V 1.8 Last Updated May 2018.
1.2. Curtin College is part of the Navitas Limited group of University Pathway Colleges. Navitas Limited (Navitas) and its Related Bodies Corporate incorporated in Australia are subject to the Australian Privacy Act 1998.
1.3. TThe Privacy Act regulates how private sector entities collect, use, disclose and otherwise handle Personal Information. In 2018, the Australian government amended the Privacy Act and set up a Notifiable Data Breaches (NBD) scheme. This means that any organisation that holds Personal Information, must report any actual or suspected breaches relating to the security of Personal Information. If personal data has been accidentally or unlawfully accessed, lost, altered or destroyed, Navitas will assess the suspected data breach to determine whether it is likely to result in serious harm. If so, Navitas will inform the Office of the Information Australian Commissioner (OAIC).
2.1. Curtin College’s role as an education provider requires the collection, storage and use of Personal Information relating to its students. Personal and Sensitive information can be collected and stored in electronic and/or paper format.
2.2. The overall responsibility for privacy of information for the College resides with the College Director and Principal, with the day to day management delegated to the Director of Quality and Student Services. The Director of Quality and Student Services is the first point of contact for College privacy matters including general information, requests to access and/or amend Personal Information, and for internal review and resolution of complaints.
3.1. AUSAID: Australian Agency for International Development (AusAID): The Australian Government’s overseas aid program is a federally funded program that aims to reduce poverty in developing countries.
3.2. Centrelink: Is an Australian Government Statutory Agency, assisting people to become self-
sufficient and supporting those in need.
3.3. Data Breach: A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
3.4. Federal Department of Immigration: The Australian government agency responsible for issuing students with visas.
3.5. Federal Department of Education: The Australian Government Department of Education is responsible for national policies and programmes that help Australians access quality and affordable childcare; early childhood education, school education, post-school, higher education, international education and academic research.
3.6. Navitas: Navitas Pty Ltd is a world leader in the development and provision of educational services and learning solutions. Curtin College is a subsidiary of Navitas.
3.7. Packaged Offer: A packaged offer is a combination of courses at Curtin College, Curtin University and/or Curtin English.
3.8. Personal Information: includes any information or opinion about an identified individual or an individual who is reasonably identifiable. The type of Personal Information collected may include an individual’s name, date of birth, phone number, email address, address, nationality, educational history, work history and staff or student identification numbers. For further information, visit the Office of the Australian Information Commissioner website.
3.9. Privacy Act: The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of Personal Information about individuals. This includes the collection, use, storage and disclosure of Personal Information, and access to and correction of that information.
3.10. Sensitive Information: Due to the nature of the services provided by Navitas, some of the information collected may include details about an individual’s race or ethnic background. It is not common practice for Navitas to collect information about an individual’s medical history, religion, political opinion, sexual preference or criminal record, unless such information is required in order to process a student’s application for admission, enrolment and education.
3.11. Sponsored/Scholarship Student: An individual or agency who finances the cost of a student to further their education.
4.1. Students and staff are entitled to protection of their privacy. Curtin College recognises its obligation with regard to the collection, storage and use of Personal Information and will take necessary measures to ensure privacy is protected.
- 4.2.1. Legal Basis;Consent;
- 4.2.2. Consequences of NOT providing your Personal Information;
- 4.2.3. Disclosure;
- 4.2.4. Retaining and Disposing of your Personal Information;
- 4.2.5. Retention Period;
- 4.2.6. Your Rights as a Data Subject;
- 4.2.7. Complaints and
- 4.2.8. Contact details for Privacy Authorities.
4.3. All information collected is for the purpose of the operations of the College, or where dictated by legislative guidelines.
4.4. All students and staff have the right to access their Personal Information held by the College in accordance with the Privacy Act.
4.5. All new students are required to complete a ‘Privacy’ section during the enrolment process and have the option to select ‘yes’ or ‘no’ to release information to parents, agents, teachers, the university and other parties. Students can change their preference at any time by completing a ‘Request to View or Change Personal Information’ form.
4.6. Generally, Personal Information is collected directly from the individual, although there may be occasions when information is collected from third parties, such as a family member who contacts us on the individual’s behalf, contractors who supply services to us, through partner institutions or from a publicly maintained record. If an individual does not provide information requested by us, service provision may be impacted.
4.7. Unauthorised attempts to access or tamper with information held by Curtin College/ Navitas may lead to further investigation which may include gathering of more extensive information than usual, and possible legal action.
5.1. Collection of Personal Information
5.1.1. Navitas may collect Personal Information in a number of circumstances including when an individual:
- Lodges an enquiry through the Navitas (Curtin College) online enquiry service;
- Applies for admission to a Navitas college,
- Registers or enrols for a class or course offered by the College,
- Attends a seminar; or,
- Applies for employment.
5.1.2. The individual must also provide the consents set out in this policy in respect of how we will deal with their Personal Information.
5.2. Use of Personal Information
The College and Navitas takes your privacy very seriously and takes every reasonable measure and precaution to protect and secure.
5.3. Minors and Privacy
5.3.1. When Curtin College/Navitas has knowledge that a person under age 18 is providing Personal Information, we require the person to obtain parental permission and consent to provide this information to us.
5.3.2. Once a minor is enrolled, information regarding study, fees or any other relevant information will be provided to parents upon request.
5.4. Disclosure of Personal Information
5.4.1. As a general rule, Curtin College will not use or disclose Personal Information unless the person about whom the information relates is aware of, or has consented to, the use or disclosure of their information. With the exception of parties referred below.
- Curtin College will release information to Curtin University so that students and staff can use the facilities on campus (eg. library, computer labs, parking, etc).
