- SCOPE OF POLICY
- We are bound by the APPs under the Privacy Act. This policy has been drafted in order to comply with the APPs.
- This policy sets out how and why we collect, use, store, secure, destroy, de-identify and disclose your Personal Information. It is provided free of charge and you may request the policy in a specific format. We will take reasonable steps to give you a copy in that format.
- By providing Personal Information to us, you consent to our management of your Personal Information in accordance with this policy and any other arrangements that apply between us.
- Please refer to section 20 for the glossary of key terms used in this policy.
- OUR BUSINESS ACTIVITIES
- At the date of this policy, our business involves provision of the Studium Platform to facilitate the creation of student educational profiles with an emphasis on “soft skills” for access and review by prospective employers or educational institutions.
- We will only collect and maintain Personal Information if it is reasonably necessary to pursue at least one of our functions and activities in the course of operating our business.
- Our functions and activities include, but are not limited to:
- operating and managing our business as outlined above, including facilitating the operation of the Studium Platform;
- the introduction, or suggestions for introduction, of student users of the Studium Platform with prospective employers or educational institutions;
- the provision of advertisements, promotional material and sponsored content on the Studium Platform;
- the provision of, or suggestion of, other sites, software applications, communications and services;
- human resource activities, including training and development, recruitment and payroll;
- occupational health and safety activities and compliance;
- procurement and supply chain activities;
- corporate administration and investor relations, including security holder communications;
- managing our relationships with suppliers, contractors and third parties;
- transactions, business dealings or regulatory relationships with governments or regulators;
- complying with our legal, insurance and regulatory obligations and legislation in all jurisdictions in which we operate;
- marketing and business development; and
- public relations activities.
- TYPE OF PERSONAL INFORMATION COLLECTED
- We may collect any of the following types of Personal Information:
- your name;
- your gender;
- your mailing or street address;
- your email address;
- your telephone number and/or facsimile number;
- your age or date of birth;
- the languages that you speak;
- your occupation;
- your academic record and/or level of education;
- your driver’s licence details;
- your previous employment and training information;
- your financial details (e.g. our employees’ Tax File Numbers (TFN), credit card, bank account, tax details, superannuation information);
- your third party contact information (e.g. employer);
- your device identification, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, internet protocol (IP) address and standard web log information;
- details of the goods and/or services we have provided to you or that you have enquired about, including any additional information necessary to deliver those goods and services and respond to your enquiries;
- any additional information relating to you that you provide to us through our website, through your use of our website or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other Personal Information that may be required in order to facilitate your dealings with us or which may be reasonably necessary to pursue our functions and activities.
- In the course of carrying out recruitment activities, we may collect a wide range of Personal Information, including information regarding an applicant’s educational qualifications, career history, interests, hobbies and job interests and such other information as may be routinely included within or associated with a curriculum vitae.
- From time to time, we collect sensitive information about individuals in order to provide our services. However, we generally only collect sensitive information if:
- the information is reasonably necessary for one or more of our activities or functions; and
- we have the individual’s consent to the collection.
- The APPs list a number of circumstances that permit the collection of sensitive information about an individual without their consent. We only collect sensitive information without an individual’s consent if one or more of those circumstances applies.
- COLLECTION OF PERSONAL INFORMATION
- We will only collect Personal Information by lawful and fair means.
- We may collect this Personal Information either from you or from third parties. We may collect this information when you:
- register on our website;
- create a profile or account on the Studium Platform;
- upload information or data to your profile on the Studium Platform;
- share or comment on a post or other information uploaded to the Studium Platform by another user;
- send, receive, or engage with messages through the Studium Platform;
- visit or otherwise use the Studium Platform or our other services, including when you view or click on content or advertisements, perform searches, install or update mobile applications, share posts or apply for jobs;
- communicate with us through correspondence, telephone conversations, email, or other communication channels when you share information with us from other social applications, services or websites;
- complete forms or surveys, whether through the Studium Platform or otherwise;
- synchronise your data with our systems, including your address book, contact information or calendars;
- interact with our sites, services, content and advertising;
- invest in our securities or business; or
- otherwise deal with us, including purchasing or accessing goods or services from us.
