The College collects, uses, shares, processes, and manages Personal Information in carrying out its functions and activities. The College has a responsibility to ensure that its management of Personal Information complies with the Privacy Act.
The purpose of this Policy is to provide a clear and up-to-date description of how the College manages Personal Information.
“College” means the College of Law Limited (ACN 138 459 015).
“Personal Information” has the meaning given to it by s6(1) of the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
“Privacy Act” means the (Cth) Privacy Act 1988 including the Australian Privacy Principles in Schedule 1 of that Act.
“Related Company” means a subsidiary of the College.
“Sensitive Information” has the meaning given to it by s 6(1) of the Privacy Act and means: information or an opinion about an individual’s: racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual orientation or practices; or criminal record; that is also Personal Information; or health information about an individual; or genetic information about an individual that is not otherwise health information; or biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or biometric templates.
Commitment to privacy
The College is committed to protecting the privacy of individuals by collecting, storing, using, and disclosing Personal Information only in accordance with the Privacy Act and in the manner described in this Policy.
The College will collect Personal Information only when it is reasonably necessary for one or more of its functions or activities. The College will only collect Sensitive Information relating to an individual with the consent of that individual.
How Personal Information is collected
The College collects Personal Information only by lawful and fair means. The College will collect Personal Information directly from the subject individual unless the individual has consented to collection of his or her personal information from a third party, where it is unreasonable or impractical to make a direct collection and/or where College is required or authorised by law to collect his or her information from a third party.
The College may collect Personal Information when an individual:
- registers for, enrols in, attends and/or otherwise takes part in a College course, assessment, event, webinar, survey or contest
- communicates with the College, including by physical post, email, social media, telephone, text message or fax
- visits a website that displays or links to this Policy
- visits and/or posts a comment or other communication on a College branded social media page
- visits the College and or meets with College representatives
- uses College cloud products, IT systems or services as an authorised user including when providing government higher education enrolment information
- applies for a job at the College, and/or
- offers to supply or supplies goods or services to the College.
Third parties from whom the College may collect Personal Information about other individuals include information brokers, referees, educational institutions attended and others, as authorised by the individual who is the subject of the Personal Information. The College uses information-gathering tools, including tools for collecting usage data, cookies and web beacons to automatically collect information that may contain Personal Information from computers and mobile devices used to navigate College websites, College services or to interact with emails sent by the College. See: College of Law Cookies and Electronic Marketing Policy.
The kinds of Personal Information collected
The College collects names, addresses, tax file numbers, contact details, job titles, educational history, course preferences, course results and details associated with College-related transactions with individual students and suppliers. The College may also collect internet data (including user behaviour data), IP addresses, social media profiles, LinkedIn URLs, and custom profiles. The College may combine information provided by third parties with information provided directly to the College.
If the College receives Personal Information from someone other than the individual subject of the Personal Information, the College will consider whether it is entitled to collect the information. If the information is not relevant to any of the functions or activities of the College and/or collection of the Personal Information would require consent that has not been obtained, the College will destroy or de-identify the Personal Information.
The College gathers certain Personal Information automatically in connection with the use of the website and in connection with the use of cloud-based products and services by individual users.
Purposes of collection of Personal Information
The College collects and uses Personal Information to carry out the business of the College including enrolling students, providing courses and for business administration purposes. Some Personal Information is collected for the purpose of targeted advertising, delivering relevant email content, event promotions and profiling.
The College collects Personal Information on behalf of relevant government and admitting authorities. These may include the following departments as named below and also as renamed from time to time:
- Tertiary Education Quality and Standards Agency
- Department of Education, Skills and Employment
- Australian Taxation Office
- Department of Home Affairs (Services Australia and Centrelink)
- The Commonwealth Attorney General’s Department
- Office of Migration Agents Registration Authority
- Supreme Court Admission Agencies, and
- State and Territory Law Societies.
If the College is required to collect and process Personal Information by law or if the collection of Personal Information is necessary for the organisation, management or delivery of a service to an individual, and the required Personal Information is not provided, the College may not be able contract with the subject individual and/or deliver the service.
Disclosure of Personal Information
The College shares Personal Information with staff, its Related Companies, third party service providers and business partners to conduct its business, to deliver its services and to develop, improve, and expand products and services.
