The College Privacy Policy

Introduction

Navitas Limited respects your right to privacy. This privacy notice (the “Privacy Notice”) explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to data collected about all users of www.navitas.com and websites of our subsidiary companies, and other related websites, (the “Website”) and the services available on the Website (the “Services”).

The terms “the Company,” “we,” “us,” “our,” and “ours” refer to Navitas Limited. The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.

Navitas Limited reserves the right to make changes periodically to this Privacy Notice at our sole discretion. Changes to the Privacy Notice will be posted on this page.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.

We know that there’s a lot of information here, but we want you to be informed about your rights, and how we use data across the Navitas Limited Group of companies to provide you with the best possible service.

For your convenience we have split the information into manageable sections which we hope will answer any questions you have but if not, please do get in touch with us, details are shown in the contact section of this notice.

 

Who is Navitas?

Navitas Limited is a public company listed on the Australian Securities Exchange (ASX) (ASX code is NVT and ABN 69 109 613 309). Our head office is located in Perth Western Australia at the following address:

Navitas Limited
Level 8
Brookfield Place
125 St Georges Terrace
PERTH WA 6000 Australia

The Company has subsidiary companies and affiliated organisations operating in Australia, New Zealand, Canada, Europe, Africa, South East Asia, North Asia, South America, the Middle East and the USA, collectively called the “Company”.

The European head office is located in the UK at the following address:

Navitas UK Holdings Limited
SAE Institute
Littlemore Park
Armstrong Road 
Oxford OX4 4FY UK

The following link will provide you with further details of the Navitas Group: www.navitas.com

For ease of reading this notice the “Company” will be referred to as “we” and “us” in this notice.

Explaining the legal basis for processing your personal data

The Company is a global company and understands that the laws on data protection may be different in different countries, however, the Company has set out below a number of different reasons for which we may collect and process your personal data, including:

Consent

 a. In specific situations, we can collect and process your data with your consent for example,

     when you tick a box to receive marketing material from us.

 b. When collecting your personal data, we’ll endeavour to collect the minimum necessary for

     us to provide our services.

Parental Consent

 a. Depending upon national and sometimes state law you may be called a “minor” when it

     comes to signing a contract or consenting for us to collect and   process your personal data. 

     This means you have not reached the legal age of consent.

                    i. In many countries including Australia, New Zealand, Canada, Singapore and the USA,

                       it is usual to require a person to be 18 years of age.

                    ii. In Europe it is usual that a person is 16 years of age, 13 in the U.K. to consent to receive

                       marketing information. As part of protecting you and your rights, if the law says you are still

                       a “minor”, we require your parents/guardians consent to directly collect and process

                       your data via online services.

Explicit Consent

 a.  Explicit Consent means that you have been presented with an option to agree or disagree with

      the collection, use, or disclosure of personal information.

 b. If we need to collect special categories of data from you in order to provide you with the services

     you require or meet our legal obligations, we will collect this data on the basis of your explicit consent,

     national/regional social protection laws or for statistical reporting purposes requested by official bodies.

c.  The special category data that we may request from you includes details such as your racial or

     ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or

     visa requirements. We may also need to collect data concerning your health (eg medical check reports

     and immunisation history) to provide additional support to you.

Contractual obligations

 a. In certain circumstances we will need to collect your person data to meet our contractual obligations

     to you.

 b. We will collect this data so that we can make an offer to you to study or enrol with us or to work

     with us.

 c. We will use this data to establish a contract that sets out your obligations as a student or employee

     and our obligations as the provider of the study services or employment to you.

Legal compliance

 a. If the law requires us to, we may need to collect and process your data for a number of reasons,

     for example to:

                   i.            Prevent fraud

                  ii.            Meet the needs of immigration authorities

                 iii.            Comply with Consumer Protection law

Legitimate interest

 a. In specific situations, we collect your personal data as part of undertaking our legitimate interests in

     a way which might reasonably be expected as part of running our business and, which does not

     materially impact your rights, freedom or interests. It might include:

                   i.            Staying in touch with you for purposes of staying in touch with ex-students as part of

                                 an alumni programme

                 ii.            Keeping you informed regarding Company highlights and news

When do we collect your Personal Data?

 a. When you visit any of our websites, (here we just collect transaction-based data).

 b. When you complete our online or paper/PDF application forms.

 c. When you engage with us on social media.

 d. When you contact us by any means with queries, comments etc.

 e. When you book any kind of appointment with us.

 f.  When you book to attend an event.

