Version Information
Fri, 31 Mar 2023
Approved by: Governance Board
Current Version: V1.1
Replaces Version: V1.0
Next Review: Thu, 31 Dec 2020
Domain:
Institute
Related Policies
- Assessment and Moderation Policy
- Critical Incident Policy
- Course Evaluation and Review Policy
- Information Management and Security Policy
- Records Management Policy
- Staff Grievance and Complaint Policy
- Academic Staff Performance Review and Management Policy
- Staff Selection Recruitment Appointment and Professional Equivalency Policy
- Student Grievance Complaints and Appeal Policy (Academic)
- Student Grievance Complaints and Appeals Policy (Non-academic)
- Fee Refund and Change Policy
- Student Information and Communication Policy
- Student Recruitment Admission and Enrolment Policy (STP)
- Terms of Service
Privacy Policy
Purpose
This policy sets out how Metavision Institute collects, uses and processes personal data, as well as ensuring that information about staff members, contractors, suppliers, students, clients, alumni and other stakeholders is kept confidential. Information collected by or provided to Metavision Institute will be used only in the ways described in this policy, and in accordance with Metavision Institute’s obligations as a higher education provider in regard to the collection, storage and use of information.
The following Acts and the Privacy Management Framework set out the principles and processes that Metavision Institute must abide by when it collects, stores, uses and discloses Personal Information: The NSW Privacy and Personal Information Protection Act 1998, the Information Privacy Act 2002, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and the Office of the Australian Information Commissioner’s Privacy Management Framework.
Scope
This policy applies to all members of Metavision Institute’s community.
Definitions
Personal Information is defined as any information that allows individuals to be identified, including any information relating to a person’s study or work at Metavision Institute as an employee, contractor or supplier. Metavision Institute considers any information that an individual discloses in public online forums or other interactive media to be public information which therefore may not be protected.
A Data Breach is an unauthorised access or disclosure of personal information, or loss of personal information. A data breach may result from malicious action, human error or a data systems failure.
A Notifiable Data Breach is data breach involving personal information that are likely to result in serious harm to any individual affected, and requires specific steps to be taken. The Notifiable Data Breach scheme was established by the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017.
Relevant TEQSA Threshold Standards
This policy aligns with requirements of Sections 2.3 Wellbeing and Safety, 2.4 Grievances and Complaints, 6.2 Corporate Monitoring and Accountability, 7.2 Information for Prospective and Current Students and 7.3.3 Information Management in the Higher Education Standards Framework 2015.
Policy
1 - Collection of Personal Information
Metavision Institute collects personal information from a variety of sources about staff, prospective and enrolled students, alumni, governance committee members and stakeholders. Information may be collected from a range of sources, including the following:
- Course application form, assignment extension request form, critical incident report, formal complaint and appeal applications,
- Prospective students entering personal information into the online application form,
- Contact form on Metavision Institute’s website,
- Email, telephone or mail,
- Engagement via social media on Metavision Institute’s Facebook page, Instagram and LinkedIn,
- Participation in any course, workshop, activity, or event offered by Metavision Institute,
- Industry partners and host organisations providing work integrated learning experiences,
- Staff performance reviews, supervisory meetings and leave applications,
- Applications and interviews for employment, contract work or as a supplier to Metavision Institute,
- When required to do so by law (for education, child protection, occupational health and safety or other legislation in Australia), and
- Assignments submitted through the Learning Management System Sophia and clientinformation presented in supervision by students to meet the requirements of their enrolled course.
The information that Metavision Institute may collect about students, staff, contractors, suppliers, alumni, governance committee members and stakeholders includes:
- Names,
- Dates of birth,
- Contact information, including email addresses, home addresses, phone numbers, Skype addresses,
- Demographic information such as postcodes, age, and gender,
- Licence number, passport number, bank account details, ACN, ABN, and Tax File Number,
- Information about employment background, work experience, and references,
- Information about circumstances affecting study such as disabilities and special circumstances, and
- Financial information and banking details.