- In order to provide our services, we may collect Personal Information from third parties, including government agencies and your family and friends.
- We will only collect Personal Information from third parties if:
- we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual concerned;
- it is unreasonable or impracticable to collect the information directly from the individual concerned; or
- it is provided to us in the course of us providing at least one of our functions and activities.
- PURPOSE OF COLLECTION
- We will only collect and hold Personal Information if it is reasonably necessary to pursue at least one of our functions or activities or its collection and storage is required or authorised by or under an Australian law or a court/tribunal order.
- When information is Sensitive Information, we will only collect and store information with the consent of the individual concerned and when the information is reasonably necessary for us to carry out at least one of our functions or activities.
- Alternatively, we may collect Sensitive Information when the APPs otherwise permit such collection.
- We may collect, hold, use, secure, destroy, de-identify and disclose your Personal Information for the following purposes:
- to enable you to populate or edit your profile on the Studium Platform;
- to assist other users and third parties to find your profile on the Studium Platform;
- to suggest connections for you and other users of the Studium Platform;
- to enable you to invite third parties to become users of the Studium Platform and/or to connect with you;
- to recommend relevant content, profiles, articles, posts and conversations through the Studium Platform;
- to suggest information that you may consider including on your profile on the Studium Platform;
- to suggest potential professional introductions or recruitment opportunities through the Studium Platform;
- to show you information on other users of the Studium Platform;
- to enable you to access and use our or any third party’s website, goods or services;
- to operate, protect, improve and optimise our website, business and website users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
- to investigate and manage enquires and complaints;
- to send you messages, reminders, notices, updates, alerts and information requested by you;
- to brief and engage third party service providers to assist with maintenance, financial transactions, data analysis or with improving/optimising our service offering maintenance;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our related organisations that we think you may find interesting;
- to negotiate, agree and facilitate a transaction for the sale of our business, our assets or our shares, or to prepare for the same;
- to comply with our legal obligations, resolve any disputes that we may have with any of our website users, and enforce our agreements with third parties; and
- to consider your employment application.
- Generally, we will only use or disclose Personal Information for the purpose for which it was collected (the primary purpose), including the purposes set out above.
- However, we may use or disclose Personal Information for secondary purposes if we receive your consent to do so, or without your consent, if:
- you would reasonably expect us to use your information for the secondary purpose; or
- otherwise when the APPs permit us to do so.
- For example, the APPs permit us to use and disclose Personal Information for a secondary purpose without an individual’s consent if the individual would reasonably expect us to use or disclose the information for a certain secondary purpose and the secondary purpose is:
- if the information is sensitive – directly related to the primary purpose; or
- if the information is not sensitive – related to the primary purpose; or
- the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order (for example where disclosure of your information will reduce or prevent a serious threat to life, health or safety or where our disclosure is in response to any unlawful activity).
- NOTIFICATION OF COLLECTION
- At or before the time we collect Personal Information about an individual (or, if that is not practicable, as soon as practicable after), we will take such steps as are reasonable in the circumstances to notify the individual of the following information (Collection Information):
- our identity and contact details;
- if we have collected the Personal Information from an entity other than the individual, or the individual may not be aware that we have collected the Personal Information, the fact that we collect or have collected this information and the circumstances of that collection;
- if the collection of the Personal Information is required or authorised by or under an Australian law or a court/tribunal order – the fact that the collection is so required or authorised;
- the purpose for collecting the Personal Information;
- the main consequences (if any) for the individual if we do not collect all or some of the Personal Information;
- the entities, bodies or persons or the types of entities, bodies or persons, to which we usually disclose Personal Information of that kind;
- the fact that this Policy contains information about how the individual may access the Personal Information that we hold about them and how they may seek correction of such information;
- the fact that this Policy contains information about how individuals may complain about a breach of the APPs and how we will deal with such a complaint; and
- whether we are likely to disclose the Personal Information to overseas recipients, and if so, the countries in which such recipients are likely to be located (if practicable to do so).
