Navitas Limited respects your right to privacy. This privacy notice (the “Privacy Notice”) explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to data collected about all users of www.navitas.com and websites of our subsidiary companies, and other related websites, (the “Website”) and the services available on the Website (the “Services”).
The terms “the Company,” “we,” “us,” “our,” and “ours” refer to Navitas Limited. The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.
Navitas Limited reserves the right to make changes periodically to this Privacy Notice at our sole discretion. Changes to the Privacy Notice will be posted on this page.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.
This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.
We know that there’s a lot of information here, but we want you to be informed about your rights, and how we use data across the Navitas Limited Group of companies to provide you with the best possible service.
For your convenience we have split the information into manageable sections which we hope will answer any questions you have but if not, please do get in touch with us, details are shown in the contact section of this notice.
Who is Navitas?
Navitas Limited is a public company listed on the Australian Securities Exchange (ASX) (ASX code is NVT and ABN 69 109 613 309). Our head office is located in Perth Western Australia at the following address:
125 St Georges Terrace
PERTH WA 6000 Australia
The Company has subsidiary companies and affiliated organisations operating in Australia, New Zealand, Canada, Europe, Africa, South East Asia, North Asia, South America, the Middle East and the USA, collectively called the “Company”.
The European head office is located in the UK at the following address:
Navitas UK Holdings Limited
Oxford OX4 4FY UK
The following link will provide you with further details of the Navitas Group: www.navitas.com
For ease of reading this notice the “Company” will be referred to as “we” and “us” in this notice.
Explaining the legal basis for processing your personal data
The Company is a global company and understands that the laws on data protection may be different in different countries, however, the Company has set out below a number of different reasons for which we may collect and process your personal data, including:
a. In specific situations, we can collect and process your data with your consent for example,
when you tick a box to receive marketing material from us.
b. When collecting your personal data, we’ll endeavour to collect the minimum necessary for
us to provide our services.
a. Depending upon national and sometimes state law you may be called a “minor” when it
comes to signing a contract or consenting for us to collect and process your personal data.
This means you have not reached the legal age of consent.
i. In many countries including Australia, New Zealand, Canada, Singapore and the USA,
it is usual to require a person to be 18 years of age.
ii. In Europe it is usual that a person is 16 years of age, 13 in the U.K. to consent to receive
marketing information. As part of protecting you and your rights, if the law says you are still
a “minor”, we require your parents/guardians consent to directly collect and process
your data via online services.
a. Explicit Consent means that you have been presented with an option to agree or disagree with
the collection, use, or disclosure of personal information.
b. If we need to collect special categories of data from you in order to provide you with the services
you require or meet our legal obligations, we will collect this data on the basis of your explicit consent,
national/regional social protection laws or for statistical reporting purposes requested by official bodies.
c. The special category data that we may request from you includes details such as your racial or
ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or
visa requirements. We may also need to collect data concerning your health (eg medical check reports
and immunisation history) to provide additional support to you.
a. In certain circumstances we will need to collect your person data to meet our contractual obligations
b. We will collect this data so that we can make an offer to you to study or enrol with us or to work
c. We will use this data to establish a contract that sets out your obligations as a student or employee
and our obligations as the provider of the study services or employment to you.
a. If the law requires us to, we may need to collect and process your data for a number of reasons,
for example to:
i. Prevent fraud
ii. Meet the needs of immigration authorities
iii. Comply with Consumer Protection law
a. In specific situations, we collect your personal data as part of undertaking our legitimate interests in
a way which might reasonably be expected as part of running our business and, which does not
materially impact your rights, freedom or interests. It might include:
i. Staying in touch with you for purposes of staying in touch with ex-students as part of
an alumni programme
ii. Keeping you informed regarding Company highlights and news
When do we collect your Personal Data?
a. When you visit any of our websites, (here we just collect transaction-based data).
b. When you complete our online or paper/PDF application forms.
c. When you engage with us on social media.
