Award Tracking Application Privacy And Security Policy
Updated: 24 March 2018
The Award Tracking Application (ATA) is strongly committed to protecting your privacy when you interact with us, our content, products and services.
Our goal is to provide Scouts Australia’s Management, Leaders, Youth Members and families with information about each Youth Member’s Award progress. We also provide reports to help Management and Leaders plan and assist Youth Members in attaining Awards. Sometimes this means that we use information that you provide to us about yourself to customise information displayed and reports. We do this to improve the meaningfulness and accuracy of the information displayed and reports. In providing our services to you, the ATA will be transparent about how and why we collect and use your information. In some cases, if you do not want us to collect or use your information in a particular way, then we will give you the opportunity to say so.
· the kind of information the ATA may collect about you, how we collect it, and how we use it
· how we may disclose that information
· how you can access the information we hold about you
· when we may use your information to contact you
· the protection of your personal information
· additional steps to protect Youth Members
The ATA will review this policy regularly, and may update it from time to time. If we make changes, we will post those changes on the privacy page of the ATA’s application.
2. Collection and use of personal information
2.1 Why we collect personal information
The ATA collects personal information about you:
· because you have provided it to us, for instance if you create an Account;
· because you have provided it to a Scouting Leader, for instance if a Scouting Leader adds your details to the ATA as a Youth Member;
· because we would like to improve our services, for instance through the collection and analysis of statistical and research data;
2.2 How we collect information when you use the ATA
Broadly, there are two types of information or data we collect:
Information that you specifically give us
For example, you may provide information about yourself when you are requesting an Account or when a Scouting Leader sets up a Youth Member. This type of information may include your name, email address, date of birth and Scout Number. The information that you give us may be:
· Personal information that is required. In some instances, you must provide personal information if you wish to use a particular service or participate in an activity. For example, your age is required to customise the information displayed and produce reports to enable the management of the Award scheme.
· Personal information that is optional. You may choose to provide some personal information which is not required but is directly related to the ATA’s functions or activities. Usually this type of information will enable the ATA to improve or broaden the services we can offer you. If you choose not to provide this optional information, we would still be able to offer you the service, but perhaps with fewer options than if you had provided the optional information. If you provide us with unsolicited information that we do not require or which is not directly related to the ATA’s functions or activities, the ATA may be required to destroy or de-identify that information, provided it is lawful and reasonable to do so.
You may be able to make changes to the information you provided us (for example, if you change your email address). We will make it clear how you do that.
Data we collect that tracks your activity
The ATA automatically gathers information to monitor the use of the ATA, like the numbers and frequency of ATA logons.
This information helps us improve our services by learning what our audiences use and don’t use. It can also help us identify if there are any problems with our services that need fixing.
At this time the ATA does not use ‘cookies’. ‘Cookies’ are small files that are stored on your browser.
Most of the data we collect is aggregated, and this information is effectively anonymous to us.
In some cases, we may collect data that can be linked to you individually. For example, when you log in to the ATA as a registered user, we may store records of information such as the pages you viewed or links you click on.
Though surveys usually collect aggregate data, we will make it clear to you if any survey information is being collected in a way that could personally identify you.
3. Disclosure of personal information to third parties
The ATA will not disclose your personal information to third parties.
4. Accessing your personal information
You have the right to request access to personal information that is held by the ATA about you. Requests for access will be dealt with by the ATA in accordance with the Freedom of Information Act 1982.
You also have the right to request the correction of any of your personal information that the ATA holds. The ATA will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date. To seek access to, or correction of, your personal information please contact:
· Your Scouting Leader
· ATA Administrator by email - AwardTrackingApplication@gmail.com
5. Use of your personal information to contact you
We will never knowingly send you unsolicited commercial electronic messages. More information on the Spam Act 2003 is available from the regulator’s website: www.acma.gov.au/spam
6. Protection of your personal information
The ATA will take all reasonable and practicable steps to ensure that your personal information is properly protected from misuse or loss, and unauthorised access, modification or disclosure.
6.1 Privacy and security features
The privacy and security features of the ATA include:
• The first Leader for a Section is added by an Administrator, from thereon it is up to each individual Section to manage their Leaders and youth members. This is because the Scouting Leaders associated with each Section are best suited to know who should, or should not, have access and the accuracy of information recorded
• Strong password requirements (at least eight characters long, containing at least one uppercase, lowercase, numeric and special character)
• Passwords are stored encrypted
• Accounts are disabled after three incorrect password attempts on an account and need to be reset by a Section’s Leader or Administrator
• All Leaders, Parents and youth members are granted access by an account holding Leader from within their Section; as the Leader knows the validity of the request
• Leaders can only administer their own Section members’ accounts
• Leaders can see all the details of account holders only within their Group and Section
• Parents and guardians can only see the Award details of their children
• Youth members can only see their own Award details
• The setup and maintenance of Awards is done by an administrator
We encourage you to be vigilant about the protection of your own personal information when using third party digital services (such as social media platforms). As far as reasonably practicable, we will make sure that our relationships with those third parties include appropriate protection of your privacy.
6.2 Data Centre and Server Details
The ATA is hosted by Metawerx Pty Ltd in a secure Vocus Pty Ltd data centre. The data centre and server is ISO 27001 certified. A vulnerability management system is in place with daily upgrades according to Linux releases and upgrade Tomcat and other services manually after testing. Security Vulnerability reports are received weekly which are reviewed for any vulnerabilities which affect the software which is run. Very minimal software is used on the servers apart from Tomcat and MySQL/PostGreSQL. Systems are also run in AppArmor sandboxes, preventing key software from being able to effect the underlying operating system. An intrusion detection system is in place to report on lateral movements. There are 2 different types of proactive IDS systems and root-kits and unauthorised logins also scanned for. IPs are blocked based on heuristic TCP/IP traffic and IP address ranges using 4 separate blacklists. Any data breach is reported to the customer immediately after detection. This report is passed on to all affected parties.
The ATA does not use a “cookie” system at this time.
8. Privacy complaints and enquries
The ATA welcomes feedback about privacy issues and will attend to all questions and complaints promptly.
You can contact the ATA about any privacy issues as follows:
If the ATA takes more than 30 days to respond to your privacy complaint, or if you are dissatisfied with the outcome, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner. The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au
Page last updated 24 March 2018