 g. When you’ve given a third-party permission to share with us the information they hold about you.

 h. When you attend a college, campus or office, which may have CCTV systems operating for the security

      of both Students, Visitors and Staff. These systems may record your image during your visit.

 i. For employees we collect your personal data throughout the period of your employment

    with the Company

Categories of Personal Data we collect

 a. Your contact details i.e. your:

                   i.            Name

                  ii.            Gender

                 iii.            Date of birth

                 iv.            Postal address (can be a postal box number and/or a street address)

                 v.            Social media contacts

                vi.            Telephone number/s (mobile and landline)

 b. Identity and Immigration documentation i.e. your:

                 i.            Passport

                ii.            Drivers’ licence

               iii.            Identity card

               iv.            Visa details

 c. Your bank account details.

 d. Your educational history inclusive of but not limited to your:

                 i.            Current qualifications

                ii.            Grades

               iii.            Institution/s you studied at

               iv.            Most recent study experience

 e. Details of your interactions with us, such as:

                   i.         We collect details of enquiries and comments you make in the web pages you visit or

                              when you contact us by email, telephone or in person

                 ii.          Information gathered by the use of ‘cookies’ in your web browser.

                              (Learn more about our ‘cookie policy’)

 f. Additionally, for employment purposes:

                  i.          Social security (or equivalent) details

                 ii.           Next of Kin details

                iii.           Health information

 

Why we use your Personal Data

 a. To ensure that we provide you with the information and service you need we sometimes combine the data we have about you. This is allowed as part of our legitimate interest to provide you with the optimum service.

 b.  If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.

 c. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.

 d. The reasons we use your personal data include:

                  i.            To operate and administer our business to provide you with the best possible service.

                                 This is done on the basis of our legitimate business interests.

                 ii.            To respond to your queries and requests.

                iii.            We may keep a record of communication with you. We do this on the basis of our

                               contractual obligations to you, our legal obligations and our legitimate interests

                               in providing you with the best service.

                iv.            To protect our business and you from fraud and other illegal activities.

                v.            We’ll also monitor your browsing activity with us to quickly identify and resolve any

                               problems and protect the integrity of our websites. We’ll do all of this as part of our 

                               legitimate interest.

               vi.            To protect our students, visitors and staff, premises and assets, we operate CCTV

                               systems in some of our colleges, campuses and offices which record images

                               for security. We do this on the basis of our legitimate business interests.

              vii.             To process payments and to prevent fraudulent transactions. This is done on the basis

                               of our legitimate business interests and to help protect you from fraud.

             viii.             With your consent, we will use your personal data preferences, to keep you informed

                               by email, web, text, social media and telephone about relevant services and events.

               ix.            To protect your vital interests if you become unable to provide consent.

                x.            To hire and manage employees and contractors. We do this as part of our contract with

                               you.

               xi.            To send you communications required by law or which are necessary to inform you

                               about our changes to the services we provide you. (For example, updates to this

                               Privacy Notice). These service messages will not include any marketing content and

                               do not require prior consent when sent by email or text message. We need to keep

                               you informed as part of complying with our legal obligations.

             xii.            To comply with our contractual or legal obligations to share data with law enforcement if

                             necessary, for example:

                                     i.            If a court order is presented that requires us to share your personal data

                                                   with law enforcement agencies or courts of law

How we look after your Personal Data

 a. We know how much data security matters. We will treat your data with the utmost care and respect and

     take all appropriate steps to protect it.

 b. We secure access to all transactional areas of our websites and apps using ‘https’ technology.

 c. Access to your personal data is restricted and secure, and sensitive personal data such as health

     information is secured via password protection and encryption.

 d. Storage systems for paper copies are secured and access is managed through the Company’s

      access protocols.

How long do we keep your Personal Data?

 a. We have a detailed records management programme in place and all records (paper and electronic)

     are required to be managed in accord with its security and disposal steps.

 b. Whenever we collect or process your personal data, we will store it safely and only for as long as is

     necessary for the original purpose for which it was collected or as required by law.

 c.  At the end of the documented retention period, your data will either be deleted completely

     or anonymised.

