Privacy policy - Text block

The purpose of this policy is to ensure that all reasonably available measures are in place to protect the privacy of information collected through user interaction with digital learning platforms, content creation and services delivered by AcademyEX PTY Ltd (Australia) &amp; academyEX Education Limited Partnership (New Zealand), collectively referred to as academyEX. It is provided in accordance with respect to academyEX’s obligations under the Australian Privacy Act 1988 and the New Zealand Privacy Act (2020), the New Zealand Education and Training Act (2020).  AcademyEX PTY Ltd (AU) +614 0155 7588 hello@academyex.com.au Suite 2, Level 25/1 Bligh St Sydney NSW 2000 Australia academyEX Education Limited Partnership (NZ) +64 09 964 4444 hello@academyex.com 99 Khyber Pass Road, Grafton, Auckland 1023 New Zealand This privacy policy is directed at commercial customers of academyEX, its Learning Management System and supporting SaaS platforms. For individual students of academyEX courses, please refer to the privacy policy <a rel="noreferrer" target="_blank" href="https://academyex.com/privacy-policy">here</a>.

Purpose - Privacy policy

This policy applies to all staff members and processes at academyEX. AcademyEX must ensure that, when using or dealing with personal information relating to leads, learners, alumni, staff members, users, clients, contractors or any other individuals, they comply fully with this policy.  This policy applies to all personal and client information provided, whether in person or via other means, including through academyEX sites including, but not exclusive to the Learning Management System and supporting SaaS platforms. Personal information is any information about the user. Such information may be automatically collected (i.e. information sent to academyEX by user-managed devices used to access academyEX services), voluntarily provided (i.e. knowingly and actively provided by the user) and/or via learning analytics used to support learners and improve customer experience. This policy applies to information collected from all users of academyEX’s products and services.

Scope - Privacy policy

AcademyEX is dedicated to treating personal information with care, trust and respect. This Privacy Policy is designed to provide transparency into privacy practices and principles in a format that users can navigate, read and understand.  AcademyEX Privacy Policy and Procedures cover the collection, use and disclosure of information by academyEX, the precautions academyEX takes, how individuals can access their personal information, and how complaints can be made if privacy is thought to have been breached. This policy covers the following:<ul><li>Automatically collected information</li><li>Voluntarily provided personal information</li><li>Information collected as part of the learning journey</li><li>Storage, use and disclosure of personal information</li><li>Cookies and data security</li><li>Data retention</li><li>User access to and correction of personal information</li></ul>

Policy statements - Privacy policy

AcademyEX servers automatically log standard data provided by the user’s device and web browser to visit academyEx.com &amp; academyEX.com.au. This data may include:<ul><li>the device’s IP address</li><li>device type</li><li>operating system</li><li>browser type and version</li><li>the pages visited</li><li>the time and date of the visit</li><li>time spent on each page, and </li><li>other details about the visit or device.</li></ul> Device data can depend on the specific device or software settings. AcademyEX recommends checking the policies of the device manufacturer or software provider to learn what information they make available. In the event of errors, academyEX automatically collects data about the error and the circumstances surrounding its occurrence. This data may include technical details about the device, what action was attempted when the error happened, and other information relating to the problem. There may or may not be notice given of such errors. Please be aware that while this information may not be personally identifying by itself, it is possible to combine it with other data to personally identify individual persons.

Automatically collected information - Privacy policy

AcademyEX collects personal information about users through website registration &amp; enquiry forms, enrolment, academic record keeping, online accounts and personal transactions over the phone or online. AcademyEX may collect the following categories of personal data about the user:<ul><li>Contact details (including name, title, address, telephone number, email address and employee/company information);</li><li>date of birth;</li><li>log in details and passwords;</li><li>application details;</li><li>credit card/payment details;</li><li>location information either provided by the user, by a mobile device or associated IP address (where permitted by law);</li><li>usage, viewing and technical data, including device identifier, server address, IP address, domain name, browser type, and activity/conduct on the Site;</li><li>aggregated data (such as tracking of site traffic and cookies);</li><li>other information you choose to provide about interests, educational background, occupation and work experience, learning goals, and, if opted in, information for the purposes of personalising our email and services’ and;</li><li>other information the user provides to us through any other method (including, without limitation, correspondence and discussions whether on the Site, by phone or via other means);</li><li>ethnicity, academic and professional achievements and identification information (e.g from passports, visas, driver&#039;s license;</li><li>information collected as part of the learning journey.</li></ul>

