AcademyEX logo large white

THE IMPORTANT LEGAL STUFF

Privacy Policy

Last updated 09/11/2023

1. Purpose

The purpose of this policy is to ensure that all reasonably available measures are in place to protect the privacy of information collected through user interaction with digital learning platforms, content creation and services delivered by AcademyEX PTY Ltd (Australia) & academyEX Education Limited Partnership (New Zealand), collectively referred to as academyEX. It is provided in accordance with respect to academyEX’s obligations under the Australian Privacy Act 1988 and the New Zealand Privacy Act (2020), the New Zealand Education and Training Act (2020). 

AcademyEX PTY Ltd (AU)

+614 0155 7588
hello@academyex.com.au

Suite 2, Level 25/1 Bligh St
Sydney NSW 2000
Australia

academyEX Education Limited Partnership (NZ)

+64 09 964 4444
hello@academyex.com

99 Khyber Pass Road, Grafton,
Auckland 1023
New Zealand

This privacy policy is directed at commercial customers of academyEX, its Learning Management System and supporting SaaS platforms. For individual students of academyEX courses, please refer to the privacy policy here.

2. Scope

This policy applies to all staff members and processes at academyEX. AcademyEX must ensure that, when using or dealing with personal information relating to leads, learners, alumni, staff members, users, clients, contractors or any other individuals, they comply fully with this policy. 

This policy applies to all personal and client information provided, whether in person or via other means, including through academyEX sites including, but not exclusive to the Learning Management System and supporting SaaS platforms.

Personal information is any information about the user. Such information may be automatically collected (i.e. information sent to academyEX by user-managed devices used to access academyEX services), voluntarily provided (i.e. knowingly and actively provided by the user) and/or via learning analytics used to support learners and improve customer experience.

This policy applies to information collected from all users of academyEX’s products and services. 

3. Policy Statements

AcademyEX is dedicated to treating personal information with care, trust and respect. This Privacy Policy is designed to provide transparency into privacy practices and principles in a format that users can navigate, read and understand. 

AcademyEX Privacy Policy and Procedures cover the collection, use and disclosure of information by academyEX, the precautions academyEX takes, how individuals can access their personal information, and how complaints can be made if privacy is thought to have been breached.

This policy covers the following:

4. Automatically collected information

AcademyEX servers automatically log standard data provided by the user’s device and web browser to visit academyEx.com & academyEX.com.au. This data may include:

Device data can depend on the specific device or software settings. AcademyEX recommends checking the policies of the device manufacturer or software provider to learn what information they make available.

In the event of errors, academyEX automatically collects data about the error and the circumstances surrounding its occurrence. This data may include technical details about the device, what action was attempted when the error happened, and other information relating to the problem. There may or may not be notice given of such errors. Please be aware that while this information may not be personally identifying by itself, it is possible to combine it with other data to personally identify individual persons.


5. Voluntarily provided personal information 

AcademyEX collects personal information about users through website registration & enquiry forms, enrolment, academic record keeping, online accounts and personal transactions over the phone or online. AcademyEX may collect the following categories of personal data about the user:


6. Information collected as part of the learning journey

AcademyEX gathers various information depending on the site and/or programme (from application through to matriculation and graduation), including:

If a user provides academyEX with personal information about another person, the user must ensure that they are authorised to disclose that information to academyEX and that, without taking any further steps required by applicable data protection or privacy laws, academyEX may collect, use and disclose such information for the purposes described in this privacy policy.

7. Storage, use and disclosure of personal information 

AcademyEX may use the information listed in Sections 4, 5 & 6 for educational purposes, student and client communication, statistical purposes and system administration tasks to maintain this service. AcademyEX does not identify individuals as part of this practice. However, in the event of an investigation by a law enforcement agency or other government agency, academyEX may exercise its legal authority to inspect relevant server logs.

Personal information collected by academyEX will be held for the purposes of authenticating and authorising users, and administration. 

A unique identifier will be assigned to each user, which will be used in conjunction with a secondary means of identification or password.

Staff members and other personnel within academyEX will have access to users’ personal information for purposes relevant to normal operations including but not limited to: marketing, study, academic progress, learning advice and support, student services, online security and safety, and managing and improving the quality of services provided by academyEX.

AcademyEX will use anonymised information (including learning analytics) gained from academyEX student learning activities for academic and marketing purposes, including research and to improve academyEX programmes design and delivery. All possible precautions will be taken to ensure that academyEX students, past and present, will not be identifiable as individuals.

All users will be deemed to have confirmed their acceptance of our privacy policy through the completion of our registration process, web form submissions and newsletter sign-ups, including accepting and signing academyEX Terms and Conditions.

AcademyEX will not disclose any personal information held to a third party unless required by law or except as set out below:

Service Providers

AcademyEX works with third-party service providers who provide hosting, maintenance, backup, storage, infrastructure, payment processing, subscription, analysis, marketing and other services for us, which may require them to access information about the user. 