- A number of these notifications may be provided to individuals by the publication of this policy.
- Circumstances may arise where it would be reasonable for us not to provide the individual about whom the information relates with notice of all or some of the Collection Information.
- USE FOR DIRECT MARKETING
- We may, from time to time, use or disclose Personal Information for the purpose of direct marketing.
- We may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
- We may use or disclose Personal Information (other than sensitive information) for direct marketing if:
- we collected the information from the individual concerned;
- the individual has consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
- we provide the individual with a simple means by which they may easily request not to receive direct marketing communications from us, and they have not made such a request to us.
- In this regard, you may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).
- If Personal Information is also sensitive information, we will not use or disclose the information for direct marketing without the consent of the individual concerned.
- DISCLOSURE OF PERSONAL INFORMATION
- We may disclose Personal Information for the purposes described in this policy to:
- subject to your selected privacy settings, other users and third parties who access the Studium Platform and your profile, including when you post or share information or comment a post or publication through the platform;
- our employees, officers, contractors and related bodies corporate;
- third party suppliers and service providers (including providers in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment system operators;
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or divisions (or any part of them) are transferred;
- a securities exchange on which we may become listed;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
- RECEIPT OF UNSOLICITED PERSONAL INFORMATION
- If we receive Personal Information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information pursuant to the APPs.
- If we determine that we have received Personal Information that we would not have been permitted to collect pursuant to the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.
- If we determine that we would have been permitted to collect the Personal Information pursuant to the APPs, we will ensure that the information is dealt with in a manner that complies with the APPs.
- DISCLOSURE TO OVERSEAS RECIPIENTS
- From time to time, circumstances may arise where there may be a need for us to disclose Personal Information to an overseas recipient. This may occur in a range of circumstances. For example, where data is being stored and accessed by way of cloud computing or where we correspond with professional advisors located outside of Australia. The countries which are likely to receive your Personal Information include, but are not limited to: Australia, New Zealand.
- Before disclosing Personal Information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also complies with the APPs in relation to that information, unless the APPs do not require us to do so.
- We will not be required to take the steps described in section 10.2 if:
- we reasonably believe that:
- the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
- there are mechanisms that could be taken to enforce the law or binding scheme; or
- both of the followings apply:
- we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take the steps described in section 10.2; and
- after being so informed, the individual consents to the disclosure; or
- the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
- the APPs otherwise allow us to refrain from taking the steps described in section 10.2.
- OUR WEBSITE AND COOKIES
- We may collect Personal Information about you when you use and access our website.
- We may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
- We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other devices. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.
- Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ from this Policy, so we encourage you to read them before using those websites.
- We may hold your Personal Information in either electronic or hard copy form. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.
- If we hold Personal Information about an individual which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified (unless our compliance with the APPs or a law requires us to avoid taking such steps).
- MANDATORY DATA BREACH NOTIFICATION
- Depending on the circumstances, we may notify you, any affected individuals and if required, the relevant regulator, as soon as practicable after we become aware that there are reasonable grounds to believe that there has been an eligible data breach.
- If it is impracticable to notify all affected individuals, and depending on the circumstances of the breach, we may publish a statement on our website and publicise the content or that statement.
- An eligible data breach is where there has been unauthorised access or disclosure, or loss of information where unauthorised access or disclosure is likely and a reasonable person would conclude that this access or disclosure would likely result in serious harm to the related individuals.
- We may not provide notice where it would be inconsistent with secrecy provisions or prejudice law enforcement actions. If we have taken sufficient remedial action in response to the eligible data breach, or if the regulator determines that notification is not required, then we may not notify you of the breach.
