Privacy Policy – ECA College of Heath Sciences

1. Purpose

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including through this website, our student management system, and our learning management system (our Sites). In this Privacy Policy, “we”, “us”, or “our” means Education Centre of Australia Pty Ltd ACN 111 918 775 and each of its controlled entities including Advance Training Pty Ltd (ACCLM) ACN 164 188 685, Asia Pacific International College Pty Ltd (APIC) ACN 061 101 488, ECA Graduate Institute Pty Ltd (EGI) ACN 128 584 896, Higher Education Leadership Institute Pty Ltd (HELI) ACN 627 475 790, ECA Higher Education Pty Ltd (CHS) ACN 632 587 332 both in Australia and overseas.

This Privacy Policy considers the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In addition to the Australian laws, individuals located in the European Union (EU) may also have rights under the General Data Protection Regulation 2016/679 (GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU as well as information on how we process the personal information of individuals located in the EU.

2. Scope

This Privacy Policy applies to ECA employees, consultants, contractors, and all business partners who act on behalf of ECA and each of its controlled entities both in Australia and overseas.

3. Personal Information

3.1 The personal information we collect

The types of personal information we may collect about you include:

your name
your contact details, including email address, mailing address, street address, and/or telephone number
your age and/or date of birth
your emergency contact details
your preferences and/or opinions
your academic qualifications
your communications within our learning management system
your assignment/assessment content submitted via our learning management system; ∙ any feedback or survey responses you provide to us
your credit card or other payment details (including through our third-party payment processor)
your sensitive information as set out below
details of products and services we have provided to you and/or that you have enquired about, and our response to you
our browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour; ∙ information about your access and use of our Sites, including through the use of Internet cookies, your communications with our Sites, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; ∙ additional personal information that you provide to us, directly or indirectly, through your use of our Sites, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and any other personal information requested by us and/or provided by you or a third party. We may collect these types of personal information directly from you or from third parties.

3.2 How we collect personal information

We collect personal information in a variety of ways, including:

Directly : We collect personal information which you directly provide to us, including when you register for a course with us, through the ‘contact us’ form on our website or when you request our assistance via email or over the telephone
Indirectly : We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in online enquiries.
From third parties : We collect personal information from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.

3.3 How we collect personal information

We may collect, hold, use and disclose personal informatioh3n for the following purposes:

to enable you to access and use our Sites, associated applications and associated social media platforms
to contact and communicate with you
for internal record keeping, administrative purposes, invoicing and billing purposes
for analytics, market research and business development, including to operate and improve our Sites, associated applications and associated social media platforms
to run competitions and/or offer additional benefits to you
for advertising and marketing, including sending you promotional information about our products and services and information that we consider may be of interest to you
to comply with our legal obligations and resolve any disputes that we may have; and
if you have applied for employment with us, to consider your employment application.

3.4 Disclosure of personal information to third parties

We may disclose personal information to:

third party service providers to enable them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators
our employees, contractors and/or related entities
our existing or potential agents or business partners (such as universities)
sponsors or promoters of any competition we run
anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred; credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise or defend our legal rights
third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia; and
third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third-party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time) or other relevant analytics businesses. This may include parties that store data outside of Australia.

Where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside Australia.

We will only disclose your personal information to countries with laws that protect your personal information in a way that is substantially similar to the Australian Privacy Principles, or we will take such steps as are reasonable in the circumstances to ensure overseas third parties protect your personal information in accordance with the Australian Privacy Principles.

3.5 How we treat personal information that is also sensitive information

Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs,sexual orientation,sexual practices or sex life, criminal records, health information or biometric information.

The type of sensitive information we may collect about you includes

racial or ethnic origin
religion
professional associations or memberships
criminal records; and
health information (such as details of an allergy, accessibility requirements or a doctor’s certificate).

