Griffith College's role as an education provider requires the collection, storage and use of personal information relating to its students, staff and other clients. Griffith College recognises its obligation with regards to the collection, storage and use of this information.
The overall responsibility for privacy of information for the College resides with the College Director and Principal, with the day to day management delegated to the Quality and Compliance Manager. The Quality and Compliance Manager is the first point of contact for privacy matters including general information, requests to access and/or amend personal information, and for internal review and resolution of complaints.
Nature of personal information
Personal information is defined as any information that would allow an individual to be identified. Personal information can be an opinion, which need not be true, or anything from which the person's identity could be reasonably ascertained. Common examples of personal identifiers are name, phone number, email address, nationality, date of birth, educational history, physical characteristics and most commonly, staff or student identification numbers.
Due to the nature of the services provided by Griffith College, some of the information collected may be sensitive, for example, an individual’s race, religion, ethnic background or medical history. By providing Griffith College with sensitive information, the individual consents to the collection and use of their sensitive information. It is not common practice for Griffith College to collect information about an individual’s political opinion, sexual preference or criminal record, unless such information is required in order to process a student’s application for admission, enrolment and education.
Methods of collection of personal information
Griffith College collects personal information through a variety of paper and electronic formats in regards to its staff, students and external clients. Examples of common collection methods include when an individual:
- Lodges an online enquiry;
- Applies for admission
- Enrols in a program
- Attends a seminar
- Applies for employment.
Additionally, Griffith College will collect from users of the Griffith College website, anonymous information for statistical purposes, such as internet protocol address, website activity, cookie identifiers, server logs, date and time of request, pages and files accessed, the type of browser, the operating system and information entered into web forms, etc. Cookies may be placed on users' browsers for targeted purposes. No personal information is collected by these tools. Users that do not wish to participate must visit Google's Ad Preferences Manager, or network advertising choices
Generally, personal information is collected directly from the individual, although there may be occasions when information is collected from third parties, such as a family member who contacts Griffith College on behalf of an individual, from contractors who supply services to Griffith College, through partner universities or a publicly maintained record. If an individual does not provide information requested, Griffith College may not be able to provide the service.
If a third party provides information to Griffith College, they must ensure that they are entitled to disclose that information, without Griffith College being required to take further steps required by privacy laws. All third parties should take reasonable steps to ensure that the individual concerned is aware of the various matters detailed in this Policy.
Unauthorised attempts to access or tamper with information held by Griffith College or Navitas may lead to the gathering of more extensive information than usual, and possible legal action.
Use of personal information
All information collected is for the purposes of the operations of the College, or where dictated by legislative guidelines. For example, administering and managing the services provided to prospective and current students, including admissions, enrolment, education, billing, maintaining our information technology services, data storage, marketing the services of Griffith College and its related entities, hiring and managing employees and contractors, evaluating and improving service provision and facilitating articulation to Griffith University. Griffith College may use personal information to contact the discloser by mail, email, SMS or telephone. Griffith College may engage other companies to provide services, who will need access to personal information to perform the service, such as an offshore cloud-based service to store and process personal information. All disclosers accept that entities located outside of Australia are not required to comply with Australian privacy laws, and Griffith College is not responsible for failure of the overseas recipient to comply. These entities may be located in the USA, Japan and Hong Kong.
Only a limited number of staff have access to the anonymous information collected via the Navitas website. The information is collected for analysis. It is then evaluated and published in reports that show Griffith College usage patterns and identify popular areas of the website. This aids to improve and develop websites.
Minors and privacy
When Griffith College knows that a person under age 15 is providing personal information to the College, the individual will be required to obtain parental permission and consent.
Disclosure of Personal Information
Personal information may be disclosed where an individual has consented to the disclosure. A common example is where students permit the release of information to their agent or parents. In addition, information may be disclosed in situations where individuals have been informed of the usual practice of disclosure. Griffith College will routinely share personal information with Griffith University. Some common examples of this are:
- the transfer of student results to streamline articulation to Griffith University
- the transfer of personal details to enable the creation of student and staff accounts within the Griffith I.T. system. Griffith I.T. accounts enable staff and students to access online library resources, health and safety training, and other useful materials
- Griffith University may also share information with Griffith College in relation to student performance, to inform continuous improvement.
Griffith College will only publish personal information on its website, where the individual has consented that the personal information be collected and disclosed for this particular purpose. The individual should be aware that information published on websites is accessible to millions of users from all over the world, that it may be indexed by search engines and that it may be copied and used by any web user. Names and email addresses of Griffith College staff appearing on the website are provided with their knowledge and consent. Once personal information is published on the Griffith College website, it will not be possible to control subsequent use and disclosure.
