IHNA Privacy Policy

Purpose

1. The purpose this policy is to outline how IHNA complies with the Privacy Act 1988, the Australian Privacy Principles (APPs) 2014and other federal laws on how IHNA collects, stores, uses and disseminates student and staff personal information.

Scope

2. IHNA is bound by Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), Information Privacy Principles (IPPs) in the Privacy and Data Protection Act 2014 (Vic), the Health Privacy Principles (HPPs) (Cth) in the Health Records Act 2001, and to the related legal obligations by which it is bound.

3. This Policy covers IHNA's treatment of personally identifiable information that IHNA collects through any means as part of the provision of its services. This Privacy and Security Statement does not apply to the practices of companies that IHNA does not own or control or to people that IHNA does not employ or manage.

4. IHNA Privacy Policy is technology neutral, applying equally to paper-based and digital environments. This is intended to preserve the relevance and applicability, in a context of continually changing and emerging technology.

5. This policy covers all personal and sensitive information relating to students and staff and all institutional records including educational, training, assessment, policy, financial, Intellectual Property, compliance, and quality documents.

Definitions

6. Definitions for key terms are presented in the Glossary of Terms.

Suite documents

7. This Policy is linked to the following:

• Privacy Procedure
• See also Associated Information listed in the ‘Related Internal Documents’ in Section 3 below.

Principles

8. Personal information is defined in the Privacy Act 1988 as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not”

9. Sensitive Personal information is defined in the Privacy Act 1988 as “information or an opinion about an individual” that is also personal information, such as:

• racial or ethnic origin
• political opinions
• membership of a political association
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional or trade association
• membership of a trade union
• sexual orientation or practices; or
• criminal record

10. Information about Students

10.1 IHNA collects personally identifiable information that students provide when they register or enrol for any educational courses or programs, when they use certain IHNA online services or products, or when they enter promotions. IHNA’s preferred source of personal information is the individual concerned. However, IHNA may also receive information from other sources such as other members of the Health Careers International (HCI) Group.

10.2 Under the Freedom of Information Act, Vic 1982, IHNA will permit a student to apply for and receive a copy of the personal information that the provider holds on the student’s record.

11. Information about Staff

11.1 IHNA collects personal information from its staff which may be used for Selection, Appointment, Promotion, General Administration or Provision of Services to staff. IHNA’s preferred source of personal information is the individual concerned. However, IHNA may also receive information from other sources such as:

• previous employers and referees nominated by prospective and current staff members.
• academic assessors.
• promotion and performance review assessments.

11.2 IHNA takes all reasonable steps to ensure that information collected is:

• necessary for IHNA’s purposes.
• relevant to the purpose of the collection; and
• collected in a fair way, without unreasonable intrusion.
• Provided to the respective student or staff when requested, following the Privacy Procedure

12. Collection of Personal Information

12.1 Personal information will not be collected unless:

• The information is collected for a purpose directly related to students.
• The collection of information is necessary for or directly related to the purpose for which the information is being collected.
• The collection of the information is authorised or required by law.
• With whom the information may be shared (such as the Australian Government, Placement Partners) the information collected is relevant to that purpose and is up to date and complete, and
• The collection of the information does not infringe upon the personal affairs of the student in an unreasonable manner.

12.2 Personal information will not be collected by unlawful or unethical means.

12.3 Where personal information is collected for inclusion in a record or in a generally available publication, IHNA will take all reasonable and practicable steps to ensure that, the student concerned is made aware of:

• the purpose for which the information is being collected.
• if the collection of the information is authorised or required by law and
• with whom the information may be shared (such as the Australian Government or Tuition Assurance Scheme).

12.4 Where IHNA solicits and collects personal information for inclusion in a record or in a generally available publication it will take reasonable steps to ensure that:

• the information collected is relevant to that purpose and is up to date and complete; and
• the collection of the information does not infringe upon the personal affairs of the student in an unreasonable manner

12.5 IHNA is committed to complying with the obligation under the Privacy Act 1988, and the associated Australian Privacy Principles (APPs), in the way it specifically collects, uses, secures, and discloses personal information. IHNA is committed to safeguarding any confidential information obtained by it. IHNA will ensure that:

• Information gathered for the express purpose of training and assessment matters will not be disclosed to a third party unless prior written consent is provided by the individual concerned, or in the case that it is required by law;
• There is provision for the secure storage of all records.
• All information maintained on records is held in strict confidentiality.