- ANONYMITY AND PSEUDONYMITY
- When interacting with us, individuals may choose to remain anonymous or to use a pseudonym. However, we may elect not to deal with the individual anonymously or pseudonymously if:
- we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with them in accordance with their identity; or
- it is impracticable for us to deal with them in this way.
- In some circumstances, it may not be possible for us to properly provide a service without the knowledge of an individual’s identity.
- QUALITY OF PERSONAL INFORMATION
- We will endeavour to take reasonable steps to ensure that the Personal Information that we collect is accurate, up-to-date and complete.
- The reasonable steps described above that we may undertake include:
- ensuring that updated and the new Personal Information is promptly added to relevant existing records;
- reminding individuals to update their Personal Information when we engage with them; and/or
- with respect to Personal Information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
- checking that the opinion is a reliable source;
- providing the opinion to individuals before we use or disclose it; and
- clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.
- If you think that the Personal Information that we hold about you might be out of date and needs to be corrected, please contact us using the details located at section 21.
- ACCESSING YOUR PERSONAL INFORMATION
- You can access the Personal Information we hold about you by contacting us. Requests for access to Personal Information should be made in writing and addressed to the Company Secretary whose contact details are located in section 21.
- Upon request of Personal Information, we will within a reasonable period of the request being made, give access to the information in the manner requested (if it is reasonable and practicable to do so), subject to exceptions set out in the APPs.
- The APPs provide a list of situations in which we may deny individuals access to their Personal Information. These situations include, but are not limited to where:
- granting access would have an unreasonable impact on the privacy of others;
- the information relates to existing or anticipated legal proceedings between the individual about who the information relates and ourselves, and would not be accessible by the process of discovery in those proceedings;
- access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- granting access would be unlawful;
- the request is frivolous or vexatious; and
- denying access would be likely to prejudice the taking of appropriate action in relation to the matter.
- If we refuse to give access to the Personal Information in accordance with the APPs, or if we refuse to give access in the manner requested, we will take such steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the individual.
- If we refuse to give access to Personal Information in accordance with the APPs, we will provide a written notice setting out:
- the reasons for denying access to Personal Information (except where it would be unreasonable to provide the reasons);
- the mechanisms available to complain about the refusal; and
- any other matters prescribed by the regulations.
- Generally, we will not charge fees for giving access to Personal Information. However, we reserve the right to charge reasonable fees where requests for Personal Information contain complications or are resource intensive. A fee will not apply to the making of the request.
- CORRECTION OF PERSONAL INFORMATION
- Requests for correction of Personal Information should be made in writing and addressed to the contact person listed under section 21.
- If with regard to the purpose for which it is held, we are satisfied that Personal Information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if the individual about whom the Personal Information relates makes a request, we will take reasonable steps to correct the information.
- However, as a matter of practice, when we receive Personal Information, we will hold the information for a period of time before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).
- If we correct Personal Information and the individual requests, we will take reasonable steps to notify any third party to whom we previously disclosed the Personal Information, if it is not unlawful or impracticable for us to do so.
- If we refuse to correct Personal Information in accordance with the APPs, we will provide a written notice setting out:
- the reasons for the refusal (except where it would be unreasonable to provide the reasons);
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
- If we refuse to correct Personal Information in accordance with the APPs, the individual may request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading (Correction Statement). Where such a request is made, we will take reasonable steps to associate the Correction Statement, so that it is apparent to the users of the Personal Information.
- We will aim to respond to a request to correct information or associate a Correction Statement with the Personal Information within a reasonable period of the request being made.
- We will not charge fees for requests for the correction of Personal Information or for associating a Correction Statement with the Personal Information.
- For the purposes of this Policy, where the capacity of individuals under the age of 18 cannot be practically or reasonably assessed on a case-by-case basis, we will presume that an individual aged 15 or over has the capacity to consent.
