What is Te Rito?
Te Rito is a tool for students, their current school, and their parents and whānau. It means they can access and use the student’s education-related information from one place.
Te Rito is being rolled out progressively. Initial access to Te Rito will be for principals and teachers. Students will get access as schools opt in to My Ako, and parents and whānau will be given access later on. More information about Te Rito is available here.
Terms used
These terms are used in this privacy statement:
- Personal information – anything about a person that allows someone to identify them. It does not have to be the person’s name. It could be something like their phone number, home address, gamertags, or information about their learning or circumstances.
- Te Rito information – all information that is used, stored, or shared with Te Rito, including Personal information.
Who uses Te Rito?
The people who use Te Rito are:
- school students
- parents and whānau
- principals and school staff.
What can these users do in Te Rito?
School students can access their own information and school messaging through Te Rito.
Parents and whānau can access their child’s information and school messaging through Te Rito, based on their role in the child’s education.
Schools and kura:
- Principals decide:
- which Te Rito functions and information the school will use
- how to allocate types of Te Rito accounts to staff, students, and parents/whānau. - School staff can:
- access their personal information
- access and update information for other staff or students, based on their assigned role in Te Rito.
Who else has a role in Te Rito?
The Ministry of Education ('the Ministry'):
- provides:
- the Te Rito service to schools
- data to Te Rito
- support to Te Rito users - ensures the supplier manages the service to protect security and privacy
- may use data in Te Rito by agreement or regulation.
Te Rito Data Kaitiakitanga Group (independent data stewardship group):
- reviews how Te Rito manages and shares students’ information. More information about Te Rito Kaitiakitanga is available here.
The supplier, Edsby:
- manages the Te Rito service, including protecting security and privacy
- gives technical support
- applies updates.
Why does Te Rito need personal information?
Te Rito allows student’s education-related information to be accessed:
- from one place
- by their current school(s) as the student moves from school to school.
To do this Te Rito needs to store and use personal information by:
- having an accurate, current record for each student
- making sure that the correct people have access to information.
Note: Schools already collect the information that they then store in Te Rito.
How does personal information get added to Te Rito?
Personal information can be added to Te Rito by:
- the student (or parent) or their current school’s staff
- automatic electronic updates from:
- the school’s student management system (SMS) and assessment tools
- other Ministry systems (such as ENROL), after the school enters data in that system.
What personal information does Te Rito store and use?
Te Rito stores and uses this information:
- all users’:
- usage
- biographical - students – as above plus assessment, enrolment, pastoral, and learning content
- staff – information under all users plus teaching role.
Table 1 gives more details about Te Rito information.
| Category of user | Category of personal information collected |
|---|---|
| All Users | |
| Usage | IP address, type of device, how Te Rito is being accessed, and when and for how long the user is logged in. Which area of the site are visited Which items users have viewed, edited or deleted |
| Biographical | Name, photo |
| Students | |
| Additional biographical | National Student Number, date of birth, gender, ethnicity, iwi, and health information the school needs to know, for example, medical conditions like asthma, diabetes, and nut allergies. |
| Assessment | Assessments and results |
| Enrolment | School, student type, year level, class, curriculum, languages spoken |
| Pastoral | Individual education plans (IEPs), records of positive behaviour and interventions, learning support information (for the Learning Support Register), medical information relevant to their attendance or learning requirements, teacher to teacher transition notes. |
| Learning content | Any learning content in Te Rito, including documents, texts/messages, emails, photos, screenshots, audio, video, calendar entries, postings, and notes. |
| Parents and whānau | |
| Additional biographical | Contact details (phone number, email address), relationship to student, contextual information relevant to student's education
|
| School staff | |
| Teaching | Teaching role details, school email address |
Who can see personal information?
All users linked to a school can see:
- the school's community news
- any open access groups the school has setup.
A student can see:
- most information about themselves, including their assessment results
- messages they send or receive to a group, or their private messages to a teacher
- their learning content and information they have uploaded
- information about their classes
Parent(s)/whānau can see:
- their child’s information, including their:
- calendar
- teacher messages
- student portfolio (including comments by the child’s other parent(s)/whānau) - updates by teachers to their child’s assessments
- general information about their classes including messages from the teacher.
The Principal can see:
- all the information about their school, students, parents, staff, and classes
- private messages that have been flagged as ‘inappropriate’ by someone who received that message.
A teacher can see:
- all information about their classes
- most information about their students, including their parent/whānau information
- private messages between themselves and individual students or parents.
How does Te Rito keep your personal information safe?
