Privacy Policy
Androgogic Privacy Policy
Version |
Approved by |
Approval date |
1.8 |
Chief Executive Officer (CEO) |
24-06-2024 |
Guide statement |
||
Purpose |
This policy describes how Androgogic handles private information. |
|
Scope |
This policy is applied to all Androgogic information handling practices. |
|
Users |
This policy is public information. |
1. Policy
1.1 High level approach to good privacy practice
Androgogic seeks to maintain the privacy of individuals wherever possible and will not collect and/or disseminate private information unless there is a clear reason to do so.
Androgogic is also committed to adhering stringently to applicable privacy and data protection legislation. These include the Australian Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU) 2016/679 (GDPR) where applicable.
To achieve these ends, Androgogic is committed to:
- maintain and keep up-to-date this Privacy Policy
- conform to applicable privacy and data protection legislation, such as Australian privacy laws (including the Australian Privacy Principles) and the GDPR where applicable
- only collect and store private information that is needed
- promote good privacy management practices in our users
- encourage good privacy management in our staff community
- identify and manage privacy risks
- engage regularly, openly and honestly with our client-partners on their views and concerns and feed these into our privacy management and decision making processes
- develop partnerships that promote good privacy management practices
- work with those involved in the development of our products and delivery of our services to improve their understanding of and ability to maintain privacy and adhere to privacy legislation
- regularly review our performance and report on progress
1.2 Privacy statement
1.2.1 Scope
Androgogic collects personal information as part of:
- our delivery of Educational Technology infrastructure and services
- the employment of Androgogic staff and contractors
- the engagement of suppliers
Androgogic also acts as a processor of personal information on behalf of our client-partner institutions. Where Androgogic collects personal information on behalf of our client-partner institutions, we refer requests and issues relating to privacy to that partner-institution. That institution will be subject to separate requirements under the data protection laws applicable to it. We do however work with our client-partners to ensure that:
- good privacy management practices are being followed
- privacy risks are identified and managed
- they improve their understanding of and ability to maintain privacy and adhere to privacy legislation
When we use the word “processing” in this Privacy Policy, it has the meaning given to it under the GDPR, but essentially it means any operation or set of operations performed on personal data, including its storage, use and disclosure.
1.2.2 Collection of personal information
Information we may collect
We may collect and process all or some of the following personal information about you:
- contact details such as name, address, email and phone number
- your gender and date of birth
- your role, business unit and institution
- data about your training, including course enrolment and completion
- if you are a part of projects involving Androgogic or its services, the relevant project(s)
- details of your interactions with Androgogic, including support requests that you lodge with us
- identification and reporting information such as Employee Number or Student Number or TFN for employees
- information on how you use our services and programs, and your preferences regarding our services and programs
- details of your visits to our websites and services, and information collected through cookies and other analytics and tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access
We generally collect personal information directly from you. Where it is not practicable to collect personal data from you, we may also collect personal information from publicly available sources of information, and, where you have provided your consent, from third parties.
If you do not provide us with the personal information we request, we may not be able to provide you with access to our services and assistance, to the extent that they require us to collect, use or disclose personal information.
Where we process your personal information on behalf of a client-partner institution (for example, to assist that client-partner institution in offering educational services to you), we collect personal information from the client-partner or persons acting on their behalf or with their authorisation. Our client-partner institutions may have their own obligations to you under applicable data protection laws.
How we process your personal information
We are required to process personal information in accordance with applicable national laws in Australia and the GDPR where applicable.
To the extent our data processing activities are subject to the GDPR, we only process personal information where we have a lawful basis to do so. We identify the lawful basis of each type of processing in this section of our Privacy Policy. A full description of the legal grounds can be found here.
It is Androgogic’s policy that we will collect and store such personal information as is required to:
- deliver the Educational Technology infrastructure and services our client-partners require (on a client-by client basis), including by processing personal information of our client-partners’ administrative users within our internal systems to ensure we are able to communicate with administrative users regarding the services we provide those client-partners.
Legal basis: Legitimate interest (to enable us to provide our services to our client-partners).
- facilitate our projects, provide support to our users, respond to queries, communicate with you (including to inform you of changes to our services, notify you of security patches, and otherwise provide project updates) and verify your identity where required as part of our services or our interactions with you.
Legal basis: Legitimate interest (to facilitate us offering our services).
- to send marketing materials about our services, including via email and other digital communications.
Legal basis: Consent, legitimate interest (where we are not required to rely on consent, to keep you updated with news in relation to our services).
- to back-up our data and systems so as to mitigate the impact of an information technology disruption on the provision of our services.
Legal basis: Legitimate interest (to facilitate the continuity of our services in the event of a business disruption).
- employ and manage our staff and contractors.
Legal basis: Legitimate interest (to facilitate our management of personnel); contract performance (to perform our agreements with contractors).
- engage and work with our suppliers.
Legal basis: Legitimate interest (to facilitate the performance of our services); contract performance (to perform our agreements with suppliers).
- transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing a proposed transaction or reorganisation if we (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation. We may also need to transfer your personal information to the relevant third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Policy.
Legal basis: Legitimate interest (to allow us to change and restructure our business effectively).
- comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal data to third parties, courts and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal basis: legal obligations, legal claims, legitimate interest (to cooperate with law enforcement and regulatory authorities).
- prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
Legal basis: legal obligations, legitimate interests (to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud).
