Information Security Policy
1. Purpose
This policy establishes security measures to protect sensitive data, prevent unauthorized access, and ensure compliance with industry standards for both the Graduation Registration Portal and Photography Website.
2. Scope
This policy applies to all employees and users interacting with our systems.Graduation Registration Portal: Student data, payment transactions, and academic records.Photography Website: User-uploaded content and client personal information.
3. Data Protection & Privacy
Personal and financial data is encrypted at rest and in transit using industry-standard encryption (e.g., AES-256, TLS 1.2+).
Only authorised personnel have access to sensitive information, enforced through role-based access controls (RBAC).
No sensitive data is stored longer than necessary for operational needs and legal compliance.
4. Access Control & Authentication
Authentication is required for admin and sensitive user accounts.
Strong password policies are enforced, requiring regular review.
Access to systems is reviewed quarterly to ensure least privilege principles are followed.
5. Change Management
All system updates, enhancements, and modifications must undergo a formal review, testing, and approval process.
6. Incident Response & Reporting
Security incidents, including data breaches and unauthorised access, must be reported immediately to the security team.
7. Secure Payment Processing
All payment transactions are processed through Stripe or ANZ e-gatea PCI DSS-compliant third-party payment processor.
The platform does not store or process credit card details directly.
8. Content Protection & Copyright Compliance.
Sample images are protected with watermarks.
9. Hosting & Monitoring
All platforms are hosted on Cloudloop (Sydney, Australia) with 24/7 monitoring for traffic, security threats, and uptime performance.
Regular security audits and penetration testing are conducted to identify vulnerabilities.
10. Compliance & Training
Employees must undergo annual security awareness training.
The system complies with applicable regulations and accessibility standards.
11. Business Continuity & Disaster Recovery
A Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are documented and tested annually.
Regular data backups are maintained and stored securely to prevent data loss.
12. Review & Updates
This policy is reviewed annually and updated as necessary to address evolving security threats and compliance requirements.
TERMS & CONDITIONS
WEBSITE
It is a condition that access to our website is permitted by the recipient of an graduation invitation from a university/college or by a user code issued to you.
A recipient of a user code can choose to provide a third party person with their user code. By providing your user code to a third party person, the user code recipient acknowledges that the third party person is permitted to order on their behalf.
STUDIO PORTRAIT PHOTOGRAPHY SERVICE
On your Graduation Day, our studio portrait photographers will capture your individual and family portraits, giving you a range of different poses to choose from.
PRESENTATION (STAGE) PHOTOGRAPHY SERVICE
All graduates are photographed on stage as they cross the stage and are presented to the presiding officer.
REFUND POLICY
PHOTOS
In some uncommon cases, a photograph may be unsuccessful due to blinking, squinting, incorrect angle or lighting, camera, computer malfunction, or error in judgement by the photographer or for any other reason. In this case, the maximum liability for any photograph deemed unsuccessful for any reason specified or unspecified above will not exceed the amount paid by the customer at the time of ordering.
Once a product is dispatched, in transit, or returned, we cannot offer a refund. This policy is in place to ensure a smooth and efficient delivery process for all our customers.
DIGITAL IMAGES
High-resolution digital images purchased online after viewing low-resolution samples are non-refundable.
PRE-ORDERS
Cancellation of pre-ordered photos, frames and bears will be refunded in full if cancelled prior to 48 hours before your graduation day.
Cancellation of pre-ordered photos, frames and bears will be refunded less a 25% cancellation fee if cancelled within 48 hours before graduation day.
Pre ordered Frames and bears will incur a delivery/postage charge. Delivery rates for within Australia or International are outlined under each product.
Please direct all inquiries relating to a refund request to:
The Manager
Graduation Photography
1004 Victoria Road,
West Ryde NSW 2114
Australia
Info@graduationphotography.com.au
Tel: 61 2 9804 7777
|
