Document Title: Data Protection and Privacy Policy
Document Number: ADM-003
Effective Date: June 8, 2024
Review Date: June 8, 2025
1. Introduction
Rosehill College is committed to protecting the privacy of personal information in accordance with the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988, the General Data Protection Regulation (GDPR) for EU students, and the California Consumer Privacy Act (CCPA) for Californian students.
2. Purpose of the Policy
The purpose of this policy is to outline Rosehill College’s approach to managing personal information and to ensure compliance with relevant privacy laws and regulations. This policy aims to:
- Protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure.
- Provide clear guidelines on the collection, use, disclosure, and management of personal information.
- Ensure transparency regarding the handling of personal information by Rosehill College.
3. Scope
This policy applies to all staff, students, and third-party contractors of Rosehill College who have access to or handle personal information.
4. Definitions
- Personal Information: Any information about an individual whose identity is apparent or can reasonably be ascertained from that information.
- Sensitive Information: A subset of personal information that includes details about an individual’s racial or ethnic origin, political opinions, religious beliefs, health information, etc.
- Data Controller: The entity that determines the purposes and means of processing personal data.
- Data Processor: The entity that processes personal data on behalf of the Data Controller.
5. Collection of Personal Information
5.1 Types of Information Collected
Rosehill College collects personal information necessary for its operations, including:
- Contact Information: Name, address, phone number, email address.
- Identification Information: Date of birth, student ID, passport number.
- Academic Information: Educational history, qualifications, grades.
- Financial Information: Bank account details, payment information.
- Health Information: Medical conditions, disability support needs.
5.2 Methods of Collection
Personal information is collected through:
- Direct Interactions: Enrolment forms, online portals, emails, and phone calls.
- Automated Means: Cookies, online forms, and learning management systems.
- Third Parties: Previous educational institutions, government agencies, or referees.
6. Use of Personal Information
6.1 Purpose of Use
Rosehill College uses personal information to:
- Manage student enrolment and administration.
- Provide educational services and support.
- Process payments and manage financial accounts.
- Ensure the safety and well-being of students.
- Comply with legal and regulatory requirements.
6.2 Disclosure of Information
Personal information may be disclosed to:
- Educational Partners: For the purpose of delivering joint educational programs.
- Government Agencies: As required by law (e.g., for compliance with visa regulations).
- Service Providers: Engaged to perform services on behalf of Rosehill College (e.g., IT services).
7. Data Protection and Security Measures
7.1 Security Measures
Rosehill College implements various security measures to protect personal information, including:
- Encryption: Use of encryption for data storage and transmission.
- Access Controls: Role-based access to personal information.
- Physical Security: Secure storage facilities for physical records.
- Regular Audits: Conducting regular security audits and assessments.
7.2 Data Breach Management
In the event of a data breach:
- Notification: Affected individuals will be notified promptly.
- Mitigation: Steps will be taken to mitigate the impact of the breach.
- Review: The incident will be reviewed to prevent future occurrences.
8. Access to Personal Information
8.1 Access Requests
Individuals have the right to request access to their personal information. Requests can be made in writing to the Privacy Officer at Rosehill College.
8.2 Correction of Information
If personal information is found to be inaccurate or incomplete, individuals may request corrections.
9. Retention and Disposal of Information
9.1 Retention Period
Personal information will be retained for as long as necessary to fulfill the purposes for which it was collected or as required by law.
9.2 Disposal of Information
Personal information that is no longer needed will be securely disposed of, using methods such as shredding, deletion, or anonymization.
10. Responsibilities
- Privacy Officer: Responsible for overseeing the implementation of this policy and handling privacy-related inquiries and complaints.
- All Staff: Required to comply with this policy and report any potential breaches.
11. Complaints and Inquiries
For any complaints or inquiries regarding this policy or the handling of personal information, please contact:
Privacy Officer
Rosehill College
Level 2 & 4, 616-620 Harris Street, Ultimo NSW 2007, Australia
Phone: +61 (02) 7228 0008
Email: [email protected]
12. Review and Compliance
12.1 Review Schedule
This policy will be reviewed annually to ensure its effectiveness and compliance with relevant laws and regulations.
12.2 Compliance Monitoring
Regular audits will be conducted to monitor compliance with this policy and relevant data protection regulations.
13. Document Control
- Version Number: V1.0
- Approved By: CEO
- Approval Date: June 8, 2024
- Review Date: June 8, 2025
Rosehill College | Sydney, Australia
Phone: +61 (02) 7228 0008
Email: [email protected]