2 - Use of Personal Information
Metavision Institute collects and uses personal information for the following purposes:
- To provide marketing information about courses, professional development seminars and services to students, and to request relevant information to manage and administer courses and services, including prior qualifications, enrolment, assessment, and issuing of testamurs, records of results and statements of results,
- To verify identity,
- To respond to queries relating to courses, units, workshops, requests for academic advice, complaints and services,
- To better understand student needs, and enable Metavision Institute to improve its courses, services and the student experience on the basis of formal feedback,
- For internal records,
- For assessment in Metavision Institute’s higher education and other courses,
- To report on student outcomes according to requirements of the Tertiary Education Quality Standards Agency (TEQSA),
- To report to TEQSA and the Department of Education and Training on key personnel and fit and proper persons responsible for the management of Metavision Institute, and
- To employ and manage staff, contractors and suppliers.Standards Agency (TEQSA),
- To report to TEQSA and the Department of Education and Training on key personnel and fit and proper persons responsible for the management of Metavision Institute, and
- To employ and manage staff, contractors and suppliers.
3 - Modes of Communication
Metavision Institute communicates with staff, contractors, suppliers, prospective and enrolled students, alumni, governance committee members and stakeholders by telephone, email, SMS, social media, the website, and/or mail. Staff, contractors, suppliers, enrolled students, and governance committee members are expected to maintain up to date contact details.
Information transmitted over the internet cannot be guaranteed to be secure. Metavision Institute cannot guarantee the security of any electronic information that is transmitted or received.
4 - Disclosure of Stored Personal Information
Metavision Institute will provide access to personal information it holds:
- If Metavision Institute obtains written permission from the relevant party to provide access to the information;
- Under relevant legislation, and depending on circumstances:
- Department of Education and Training,
- TEQSA,
- Australian Tax Office,
- Superannuation funds, and
- Centrelink.
Metavision Institute may disclose personal information in order to:
- Assist with core functions such as the recruitment of students and provision of IT services,
- Verify educational information details upon request from third parties, such as verifying completed courses and qualifications, and articulation into other higher education courses offered by external institutions,
- Comply with Metavision Institute’s legal and regulatory obligations, including disclosure and reporting to Commonwealth, State and Territory government agencies for planning, evaluative, administrative and funding purposes. This may include:
- Disclosure and reporting to Commonwealth and State government agencies for the purpose of administrating entitlements to financial assistance under Commonwealth programs for supporting students, such as FEE-HELP, and
- Disclosure and reporting to TEQSA,
- Notify credit reporting agencies and courts, tribunals, and regulatory authorities where students fail to pay for goods or services provided by Metavision Institute to them, when internal avenues for remedy have been exhausted,
- Respond to courts, tribunals, regulatory authorities, and law enforcement officers as required by law in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend Metavision Institute’s legal rights,
- Communicate with relevant third party or parties, with relevant consent, if a matter involves third parties. When Metavision Institute discloses personal information to third parties, it will request or otherwise seek confirmation that the third party follows Australian Law and Privacy Principles regarding management of personal information,
- Pay wages, superannuation and other relevant employment benefits, and contractor and supplier entitlements, and
- Protect the safety of students, staff, students’ clients, contractors and suppliers in the case of risk of safety.
5 - Data Security
Metavision Institute is committed to ensuring that the information provided by staff, students, alumni, committee members and stakeholders is stored securely. In order to prevent unauthorised access or disclosure, Metavision Institute has appropriate physical, electronic and administrative processes in place to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Metavision Institute takes seriously the risk of a breach of data security and takes reasonable steps to reduce the risk of a breach. Data security is included in Metavision Institute’s Risk Management Framework.
The Executive Committee monitors risk to data security. The Executive Officer will immediately report a notified breach of data security to the Governance Board, including a plan for how to reduce risk of harm to affected individuals (for example, change of password if an email or student account has been subject to unauthorised access).
