by other appropriate fair trading and retail laws.