d. When you contact us by any means with queries, comments etc.
e. When you book any kind of appointment with us.
f. When you book to attend an event.
g. When you’ve given a third-party permission to share with us the information they hold about you.
h. When you attend a college, campus or office, which may have CCTV systems operating for the security
of both Students, Visitors and Staff. These systems may record your image during your visit.
i. For employees we collect your personal data throughout the period of your employment
with the Company
Categories of Personal Data we collect
a. Your contact details i.e. your:
iii. Date of birth
iv. Postal address (can be a postal box number and/or a street address)
v. Social media contacts
vi. Telephone number/s (mobile and landline)
b. Identity and Immigration documentation i.e. your:
ii. Drivers’ licence
iii. Identity card
iv. Visa details
c. Your bank account details.
d. Your educational history inclusive of but not limited to your:
i. Current qualifications
iii. Institution/s you studied at
iv. Most recent study experience
e. Details of your interactions with us, such as:
i. We collect details of enquiries and comments you make in the web pages you visit or
when you contact us by email, telephone or in person
ii. Information gathered by the use of ‘cookies’ in your web browser.
f. Additionally, for employment purposes:
i. Social security (or equivalent) details
ii. Next of Kin details
iii. Health information
Why we use your Personal Data
a. To ensure that we provide you with the information and service you need we sometimes combine the data we have about you. This is allowed as part of our legitimate interest to provide you with the optimum service.
b. If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
c. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.
d. The reasons we use your personal data include:
i. To operate and administer our business to provide you with the best possible service.
This is done on the basis of our legitimate business interests.
ii. To respond to your queries and requests.
iii. We may keep a record of communication with you. We do this on the basis of our
contractual obligations to you, our legal obligations and our legitimate interests
in providing you with the best service.
iv. To protect our business and you from fraud and other illegal activities.
v. We’ll also monitor your browsing activity with us to quickly identify and resolve any
problems and protect the integrity of our websites. We’ll do all of this as part of our
vi. To protect our students, visitors and staff, premises and assets, we operate CCTV
systems in some of our colleges, campuses and offices which record images
for security. We do this on the basis of our legitimate business interests.
vii. To process payments and to prevent fraudulent transactions. This is done on the basis
of our legitimate business interests and to help protect you from fraud.
viii. With your consent, we will use your personal data preferences, to keep you informed
by email, web, text, social media and telephone about relevant services and events.
ix. To protect your vital interests if you become unable to provide consent.
x. To hire and manage employees and contractors. We do this as part of our contract with
xi. To send you communications required by law or which are necessary to inform you
about our changes to the services we provide you. (For example, updates to this
Privacy Notice). These service messages will not include any marketing content and
do not require prior consent when sent by email or text message. We need to keep
you informed as part of complying with our legal obligations.
xii. To comply with our contractual or legal obligations to share data with law enforcement if
necessary, for example:
i. If a court order is presented that requires us to share your personal data
with law enforcement agencies or courts of law
How we look after your Personal Data
a. We know how much data security matters. We will treat your data with the utmost care and respect and
take all appropriate steps to protect it.
b. We secure access to all transactional areas of our websites and apps using ‘https’ technology.
c. Access to your personal data is restricted and secure, and sensitive personal data such as health
information is secured via password protection and encryption.
d. Storage systems for paper copies are secured and access is managed through the Company’s
How long do we keep your Personal Data?
a. We have a detailed records management programme in place and all records (paper and electronic)
are required to be managed in accord with its security and disposal steps.
b. Whenever we collect or process your personal data, we will store it safely and only for as long as is
necessary for the original purpose for which it was collected or as required by law.
c. At the end of the documented retention period, your data will either be deleted completely
Sharing your Personal Data
We share your Personal Data with trusted Third Parties
a. We sometimes share your personal data with trusted third parties to provide services
and business functions.
b. We set very clear directions and expectations for those organisations regarding the
safety and protection of your privacy and personal data.