Sharing your Personal Data

We share your Personal Data with trusted Third Parties

      a. We sometimes share your personal data with trusted third parties to provide services

          and business functions.

      b. We set very clear directions and expectations for those organisations regarding the

          safety and protection of your privacy and personal data.

      c. The directions and expectations are set out in our contract with the third party and include:

                i.            Providing them only the information they need to perform their specific services

               ii.            Setting out the purpose for which the personal data is being shared

               iii.           Confirmation that they will make every reasonable effort to ensure that your

                              privacy is respected and protected

               iv.           If we stop using their services, they will undertake to either securely delete or

                             render anonymous any of your personal data held by them

               v.           They will inform us immediately in the event of a suspected or actual breach

                             being detected

The types of third parties we work with include:

  a. IT companies supporting our websites

  b. Cloud storage companies

  c. Customer Relationship Management application providers

  d. Educational establishments

  e. Educational professionals

  f.  Regulatory authorities

  g. Accommodation providers

  h. Estate services

  i.  Online webinar providers

  j.  Insurers

  k. Financial service providers

  l.  Travel service providers

How do third party partners use your Personal Data

 a. When you use a service from one of our chosen partners, your data will be collected and used by

     them under the terms of their own separate privacy policies.

Why do we share your Personal Data?

  a. We need to share your personal data with trusted third parties in order to meet legal and regulatory 

       obligations and fulfil our contractual promise to you.

  b. We will only share your data with third parties in very specific circumstances, for example:

                  i.            With your consent, given at the time you supplied your personal data, to 

                                 us, we may pass that data to a third party for their direct marketing purposes.

                 ii.            When working with academic professionals as part of ensuring the delivery of high

                                quality services to you.

                iii.            We may share information about fraudulent or potentially fraudulent activity in our

                               premises or systems. This may include sharing data about individuals with law

                               enforcement bodies.

               iv.            If we receive a valid request from the police or other law enforcement agency, regulatory

                              or Government authority in your country of origin or elsewhere, we may be required

                              to disclose your personal data

                v.          We may, from time to time, expand, reduce or sell the Company and this may involve

                             the transfer of business entities or the whole business to new owners. If this happens,

                             your personal data will, where relevant, be transferred to the new owner or controlling

                             party, under the terms of this Privacy Notice.

Processing and Transferring your Personal Data

Navitas Limited – a global organisation

     a. We have operations in many different geographic regions and our head office is in Australia,

         therefore we will sometimes need to share your personal data across national boundaries and

         borders for example:

                   i.            outside the European Economic Area (EEA)

                  ii.            between North America and Australia

                 iii.            Asia and Australia

                 iv.            New Zealand and Australia

                 v.            Canada and Australia

                vi.            Europe and Australia

   b. The transfer of data, inclusive of personal data, may include transferring it to:

                 i.            Our head office in Australia

                 ii.            Other Company businesses in Australia and elsewhere within the Company’s global

                                structure (intra-company transfers)

                iii.            International third parties for data storage purposes e.g. EU member- state business

                               operation to Singapore

   c.  If we do transfer your personal data across an international border, we have procedures

        in place to ensure your data receives the same protection as if it were being processed inside

        your country of residence for instance an EEA member-country or Australia or Asia or Canada

        or the USA etc

 

    d. For further information on the transfer of your personal data you can contact:

                   i.            dpo@navitas.com(if you are resident in Europe)

                  ii.           Privacy@navitas.com (the rest of the world)

                 iii.            DataProtection@navitas.com (the rest of the world)

Your rights over your Personal Data explained

Your personal rights

 a. We need you to understand the rights you have when it comes to your personal information.

 b. Not all countries extend the same rights under their respective privacy regulation. The examples

     of rights available under privacy regulation noted below, show how those rights vary across the world

     and the many different nations in which the Company operates. We have set out a few of these below

     for your information.

 c. If your country is not listed below, please contact: privacy@navitas.com for further information. In your

     email to privacy@navitas.com please set out the country and region within that country you are

     enquiring about, in order that we can provide you with the right information.

 d. The rights you have may be different depending on where you live in the world for instance, in the EU,

     EEA or the UK you have the right to:

                   i.            Access and review personal data we hold about you

                  ii.            Rectify/correct any inaccurate personal information we hold about you.

                 iii.            Request a copy of data you supplied to us, in a machine readable format or for

