This policy explains what information we collect when you visit diged.au or engage our services, what we do with it, and what rights you have. We've tried to write it in plain English rather than legal boilerplate, but if anything is unclear, please get in touch.
Who this policy applies to
This policy applies to Digital Education Systems Pty Ltd ("we", "us", "our") and to anyone who:
- Visits diged.au or any of our subpages
- Subscribes to updates or makes an enquiry through our forms
- Engages our consulting, strategy, or technical services
- Attends our talks or events and shares contact details with us
We're an Australian company, and we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
What we collect
We try to keep collection to a minimum. The categories below cover everything we typically gather.
Information you give us directly
When you contact us, enquire about our services, or sign up for updates, you may share:
- Your name and role
- Your school, institution, or organisation
- An email address and sometimes a phone number
- The substance of your enquiry — for example, what challenge you're trying to solve
When we're engaged for a piece of work, we collect what's needed to deliver it: contract details, billing information, project documentation, and any technical information about your environment that's relevant to the engagement.
Information collected automatically
Like most websites, diged.au records some technical information when you visit. This includes:
- Your IP address (which gives us a rough geographic region, not your exact location)
- Browser type and version
- Pages visited, time spent, and how you arrived at the site
- Device type (mobile, tablet, desktop)
We use this to understand which content is useful, to fix problems, and to keep the site secure.
Cookies
We use a small number of cookies, mainly to make the site work properly and to gather aggregate analytics. Essential cookies are required for the site to function. Analytics cookies are optional and used in aggregate — we don't try to identify individual visitors from browsing behaviour.
You can disable cookies in your browser. Some parts of the site may not work as intended if you do.
How we use your information
We use personal information for these purposes, and no others:
- Responding to enquiries — replying to you, scheduling conversations, sending information you've asked for
- Delivering services — running a project, providing support, invoicing, and meeting our obligations under an engagement
- Improving the site — understanding what content lands, what's missing, and how to make it better
- Security — protecting the site, our systems, and the people we work with
- Legal compliance — meeting our obligations under Australian law, including record-keeping for tax and corporate purposes
We do not sell personal information. We do not use it for advertising profiling. We do not share it with third parties beyond the limited cases described below.
Who we share information with
We share information only when necessary and only with parties bound to handle it appropriately. This includes:
- Service providers who help us operate (for example, our website host, email provider, and accounting platform)
- Partners working with us on a specific engagement you've agreed to — for example, where a cybersecurity project involves Red Piranha
- Authorities where we're legally required to disclose information, such as a lawful request from a regulator or court
We do not transfer personal information overseas as a routine practice. Where a service provider hosts data outside Australia, we take reasonable steps to ensure equivalent protections are in place.
How we protect your information
We apply reasonable technical and organisational measures to protect personal information against loss, misuse, or unauthorised access. These include:
- Access controls limiting who within our team can see what
- Encryption in transit (HTTPS) and, where appropriate, at rest
- Regular review of the systems and providers we rely on
- Defence-grade cybersecurity practices, consistent with the work we do for schools
No system is perfectly secure. If something does go wrong, we'll act quickly to investigate, contain the issue, and meet our notification obligations under the Notifiable Data Breaches scheme.
How long we keep it
We hold personal information only as long as needed for the purpose it was collected for, plus any period required by law. Enquiry correspondence is generally kept while a relationship is active. Engagement records are kept in line with our tax, corporate, and contractual obligations — typically seven years.
When information is no longer needed, we delete or de-identify it.
Your rights
Under Australian privacy law, you have the right to:
- Ask what we hold about you, and request a copy
- Correct information that's inaccurate or out of date
- Withdraw consent for optional uses like subscribing to updates
- Make a complaint if you think we've mishandled your information
To exercise any of these rights, contact us. We'll respond within a reasonable time — usually within 30 days.
If you're not satisfied with our response, you can refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Children's information
Although our work serves schools and ultimately benefits students, we don't collect personal information from children directly through this website. When we work with schools on deployments involving student devices, any handling of student data is governed by the engagement agreement with the school and the school's own privacy obligations — not this policy.
Changes to this policy
We'll update this policy from time to time as our practices evolve or as the law changes. The current version is always at this URL, with the "Last updated" date at the top. For significant changes, we'll do our best to flag them through our usual channels.
Getting in touch
Questions, requests, or concerns about privacy:
PO Box 2420, Canberra ACT 2601