- MAKING A COMPLAINT
- If you think we have breached the Privacy Act or the APPs, or you wish to make a complaint about the way we have handled your Personal Information, you can contact us using the details set out below.
- Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.
- If you think that we have failed to resolve the complaint satisfactorily, a complaint may be made to the Office of the Australian Information Commissioner.
- CHANGES TO THIS POLICY
- In this Policy:
|APPs||means the Australian Privacy Principles in Schedule 1 of the Privacy Act.
||in relation to Personal Information or Sensitive Information (as the context requires), has the meaning given
to that term in the Privacy Act, being the inclusion of that information in a record or generally available
has the meaning given to that term in the Privacy Act, being the provision of either:
has the meaning given to that term in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable:
||means the Privacy Act 1988 (Cth).
Related Body Corporate
has the meaning given to that term in the Corporations Act 2001 (Cth), being:
||means the ‘Studium Global’ cloud-based digital software platform and user interface developed and operated by
has the meaning given to that term in the Privacy Act, being:
we, us or our
||means ElevenBlue Pty Ltd (Australian Company Number 617 137 354) trading as ‘Studium’ or ‘Studium Global’ and
its Related Bodies Corporate.
you or your
||means an individual whose Personal Information we have collected or have access to.
- CONTACT US
- For further information about the Policy or our practices, or to access or correct your Personal Information, or make a complaint, please contact us using the details set out below:
Contact: Stuart Scott
- DEFINED TERMS
- In this Schedule:
||has the meaning given to that term in the GDPR, being in relation to a data subject, any freely given,
specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or
by a clear affirmative action, signifies agreement to the processing of personal data relating to him or
||has the meaning given to that term in the GDPR, being the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the purposes and means of the processing of Personal
Data; where the purposes and means of such processing are determined by European Union or European Union member
State law, the controller or the specific criteria for its nomination may be provided for by such law.
||means Regulation (EU) 2016/679 (General Data Protection Regulation) of the European Union.
||has the meaning given to that term in the GDPR, being any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
||has the meaning given to that term in the GDPR, being any operation or set of operations which is performed on
Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or
||has the meaning given to that term in the GDPR, being a natural or legal person, public authority, agency or
other body which processes personal data on behalf of the Controller.
you or your
||means a person whose Personal Data we have collected, have access to or process who ordinarily resides in the
European Union or the European Economic Area.
- This Schedule has been prepared for the purposes of ensuring our compliance with the GDPR, to the extent that it applies to us.
- This Schedule only applies to you only if you ordinarily reside in the European Union or European Economic Area.
- The provisions of this Schedule prevail to the extent of any conflict or inconsistency with the other provisions of this Policy.
- HANDLING OF PERSONAL DATA
- The collection, use, processing, sharing, storage and disposal of your Personal Data is subject to this Policy.
- We will be the Controller of your Personal Data that is collected by or for us, that is processed by or for us, or that is stored by us.
- We will seek to ensure that your Personal Data is:
- processed in a lawful, fair and transparent manner; and
- only collected and processed for lawful purpose outlined in this Policy.
- We may use automated processes using your Personal Data and your activity on the Studium Platform for the purposes customising notifications or products and services provided to you. We may also use such data in automated processes for the purpose of providing more relevant services to our customers.
- Except to the extent we are prohibited from doing so under Australian law, you may:
- instruct us as to how we can use your Personal Data, including to restrict our use;
- object or withdraw your consent to our use (or any particular use) of your Personal Data;
- request that we provide you (in a portable format) with or send to a third party all Personal Data that we hold; and
- request that we delete your Personal Data.
- We will only process Personal Data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation with your consent or as otherwise permitted by law.
- We will seek the consent of a parent or guardian to collect the details of minors under the age of 16. This will not affect the validity of any contract in relation to a child.
Updated Saturday 30 Mar 2019