The Executive Officer will report Notifiable Data Breaches to affected individuals and the Privacy Commissioner (for example, if stored information on Tax File Numbers has been accessed) when serious harm is likely and remedial action taken by Metavision Institute has not reduced the risk of harm.
6 - Use of cookies
Metavision Institute uses cookies on its website. Cookies are small files sent from the web server to users’ web browsers which do not contain personal information. Cookies allow access and navigation, analyse web traffic and remember users’ choices. Cookies do not give Metavision Institute access to users’ computers or information, other than data provided by users. Users can choose to accept or decline cookies.
7 - Links to other websites
Metavision Institute’s website may provide links to other websites of interest. Metavision Institute does not have control over other websites. Prospective and current students are to exercise caution when accessing such websites.
8 - Control of Personal Information
8.1 Choice and Consent
In order for Metavision Institute to fulfil its duties as a provider of accredited higher education courses and services, enrolled students, staff, contractors and suppliers are required to disclose certain personal information. Personal information is protected by this policy. Metavision Institute will not sell, distribute or release personal information to third parties unless it has permission or is legally required to do so.
8.2 Restrict collection or access
Students, alumni, staff, contractors, suppliers and stakeholders may choose to restrict the collection or use of personal information. Students who have previously agreed to Metavision Institute using their personal information for marketing purposes may change their mind at any time by notifying the Student Liaison Officer.
8.3 Access to personal information
Students, alumni, staff, contractors, suppliers and stakeholders may request access to personal information held by Metavision Institute in accordance with the provisions of the Privacy Act. A small administrative fee may be payable for the provision of personal information. Metavision Institute will require evidence of identification prior to releasing information and reserves the right to refuse to provide individuals with such information in certain circumstances as set out in the Act.
8.4 Correction of personal information
If students, alumni, staff, contractors, suppliers or stakeholders believe that personal information stored by Metavision Institute is inaccurate, out of date, incomplete, irrelevant or misleading, a request for the information to be rectified or updated is to be submitted to the Executive Officer. Metavision Institute relies in part upon individuals advising any changes in their personal information. Metavision Institute will promptly respond to requests to correct personal information within a timeframe of up to five working days.
8.5 Unsubscribe
Students, alumni and stakeholders may unsubscribe from the email database, or opt out of communications, by emailing the Administrative Officer.
9 - Complaints
If students, alumni, staff, contractors, suppliers or stakeholders believe that Metavision Institute has breached its privacy obligations or this policy, the relevant policy is to be followed in raising a grievance or making a complaint: the Staff Grievance and Complaints Policy or Student Grievance, Complaints and Appeals Policy (Non-Academic). Complaints will be responded to within the framework of the relevant policy.
To contact Metavision Institute about privacy concerns, email the Executive Officer.
Responsibilities
The Governance Board is responsible for monitoring the implementation of this policy and ensuring there is a system in place to report data breaches.
The Executive Officer is responsible for the implementation of this policy and reporting to Governance Board.
Line managers are responsible for training new staff in privacy obligations and management in the Induction period.
All staff members, contractors and suppliers who collect personal information as part of their duties, scholarly work or work activities for Metavision Institute are to ensure they meet their obligation to protect such information in accordance with the relevant legislation and this policy. Staff members, contractors and suppliers are responsible for reporting unauthorised access to their email accounts or to documents stored electronically, or any other data breach to the Executive Officer.
Students are responsible for reporting unauthorised access to the Administration Office.
Affected users are to change their passwords online immediately following the receipt of a report of unauthorised access and assess whether any other action is required.
The Executive Committee is responsible for monitoring and reporting on Metavision Institute’s privacy management and any breach of this policy, and planning for prevention.
Related Documents
- Business Continuity Plan
- Student Handbook
- Risk Management Framework
- Risk Register
- Assignment Extension Request Form
- Course Application Form
- Critical Incident Report Form
- Formal Complaints and Appeals Lodgement Form