We will not collect sensitive information about you without first obtaining your consent. Provided you consent to the collection of your sensitive information, we will only collect, hold, use and disclose your sensitive information for the following purposes:

any purposes you consent to
the primary purpose for which it is collected (determined based on the collection and any privacy collection notice provided at the time of collection)
secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the third parties listed at 4.4, as reasonably necessary to provide our Sites to you
to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
if otherwise required or authorised by law.

4. Our commitment to you

Your personal information will:

be processed lawfully, fairly and in a transparent manner by us
only be collected for the specific purposes we have identified in this Privacy Policy and will not be further processed in a manner that is incompatible with the purposes we have identified
be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed
be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information)
be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal information was collected; and
be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.

5. Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. By providing personal information to us, you acknowledge that you have read our Privacy Policy and that it sets out how we collect, hold, use and disclose your personal information.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Anonymity: Where practicable, we will give you the option of notidentifying yourself or using a pseudonym in your dealings with us.

Unsubscribing: To object to processing for direct marketing/unsubscribe from our email database or opt out of marketing communications, please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, misleading or out of date. Please note, in some situations, we may be legally permitted to not correct your personal information.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You also have the right to contact the relevant authority in the country in which you are based.

6. Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as the pseudonymisation and encryption of personal information to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

7. Cookies and web beacons

We may use cookies on our Sites from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause our advertisementsto appear on yoursocial media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our Sites with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all orsome cookies. However, if you use your browsersettingsto block all cookies(including essential cookies), you may not be able to access all or parts of our Sites.

We may use web beacons on our Sitesfrom time to time. Web beacons(also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

8. Links to other websites

Our Sites may contain links to other websites provided by third parties. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

9. Amendments

We may, at any time and at our discretion, vary this Privacy Policy. We will notify you if we materially amend this Privacy Policy by contacting you through the contact details you have provided to us. Any amended Privacy Policy is effective once we notify you of the change.

For any questions or notices, please contact our Privacy Officer at:

Education Centre of Australia Pty Ltd ACN 111 918 775

Email: [email protected]

APPENDIX 1 – ADDITIONAL RIGHTS FOR INDIVIDUALS LOCATED IN THE EU

Under the GDPR, individuals located in the EU have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as “personal data” and is defined as information relating to an identified or identifiable natural person (individual). This Appendix sets out the additional rights we give to individuals located in the EU, including how we process personal information lawfully, transparently and fairly. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant?

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any sensitive information also listed in the Privacy Policy above, which is known as ‘special categories of data’ under the GDPR.

How we process personal information

We willrely on performing a contractto process your personal information where we are preparing to enter into a contract with you, or we are carrying out our obligations under a contract with you (such asto provide an educational course to you).

We will rely on a legal obligation to process your personal information where we are subject to a legal obligation, such as when carrying out our government reporting obligations.

We will process your personal information for our legitimate interest to allow you to access and use our website, to send you marketing content we think may be of interest to you, to contact you if you leave your contact details with us or if you otherwise initiate contact with us. You can object to the processing of your personal information for our legitimate interests at any time. See the section below on ‘Objecting to processing’.

If we need to rely on consent, we will ask for consent to process any of your personal information for that specific purpose before we process your personal information for that reason. If we rely on consent and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

On your written request, we will provide you with a list of third parties we use to process your personal information.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, you can ask us to delete your data: see ‘Access, erasure and data portability’ below for further information.

In some circumstances, we may anonymise your personal information (so that it can no longer be associated with you) for analytics, research or statistical purposes, in which case we may use this anonymised information indefinitely without further notice to you.

Data Transfers

The countries to which we send data for the purposes listed in the Privacy Policy may not have the same data protection laws as the EU. If we transfer your personal information to third parties in other countries: (i) we will perform those transfersin accordance with the requirements of the GDPR; and (ii) we will protect the transferred personal information in accordance with the Privacy Policy, as supplemented by this Appendix.

Extra rights for EU individuals

Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your personal information.

Restricting processing: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Access, erasure and data portability: You may have the right to request details of the personal information we hold about you or to request that we erase the personal information we hold about you or that we transfer this information to a third party.

Rectification: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, incomplete, misleading or out of date.