2. Purpose of the Policy

The purpose of this policy is to manage the collection, use, and protection of personal information and to ensure that individuals are informed about how their information is handled.

3. Scope

This policy applies to all personal information collected, used, disclosed, and stored by Rosehill College, including that of current and prospective students, staff, and other stakeholders.

5.1 Types of Information Collected

• Personal Identification Information: Name, address, date of birth, and contact details.
• Educational Records: Academic transcripts, enrollment details, and course progress.
• Financial Information: Bank details, payment history, and scholarship information.
• Health Information: Medical records if relevant to the individual’s educational needs.
• Sensitive Information: Information on racial or ethnic origin, political opinions, religious beliefs, and membership in trade unions or organizations.

5.2 Collection Methods

• Direct Collection: Information collected directly from individuals via forms, interviews, emails, and telephone.
• Indirect Collection: Information collected from third parties, such as educational institutions and government agencies, where applicable.

5.3 Purpose of Collection

Personal information is collected for:

• Enrolling and registering students.
• Providing educational services and support.
• Managing student records and assessments.
• Ensuring compliance with legal and regulatory obligations.
• Communicating with students, staff, and stakeholders.
• Administering financial transactions.

7.1 Security Measures

• Encryption: Personal information is stored and transmitted using encryption protocols.
• Access Controls: Strict controls ensure only authorised personnel access personal information.
• Data Loss Prevention: Tools and protocols are used to prevent data loss and unauthorised access.
• Regular Audits: Measures are audited regularly to ensure ongoing protection.

7.2 Data Breach Response

• Immediate Action: Prompt action is taken to contain and assess any data breach.
• Notification: Affected individuals and authorities are notified in accordance with legal requirements.
• Remediation: Steps are taken to mitigate impact and prevent future breaches.

8.1 Access and Correction

• Access Requests: Individuals can request access by submitting a Data Access Request Form.
• Correction Requests: Individuals can request corrections if information is inaccurate, incomplete, or outdated.

8.2 Retention and Disposal

• Retention Period: Retained as long as necessary for the purposes collected, or as required by law.
• Disposal: Secure methods are used to dispose of information no longer needed.

9.1 Privacy Notices

• Availability: Privacy notices are provided at the time of collection, describing purpose and use of information.

9.2 Consent for Sensitive Information

• Explicit Consent: Explicit consent is obtained before collecting or using sensitive information.

10.1 Complaints Process

• Submission: Complaints can be submitted in writing to the Privacy Officer.
• Resolution: Complaints are reviewed and resolved in a timely manner, in line with the Complaints and Appeals Policy.

10.2 Appeals Process

• Independent Review: If unsatisfied, individuals may appeal and seek an independent review.

11.1 Staff Training

• Regular Training: Staff receive training on privacy policies, data protection, and compliance.
• Updates: Materials are updated regularly to reflect changes in laws and regulations.

11.2 Student Awareness

• Information: Students are informed about privacy rights through orientations and the Student Handbook.

Control Details

• Version Number: V1.1
• Approved By: CEO
• Approval Date: June 8, 2024
• Review Date: June 8, 2025

Review Note

This document is reviewed annually or as required to ensure it remains current, effective, and aligned with applicable legal and regulatory obligations.