c. The directions and expectations are set out in our contract with the third party and include:
i. Providing them only the information they need to perform their specific services
ii. Setting out the purpose for which the personal data is being shared
iii. Confirmation that they will make every reasonable effort to ensure that your
privacy is respected and protected
iv. If we stop using their services, they will undertake to either securely delete or
render anonymous any of your personal data held by them
v. They will inform us immediately in the event of a suspected or actual breach
The types of third parties we work with include:
a. IT companies supporting our websites
b. Cloud storage companies
c. Customer Relationship Management application providers
d. Educational establishments
e. Educational professionals
f. Regulatory authorities
g. Accommodation providers
h. Estate services
i. Online webinar providers
k. Financial service providers
l. Travel service providers
How do third party partners use your Personal Data
a. When you use a service from one of our chosen partners, your data will be collected and used by
them under the terms of their own separate privacy policies.
Why do we share your Personal Data?
a. We need to share your personal data with trusted third parties in order to meet legal and regulatory
obligations and fulfil our contractual promise to you.
b. We will only share your data with third parties in very specific circumstances, for example:
i. With your consent, given at the time you supplied your personal data, to
us, we may pass that data to a third party for their direct marketing purposes.
ii. When working with academic professionals as part of ensuring the delivery of high
quality services to you.
iii. We may share information about fraudulent or potentially fraudulent activity in our
premises or systems. This may include sharing data about individuals with law
iv. If we receive a valid request from the police or other law enforcement agency, regulatory
or Government authority in your country of origin or elsewhere, we may be required
to disclose your personal data
v. We may, from time to time, expand, reduce or sell the Company and this may involve
the transfer of business entities or the whole business to new owners. If this happens,
your personal data will, where relevant, be transferred to the new owner or controlling
party, under the terms of this Privacy Notice.
Processing and Transferring your Personal Data
Navitas Limited – a global organisation
a. We have operations in many different geographic regions and our head office is in Australia,
therefore we will sometimes need to share your personal data across national boundaries and
borders for example:
i. outside the European Economic Area (EEA)
ii. between North America and Australia
iii. Asia and Australia
iv. New Zealand and Australia
v. Canada and Australia
vi. Europe and Australia
b. The transfer of data, inclusive of personal data, may include transferring it to:
i. Our head office in Australia
ii. Other Company businesses in Australia and elsewhere within the Company’s global
structure (intra-company transfers)
iii. International third parties for data storage purposes e.g. EU member- state business
operation to Singapore
c. If we do transfer your personal data across an international border, we have procedures
in place to ensure your data receives the same protection as if it were being processed inside
your country of residence for instance an EEA member-country or Australia or Asia or Canada
or the USA etc
d. For further information on the transfer of your personal data you can contact:
i. email@example.com(if you are resident in Europe)
ii. Privacy@navitas.com (the rest of the world)
iii. DataProtection@navitas.com (the rest of the world)
Your rights over your Personal Data explained
Your personal rights
a. We need you to understand the rights you have when it comes to your personal information.
b. Not all countries extend the same rights under their respective privacy regulation. The examples
of rights available under privacy regulation noted below, show how those rights vary across the world
and the many different nations in which the Company operates. We have set out a few of these below
for your information.
c. If your country is not listed below, please contact: firstname.lastname@example.org for further information. In your
email to email@example.com please set out the country and region within that country you are
enquiring about, in order that we can provide you with the right information.
d. The rights you have may be different depending on where you live in the world for instance, in the EU,
EEA or the UK you have the right to:
i. Access and review personal data we hold about you
ii. Rectify/correct any inaccurate personal information we hold about you.
