Privacy Statement & Policy

College Privacy Statement College Privacy Policy

We Value Your Privacy

The ICES acknowledges and respects the privacy of all individuals. We advise that much of the information that you may have provided to, or may be asked to provide, to the College is deemed 'personal information'. As a general rule, personal information is not released by ICES to other organisations, except in response to legal requirements such as a subpoena, and information regarding an individual will not be disclosed to a third party without the individual's consent, except where the third party is directly acting as our agent.

Why Do We Collect Your Information?

This information is normally collected for the purposes of processing your application, registration or inquiry for an ICES course/s, seminar, workshop, activity or interest groups. Information that we collect will be used for keeping you informed of upcoming events, improving the student experience and assisting us in improving and marketing our services to you.

How Do We Collect Your Information

Registration

The ICES generally collects information through forms, direct marketing, Internet registration or contracts with external education and training providers. The provision of this personal information is voluntary but if information is not provided, ICES may be unable to process your details for the purpose for which they were intended.

E-Learning

Some ICES sites may have chat rooms, forums, on-line teaching environments, message boards and or/news groups available to their users. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information.

On-Line Recruitment

We collect this information to improve student employment and to enhance the student experience.

Cookies

The ICES web systems have extensive security features and may temporarily install "cookie(s)" on your computer. These cookie(s) communicates to secure servers at the ICES to authenticate access to a number of ICES systems. The cookie(s) do not collect any information about you, or how you are using your computer and only serve to ensure that you have identified yourself with the correct username and password.

Security

Any personal information that we collect is held with the strictest confidence. The College uses and implements industry standards for the security and protection of information collected, and this information is securely stored and access is restricted to authorised personnel only, ensuring that your personal information is protected and safeguarded

Information ICES collects is used only for the purpose stipulated at the time that the information is collected. ICES is required by law not to reveal, disclose, sell, distribute, rent, license, share or pass on to any third parties, any personal information that you may have provided to us unless we have your express consent to do so.

Exceptions to this include:

Where there are reasonable grounds to believe that disclosure is necessary to prevent a threat to life or health; and;
Where the College is required to provide information in response to Subpoenas or Warrants or other legal process.

Access to Your Information

You have a right of access to, and alteration of personal information concerning yourself held by the College, in accordance with Government Legislation.

Privacy Policy

The College has a Privacy Policy that can be found on its website, which outlines the ways in which we intend to meet our privacy commitments and details the procedures for making complaints under the Act.

Contact

If the student has any questions to College staff , its agents and contractors or have any queries in relation to privacy at ICES, please contact the College at info@iemm.com.au

DEFINITIONS

NOTE: Privacy Victoria, (the statutory body administering the Information Privacy Act (2000) (“the Act”)) have produced guidelines and determinations that clarify the definitions used in the Act and in this Policy http://www.privacy.vic.gov.au/

Word/Term	Definition
Compliance Officer	the Compliance Officer will be responsible for the administration of this Policy. Specifically the Compliance Officer will: (i) keep records which are required to be kept under this Policy; (ii) investigate complaints concerning a breach of the Privacy Principles; (iii) inform and assist staff with respect to privacy issues.
Personal Information	means information or an opinion (including information or an opinion forming part of a database), whether true or not, recorded in a material form, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information	means information or an opinion about an individual’s: (i) Racial or ethnic origin; or (ii) Political opinions; or (iii) Membership of a political association; or (iv) Religious beliefs or affiliations; or (v) Philosophical beliefs; or (vi) Membership of a professional or trade association; or (vii) Membership of a trade union; or (viii) Sexual preferences or practices; or (ix) Criminal record; that is also personal information;
Health information	means personal information about an individual that includes: (a) Information or an opinion about- (i) the physical, mental or psychological health (at any time) of an individual; or (ii) a disability (at any time) of an individual; or

(iii) an individual’s expressed wishes about the future provision of health services to him or her; or (iv) a health service provided, or to be provided, to an individual; or (b) Other personal information collected to provide, or in providing, a health service; or (c) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or (d) Other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants
Health Service	means: (a) an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the organisation performing it- (i) to assess, maintain or improve the individual's health; or (ii) to diagnose the individual's illness, injury or disability; or (iii) to treat the individual's illness, injury or disability or suspected illness, injury or disability; or (b) a disability service, palliative care service or aged care service; or (c) the dispensing on prescription of a drug or medicinal preparation by a pharmacist; or (d) a service, or a class of service, provided in conjunction with an activity or service referred to in paragraph (a), (b) or (c) that is prescribed as a health service
Health Service Provider	means an organisation that provides a health service in Victoria. The University health service providers include but are not limited to the Health/ Medical Service and the Counselling Services
Record	includes information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not (eg. hard copy, audio tapes, photographs, micro-fiche and computerised records including electronically derived databases and directories), about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion. It may be ascertained by factual data (name, student ID number, address, telephone number, age, enrolment status, employment details, digital image etc.), academic progress (course details, examination results, evaluation and assessment, academic standing etc.) and personal welfare (emergency contacts, family matters,medical matters and financial matters), but does not include: (a) a generally available publication; or (b) kept in a library, art gallery or museum for the purposes of reference, study or exhibition; or (c) a public record under the control of the Keeper of Public Records that is available for public inspection in accordance with the Public Records Act 1973; or (d) archives within the meaning of the Copyright Act 1968 of the Commonwealth.