Voluntarily provided personal information - Privacy policy

AcademyEX gathers various information depending on the site and/or programme (from application through to matriculation and graduation), including:<ul><li>Personal information required for enrolment in academyEX programmes or courses provided by academyEX, including identification, qualification, academic, professional, community and immigration information where relevant.</li><li>Personal information provided to us through any other method (including without limitation correspondence and discussions whether on academyEX sites or via other means) including, but not limited to:<ul><li>comments voluntarily posted while participating in online discussions with the academyEX academic staff, facilitators, educators and other students</li><li>any email communications with academyEX to seek support or to send queries related to academic work</li><li>any academic-related content submitted electronically, such as assessments (written, video or other relevant submissions), quizzes, and examinations, and the results of any assessments</li><li>any data and documentation submitted as part of the identity verification process where required to obtain a certificate or academic accreditation</li></ul></li><li>When you are participating in an academyEX programme or courses provided by academyEX, we and third parties may collect and store the following additional information:<ul><li>comments you voluntarily post while participating in online discussions</li><li>any email communications with academyEX to seek user support or to send queries and responses you voluntarily provide in questionnaires, surveys, or user research that you participate in related to the programme</li><li>learning analytics data (generated from activity on the Learning Management System)</li></ul></li></ul> If a user provides academyEX with personal information about another person, the user must ensure that they are authorised to disclose that information to academyEX and that, without taking any further steps required by applicable data protection or privacy laws, academyEX may collect, use and disclose such information for the purposes described in this privacy policy.

Information collected as part of the learning journey - Privacy policy

AcademyEX may use the information listed in Sections 4, 5 &amp; 6 for educational purposes, student and client communication, statistical purposes and system administration tasks to maintain this service. AcademyEX does not identify individuals as part of this practice. However, in the event of an investigation by a law enforcement agency or other government agency, academyEX may exercise its legal authority to inspect relevant server logs. Personal information collected by academyEX will be held for the purposes of authenticating and authorising users, and administration.  A unique identifier will be assigned to each user, which will be used in conjunction with a secondary means of identification or password. Staff members and other personnel within academyEX will have access to users’ personal information for purposes relevant to normal operations including but not limited to: marketing, study, academic progress, learning advice and support, student services, online security and safety, and managing and improving the quality of services provided by academyEX. AcademyEX will use anonymised information (including learning analytics) gained from academyEX student learning activities for academic and marketing purposes, including research and to improve academyEX programmes design and delivery. All possible precautions will be taken to ensure that academyEX students, past and present, will not be identifiable as individuals. All users will be deemed to have confirmed their acceptance of our privacy policy through the completion of our registration process, web form submissions and newsletter sign-ups, including accepting and signing academyEX Terms and Conditions. AcademyEX will not disclose any personal information held to a third party unless required by law or except as set out below:<h3>Service Providers</h3>AcademyEX works with third-party service providers who provide hosting, maintenance, backup, storage, infrastructure, payment processing, subscription, analysis, marketing and other services for us, which may require them to access information about the user.  If a service provider needs to access information about a user to perform services on their behalf, they do so under instruction from academyEX, including abiding by policies and procedures designed to protect the user&#039;s information. Some of these service providers may be located in countries other than New Zealand and Australia.<h3>Legal Obligations</h3>In exceptional circumstances, academyEX may share information about a user with a third party if academyEX believes that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce academyEX agreements, policies and terms of service, (c) protect the security or integrity of academyEX sites and services, or (d) protect academyEX, related companies, customers or the public from harm or illegal activities.<h3>Sale of our business</h3>In the event that academyEX proposes to sell the business or any of its assets, academyEX may provide user personal data as part of a database to a prospective buyer solely so that they can consider the purchase of the business. Should academyEX proceed to sell the business (or a material part of it), academyEX may provide user personal data as part of that sale so that the purchaser can continue to operate the business and contact users about their plans for the business.

Storage, use and disclosure of personal information - Privacy policy

A cookie is a very small text file that is sent to a browser from our web server and stored on the user’s computer. Cookies help provide users with a customised experience without having to re-enter their preferences each time they return to academyEX websites. Customers may disable cookies, however doing so may restrict access to some web pages. AcademyEX takes all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse and alteration of the information held by academyEX. When personal information is no longer required for the purposes for which it was collected, it may be deleted. Where applicable to the scope of the project, academyEX booking and payment systems can form part of the solution. These systems are PCI-DSS compliant. NB. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment. AcademyEX has in place measures to ensure the security of the personal data that is collected and stored about users. academyEX uses all reasonable endeavours to protect personal data from unauthorised disclosure and/or access, including (but not limited to) the use of network and database security measures, such as database segregation, WAF and firewalls and data encrypted-in-transit, regular patching and security updates, access control (including the enforcement of MFA and regular audits of users, roles and groups) and the gathering, monitoring and alerting of security telemetry AcademyEX has put in place procedures to deal with any suspected personal data breach and will notify users and any applicable regulator of a breach where legally required to do so.

Cookies and Data Security - Privacy policy

AcademyEX will hold a user’s information for as long as their User Account is active or as is needed to provide services to the user, or as long as AEX is legally obliged to. This retention policy extends to:<h3>Automatically collected information</h3>In the case of automatically collected information, we will make a good-faith effort to retain server logs for no longer than 90 days.<h3>Voluntarily submitted personal information</h3>We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process personal information, we will either delete or anonymise it or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store personal information and isolate it from any further processing until deletion is possible.