iii. Request a copy of data you supplied to us, in a machine readable format or for
the transfer of this data to another company
iv. Request the restriction of processing of your personal data
v. Object to us processing your personal data
vi. Request the erasure of your data, (right to be forgotten)
e. For any of these EU/EEA/UK requests please contact: firstname.lastname@example.org
f. If you live in Australia you have the right to:
i. Request anonymity and pseudonymity
ii. Request for information not to be used for marketing purposes
ii. Access and review personal data we hold about you
iv. Rectify/Correct any inaccurate personal information we hold about you
g. If you live in New Zealand or Canada you have the right to:
i. Access and review personal data we hold about you
ii. Rectify/Correct personal data we hold about you
h. If you live in the United States of America you have the right to:
i. Access and review personal data we hold about
ii. Rectify/Correct personal data we hold about you
iii. Be informed of any disclosures
i. For any privacy rights in regions/countries/states outside of Europe please
j. For an explanation of your rights in the country in which you live, work or study with one of our
business entities please contact: email@example.com. Set out the nature of your request and the
Company will inform you of how it is able to assist you. Please note that the same rights do not apply
in all of our operating regions, countries or states.
k. All requests related to your rights and your personal data, will be examined in detail and a member
of the Privacy team will respond to you as quickly as possible.
l. We will make all reasonable efforts to meet with your request and will keep you informed as to our
progress in getting the information to you in a format that is acceptable and usable.
Withdrawal of consent
a. Whenever you have given us your consent to use your personal data, you have the right to
change your mind at any time and withdraw that consent.
- In cases where we are processing your personal data on the basis of our legitimate interest,
you can ask us to stop for reasons connected to your individual situation.
a. You have the right to stop the use of your personal data for marketing activity through
all channels, or selected channels.
b. We will always comply with your request. To action this:
i. Click the ‘unsubscribe’ link in any email communication that we send you
ii. We will then stop any further emails from being sent to you
c. Please note that you may continue to receive communications for a short period after changing your
preferences while our systems are fully updated.
Questions or Issues you may have
a. If you require any further information we will be pleased to provide you with further detail.
b. If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal
privacy obligations, please provide us with as much detail as possible in relation to your complaint
so that we can deal with your concern quickly and effectively.
c. We will take every privacy complaint seriously and assess it with the aim of resolving all issues
quickly and efficiently.
d. We’d be grateful for your cooperation with us during this process by providing us with any relevant
information that we may need.
Our Contact Details
a. A Data Protection Officer (DPO) has been appointed for the EU (this includes the UK) companies and
‘local’ EU Data Protection Managers have been appointed as per the table below
b. The DPO and DPMs can be contacted directly on the relevant link below:
Data Protection Manager Australasia and Africa
Australia, New Zealand, Singapore, Sri Lanka, Indonesia, Thailand, South Africa and any country not listed in other regions below
Data Protection Officer UK/EU
Data Protection Manager UK
England, Wales, Scotland
and Northern Ireland
Data Protection Manage Germany, Switzerland and Austria
Data Protection Manager South Western Europe
Belgium, France, Greece,
Italy, Netherlands, Spain,
Data Protection Manager Canada
Data Protection Manager United States of America and South America
Data Protection Manager Middle East
Jordan, Saudi Arabia
and United Arab Emirates
Contacting your Supervisory Authority
Europe (inclusive of the UK and non-EU Member States)
a. The Company has nominated the Information Commissioner’s Office (ICO) as
its Supervisory Authority for Europe.
b. If you feel that we have not handled your data correctly, or you are unhappy with
our response to any requests regarding the use of your personal data, you have the
right to lodge a complaint with the Information Commissioner’s Office, (ICO), in the UK,
or your National Supervisory Authority or data regulator.
c. You can contact the ICO by calling +44 303 123 1113 or go online to www.ico.org.uk
a. Australia has nominated the Office of the Australian Information Commissioner (OAIC)
as the primary Supervisory Authority.
b. You can contact the OAIC by calling +61 1300 363 992
c. Email: firstname.lastname@example.org or go online to www.oaic.gov.au
All Other Countries
a. A complete list of all supervisory authorities in the host nations in which the
Company operates is available from: email@example.com
b. Please ensure that you confirm in your email to firstname.lastname@example.org the
business entity and country you are working for or studying in.