At no time will Griffith College disclose or externally publish personal information to third parties who are not related to Navitas or Griffith University, or allow them to directly market their products or services without the individual's consent. Further, Griffith College will not sell or receive payment for licensing or disclosing personal information. No attempt will be made to identify users of Griffith College's website, or their browsing activities, except for in the unlikely event of an investigation or legal proceedings, or where otherwise permitted to do so under the Privacy Act 1988. Griffith College will gather more extensive information in the following circumstances:
- Unauthorised attempts to access files other than those published on the Griffith College website
- Unauthorised tampering or interference with files published on the Griffith College website
- Unauthorised attempts by other websites to index the contents of the Griffith College website
- Attempts to intercept messages of other Griffith College or Navitas website users
- Communications which are defamatory, abusive, vilify individuals or groups or give rise to a suspicion that an offence is being committed
- Attempts to otherwise compromise the security of the Griffith College/Navitas web server, breach the laws of the Commonwealth or a state of Australia, or interfere with the use of the Navitas website by other users.
In rare circumstances information in regards to an individual may be disclosed where:
- There is a serious and imminent threat to a person's life, health or safety
- There is a requirement under law, or authorised by law, or
- There is a requirement under an enforcement body.
Statutory Requirements for Collection and Disclosure of Personal Information
Griffith College is required to collect and disclose information during a student's admission and enrolment to the College in order to meet our obligations under a range of legislative requirements.
Common examples of the disclosure of information include:
- Commonwealth Department of Education - statistical information about student enrolment, educational background country of birth, or where a student has requested financial assistance with tuition fees.
- Commonwealth Tertiary Education Quality Standards Agency (TEQSA) - information relating to staff qualifications and professional development and student performance and satisfaction levels.
- Overseas Student Ombudsman - where an overseas student lodges an appeal against a decision of the College, Griffith College will be required to respond with personal information relating to the student's case.
- Australian Taxation Office - in relation to FEE-HELP where students may defer fee payment through the taxation system.
- Department of Immigration and Border Protection - reporting requirements of matters related to students on student visas.
- Centrelink - enrolment information on domestic students accessing Centrelink benefits.
- OSHC - where international students opt to pay their Overseas Student Health Cover through Griffith College.
- Tuition Protection Service Director - tuition assurance for international students.
- Australian Council for Private Education and Training - administration of the Australian Student Tuition Assurance Scheme.
The authority to collect this information is contained in the Education Services for Overseas Students Act 2000, the Education Services for Overseas Students Regulations 2001, the National Code of Practice for Registration Authorities and Providers of Education and Training to Overseas Students 2007, the Higher Education Support Act 2003, Social Security (Administration) Act 1999 and Student Assistance Act 1973. Information collected about you can be provided, in certain circumstances, to the Australian Government and designated authorities and, if relevant, the Tuition Assurance Scheme and the Tuition Protection Service Director.
Access to Personal Information
Individuals can obtain information about personal information which the College may hold about them by contacting the Quality and Compliance Manager. Griffith College will take reasonable steps to ensure personal information is accurate, though individuals can also contact the Quality and Compliance Manager to request amendments to the personal information held by the College about them.
Griffith College also provides students with the opportunity to review and amend their personal information through the Griffith College Portal.
Requests for access to personal information must be made in writing to the Quality and Compliance Manager. Griffith College reserves the right to recover reasonable costs associated with providing information requested.
Storage and Security of Personal Information
Griffith College has security measures in place to protect against loss, unauthorised access, use, modification, disclosure, or other misuse, as required by law and generally accepted industry standards. However, no system is 100% secure and to the extent permitted by law, Griffith College excludes any liability in contract, tort or otherwise for any security breach.
Griffith College takes all reasonable steps to destroy hard copies of personal information that is no longer required, and destruction of personal information is undertaken by secured means.
Grievance and Review Procedures
If a student believes that their personal information has not been dealt with in accordance with an APP they may lodge a complaint to the Quality & Compliance Manager in accordance with the Griffith College Student Complaints and Appeals Policy.
If a staff member believes that their personal information has not been dealt with in accordance with an APP, they may lodge a complaint to the Quality & Compliance Manager in accordance with the Staff Grievance Policy, or the dispute resolution processes outlined in the Griffith College Enterprise Agreement.