Primary Purpose	a primary purpose is one for which the individual concerned would expect their information to be used. Using the information for this purpose would be within their reasonable expectations.
Secondary Purpose	a secondary purpose may or may not be apparent to the individual concerned, or within their reasonable expectations. Collecting the information may be mandatory (because required by law) or optional. The main distinction is that the service could still be provided even if the secondary purpose were not served.

SECTION 2 - POLICY

PRINCIPLES

This policy establishes and maintains:

a regime for the responsible collection and handling of personal information by the College

and

a complaints procedure for investigation and rectification (where rectification is possible) of breaches of this Policy.

POLICY

Collection of Information

1.1 General

The College will only collect personal information that is necessary and incidental to its functions or activities. Where possible the College will give an individual the option of interacting anonymously with it. The College will collect personal information about an individual only by lawful and fair means and not in an unreasonably intrusive manner.

1.2 Sensitive/ Health Information

Generally, Sensitive and Health Information will only be collected with the consent of the individual. Where an individual is incapable of giving consent to the provision of health information, the College will seek the authorisation of an authorised representative.

1.3 No Consent Where Impracticable to Do So

The College will only collect personal information, sensitive information and health information without consent where it is impracticable to gain such consent.

1.4 Collection of Personal Information from Third Party

While the College generally collects personal or health information directly from the relevant individual, in some cases we may collect it from a third party, such as VTAC, a temporary employment agency or a contractor. Where the College collects information about an individual from a third party (for example if a student authorises a parent, spouse or partner to register for them on their behalf), the College will still take reasonable steps to ensure that the individual is made aware of the details set out above. This will not apply to health information that is provided to a College staff representative, in confidence.

1.5 CollegeStaff Obligations for Collection of Personal Information

If a staff member collects, uses, discloses or handles personal information on the College’s behalf, the staff member must abide by the information privacy principles set out in the Privacy Act 1988 (Commonwealth) and comply with the purposes of clause 23 of Schedule 1A Part 1 Division 4 of the Higher Education Support Act (HESA) 2003 (Commonwealth) and section 19-60 of Chapter 2 Part 2-1, Division 19 of the HESA Act and meet the relevant requirements of the Information Privacy Principles set out in the Information Privacy Act 2000 (Vic) and the Health Privacy Principles set out in the Health Records Act 2001.(Vic). Staff members must only collect, handle, use, disclose and store the information for the agreed purposes only.

1.6 Collection of Information When the College collects personal information directly from an individual (for example if a student enrols in a course), it will take reasonable steps at or before the time of collection to ensure that: 1.6. 1 the individual is aware of certain matters, such as the purposes for which the College is collecting the information; 1.6.2 the individual is aware of the organisations (or types of organisations) to which the College would normally disclose information of that kind; 1.6.3 the individual is able to access the information; and 1.6.4 the individual is aware how to contact the College.
2.		Information the College Collects
2.1 Personal Information The College collects personal information from staff, students, prospective students, past students, benefactors, research participants, and external contractors. Personal information that may collect includes: Names, Addresses, Emergency Contacts, Photographic Identification, Email addresses or other related personal information required for the effective management of the College
2.2 Health Information Health Information is only collected with individual consent, subject to legislative exceptions and only if required.
3.	Privacy Notification Requirements
When the College collects personal information, health information or sensitive information, it will ensure that the individual is properly notified of the following; why information is being collected about them, who else the information may be provided to, and other specified matters.

4.		Use and Disclosure of Information
4.1 Personal Information - Primary Purpose of Collection The main functions of the College are to provide teaching and research services, together with ancillary services, which may support students and staff in their tuition and study or work at the College. Some information needs to be collected by the College, for governmental purposes. Examples of Purposes for which Personal Information is Collected The primary purposes for which information is collected include, but are not limited to: Enrolment in the College Courses Provision of access to the College’s and its affiliates facilities Maintenance of Student Records, Attainments and Results Communication with previous, current and prospective students in relation to the College and its activities Participation in Research & Development Maintenance of Records of External Parties Advancement of the College Strategic themes in relation to education, research and training Other reasons directly related to the activities of the College.

