MSP Privacy Policy

This is the privacy policy of MSP Photography Pty Ltd and each of its franchisees (referred to as “we” or “us”).

We respect and protect the privacy of our customers.  This privacy policy tells you how we collect and use information.

The term “Personal Information” in this privacy policy means any information from which your identity is apparent or can be reasonably ascertained.  

We do not collect Personal Information about you if you are merely browsing our website. 

By using“our website”), placing an order with us or providing your Personal Information to any of us you accept the terms of our Privacy Policy.  

Personal Information provided by you to an MSP franchisee will be shared with MSP Photography Pty Ltd.  Personal Information provided by you to MSP Photography Pty Ltd will not be provided to an MSP franchisee except in the following circumstances:

  • To assist with dealing with order errors
  • To assist with customer complaints
  • To assist with any Franchisee service related enquiries

We may need to update our privacy policy from time to time as the law changes or as circumstances change.  We will not notify you directly of any change.  All changes will be updated on our website and other places that we display our privacy policy.  You consent to any changes.


If you contact us via email or through our website, we will collect the email address you nominate and any other identifying information you provide, such as a name, phone number and postal or residential address.

Please do not give us information that we do not request.

If you provide us with information about another person then you do so on the grounds that you are authorised to provide that Personal Information to us and you undertake to advise that person that their Personal Information has been provided to us within a reasonable time and you will refer them to this privacy policy.

Other than circumstances such as unlawful activity or serious threats to life, health or safety, we will not share your Personal Information except in accordance with the terms of this privacy policy.

MSP uses a variety of third party systems and solutions in the provision of our services. Our major third party provider is Compass. For more information on Compass, refer to their policies at


1.1      The kinds of Personal Information that we may collect and hold includes, but is not limited to:

(a)           Full name of the student and/or the student’s parent/s or guardian/s;

(b)           The year and role class of the student;

(c)           The school the student attends;

(d)           Student and/or library barcode numbers;

(e)           Postal and/or residential Address;

(f)            Telephone number;

(g)           Email address;

(h)           List of staff names at the school;

(i)            List of teacher names at the school;

(j)            The principal’s and deputy principal’s names;

(k)       Customer’s credit card details (however note that we do not store any credit card details obtained through our website. Those details are passed onto our various payment providers including but not limited to; Compasspay Pty Ltd ABN 43 615 505 130 via a high grade encrypted connection and whose privacy policy can be viewed here: Compass Education – Privacy Policy ( All payment gateways are PCI DSS compliant.

(l)            Other details you provide to us.

1.2      This Personal Information will be collected:

(i)         If you enter your details on our website; 

(ii)       From a participating school; 

(iii)      If you complete your details on a company order envelope and submit that to us; 

(iv)      if you provide your details to us through other means. 

We hold your information as follows:

(a)       We retain the order envelopes for the purpose of filling your order

(b)       We retain a database of students, customers and parents and/or guardians which is maintained on MSP Photography Pty Ltd’s database, which is hosted on the company’s internal computer network within Australia. Access to the data base is available only to staff of MSP Photography Pty Ltd and its Franchisees. MSP Photography servers are all located in secure Australian data centres. MSP stores customer data (including photographs) on MSP controlled and/or owned hardware as well as on Compass (our external third party certified portal provider). 

(c)       All MSP Photography images are sent after capture from franchisees to MSP Photography Pty Ltd secure dedicated production facility.  There, the images are stored on servers where physical access is restricted to MSP Photography staff and electronic access is controlled by industry standard authentication controls.  The production facility network is protected from unauthorised outside access by enterprise grade firewalls and virus protection. The portrait download site is housed in this same facility. Access to the images is available only to staff of MSP Photography Pty Ltd and its Franchisees. 

(d)       We will collect, hold, use and disclose Personal Information for the primary purpose of:

(A)      Fulfilling orders for photos and other products placed by the customer; 

(B)      Completing order envelope details;

(C)      Service and order enquiries;

(D)      Product updates and offers.

We may send you marketing information if you have consented to the receipt of that information.

(e)     If you believe we have breached the Australian Privacy Principles or a Registered PP Code (if any) that binds us, then you should make contact with MSP Photography Pty Ltd via [email protected]

Upon receipt of a complaint, we will investigate that complaint and we will use our best endeavours to revert to you within 30 days. If we form the view that a request or complaint will take longer to resolve than 30 days, then we will advise you of this and of the anticipated date.  


(a)       You have the option of not identifying yourself or of using a pseudonym when you deal with us in relation to a particular matter.  

(b)       However, if you do not identify yourself or you use a pseudonym, then we will be unable to provide you with any photos or other products as it will be necessary to have certain details in order to complete any order.  You accept that if you deal with us anonymously or using a pseudonym, that we may not be able to fulfil an order for you or provide any other functions or services.   


We will only collect Personal Information if it is reasonably necessary for one or more of our functions or activities and in particular if it is necessary to provide you with the photos or associated products or to take photos of the subject.  

The Personal Information we collect about you will be limited to the information that we need to undertake photography and/or to provide photos and/or associated products.   

