Privacy Policy
Requirements
Security
All users of GA and GTM must have an @monash.edu or @mckinnoninstitute.org.au email address, or be from a vendor approved by UMAC. Any approved external vendors must be using an owned email domain (i.e no @gmail.com accounts)
Consistency and maintainability
All websites under the monash web presence must use Monash’s global tag manager solution, which includes the standard Cookie Consent Banner for users to set their data privacy consent. Zoned tagging containers can be provisioned upon request so that custom tagging solutions can be built for portions of the web presence. McKinnon Institute will be able to continue to use their existing containers in approved zones providing they are updated to meet privacy compliance as outlined below.
Privacy and data protection
Consent for sending data will be collected through our standard Cookie Consent Banner. All web presences must respect this consent and no data can be sent to a third party data processor (such as Google Analytics) until consent has been actively obtained. Passive consent is not acceptable, e.g. “By using this site you agree to….”. All data processors must be covered by an eSolutions approved Master Services Agreement in place with Monash.
Monash must have visibility over which services we are sending data to. At a minimum, Monash must have read access to all tag manager containers which appear on our web presence.
Where possible, tracking scripts must be managed through compliant Tag Manager containers. Where not possible, custom development work must be undertaken by McKinnon Institute to ensure data compliance is being met, e.g. only sending analytics data once analytics consent has been granted. Monash can provide technical advice on how to achieve this upon request.
Performance & analytics tracking
Performance & analytics tags may be fired so long as appropriate consent has been collected from the visitor as outlined in Monash’s website terms and conditions:
“Performance and analytical cookies: these cookies allow us to analyse non-personal data about how you and other visitors use our website to measure how it’s performing so we can constantly improve it. These cookies are shared with third party providers, but no personal data is included.” Advertising, including remarketing and conversion tags Advertising tags may be fired so long as appropriate consent has been collected from the visitor as outlined in Monash’s website terms and conditions: “Advertising cookies: these cookies allow us to use information about the pages you visit on our website and the content you interact with to show you more relevant information when we advertise. For example, we might show you ads related to a course you are interested in. Advertising cookies are shared with third party providers, but no personal data is included.”
Consent via Privacy Collection Statements
Data directly collected, usually via forms, must be accompanied by a privacy collection statement which will be provided by Monash
Delegation of responsibility
McKinnon Institute may delegate their responsibility for tag management to an external agency. Any agencies used by McKinnon Institute will be subject to the same implementation requirements.
Access for auditing
Monash’s Marketing Infrastructure team at a minimum requires read access to all Tag Management containers in use on the Monash web presence.
Any implementation which sends data to unapproved third party processors, or sends data in a manner which violates the consent which has been collected, will be removed from the website.
Any containers which do not meet the above privacy and data protection requirements will be removed.