4.2 Use of Personal Information for Secondary Purposes The College has a duty to maintain the confidentiality of personal and health information. The College will only use or disclose personal information for a secondary purpose other than the primary purpose for which it was originally collected where: the secondary purpose is related to the primary purpose (or is directly related, in the case of sensitive information or health information), and a person would reasonably expect the College to use or disclose the personal information for that secondary purpose; or a person has consented to the use or disclosure of their personal information for the secondary purpose; or the use or disclosure is required or authorised by or under law; or the use is otherwise permitted by privacy laws.
4.3 Disclosure of Personal Information The College will disclose personal information that it collects to staff that require access to undertake the College activities. This will generally be the primary purpose of the collection of the personal information. The College will not disclose personal information to other third parties without the consent of the individual, except where the disclosure is authorised under privacy laws.
4.4 Release to Individuals Individuals are entitled to access any of their own Personal Information in accordance with the principles for access set out in the Information Privacy Act 2000 (Vic) and the Privacy Act 1988 (Commonwealth).
5.	Review of Personal and Health Information
The College will take all reasonable steps to ensure the personal information collected, used or disclosed is accurate, complete and up-to-date. This may require you to correct the information. These obligations will vary across academic units and departments.
6.	Security
The College will take all reasonable steps to protect the personal information held from misuse and loss and from unauthorised access, modification or disclosure. This will include ensuring that all electronic systems are protected through electronic passwords, and departments that hold hard-copy files not stored with the College are secure.



8.	Removal/Destruction of Information
8.1 Personal Information Subject to the Public Records Act (Vic.) 1973, the College will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which information was provided. Personal information will only be removed/ destroyed by secure means.

9.		Transfer of Information
9.1 The College will only transfer personal information to external parties on the following conditions: 9.1.1 the external party has in place similar procedures in relation to the collection, storage, use and disclosure of personal or sensitive information; or 9.1.2 an individual provides consent to the transfer of information; or 9.1.3 the transfer of information is for the benefit of the individual
9.2 Where the College intends to transfer any personal or sensitive information to a third party, including interstate or overseas campuses, it will ensure that contractual arrangements require the College privacy obligations to travel with the personal information.
9.3 Where the College engages a contractor to undertake work on the College behalf, the transfer of information need not be for the benefit of the individual, insofar as the use of the personal information is for a primary purpose.

SECTION 3 - PROCEDURE

PROCEDURE

Procedure steps	Responsibility
1.	Access To Personal Information
1.1 Access to Personal Information The College will provide access to personal information under: 1.1(a) Freedom of Information legislation 1.1(b) Legislative Obligations 1.1(c) Individual Consent Arrangements	ICES Staff
1.2 Access to Personal Information – Staff 1.2(a) College staff will only be provided with access to personal information where it is necessary to carry out their responsibilities. 1.2(b) The College administration is required to maintain a register of staff who are given access to personal information collected by the unit, and whether the staff member may amend or delete the information.	ICES Admin
11.1.3 Access to Employee Records Staff may request access to their employee records from: 11.1.3(a) The College Administration. 11.1.3(b) Approved Staff 11.1.3(c) College board member of directors	ICES Admin
2.	Disclosure Of Personal Information
2.1 The disclosure by the College of all personal, health and sensitive information is subject to other legislative requirements (eg: the Freedom of Information Act 1982 (Vic.) ) 2.2 The College will disclose personal information to a third party on request of an individual, where it receives a written authorisation (signed) by the individual to be released for a specified purpose. 2.3 The College will not require the written authorisation where the disclosure is authorised by law.	ICES Admin
3.	Privacy Risk Management Procedures

3.1 All College staff and management have primary responsible for privacy compliance in their management unit.

3.2 The College administration must ensure that an appropriate Privacy Statement is in place where their office collects any personal information. These will be developed, where necessary, in consultation with College management.

3.3 Where the College management and administration is responsible for its IT systems, they are required to ensure that the applicable system complies with privacy legislation.

3.4 The College must not acquire or implement information systems that are not privacy compliant.

ICES Admin

Privacy Complaints Handling Procedure

The following procedure will apply if an individual considers that the College has breached this policy or the privacy laws in respect of that individual:

4.1. Complainant to Provide Details of Complaint in Writing

A written complaint must be forwarded to the College administration within six (6) months of the time the complainant first became aware of the apparent breach. The complaint must specify details of the apparent breach in writing.

The College may require an individual to pay a fee in relation to their request to access their health information. The fee will set at the rate prescribed by the Health Records Regulations 2002.

4.2. Timeframe for Internal Resolution of Complaint

Unless principles of due and fair process dictate otherwise, the College administration must make a determination on a complaint/ request to access information within forty-five (45) days of receipt of the complaint, and advise the complainant in writing.

4.3. Response to Complaint

If the College administration determines that there has been a breach of the policy, he or she will, upon notification of the determination to the complainant, will advise relevant College management personnel in writing and any action required in order to remedy the breach. If the breach is capable of being rectified and is not rectified within thirty (30) days of the advice from College administration, they must inform the College Board of Directors

4.4 Consequences if this Policy is Breached

Disciplinary action may be instigated against any staff member who breaches this policy, which may result in the employee being summarily dismissed in circumstances that the College considers there to have been a serious breach.

ICES Admin