We will not collect or require you to provide any sensitive information as that term is defined in the Privacy Act 1988 Cth. 


We request that you do not provide us with any Personal Information which we do not request from you.

If you do provide us with Personal Information we have not requested, we will, within a reasonable time, determine whether that information is reasonably necessary for one or more of our functions or activities. 

If we determine that we could not have collected the unsolicited information for the purposes of providing goods and services to you, then we will destroy the information as soon as possible or ensure that the information is de-identified.   

If the unsolicited information you provide to us is information we could have collected for the purpose of our functions or activities, then we will deal with the information as outlined in the remainder of this privacy policy.  


If we collect Personal Information about you and you have not provided that information to us, then we will take reasonable steps to ensure that you are notified that we hold that Personal Information.  We will notify you:

(a)     Of our identity; 

(b)     The circumstances of the collection of the information;

(c)     If the information is required or authorised under a law or court / tribunal order, then we will advise you that the collection is so required or authorised;

(d)     The purposes for which we have collected the Personal Information;

(e)     The consequences (if any) if the Personal Information is not collected by us;

(f)       Any other entity, body or person, or the types of entities, bodies or persons to which we would usually disclose Personal Information of the kind collected.

(g)     That our privacy policy contains information about how you can access the Personal Information that is held by us and to seek correction of that information;

(h)     That our policy contains information about how you complaint about a breach of the Australian Privacy Principals or a registered APP Code (if any) that binds us and how we will deal with such a complaint; 

(i)       Whether we are likely to disclose the Personal Information to overseas recipients.


If an entity holds personal information which was collected for a particular purpose then the entity must not use or disclose that information for another purpose unless:

(i) the individual has consented; or

(ii) the individual would reasonably expect the entity to use or disclose the information for the secondary purpose which needs to be related to the primary purpose.”


We may use your Personal Information for direct marketing purposes.  

You can easily request that we stop direct marketing to you by requesting the cessation of direct marketing material through email to [email protected] or by simply clicking the “unsubscribe” link in any email we send to you for direct marketing purposes.  We will comply with such request within a reasonable time.


However note that when you use our website we may use “cookies” which is a small text file that our site may place on your computer as a tool to remember your preferences.  You can refuse to use “cookies” by selecting the appropriate settings on your browser, however if you do this you may not have the full functionality of our website. 

Our website may contain links to other websites.  We are not responsible for the privacy practices of third parties or their websites.  If you go to other websites from our website, we advise you to be aware of and read their privacy policy.  

Our website also uses Google analytics. This is a service which transmits website traffic data to Google services in the United States.  It does not identify individual users or your IP address. However, by using our website you do consent to the processing of data about you by Google in the manner described in Google’s privacy policy and for the purposes set out above.  You can opt out of Google analytics if you disable or refuse the cookie, disable Java script, or use the opt-out service provided by Google.  

You acknowledge that no data transmission over the internet can be guaranteed to be secure.  We do not warrant the security of information you to us online.


We do not adopt Government related identifiers of individuals.


We only collect Personal Information which is provided to us by you.  You should ensure that all information you provide is accurate, up-to-date and complete.

You must advise us if the information becomes inaccurate, up-to-date or incomplete.


We store and secure your information as outlined above.

We will hold your information indefinitely. 


We will give you access to your Personal Information however we will not give you access if:

(a)          we form the reasonable view that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or 

(b)          giving access could have a serious impact on the privacy of other individuals; 

(c)           the request for access is frivolous or vexations;

(d)          the information relates to existing or anticipated legal proceedings between us and you and would not be accessible by the process of discovery in those proceedings;

(e)          giving access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;

(f)            giving access would be unlawful;

(g)          denying access is required or authorised by or under an Australian law or court/tribunal order;

(h)          both of the following apply:

(i)   we have reason to suspect that unlawful activity or misconduct of a serious nature that relates to our functions or activities has been, is being or may be engaged in;

(ii)  giving access would be likely to prejudice the taking of appropriate action in relation to the matter;

(i)            giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(j)            giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.

If we do not give you access because of any of the above reasons we will advise you in writing: 

  • the mechanisms available to you to complain about the refusal;
  • other matters we are required to advise you by regulation; and
  • we will take steps to give you access to the Personal Information in a way which meets our respective needs (if possible).

We will not charge for access to your Personal Information except if the Personal Information is photographic in nature in which event we will charge our usual charge.


You can access personal information that we hold about you and we will correct that information upon your advice that it is inaccurate, incomplete, misleading or not-up-date.   

You can contact [email protected] for the above purposes.  

You will be required to provide proof of identity before any information is shared with you. 

Once we are satisfied as to your identity, we will make changes to the Personal Information held about you in writing.  

We will advise any other entity to whom we have disclosed your information of the change within a reasonable time. 

If we refuse to correct your information then we will advise you in writing of the following:

(a)  the reasons for the refusal;

(b)  the mechanisms available to complain about the refusal; and

(c)  any other matters required by regulations.

If we refuse to correct your information and you request us to associate with the information a statement that the information is inaccurate, out-of-date or incomplete, irrelevant or misleading then we will take reasonable steps to make that statement apparent to users of the information.