SCIS Privacy Policy

Last updated 16 March 2023

Education Services Australia Limited (ESA) is committed to protecting the privacy of personal information. This privacy policy explains how ESA collects and uses your personal information and which rights and options you have in this respect. In doing so ESA complies with its obligations to protect the privacy of personal information under the Australian Privacy Act 1988 (Cth) (Privacy Act) and its international obligations.

Specifically, in Australia, ESA is bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations such as ESA may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.

In this privacy policy, ‘you’ or ‘your’ refers to the individual reading this privacy policy or those people whose personal information ESA collects, uses and discloses in accordance with this privacy policy.

What is personal information?

Personal information” is anything that discloses your identity, that is unique to you. For example: a name, an identification number, location information or an online identifier. It also includes “personal information” as defined in subsection 6(1) of the Privacy Act:

"Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

1.  What personal information does ESA collect

The personal information ESA collects may include:

  • contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
  • payment data, such as information necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • your username and password for the SCIS website or other password protected platforms or services, where you have one;
  • your school contact details; and/or
  • details of your visits to our premises.

From time to time, it may include personal information about your membership of a professional or trade association or union, health personal information, details of dietary preferences when relevant to events to which we invite you.

When you register/subscribe to use SCIS services, complete and submit an electronic form on the SCIS website, contact ESA or send feedback via the feedback or cataloguing request form, ESA may collect the following personal information.

  • your name;
  • your contact number(s);
  • your email address; and
  • your school contact details.

When you use the SCIS website, ESA collects the following information relating to use of the SCIS services:

  • your server address;
  • your top level domain name (for example: .com., .gov, .au, .edu, .net, etc.);
  • the time and date of your visit to the website;
  • the pages and documents you have accessed or viewed; and
  • the type of browser you are using (for example Chrome, Firefox).

Usage statistics or patterns obtained from tracking the level and range of interest in the SCIS website are collected in order to improve the SCIS services or develop new services. This information will be connected to a SCIS user’s profile but will be de-identified prior to any use in reports.

2.  How does ESA collect your personal information?

ESA may collect your personal information in certain circumstances, including when you:

  • register on the SCIS website;
  • Register on the SCIS blog;
  • browse, make an enquiry or otherwise interact with the SCIS website.

Sometimes ESA collects your personal information from a third party. For example, ESA may collect your personal information from your library management system vendors in order to help resolve a technical issue, or from your Government education authority to set up a SCIS subscription on your behalf.

3.  Handling of Personal information

3.1 Remaining anonymous or using a pseudonym: are you required to provide personal information?

Where it is not impractical or unlawful, you may interact with ESA without identifying yourself or using a pseudonym. As a general principle, you provide ESA with your personal information voluntarily and there are generally no detrimental effects for you if you choose not to consent or to provide personal information. However, there are circumstances in which ESA cannot take action without certain of your personal information. For example: personal information is required to provide you with access to specific web offerings or newsletters. In these cases, it will not be possible for ESA to provide you with what you request without the relevant personal information and ESA will notify you accordingly.

3.2 Use of your personal information

ESA will only use your personal information for the purpose it was collected ("Permitted Purposes") which includes, but is not limited to, the following:

  • providing services or things you may have requested;
  • managing and administering your or your organisation's business relationship with ESA, including processing payments, accounting, auditing, billing and collection, support services;
  • compliance with ESA’s legal obligations (such as record keeping obligations);
  • to analyse and improve ESA’s services and communications to you;
  • protecting the security of and managing access to ESA’s premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • for insurance purposes;
  • for monitoring and assessing compliance with ESA’s policies and standards;
  • to identify persons authorised to trade on behalf of ESA’s clients, customers, suppliers and/or service providers;
  • to comply with court orders and exercises and/or defend ESA’s legal rights; and
  • for any purpose related and/or ancillary to any of the above or any other purpose for which your personal information was provided to ESA.

Where you have expressly given ESA your consent, ESA may use your personal information also for the following purposes:

  • communicating with you through the channels you have approved to keep you up to date on the latest information about SCIS content, services, products and technologies (including client briefings, newsletters and other information) as well as SCIS events and projects;
  • customer surveys, marketing campaigns, market analysis, contests or other promotional activities or events; or
  • collecting information about your preferences to create a user profile to personalise and foster the quality of ESA’s communication and interaction with you (for example, by way of newsletter tracking or website analytics).

 With regard to email communication, ESA will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further communication from ESA.

3.3 With whom will ESA share your personal information?

ESA will:

  • only use your personal information for the stated purpose for which it was provided; and
  • not disclose your personal information to a third party without your consent unless otherwise authorised or required by law or to prevent or lessen a serious imminent threat to your life or health or that of another person.

ESA may share your personal information in the following circumstances:

  • to instruct service providers within or outside of ESA, domestically or abroad, e.g. shared service centres, to process personal information for Permitted Purposes on ESA’s behalf and in accordance with ESA’s instructions only. ESA will retain control over and will remain fully responsible for your personal information and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal information when engaging such service providers;
  • to use aggregated personal information and statistics for the purpose of monitoring website usage in order to help ESA develop its website and services; and
  • to conduct customer surveys in relation to SCIS services using Survey Monkey. Survey Monkey’s privacy policy can be found here:

Otherwise, ESA will only disclose your personal information when you direct ESA or give ESA permission or when ESA is required by applicable law or regulations to do so.

3.4 Use of Cookies

Usage statistics or patterns obtained from tracking the level and range of interest in the website are collected in order to improve and develop SCIS. This information will be connected to a user’s profile but will be de-identified prior to any use in reports.

