MMG Education (MMG) facilitates research on behalf of schools to improve the educational experiences they provide. In doing so, MMG seeks information from school stakeholders and uses this with the primary purpose to inform internal school operations relating to educational quality and student/staff welfare. MMG manages and protects personal information in accordance with the Privacy Act 1988 (Privacy Act).
We understand that the privacy and security of personal information is of the utmost importance to our stakeholders. The information set out in this policy specifies the guidelines and procedures which govern MMG’s management of personal information.
As part of MMG Education’s continual improvement program, this policy is reviewed annually.
WHAT INFORMATION DO WE COLLECT?
When providing services to schools, MMG may seek personal information that belongs to staff, students, parents, and/or alumni. Such information is collected by online surveys, email, face-to-face meetings, interviews, or telephone calls. The personal information collected by MMG may include, but is not limited to:
- Personal and demographic information (e.g. name, email address, school grade, teacher class lists, gender, previous college, boarding status, extra-curricular activities, academic records); and
- Individuals’ personal views and observations on different aspects of their school experience (e.g. evaluations of educational quality, pastoral care, facilities and resources, school leadership).
We may also collect ‘sensitive information’ (e.g. ethnicity and religion), as defined in the Privacy Act. This will primarily relate to health information about an individual, such as that elicited by survey measures of wellbeing and social-emotional functioning. Information of this nature will only be used for the primary purpose for which it is collected, unless explicit consent has first been obtained.
HHOW DO WE USE PERSONAL INFORMATION?
The information that MMG collects is used with the primary purpose of:
- Providing schools with insights into their programs, activities and services;
- Assisting with strategic planning and school governance; and
- To help improve day-to-day operations regarding educational quality, research, and school policies and procedures.
The reports that MMG provide to schools aggregate individuals’ personal data to offer meaningful and statistically derived insights. This means that the personal information collected from any individual cannot be identified by anyone other than the staff at MMG. Your personal information will not be shared with third parties unless consent has first been obtained.
We will only use or disclose individuals’ personal information:
- For the purpose for which it was collected;
- For a directly related purpose;
- With your consent;
- When required or permitted by law;
- When you would reasonably expect us to do so in this way; and
- If disclosure will lessen or prevent a serious threat to the health or safety of an individual.
SECURITY AND STORAGE OF PERSONAL INFORMATION
MMG has security measures in place to safeguard the information it collects from misuse and unauthorised access or disclosure. Personal information is stored as paper-based hardcopy files, or otherwise as password protected, encrypted electronic files on an offline server within the premises of MMG.
The security of your information is of the utmost importance to us and substantial efforts are made to safeguard personal data.
These steps include, but are not limited to:
- Providing staff training relating to awareness and good-practice procedures around data security and storage;
- Hardcopy files are kept securely in a locked office under video surveillance;
- Electronic copies are stored in an offline, password protected database;
- The physical office premises are assessed in relation to security;
- Personal information that is no longer required to be retained is deleted or destroyed in a responsible manner (e.g. using secure document destruction bins).
You may request to access your personal information that is stored by MMG up until the time when it has been de-identified or destroyed. Before acting on such a request, we will need to take steps to verify your identity.
DATA BREACH RESPONSE PROCEDURES
If MMG suspects that a data beach may have occurred, they will conduct an expedient investigation (within 30 days). If such an investigation indicates that a breach has occurred, MMG will be required to report this to the Privacy Commissioner. When practical to do so, MMG will also notify any individuals that have been affected by the breach.
An exception to these notification procedures will exist when remedial action following a breach means that no unauthorised access or disclosure of personal information has occurred and where there is no serious harm to any affected persons.
MMG makes a concerted effort to ensure that the collection, storage, use and disposal of the personal information it collects is done so responsibly and in accordance with the requirements set out in the relevant legislation.
If you are concerned about the privacy procedures through which MMG has conducted their research services and believe there has been a breach of the Australian Privacy Principles, you may notify us of your complaint by emailing email@example.com. We will respond to your complaint within a reasonable time frame (usually within 14 days).