System
The Te Rito supplier, Edsby, follows best practices for security and privacy, using Microsoft cloud services. Edsby and the Ministry check for security and privacy risks in Te Rito. They manage these risks to protect received, stored, or shared information.
All data sent between Te Rito and a user or another data store (such as an SMS) is encrypted.
User accounts
Only schools can set up their staff, student, and parent/whānau Te Rito accounts. Each user in Te Rito is given a type of account that determines the information the user can access or update.
Some people will have access to information for students from more than one school. For example, this could apply to a Learning Support Coordinator.
Sharing information with third parties
Te Rito information including Personal information in Te Rito will not be shared with any third party unless required or allowed by law.
Advertising and selling data
Edsby and the Ministry will:
- not send advertising to any Te Rito user
- never sell Te Rito information, data, or user profiles.
Cookies
‘Cookies’ are small text files saved in your web browser when you visit or use Te Rito. Te Rito’s cookies do not collect or store personal information.
School responsibilities
Schools must comply with the Privacy Act 2020 and its Priacy Principles. This includes making sure that personal information in Te Rito is:
- collected, used, and shared lawfully
- is correct
- is kept secure and only appropriate authorised people can access it.
Ministry and supplier responsibilites
The Ministry works with the supplier to:
- test how well Te Rito is working, including keeping the system secure and the information private
- ensure that any system connecting to Te Rito meets required security and privacy standards
- manage any identified risks
- identify inappropriate interactions
- apply necessary patches and updates to the system
- provide technical support to help a school respond when someone asks for information under the Privacy Act or the Official Information Act.
Access to and sharing of personal information in Te Rito
The Ministry
Specific Ministry staff who need to provide technical support will have limited access to information in Te Rito.
The access for these staff will:
- only occur when asked to by a school, or to provide technical support
- require them to be trained on privacy and the conditions of their access
- be audited.
Ministry staff may be invited bya school to be part of a school collaboration group, and will only be able to see the other group members' name and profile photo. They will not have access to any additional student information.
Schools
Schools decide how to allocate types of Te Rito accounts to:
- staff members
- parents and whānau.
To make sure that only people who should access any of the school's Te Rito information are doing so, the school's:
- staff log in to Te Rito using their Education Sector Logon (ESL)
- students log in to Te Rito using the My Ako service.
Changing school
When a student chanes school:
- the new school gets access to the student's information (see Table 1)
- the former school's access is removed automatically.
The information made available to the new school includes:
- learning support information added in the last three years
- teacher to teacher transition notes.
Student attends more than one school
Some students attend more than one school at the same time. When this happens, the additional school(s) have access to the student's:
- name and profile picture
- 'additional biographical' (see Table 1) and medical information.
Group members from other schools
When a school sets up a group and members are invited from other schools, the only information that is shared is:
- the member's name and profile picture
- messages sent in the group chat.
Edsby
Staff at Edsby (the supplier) have limited access to personal information so they can provide service desk support. They also access the system to do technical support and maintenance.
Viewing and correctng information
Under the Privacy Act 2020, everyone whose personal information is in Te Rito can ask for:
- a copy of their personal information
- a corrections to information about them that they believe is wrong.
Schools can contact Te Rito support to help getting information in response to a student's or parent/whānau Privacy Act request.
School students
When students are logged in to Te Rito, they can:
- view their information for the current school year
- export their current year's portfolio work.
Students need to ask their school if they want to:
- view their information from previous years
- change their personal information.
If a student is between schools or has left school, the student can contact Te Rito Support for help accessing their information.m Parents and whānau can also ask for their child's information, or for it to be changed.
Staff
Staff can see the information stored about themselves by:
- Logging in to Te Rito.
- Selecting 'Personal Information' from the menu.
They can correct that information by:
- changing it in the school's student management system, or
- changing it in Te Rito
- asking their principal to have it changed.
Archiving, retention, and deletion
Information related to the student's participation in classes is:
- archived at the end of each school year - the principal and teachers have access to the archives
- the archive is securely deleted when it is 7 years old. The only exception is information in the Learning Support Register, which is kept for 3 years.
All other student information is retained in Te Rito for up to 7 years after the student leaves school.
A back up of all information in Te Rito is retained for a further 7 years.
Official Information Act
If the Ministry receives an OIA request for information held in Te Rito, the request will be sent to the relevant school(s) so they can reply.
Privacy Breach Management
As soon as an actual or suspected privacy breach related to Te Rito is found, the:
- Ministry will:
- tell the school at once
- help the school manage the breach - school will:
- tell the Ministry at once
- explain the steps the school is taking to manage the breach.