This website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the website. The cookie identifies your browser, not you personally. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google Inc. on servers in the United States.

This website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the website. The cookie identifies your browser, not you personally. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google Inc. on servers in the United States.

Google Inc. uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for ESA and providing other services relating to website activity and internet usage. Google Inc. may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google Inc's behalf. Google Inc. will not associate your IP address with any other data held by Google Inc.

With your permission, our website utilises Facebook Pixel which belongs to the Facebook Business Tools. This tool allows us to follow the actions of users after they are directed to a provider’s website when clicking on a Facebook add. The collected data remains anonymous but are saved and processed by Facebook. Facebook may connect your data with your account and use it for their own advertising purposes. For more information please visit Facebook Privacy Policy .  You can revoke permission at any time through your account. For more information please see here .

You may refuse the use of cookies by selecting the appropriate settings on your browser, however if you do this you may not be able to use the full functionality of this website.


When using this website, you consent to the processing of information about you by Google Inc. in the manner and for the purposes set out above.

ESA will not use or disclose your personal information to a third party other than as described in this privacy policy, without your express consent.

3.5 Personal information about other people which you provide to ESA

If you provide personal information to ESA about someone else (such as one of your employees or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal information to ESA and that, without our taking any further steps, ESA may collect, use and disclose that personal information as described in this privacy policy. In particular, you must ensure the individual concerned is aware of the various matters detailed in this privacy policy, as those matters relate to that individual, including ESA’s identity, how to contact ESA, ESA’s purposes of collection, ESA’s personal information disclosure practices (including disclosure to overseas recipients), the individual's right to obtain access to the personal information and make complaints about the handling of the personal information, and the consequences if the personal information is not provided (such as ESA’s inability to provide services).

3.6 Publication of your personal information

ESA will only publish personal information on the SCIS website if it has been collected for this purpose, with your knowledge, or if you have otherwise consented to the disclosure. When giving consent you should be aware that personal information published on the SCIS website is accessible to web users from all over the world. Please note that if you interact on a social media platform, for example the SCIS Facebook page, the relevant social media platform privacy policy will apply to your personal information.

3.7 Security of your personal information

ESA takes reasonable steps to:

  • protect personal information that it holds against misuse, interference, loss, unauthorised access, modification or disclosure by utilising up-to-date electronic and physical security controls that comply with relevant industry standards and guidelines; and
  • destroy or permanently de-identify personal information if it is no longer required.

Personal information may be kept on ESA’s personal information technology systems, those of ESA’s contractors or in paper files.

Please note that if you link to a web page from an ESA website, ESA’s privacy policy will no longer apply. Therefore, you should check the privacy and security statement that apply to the linked website.


3.8 Location of personal information

Personal information collected by ESA is stored in Australia; and, not disclosed, accessed or transferred to overseas recipients. However, ESA may transfer your personal information abroad if required for the Permitted Purposes. This may include countries which do not provide the same level of protection as the laws of your home country (for example, the laws within the European Economic Area or Australia). ESA will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679 or other relevant laws. You may contact ESA anytime using the contact details below if you would like further information on such safeguards.

ESA will also require its agents, consultants and sub-contractors and others who are outside the European Economic Area or Australia and to whom ESA transfers your personal information to ensure a similar level of data protection.

When doing so ESA will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal information,

3.9 Details of the transfer, use and potential storage, of your personal information to overseas locations.

ESA uses Campaign Monitor to distribute newsletters. If you subscribe to newsletters and provided your personal information to ESA then your information will be stored in the United States in Campaign Monitor’s database. Please refer to Campaign Monitor's terms of use for further details on how it operates.

The SCIS system is protected by the Cloudflare Web Application Firewall (WAF).  Cloudflare is a global company and primarily store information in the United States. Your personal information will not remain in Australia and will be used by Cloudflare around the world in order to provide relevant services to SCIS. Cloudflare’s privacy policy can be found here.

4.   Accessing and correcting personal information

If any of the personal data that you have provided to ESA changes, for example if you change your email address or if you wish to cancel any request you have made of ESA, or if you become aware that ESA has any inaccurate personal data about you, please let ESA know by logging into SCIS Data and going to the ‘My profile’ section or contacting ESA using the contact information below. ESA will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to it.

5.  For how long does ESA retain your personal information?

ESA will delete your personal data when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and ESA is not legally required or otherwise permitted to continue storing such data.

6.  Your rights

Subject to certain legal conditions, you have the right to request a copy of the personal information about you which ESA holds, to have any inaccurate personal information corrected and to object to or restrict ESA using your personal information. You may also make a complaint if you have a concern about ESA’s handling of your personal information.

If you wish to do any of the above, please contact ESA using the contact information below. ESA may request that you prove your identity by providing ESA with a copy of a valid means of identification in order for ESA to comply with its security obligations and to prevent unauthorised disclosure of information.

ESA will consider any requests or complaints which it receives and provide you with a response in a timely manner. If you are not satisfied with ESA’s response, you may take your complaint to the relevant privacy regulator. In Australia, the relevant regulator is the Office of the Australian Information Commissioner.

7.  Contact information for ESA for questions, comments, concern or complaints

If you have any questions, comments, concerns or complaints about ESA’s privacy practices for SCIS services, you can contact ESA by:

Changes to this Privacy Policy

ESA may make changes to this privacy policy from time to time to take account of new laws and technology or changes to ESA’s operation and practices. ESA recommends that you regularly check this privacy policy. Any changes will take effect as soon as they are posted on this website. You may obtain a paper copy of this privacy policy by contacting ESA via the contact details provided above.

Download offline copy (PDF):

SCIS Privacy Policy 16 March23.pdf