If a service provider needs to access information about a user to perform services on their behalf, they do so under instruction from academyEX, including abiding by policies and procedures designed to protect the user's information. Some of these service providers may be located in countries other than New Zealand and Australia.

Legal Obligations

In exceptional circumstances, academyEX may share information about a user with a third party if academyEX believes that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce academyEX agreements, policies and terms of service, (c) protect the security or integrity of academyEX sites and services, or (d) protect academyEX, related companies, customers or the public from harm or illegal activities.

Sale of our business

In the event that academyEX proposes to sell the business or any of its assets, academyEX may provide user personal data as part of a database to a prospective buyer solely so that they can consider the purchase of the business. Should academyEX proceed to sell the business (or a material part of it), academyEX may provide user personal data as part of that sale so that the purchaser can continue to operate the business and contact users about their plans for the business.

8. Cookies and Data Security

A cookie is a very small text file that is sent to a browser from our web server and stored on the user’s computer. Cookies help provide users with a customised experience without having to re-enter their preferences each time they return to academyEX websites. Customers may disable cookies, however doing so may restrict access to some web pages.

AcademyEX takes all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse and alteration of the information held by academyEX. When personal information is no longer required for the purposes for which it was collected, it may be deleted.

Where applicable to the scope of the project, academyEX booking and payment systems can form part of the solution. These systems are PCI-DSS compliant. NB. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment.

AcademyEX has in place measures to ensure the security of the personal data that is collected and stored about users. academyEX uses all reasonable endeavours to protect personal data from unauthorised disclosure and/or access, including (but not limited to) the use of network and database security measures, such as database segregation, WAF and firewalls and data encrypted-in-transit, regular patching and security updates, access control (including the enforcement of MFA and regular audits of users, roles and groups) and the gathering, monitoring and alerting of security telemetry

AcademyEX has put in place procedures to deal with any suspected personal data breach and will notify users and any applicable regulator of a breach where legally required to do so.

9. Data Retention

AcademyEX will hold a user’s information for as long as their User Account is active or as is needed to provide services to the user, or as long as AEX is legally obliged to. This retention policy extends to:

Automatically collected information

In the case of automatically collected information, we will make a good-faith effort to retain server logs for no longer than 90 days.

Voluntarily submitted personal information

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process personal information, we will either delete or anonymise it or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store personal information and isolate it from any further processing until deletion is possible.

10. User access to and Correction of Personal Information

A user may request access to their personal information by emailing privacy@academyex.com. If a user contacts academyEX by email or phone (+64 9 964 4444), academyEX may need to verify their identity for security purposes. Changes may take up to 10 days to take effect. If a user has questions regarding the specific personal information about them that academyEX holds, they can contact privacy@academyex.com. 

If a user wishes to cancel their Account or request that academyEX no longer use their information to provide services, they can contact academyEX at privacy@academyex.com.

The role of the Privacy Officer is a shared responsibility between representatives from the Digital Advisory Working Group and the academyEX management team. These include but are not limited to: Chief Technology Officer, Academic Director, GM and Head of Data. 

If you would like to lodge a complaint or think your information has been mishandled, please contact our Privacy Officer at privacy@academyex.com. All complaints will be regarded as critical and attempted to be resolved within 10 days, or beforehand. The New Zealand and Australian Privacy Commissioners are listed in the “Relevant Documents and Information” section of this document. 

11. Data Deletion

For academyEX account holders, you have the right to request the deletion of your personal data in accordance with applicable data protection laws. If you wish to have your data deleted, you can follow the steps below to submit your request:

Contact Us

You can submit your data deletion request by sending an email to our Privacy Officer at privacy@academyex.com. Please include the subject line "Data Deletion Request" and provide sufficient information to identify your account (e.g., name, email address, user ID, etc.).

Verification

Once we receive your request, we may ask for additional information to verify your identity before processing your data deletion request. This is to ensure that your data is protected and that the request is legitimate.

Processing Timeline

We will acknowledge your request within 10 business days and aim to complete the deletion process within 30 days. If there is a reason for any delay, we will inform you of the status of your request.

Limitations

Please note that certain data may be retained if it is necessary for legal, regulatory, or security purposes, or to complete transactions you have initiated. In such cases, we will inform you of the specific data and reason for its retention.

For further questions or clarifications, you can always contact our Privacy Officer at privacy@academyex.com.

12. Limits of our policy

Please be aware that we have no control over the content and policies of third-party websites that may be linked to from within LMS content and supporting material and therefore, academyEX cannot accept responsibility or liability for their respective privacy practices.

13. Changes to this policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If required by law, we will get permission or give the opportunity to opt in to or opt out of, as applicable, any new uses of personal information.

14. External links

In the event our Website contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, please read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of the activities that occur after leaving our site.

15. Relevant Documents and Information