- Curtin College will release results to Curtin University for those students who completed their diploma program and who received a packaged offer. Students who are not on a packaged offer can request that their results are not released to the University by completing a ‘Request to View or Change Personal Information’ form.
Note: withholding results may cause delays in Curtin University processing your enrolment at a later stage.
- Students can request that other related study details outside of what is necessary for them to use the campus facilities are NOT released to the University by completing a ‘Request to View or Change Personal Information‘ Form.
- Where a student is sponsored or on scholarship, the College will provide information to their sponsor/benefactor upon request, if provision of the requested information is a condition of the Sponsorship/Scholarship.
- f a student is alleged to have committed an offence, the College may be requested to assist the police or other authorized persons by providing Personal Information about that student for enforcement of the law;
- Disclosure information as necessary to prevent or lessen a serious and or imminent threat or as a duty of care when the College has been unable to contact a student for a period of 10 days. In this situation, the disclosure of information will be approved by the College Director.
5.4.2. Personal information may be disclosed where an individual has consented to the disclosure, and a common example is where students permit the release of information to their agent, parents or Curtin University. In addition, information may be disclosed in situations where individuals have been informed of the usual practice of disclosure, such as the transfer of results to Curtin University. Curtin University may also share information with the College in relation to student performance, to inform continuous improvement.
5.4.3. In the event of circumstances requiring critical incident management, Curtin College reserves the right to disclose limited Personal or Sensitive Information of a student where it is considered necessary to meet or maintain its duty of care responsibilities to its students and staff. In rare circumstances information in regard to an individual may be disclosed where:
- there is a serious and imminent threat to a person’s life, health or safety;
- there is a requirement under law, or authorised by law, or
- there is a requirement under an enforcement body.
5.4.4. The College will only publish Personal Information on its website, where the individual has consented that the Personal Information be collected and disclosed for this particular purpose. The individual should be aware that information published on website is accessible to millions of users from all over the world, that it may be indexed by search engines and that it may be copied and used by any web user. Once Personal Information is published on the Curtin College website, it will not be possible to control subsequent use and disclosure
5.4.5. Where our website contains external links to other sites, we are not responsible for the privacy practices or the content of such websites.
5.5. Statutory Requirements for Collection and Disclosure of Personal Information.
5.5.1. Curtin College is required to collect and disclose information during a student’s admission and enrolment to the College in order to meet our obligations under a range of legislative requirements.
5.5.2. Common examples of the disclosure of information include:
- Federal Department of Education – statistical information about student enrolment, educational background country of birth, or where a student has requested financial assistance with tuition fees.
- Commonwealth Tertiary Education Quality Standards Agency (TEQSA) – information relating to staff qualifications and professional development and student performance and satisfaction levels.
- Overseas Student Ombudsman – where an overseas student lodges an appeal against a decision of the College, Curtin College will be required to respond with Personal Information relating to the student’s case.
- Australian Taxation Office – in relation to FEE-HELP where students may defer fee payment through the taxation system.
- Federal Department of Immigration (International students)- reporting requirements of matters related to students on student visas.
- Centrelink – enrolment information on domestic students accessing Centrelink benefits
- OSHC – where international students opt to pay their Overseas Student Health Cover through Curtin College
- Tuition Protection Service Director – tuition assurance for international students
- Australian Council for Private Education and Training – administration of the Australian Student Tuition Assurance Scheme.
- AusAid, with certain information which it is required to release.
- Austudy – enrolment information for those domestic students accessing benefits.
The authority to collect this information is contained in the Education Services for Overseas Students Act 2000, the Education Services for Overseas Students Regulations 2001, the National Code of Practice for Registration Authorities and Providers of Education and Training to Overseas Students 2017, the Higher Education Support Act 2003, Social Security (Administration) Act 1999 and Student Assistance Act 1973. Information collected about you can be provided, in certain circumstances, to the Australian Government and designated authorities and, if relevant, the Tuition Assurance Scheme and the Tuition Protection Service Director.
6.1. Curtin College takes all reasonable steps to destroy hard copies of Personal Information that is no longer required, and destruction of Personal Information is undertaken by secured means.
6.2. Navitas uses software programs to monitor network traffic and identify unauthorised attempts to upload or change information, or otherwise cause damage.
6.3. If you no longer wish to receive any communications or want to be removed from any Curtin College or Navitas databases, please email DataProtection@navitas.com
7.1. Where there are reasonable grounds to believe that an “eligible data breach” has occurred the College is required to notify the Office of the Australian Information Commissioner (OAIC) and all individuals affected by the breach. If it is impractical to notify all affected individuals, the College must publish a statement on its website and publicise the content of the statement.
7.1.1 A data breach will arise where there has been unauthorised access to, or unauthorised disclosure of, Personal Information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure (for example, leaving the information on the bus);
7.1.2. An eligible data breach will arise where a reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the unauthorised access or unauthorised disclosure;
7.1.3. serious harm, includes serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation; and
serious harm will be likely if such harm is “more probable than not” having regard to a list of relevant matters. The matters include the sensitivity of the information, any security measures taken (such as encryption) and how easily those security measures could be overcome (for example, if the encryption key has also been accessed).
8.2. In the event that you wish to make a complaint about how your personal data is being processed by Navitas (or third parties associated with the Company), or how your complaint has been handled, you have the right to lodge a complaint directly with:
The Data Protection Officer: DataProtection@navitas.com
If you are not satisfied with the outcome of your Complaint you can lodge a complaint with the OAIC :
Phone: 1300 363 992
9.2. Administrative and Teaching staff will be provided with this policy at induction.
9.3. All staff will be informed of any changes to this policy via the intranet and/or email.
9.4. If a data breach occurs, the College will prepare a statement about the data breach and provide it to the OAIC. The College will notify the individuals that may or have been affected by the breach via email or phone.