Home

Scope

This policy describes eQIPd’s approach to managing personal and organisational information it may collect in delivering services to clients.

Summary Principles

eQIPd only collects and retains personal information if it is directly related to service delivery, and minimises the amount of personal information it holds about individuals.

eQIPd will not disclose information about organisational performance to anyone but the commissioner of the survey (the Approved Provider) from the education and care service to whom it relates.

eQIPd will deidentify and aggregate organisational performance information for benchmarking calculations.

eQIPd will never use your data for any 3rd party marketing, retargeting, profiling, or similar purpose.

eQIPd allows individuals to update or remove personal information it may hold about them on request.

In summary, eQIPd will never share your data with anyone without your consent.

Handling and disclosure of information

In relation to its service to provide surveys for education and care services:

As much as possible, eQIPd surveys will not collect personal information about respondents. Where they do, this data is protected using best practice, up to date technical security protocols as well as organisational measures such as limiting staff access to personal information beyond what is needed to perform the role. Recognising that the reports about parent, staff and committee perceptions of organisational performance may be sensitive for organisations, eQIPd’s reports will only ever be shared with the education and care service commissioning the survey about its services. Deidentified data on performance will be aggregated as part of the benchmarking calculations.

In relation to its service to provide enrolment data collection on behalf of education and care services:

eQIPd will use encrypted methods to collect, store and transmit personal enrolment information to its education and care client, who, for the purposes of the Privacy Act, is the data holder.

eQIPd will not store personal information for any longer than it is required. It will be purged from its systems on an annual basis to minimise the risk of personal data breaches. The responsibility for maintaining records of enrolment (including updating information if it changes) will sit with the education and care service itself, as per the Education and Care Services National Regulations Clauses 160-162.

For all of eQIPd’s services, eQIPd will take due care to protect personal information. eQIPd uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept liability for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.

eQIPd is not liable for any loss, damage or claim arising out of another User/Organisation’s use of the Personal information where the User authorised sharing of that Personal Information to that User/Organisation.

3rd Party Vendors

eQIPd uses the following third party vendors to collect and store information, some of which may be personal or about organisational performance:

• Alchemer
• Invoice Ninja
• Dropbox

These providers are based overseas and are GDPR compliant meaning that they have committed to protecting individuals’ personal information. eQIPd has undertaken and periodically reviews its partnerships with vendors to ensure they use best practice security protocols to protect personal information and comply with international standards and the Australian Privacy Act Principles.

Contact

Users with questions regarding GDPR Compliance, privacy breaches, account data use, or questions on any data use matter, should contact us.