                                the transfer of this data to another company

                 iv.            Request the restriction of processing of your personal data

                 v.            Object to us processing your personal data

                vi.            Request the erasure of your data, (right to be forgotten)

 e. For any of these EU/EEA/UK requests please contact: dsar@navitas.com

 f. If you live in Australia you have the right to:

                   i.            Request anonymity and pseudonymity

                  ii.            Request for information not to be used for marketing purposes

                  ii.            Access and review personal data we hold about you

                 iv.            Rectify/Correct any inaccurate personal information we hold about you

 g. If you live in New Zealand or Canada you have the right to:

                   i.            Access and review personal data we hold about you

                  ii.            Rectify/Correct personal data we hold about you

h. If you live in the United States of America you have the right to:

                   i.            Access and review personal data we hold about

                   ii.            Rectify/Correct personal data we hold about you

                  iii.            Be informed of any disclosures

 i. For any privacy rights in regions/countries/states outside of Europe please

    contact: privacy@navitas.com

 j. For an explanation of your rights in the country in which you live, work or study with one of our

    business entities please contact: privacy@navitas.com. Set out the nature of your request and the

    Company will inform you of how it is able to assist you. Please note that the same rights do not apply

    in all of our operating regions, countries or states.

 k. All requests related to your rights and your personal data, will be examined in detail and a member

     of the Privacy team will respond to you as quickly as possible.

 l. We will make all reasonable efforts to meet with your request and will keep you informed as to our

     progress in getting the information to you in a format that is acceptable and usable.

Withdrawal of consent

  a. Whenever you have given us your consent to use your personal data, you have the right to

      change your mind at any time and withdraw that consent.

Legitimate Interest

  1. In cases where we are processing your personal data on the basis of our legitimate interest,

         you can ask us to stop for reasons connected to your individual situation.

Marketing

 a. You have the right to stop the use of your personal data for marketing activity through

     all channels, or selected channels.

 b. We will always comply with your request. To action this:

               i. Click the ‘unsubscribe’ link in any email communication that we send you

              ii. We will then stop any further emails from being sent to you

 c. Please note that you may continue to receive communications for a short period after changing your

     preferences while our systems are fully updated.

Questions or Issues you may have

 a. If you require any further information we will be pleased to provide you with further detail.

 b. If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal

     privacy obligations, please provide us with as much detail as possible in relation to your complaint

     so that we can deal with your concern quickly and effectively.

 c. We will take every privacy complaint seriously and assess it with the aim of resolving all issues

     quickly and efficiently.

 d. We’d be grateful for your cooperation with us during this process by providing us with any relevant

     information that we may need.

Our Contact Details

 a. A Data Protection Officer (DPO) has been appointed for the EU (this includes the UK) companies and

         ‘local’ EU Data Protection Managers have been appointed as per the table below

 b. The DPO and DPMs can be contacted directly on the relevant link below:

 

Title

Countries

Email

Telephone

Data Protection Manager Australasia and Africa

Australia, New Zealand, Singapore, Sri Lanka, Indonesia, Thailand, South Africa and any country not listed in other regions below

DPMA@navitas.com

+61893149628 

+61(0)498023385

Data Protection Officer UK/EU

Europe

DPO@navitas.com

 

Data Protection Manager UK

England, Wales, Scotland

and Northern Ireland

DPMUK@navitas.com

 

Data Protection Manage Germany, Switzerland and Austria

Germany, Switzerland

and Austria

DPMGSA@navitas.com

 

Data Protection Manager South Western Europe

Belgium, France, Greece,

Italy, Netherlands, Spain,

Sweden,

DPMSWEU@navitas.com

 

Data Protection Manager Canada

Canada

DPMC@navitas.com

 

Data Protection Manager United States of America and South America

USA, Mexico

and Colombia

DPMUSA@navitas.com

 

Data Protection Manager Middle East

Jordan, Saudi Arabia

and United Arab Emirates

DPMME@navitas.com

Contacting your Supervisory Authority

Europe (inclusive of the UK and non-EU Member States)

  a. The Company has nominated the Information Commissioner’s Office (ICO) as

      its Supervisory Authority for Europe.

  b. If you feel that we have not handled your data correctly, or you are unhappy with

      our response to any requests regarding the use of your personal data, you have the

      right to lodge a complaint with the Information Commissioner’s Office, (ICO), in the UK,

      or your National Supervisory Authority or data regulator.

  c. You can contact the ICO by calling +44 303 123 1113 or go online to www.ico.org.uk

Australia

  a. Australia has nominated the Office of the Australian Information Commissioner (OAIC)

      as the primary Supervisory Authority.

  b. You can contact the OAIC by calling +61 1300 363 992

  c. Email: enquiries@oaic.gov.au or go online to www.oaic.gov.au

All Other Countries

  a. A complete list of all supervisory authorities in the host nations in which the

      Company operates is available from: privacy@navitas.com

  b. Please ensure that you confirm in your email to privacy@navitas.com the

      business entity and country you are working for or studying in.