1. About this Data Protection and Privacy Policy
Softlink Education recognises the importance of data protection and privacy and is committed to them both. Softlink Education is part of Softlink which includes Softlink America Incorporated, Softlink Europe Ltd, Softlink Pacific Ltd, Softlink Australia Pty Ltd, and Softlink International Pty Ltd (“we”, “us” or “our”).
This Data Protection and Privacy Policy outlines how we collect, hold, use, disclose and otherwise handle personal information in an open and transparent manner in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), The New Zealand Privacy Principles contained in The Privacy Act 1993, and Section 5 of the Federal Trade Commission Act in the USA. By providing us with your personal information you consent to us handling it in accordance with this Data Protection and Privacy Policy as we update it from time to time.
2. Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information for purposes relating to the promotion and supply of our products and services. A feature of the products and services that we offer is to store and hold information, some of which may be personal.
For example, we may collect, hold, use and/or disclose your personal information for the purpose of:
3. What kinds of personal information we collect and hold
The kinds of personal information about you that we may collect and hold include your; contact details, payment details, bank account details, purchase history and service related information. Our products may also contain personal data including but not limited to, contact details, date of birth, interests, reading history, school details and images.
Where you do not provide us with all or some of your personal information that we request then we may not be able to supply our products or services that you require.
4. What website visitor information we collect and hold
We use a range of third party tools [including cookies and session tools] to collect information about visitors to our website https://www.softlinkint.com (“Website”) or our Support Portal. For example, when you visit our Website or Support Portal we may collect your server address, domain name, operating system, browser type, pages accessed, documents downloaded, previous visits, referring website, and visit date and time. We collect and hold this information for the purpose of maintaining and improving our services and enhancing your experience browsing our Website.
You may set your browser to disable cookies but some parts of our Website may not function properly if cookies are disabled.
5. How we collect and hold personal information
We collect and hold your personal information either directly from you or from information entered into our products. For example, we may collect your personal information from you in person when you visit our office or by mail, telephone, facsimile, email, ftp, using our website or other communication with you.
Personal information is stored in our products through the standard operation of our products. In the course of supporting or delivering a required service we may also request system data or log files be sent to us. Your Softlink system may also be hosted in an environment where we have access to system data and log files.
We may request data which contains personal information be supplied to us in the process of delivering a service such as a data conversion.
We may also collect your personal information from a third party or publicly available source where it is unreasonable or impracticable to collect the information directly from you. For example, we may collect your personal information from a third party when we are appointed to act as your authorised representative for the purpose of administering or managing the supply of products or services which you require.
We hold personal information that we collect in both physical and electronic storage facilities including paper-based files and computer databases.
6. How we disclose personal information
We may disclose personal information to our affiliates, subsidiaries, employees, contractors, agents, and service providers for purposes relating to the supply of our products and services. For example, we may disclose your personal information to:
Some third party providers may be located in jurisdictions other than yours.
We will not sell or rent your personal information to any third party for marketing purposes without your consent.
7. How we protect personal information
We protect personal information that we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure using both physical and electronic security measures which includes secure premises, locked cabinets, secured databases, password access, anti-virus software and firewalls.
You provide us with your personal information over the Internet at your own risk as the security of such information cannot be 100% guaranteed.
We destroy or de-identify personal information in a secure manner when we no longer need it for any of our purposes unless we are authorised or required by law to retain it.
8. How you may access, correct and update your personal information
You have the right to request access to, and correction of, any of your personal information that we hold. You should promptly notify us if you become aware that any of your personal information that we hold is inaccurate or out-of-date.
If you wish to access, correct or update any of your personal information that we hold, please either contact our Helpdesk using the contact details below or directly amend the information stored within our products.
9. How we update this Data Protection and Privacy Policy
We may update this Data Protection and Privacy Policy from time to time to take into account changes in our information handling practices by publishing an amended Data Protection and Privacy Policy on our Website. You should regularly review the most recent version of this Data Protection and Privacy Policy available on our Website.
10. Where we store data
Where we provide services to host our products in the cloud, we store data in data centres in your region all of which comply with ISO 27001, ISO 9001, ISO 27018 and IRAP.
11. Where we transfer data
We will not copy your data outside of your region without your prior permission.
12. Our data protection processes
All staff who have access to data are trained annually to ensure they are aware of their responsibilities and best practices. A range of general data security measures are in place and these are available on request. Softlink also leverages the resources provided by Open Web Application Security Project (OWASP) to perform:
An annual Data Protection Impact Assessment (DPIA) is completed on all data collection methods. This is also done for any new methods of data collection or other large projects that occur between these annual assessments.