12.6 IHNA may request access to a student’s device location for the sole purpose of attendance verification using geofencing.

12.7 Location access may occur while the application is in the foreground or background to detect when a student enters or leaves the registered campus area.

12.8 Location access is used to:

• obtain the student's current location for presence verification
• compare it with the registered campus location
• determine whether the student is within an approved radius of approximately 20 metres from campus for attendance marking

12.9 Location tracking is enabled only for attendance monitoring and is designed to automatically stop when the student exits the campus geofence.

12.10 IHNA does not use location for advertising, profiling, or marketing and does not track users for unrelated purposes.

12.11 IHNA does not store a continuous location history or movement path. Location information is processed to validate geofence entry/exit and attendance status. Any retention (if required) is limited to what is necessary to support attendance records and meet legal or regulatory obligations.

13. Accessing and Correcting Personal Information

1. A link to IHNA’s Privacy Policy is included in the Student Handbook, detailing the information collected and its intended uses.
2. IHNA will ensure individuals have access to their personal information held by institutions, in compliance with legal obligations.
3. Requests for accessing information will be evaluated in accordance with relevant legislation, as well as IHNA’s Privacy Procedure and Records Management Policy and Procedure.
4. Staff members encountering concerns regarding information access should seek guidance from People and Culture Officer.
5. Upon notification of inaccuracies, incompleteness or outdatedness in personal information, IHNA will endeavors to rectify the data or document the individual’s dissent.

14. Securing, Storing, and Retaining Data

14.1 IHNA will implement measures to safeguard information against misuse, loss, unauthorized access, modification, or disclosure.

14.2 IHNA’s protocols for Information technology security are delineated in the Cyber Security and Safety Policy, Records Management Policy and associated Procedure.

15. Disposing of and Destroying Information

15.1 IHNA will only dispose of or permanently de-identify personal or sensitive information when no longer legally required. Destruction of documents will adhere to the Records Management Policy and related Procedure.

15.2 IHNA will only dispose of or de-identify health information in accordance with the Health Records Act 2001.

16. Health Information

16.1 In addition to general obligation, IHNA has specific duties regarding confidential health information if collected from staff and students.

16.2 Health records may be generated across various IHNA operations, such as research, teaching, People and Culture functions, student counselling and student disability liaison. These records will be managed in compliance with Health Records Act 2001 as detailed in the Privacy Procedure and Records Management Policy and Procedure.

17. Anonymity and Pseudonymity

17.1 IHNA respects and acknowledges the choice of anonymity and pseudonymity by individuals dealing with IHNA. IHNA provides opportunities for individuals to interact anonymously or by pseudonym with IHNA where appropriate. For example, anonymous dealings may include an unidentified individual telephoning IHNA to make a general enquire about its courses or services.

17.2 Pseudonymity requires that an individual may contact IHNA and use a name, term or descriptor that is different from the person’s actual name. Examples may include an email address that does not contain the person’s actual name, and/or a username that a person uses when participating in an online forum.

17.3 Personal information should only be linked to a pseudonym if this is required or authorised by law.

17.4 Situations where it is impractical to implement Anonymity and/or Pseudonymity:

17.5 The following are examples where it may be impracticable to deal with an individual who has not disclosed their actual identity:

• While IHNA acknowledges Anonymity and Pseudonymity as a privacy principle, there are instances where identification is necessary to proceed with a matter.
• Dispute resolution: it would be impracticable to investigate and resolve an individual’s particular complaint about how their case was managed or follow up on a staff member’s behaviour unless the complainant provided their name, contact detail and other relevant information.
• Personal information requests: in responding to an individual’s request for personal information, IHNA would require evidence of the person’s identity before proceeding with the enquiry; and
• Eligibility for government subsidies or support: in responding to an individual’s course enquiry and potential government subsidy, IHNA may not be able to provide definitive information without knowing the potential applicant’s identity, education history and/or personal circumstances.

Associated Information