Data Retention - Privacy policy

A user may request access to their personal information by emailing privacy@academyex.com. If a user contacts academyEX by email or phone (+64 9 964 4444), academyEX may need to verify their identity for security purposes. Changes may take up to 10 days to take effect. If a user has questions regarding the specific personal information about them that academyEX holds, they can contact privacy@academyex.com.  If a user wishes to cancel their Account or request that academyEX no longer use their information to provide services, they can contact academyEX at <a rel="noreferrer" target="_blank" href="mailto:privacy@academyex.com">privacy@academyex.com</a>. The role of the Privacy Officer is a shared responsibility between representatives from the Digital Advisory Working Group and the academyEX management team. These include but are not limited to: Chief Technology Officer, Academic Director, GM and Head of Data.  If you would like to lodge a complaint or think your information has been mishandled, please contact our Privacy Officer at <a rel="noreferrer" target="_blank" href="mailto:privacy@academyex.com">privacy@academyex.com</a>. All complaints will be regarded as critical and attempted to be resolved within 10 days, or beforehand. The New Zealand and Australian Privacy Commissioners are listed in the “Relevant Documents and Information” section of this document.

User access to and Correction of Personal Information - Privacy policy

For academyEX account holders, you have the right to request the deletion of your personal data in accordance with applicable data protection laws. If you wish to have your data deleted, you can follow the steps below to submit your request:<h3>Contact Us</h3>You can submit your data deletion request by sending an email to our Privacy Officer at <a rel="noreferrer" target="_blank" href="mailto:privacy@academyex.com">privacy@academyex.com</a>. Please include the subject line &quot;Data Deletion Request&quot; and provide sufficient information to identify your account (e.g., name, email address, user ID, etc.).<h3>Verification</h3>Once we receive your request, we may ask for additional information to verify your identity before processing your data deletion request. This is to ensure that your data is protected and that the request is legitimate.<h3>Processing Timeline</h3>We will acknowledge your request within 10 business days and aim to complete the deletion process within 30 days. If there is a reason for any delay, we will inform you of the status of your request.<h3>Limitations</h3>Please note that certain data may be retained if it is necessary for legal, regulatory, or security purposes, or to complete transactions you have initiated. In such cases, we will inform you of the specific data and reason for its retention. For further questions or clarifications, you can always contact our Privacy Officer at <a rel="noreferrer" target="_blank" href="mailto:privacy@academyex.com">privacy@academyex.com</a>.

Data Deletion - Privacy policy

Please be aware that we have no control over the content and policies of third-party websites that may be linked to from within LMS content and supporting material and therefore, academyEX cannot accept responsibility or liability for their respective privacy practices.

Limits of our policy - Privacy policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy. If required by law, we will get permission or give the opportunity to opt in to or opt out of, as applicable, any new uses of personal information.

Changes to this policy - Privacy policy

In the event our Website contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, please read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of the activities that occur after leaving our site.

External links - Privacy policy

<ul><li><a rel="noreferrer" target="_blank" href="https://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23223.html">NZ Privacy Act (2020)</a></li><li><a rel="noreferrer" target="_blank" href="https://www.legislation.govt.nz/act/public/2020/0038/latest/LMS170676.html">NZ Education Act (2020)</a></li><li><a rel="noreferrer" target="_blank" href="https://www.legislation.govt.nz/act/public/2015/0063/latest/whole.html">Harmful Digital Communications Act 2015</a></li><li><a rel="noreferrer" target="_blank" href="https://www.privacy.org.nz/your-privacy/frequently-asked-questions/">Privacy – FAQ</a></li><li><a rel="noreferrer" target="_blank" href="https://link.academyex.com/3juWWhL">AcademyEX Code of Conduct (Staff and Students)</a></li><li><a rel="noreferrer" target="_blank" href="https://www2.nzqa.govt.nz/about-us/rules-fees-policies/nzqa-rules/pte-enrolment-and-academic-records-rules/">NZQA PTE Enrolment and Academic Records Rules 2022</a></li><li><a rel="noreferrer" target="_blank" href="https://www.oaic.gov.au/privacy/privacy-legislation/the-privacy-act">Australian Privacy Act 1988</a></li><li>New Zealand Privacy Commissioner enquiries line - 0800 803 909.</li><li><a rel="noreferrer" target="_blank" href="https://www.oaic.gov.au/">Office of the Australian Privacy Commissioner</a> - or 1300 363 992.</li></ul>

THE IMPORTANT LEGAL STUFF

Privacy Policy

Last updated 09/11/2023

1. Purpose

2. Scope

3. Policy Statements

4. Automatically collected information

5. Voluntarily provided personal information

6. Information collected as part of the learning journey

7. Storage, use and disclosure of personal information

8. Cookies and Data Security

9. Data Retention

10. User access to and Correction of Personal Information

11. Data Deletion

12. Limits of our policy

13. Changes to this policy

14. External links

15. Relevant Documents and Information