1. The purpose this policy is to outline how IHM complies with the Privacy Act 1988 and the Australian Privacy Principles (APPs) 2014 and other federal laws on how IHM collects, stores, uses and disseminates student and staff personal information.
2. IHM is bound by Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), Information Privacy Principles (IPPs) in the Privacy and Data Protection Act 2014 (Vic), the Health Privacy Principles (HPPs) (Cth) in the Health Records Act 2001, and to the related legal obligations by which it is bound.
3. This Policy covers IHM’s treatment of personally identifiable information that IHM collects through any means as part of the provision of its services. This Privacy and Security Statement does not apply to the practices of companies that IHM does not own or control or to people that IHM does not employ or manage.
4. IHM Privacy Policy is technology neutral, applying equally to paper-based and digital environments. This is intended to preserve the relevance and applicability, in a context of continually changing and emerging technology.
5. This policy covers all personal and sensitive information relating to students and staff and all institutional records including educational, training, assessment, policy, financial, Intellectual Property, compliance, and quality documents.
6. Definitions for key terms are presented in the Glossary of Terms.
7. This Policy is linked to the following:
8. Personal information is defined in the Privacy Act 1988 as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
9. Sensitive Personal information is defined in the Privacy Act 1988 as “information or an opinion about an individual” that is also personal information, such as:
10. Information about Students
10.1 IHM collects personally identifiable information that students provide when they register or enrol for any educational courses or programs, when they use certain IHM online services or products, or when they enter promotions. IHM’s preferred source of personal information is the individual concerned. However, IHM may also receive information from other sources such as other members of the Health Careers International (HCI) Group.
10.2 Under the Freedom of Information Act, Vic 1982, IHM will permit a student to apply for and receive a copy of the personal information that the provider holds on the student’s record.
11. Information about Staff
11.1 IHM collects personal information from its staff which may be used for Selection, Appointment, Promotion, General Administration or Provision of Services to staff. IHM’s preferred source of personal information is Page 3 of 8 the individual concerned. However, IHM may also receive information from other sources such as:
11.2 IHM takes all reasonable steps to ensure that information collected is:
12. Collection of Personal Information
12.1 Personal information will not be collected unless:
12.2 Personal information will not be collected by unlawful or unethical means.
12.3 Where personal information is collected for inclusion in a record or in a generally available publication, IHM will take all reasonable and practicable steps to ensure that, the student concerned is made aware of:
12.4 Where IHM solicits and collects personal information for inclusion in a record or in a generally available publication it will take reasonable steps to ensure that:
12.5 IHM is committed to complying with the obligation under the Privacy Act 1988, and the associated Australian Privacy Principles (APPs), in the way it specifically collects, uses, secures, and discloses personal information. IHM is committed to safeguarding any confidential information obtained by it. IHM will ensure that:
13. Accessing and Correcting Personal Information
13.1 A link to IHM’s Privacy Policy is included in the Student Handbook, detailing the information collected and its intended uses.
13.2 IHM will ensure individuals have access to their personal information held by institutions, in compliance with legal obligations.
13.3 Requests for accessing information will be evaluated in accordance with relevant legislation, as well as IHM’s Privacy Procedure and Records Management Policy and Procedure.
13.4 Staff members encountering concerns regarding information access should seek guidance from People and Culture Officer.
13.5 Upon notification of inaccuracies, incompleteness or outdatedness in personal information, IHM will endeavors to rectify the data or document the individual’s dissent.
14. Securing, Storing and Retaining Data
14.1 IHM will implement measures to safeguard information against misuse, loss, unauthorized access, modification, or disclosure.
14.2 IHM’s protocols for Information technology security are delineated in the Cyber Security and Safety Policy, Records Management Policy and associated Procedure.
15. Disposing of and Destroying Information
15.1 IHM will only dispose of or permanently de-identify personal or sensitive information when no longer legally required. Destruction of documents will adhere to the Records Management Policy and related Procedure.
15.2 IHM will only dispose of or de-identify health information in accordance with the Health Records Act 2001.
16. Health Information
16.1 In addition to general obligation, IHM has specific duties regarding confidential health information if collected from staff and students.
16.2 Health records may be generated across various IHM operations, such as research, teaching, People and Culture functions, student counselling and student disability liaison. These records will be managed in compliance with Health Records Act 2001 as detailed in the Privacy Procedure and Records Management Policy and Procedure.
17. Anonymity and Pseudonymity
17.1 IHM respects and acknowledges the choice of anonymity and pseudonymity by individuals dealing with IHM. IHM provides opportunities for individuals to interact anonymously or by pseudonym with IHM where appropriate. For example, anonymous dealings may include an unidentified individual telephoning IHM to make a general enquire about its courses or services.
17.2 Pseudonymity requires that an individual may contact IHM and use a name, term or descriptor that is different from the person’s actual name. Examples may include an email address that does not contain the person’s actual name, and/or a username that a person uses when participating in an online forum.
17.3 Personal information should only be linked to a pseudonym if this is required or authorised by law.
17.4 Situations where it is impractical to implement Anonymity and/or Pseudonymity:
17.5 The following are examples where it may be impracticable to deal with an individual who has not disclosed their actual identity:
Related Internal Documents |
Privacy Procedure Records Management Policy Records Management Procedure |
Related Legislation, Standards, and Codes |
Tertiary Education and Quality Standards Agency Act 2011 Higher Education Standards Framework (Threshold Standards) 2021 Privacy and Data Protection Act 2014 (Vic) |
Date Approved |
02.08.2024 |
Date of Effect |
03.08.2024 |
Date of Next Review |
30.07.2027 |
Approval Authority |
Audit and Risk Committee Endorsed by Board of Directors |
Responsibility for implementation |
Approval Authority |
Approval Authority |
Approval Authority |
Approval Authority |
IHM-AEP1-4.0 |
Version Control | ||
Change Summary |
Date |
Short description of change, incl version number, changes, who considered, approved etc |
Version 2.0 |
7/01/2021 |
|
Version 3.0 |
6/10/2022 |
Comments from FEE-HELP application response included |
Version 4.0 |
Version 4.0 |
|
Get an answer on courses, costs, careers as well as facilities, entry requirements or just about
anything else relating to studying at IHM.
We are here to help you!