In addition to practices outlined above, additional practices could include:
a. processing personal information only where this is strictly necessary for legitimate organisational purposes;
b. collecting only the minimum personal information required for these purposes and not processing excessive personal information;
c. providing clear information to individuals about how their personal information will be used and by whom;
d. only processing relevant and adequate personal information;
e. processing personal information fairly and lawfully;
f. maintaining an inventory of the categories of personal information that we process;
g. keeping personal information accurate and, where necessary, up to date;
h. retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes;
i. respecting individuals’ rights in relation to their personal information, including their right of access;
j. only transferring personal information outside the originating region in circumstances where it can be adequately protected;
k. the application of the various exemptions allowable by data protection legislation;
l. developing and implementing an Information Management System to enable the policy to be implemented;
m. where appropriate, identifying internal and external stakeholders and the degree to which these stakeholders are involved in the governance of our data management.
n. the identification of workers with specific responsibility and accountability for the Personal Information Management Systems.
o. The regular training of staff who may have access to Personally Identifiable Information on best data security and privacy practices.
p. promptly notifying customers in the event that any unauthorised person has obtained or attempted to obtain personally identifiable information.
In our EU region, we have a data processing policy document which is reviewed annually and available to all customers.
13. Softlink products and data privacy requirements
Our products are extremely flexible; as a result it is possible to configure them in ways which may or may not conform to data privacy requirements in your organization and/or in your region. It is your responsibility to configure the products appropriately. Where you need assistance to enable the product to comply with your specific business or regional legislative requirements, you may contact us for product assistance (see below for contact details). Any data added, edited or generated while using our products remains the property of the Customer.
14. How to make an enquiry or complaint
If you have an enquiry or complaint about our handling of your personal information, please contact our support team who has responsibility for being the first point of contact with such enquiries and complaints.
15. How complaints are processed
All complaints are initially handled by the support representative. If you are not satisfied with the outcome, you may request that it is escalated to Softlink Education’s management team. A member of the management team will contact you regarding your complaint. Ultimately the issue may be escalated to the General Manager of Softlink Education.
16. Data protection officer
We have a Data Protection Officer for Softlink Education Europe. Our Data Protection Officer’s details are available on request.
17. How to contact us
For EMEA (Europe, Middle East and Africa) you may contact our Data Protection Team using the contact details below:
Phone: +44 1993 883 401
Email: dp@softlink.co.uk
Address: 6 Langdale Court, Witney, Oxfordshire, OX28 6FG
For Australia, New Zealand, Pacific, Asia and America
You may contact our Support using the contact details below:
Phone: +61 73124 6111
Email: support@softlinkint.com
Address: G4, 29 Brandl Street , Eight Mile Plains, Qld 4113
18. Library Link mobile application
The Library Link mobile application requires permissions to access the camera of the device on which it is installed. The camera permission is required for two functions:
i. Initial setup allows scanning a QR code to set configuration values, such as the location of the related Softlink Library System.
ii. Use as a barcode scanner, which is used to identify physical resources. When used as a barcode scanner, the camera converts a barcode to a text string which is transmitted to Softlink's Library Software. No visual/image data is transmitted or retained by the application.
Use of the camera is not necessary in order for the application to function (excluding these specific features), however the application is unable to be installed without permission provided for camera access.
19. Brexit Statement
The provision of our service includes the processing of Personal Data. This processing is always conducted with the upmost diligence and in full compliance with the GDPR. Softlink will continue to provide its service responsibly and diligently in full compliance with the GDPR and any subsequent regulations.
As is common with many companies, some Softlink platforms operate from managed “cloud” hosting services. Softlink will continue to ensure that any partner it works with in the provision of its services are also in full compliance with the GDPR and any subsequent regulations.
Further information on our hosting services
For our EMEA (UK, Europe, Middle East, Africa) customers, Softlink’s cloud based system is hosted in Amazon Web Services (AWS) facilities in Ireland. AWS computing environments are continuously audited, with certifications from accreditation bodies across the world, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. AWS is also fully compliant with applicable EU Data Protection laws, and the AWS Data Processing Agreement incorporates the Article 29 Working Party Model Clauses.
Further details about the considerable measures Amazon take in securing their facilities and services can be found here:
Softlink also uses Azure’s Service Bus service hosted in their Europe West data centre. More information on Azure's security can be found here.
This Privacy Policy is effective as of 14/05/2018