Personal Information relating to students at the College may be disclosed:
- when enrolling into a course, on provision of access to a course or for business administration purposes
- when attempting to contact or locate a student or to notify the relevant authority or the student’s emergency contact if there are reasonable grounds to be concerned about the student’s welfare or safety
- in order to generate learning or business analytics to assist the College to make better decisions regarding operations and services, to improve the student learning experience and outcomes, to offer personalised services and support to students and to promote academic excellence
- for the purpose of determining eligibility for and administering public transport concessions and for directly related purposes such as audit, management and operational activities for concessions
- to issue invitations to participate in approved research or surveys, while a student and after graduation, and
- to confirm completion of a student’s course (only name, degree(s) conferred, and date(s) of completion will be disclosed), and
- to publish the name and award of graduates online and/or in a College graduation booklet for the student’s graduation ceremony.
If Personal Information is shared with third party service providers or business partners, use and disclosure of the Personal Information is strictly limited to the extent necessary to deliver the service requested by the College and is subject to the College’s privacy and security requirements.
The College shares anonymous usage data with the College’s service providers for the purpose of helping the College to analyse the data and to improve its services, products and operations. The College may share anonymous usage data on an aggregate basis in the normal course of operating its business, for example, the College may share information publicly to show trends about the use of its services.
Any Personal Information or other information that an individual may submit in communities, forums, blogs or chat rooms on the websites of the College may be read, collected and used by others who visit these forums, depending on the account settings selected by the individual.
The College may use or disclose Personal Information in circumstances expressly permitted by the Privacy Act, for example, where:
- it is not reasonable or practical to obtain consent and the College reasonably believes use or disclosure is necessary to lessen or prevent a serious threat to life, health, or safety of any individual or public health and safety
- the College has reason to suspect that unlawful activity or misconduct of a serious nature that relates to the activities or functions of the College is being or has been engaged in and the College believes the collection, use or disclosure is necessary to take appropriate action in relation to the matter, or
- the College reasonably believes that the collection, use or disclosure is reasonably necessary to assist with the location of a person reported missing.
The College may also disclose Personal Information when:
- compelled by law including by warrant or subpoena
- required by lawful order of a government authority
- required by lawful order of a regulator of the College, and/or
- required by an admitting authority.
Retention and security of Personal Information
The College takes precautions to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorised disclosure of or access to the Personal Information processed or used by the College. These precautions include organisational, technical, and physical measures.
When Personal Information is no longer needed by the College for any purpose for which the information may be used or disclosed in accordance with this Policy and provided that the College is not required by law or court order to retain the Personal Information, the College will take reasonable steps to destroy or delete the Personal Information or to ensure it is de-identified. If there is any Personal Information that the College is unable, for technical reasons, to delete entirely from the College systems, the College will put in place appropriate measures to prevent any further use of such Personal Information.
International access to Personal Information
Personal Information will be collected, transferred to, and stored by the College in the College’s Student Management System which is stored in Japan. Backup of this data is stored in Ireland. The College Learning Management System (Canvas) stores data in Australia. All other personal information is stored in Australia and is accessible only from Australia. The College takes steps to ensure that any offshore recipient of Personal Information collected from an individual in Australia deals with the Personal Information in accordance with the Privacy Act.
Access to and correction of Personal Information
The College will respond to inquiries from an individual regarding whether it holds any Personal Information and will allow access to and correction of any such Personal Information subject to the conditions and limitations set out in the Privacy Act.
Privacy inquiries and complaints
All privacy-related inquires are handled by the College Privacy Officer who can be contacted by filling out this form, writing to the address below or emailing the College at: firstname.lastname@example.org.
570 George Street
Sydney NSW 2000
Individuals that wish to raise any matter associated with the way that the College manages his or her Personal Information, including any possible breach of privacy, may contact the College Privacy Officer setting out in writing the details of the issue or concern and stating any associated observations or requests.
The College Privacy Officer will respond to all such inquires within 30 days and will respond to any request on behalf of the College at that time or as soon as reasonably practicable after that date.
The College is committed to working with every complainant to obtain a fair resolution of any complaint or concern about privacy.
If not satisfied by the response from the College, the individual should contact the Office of the Australian Information Commissioner.
Changes to this Policy
The College will update this Policy from time to time to reflect changes in practices, technologies, legal requirements, and other factors. Updates will be effective on the “effective date” stated at the top of this Policy. If a material update is made, the College will highlight the change by posting a conspicuous notice on the College website or by email communication.
The College encourage students, staff, and suppliers to periodically review this Policy to stay informed about collection, processing and sharing of personal information practices.
27 May 2020