Privacy Policy

Document Title: Privacy Policy

Document Number: PP-001

Effective Date: June 8, 2024

Review Date: June 8, 2025

1. Introduction

Rosehill College is committed to safeguarding the privacy of all personal information collected from students, staff, and stakeholders. This policy outlines how we collect, use, disclose, and protect personal information in compliance with the Privacy Act 1988, Australian Privacy Principles (APPs), General Data Protection Regulation (GDPR) for EU students, and California Consumer Privacy Act (CCPA) for Californian students.

2. Purpose of the Policy

The purpose of this policy is to manage the collection, use, and protection of personal information and to ensure that individuals are informed about how their information is handled.

3. Scope

This policy applies to all personal information collected, used, disclosed, and stored by Rosehill College, including that of current and prospective students, staff, and other stakeholders.

4. Privacy Legislation and Principles

  • Privacy Act 1988 (Australia)
  • Australian Privacy Principles (APPs)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

5. Collection of Personal Information

5.1 Types of Information Collected

  • Personal Identification Information: Name, address, date of birth, and contact details.
  • Educational Records: Academic transcripts, enrollment details, and course progress.
  • Financial Information: Bank details, payment history, and scholarship information.
  • Health Information: Medical records if relevant to the individual’s educational needs.
  • Sensitive Information: Information on racial or ethnic origin, political opinions, religious beliefs, and membership in trade unions or organizations.

5.2 Collection Methods

  • Direct Collection: Information collected directly from individuals via forms, interviews, emails, and telephone.
  • Indirect Collection: Information collected from third parties, such as educational institutions and government agencies, where applicable.

5.3 Purpose of Collection

Personal information is collected for:

  • Enrolling and registering students.
  • Providing educational services and support.
  • Managing student records and assessments.
  • Ensuring compliance with legal and regulatory obligations.
  • Communicating with students, staff, and stakeholders.
  • Administering financial transactions.

6. Use and Disclosure of Personal Information

6.1 Use

  • Educational Services: To facilitate enrollment, academic administration, and student support services.
  • Communication: To communicate with students, staff, and other stakeholders about relevant matters.
  • Compliance: To comply with legal, regulatory, and reporting obligations.

6.2 Disclosure

  • Internal Use: Access to personal information is limited to staff who need it to perform their duties.
  • External Disclosure: Information may be shared with third parties such as regulatory bodies, educational institutions, and service providers as required by law or with consent.
  • International Transfers: Personal information of international students may be transferred to relevant authorities and educational institutions in their home countries as required.

6.3 Consent

  • Obtaining Consent: Consent is obtained from individuals when collecting sensitive information or when required by law for disclosure.
  • Withdrawing Consent: Individuals can withdraw consent for the collection and use of their personal information by contacting the Privacy Officer.

7. Data Protection and Security Measures

7.1 Security Measures

  • Encryption: All personal information is stored and transmitted using encryption protocols.
  • Access Controls: Strict access controls are in place to ensure that only authorized personnel can access personal information.
  • Data Loss Prevention: Tools and protocols are used to prevent data loss and unauthorized access.
  • Regular Audits: Security measures are regularly audited to ensure ongoing protection.

7.2 Data Breach Response

  • Immediate Action: Prompt action is taken to contain and assess any data breach.
  • Notification: Affected individuals and relevant authorities are notified in accordance with legal requirements.
  • Remediation: Steps are taken to mitigate the impact and prevent future breaches.

8. Managing Personal Information

8.1 Access and Correction

  • Access Requests: Individuals can request access to their personal information by submitting a Data Access Request Form.
  • Correction Requests: Individuals can request corrections to their personal information if it is inaccurate, incomplete, or outdated.

8.2 Retention and Disposal

  • Retention Period: Personal information is retained for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
  • Disposal: Secure methods are used to dispose of personal information that is no longer needed.

9. Privacy Notices and Consent

9.1 Privacy Notices

  • Availability: Privacy notices are provided to individuals at the time of collecting their personal information, detailing the purposes and use of the information.

9.2 Consent for Sensitive Information

  • Explicit Consent: Explicit consent is obtained before collecting or using sensitive information.

10. Complaints and Appeals

10.1 Complaints Process

  • Submission: Complaints regarding privacy practices can be submitted in writing to the Privacy Officer.
  • Resolution: Complaints are reviewed and resolved in a timely manner, in accordance with Rosehill College‚Äôs Complaints and Appeals Policy.

10.2 Appeals Process

  • Independent Review: If unsatisfied with the resolution, individuals may appeal the decision and seek an independent review.

11. Training and Awareness

11.1 Staff Training

  • Regular Training: Staff receive regular training on privacy policies, data protection, and compliance.
  • Updates: Training materials are updated regularly to reflect changes in privacy laws and regulations.

11.2 Student Awareness

  • Information: Students are informed about their privacy rights and how to exercise them through orientations and the Student Handbook.

12. Responsibilities

  • Privacy Officer: Manages privacy policy implementation, handles complaints, and ensures compliance.
  • Academic and Administration Staff: Ensure personal information is handled in accordance with this policy.
  • Students and Staff: Comply with privacy practices and report any breaches or concerns.

13. Review Compliance

  • Monthly Review: Reviewed monthly on the RTO Management Meeting agenda.
  • Governance Schedule: Reviewed as per Governance Schedule.
  • Annual Review: Conduct an annual review using the ASQA RTO Self-assessment tool template, Section 6 Completion.

14. Document Control

  • Version Number: V1.1
  • Approved By: CEO
  • Approval Date: June 8, 2024
  • Review Date: June 8, 2025