1.2.3 Who do we share your personal data with and why?
Please note that, in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in section 1.2.2 of this Privacy Policy to our service providers, licensors, contractors, agents and advisors (e.g. legal, financial, business or other advisors).
It is Androgogic’s policy to NOT DISCLOSE personal information we have collected unless it is required by applicable law or other mandated process such as payment information for employees for taxation purposes.
Where Androgogic systems have collected personal information on behalf of client-partner institutions (such as e.g. a university, corporation or government department), it is Androgogic’s policy and generally also a contracted requirement to NOT DISCLOSE personal information to third parties other than that client-partner institution. It should be noted that each client-partner of course has access to that personal information and that you should consult with that institution if you have concerns or wish to check their privacy policies and practices.
1.2.4 Transmission, storage and security of your personal information
Security over the internet
No data transmission over the Internet or a website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
All information you provide to us is stored on our secure servers and accessed and used subject to our security policies and standards. Where you have chosen a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures we notify you of. We ask that you do not share your password with anyone.
International transfers of your personal information
Androgogic is an Australian business. We store personal information in Australia, with disaster recovery back-up storage hosted in Australia and USA. We may also disclose personal information to a key service provider located in New Zealand and the United Kingdom for the purposes listed in section 1.2.2 of this Privacy Policy.
Our services are made available to client-partners and end users all over the world. If you access our services because of a relationship we have with a client-partner (e.g. an educational institution), your personal information may be disclosed to that client-partner in the location(s) in which it is based.
Androgogic will NOT DISCLOSE personal information overseas unless that disclosure complies with the Australian Privacy Principles (and specifically APP 8 - Cross-border disclosure of personal information). Where additional obligations regarding cross-border disclosures apply to our activities, for example under the GDPR where applicable, we comply with those obligations.
Retention of your personal information
Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose.
When personal information is no longer needed, we securely destroy the data.
1.2.5 Rights and choices
It is Androgogic’s policy to respect the rights of an individual to have accurate, up-to-date and complete personal information stored, when stored at all.
Marketing
You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. In addition to any other mechanisms prescribed by applicable direct marketing laws, you can exercise your right not to receive marketing communications at any time by contacting us as set out in the “Contact details” section below.
Updating information
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us using the contact information set out in the “Contact details” section below.
Your rights
If you have any questions in relation to our use of your personal information, you should first contact us as set out in the “Contact details” section below. Under certain circumstances and where permitted by applicable data protection laws, you may have the right to require us to:
- provide you with further details on the use we make of your information;
- provide you with a copy of information that you have provided to us;
- update any inaccuracies in the personal information we hold (please see “Updating information” above);
- delete any personal information that we no longer have a lawful ground to use;
- where our processing activities are based on your consent, withdraw your consent so that we stop that particular processing; and
- transmit the personal data you have provided to us (to the extent we still hold it) to a third party electronically.
You may also have the right to:
- object to any processing that we undertake based on our legitimate interests, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- restrict how we use your information while a complaint is being investigated.
If you contact us to request we take any of the above steps, we ask that you provide us with as much detail as you can about the personal information in question, as this will help us to assist you. Before we proceed with a request, we may require some proof of identity.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
1.2.6 How to make a complaint
If you have a complaint relating to privacy that you would like addressed, please send an email to complaints@androgogic.com and it will be addressed in a timely manner.
You also have the right to complain to your appropriate data protection authority.
If you are in Australia, your data protection authority is:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Ph: 1300 363 992
Fax: +61 2 9284 9666
If you are located outside Australia, you may contact the data protection authority with oversight over your jurisdiction.
1.2.7 Contact details
For any requests as to privacy including requests for changes to personal information or other issues, Androgogic may be contacted at:
Telephone: 1800 987 757
Web: https://androgogic.com/contact
Email: support@androgogic.com
2. References
Key reading references associated with this policy are as follows:
- The Privacy Act 1988 (Privacy Act): https://www.legislation.gov.au/Series/C2004A03712
- Australian Privacy Principles: https://www.oaic.gov.au/privacy/australian-privacy-principles/
- GDPR: https://gdpr.eu/
3. Annex
The processing of personal data under the GDPR must be justified under one of a number of legal bases. We are required to set out the legal basis in respect of each use or disclosure of personal data in this Privacy Policy. We note the basis we use to justify each use of your information next to the use in the “How we process your personal information” section of this Privacy Policy.
These are the principal legal bases that justify our use of your personal data:
Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use). You may withdraw your consent to the use of your personal data by contacting us using the details shown in this Privacy Policy. If you do so, we may be unable to provide you with access to all or some of our services. |
Contract performance: where your information is necessary to enter into or perform our contract with you. |
Legal obligation: where we need to use your information to comply with our legal obligations. |
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights. |
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party. |
We do not generally collect special categories of personal data which are defined by the GDPR to include physical and mental health, race, ethnicity, religious or philosophical beliefs, political opinions, trade union membership, sexual orientation, sex life, or genetic or biometric data. In the rare circumstances in which do collect special categories of personal data, the following are the principal legal bases that justify our use of special categories of your personal data:
Protection of vital interests of you or another person, where you are unable to consent: processing is necessary to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent. |
Legal claims: where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party. |
In the substantial public interest: processing is necessary for reasons of substantial public interest, on the basis of EU, UK or local law. |
Explicit consent: you have given your explicit consent to the processing of your personal data for one or more specified purposes. You may withdraw your consent to the use of your personal data by contacting us using the details shown in this Privacy Policy. If you do so, we may be unable to provide you with access to all or some of our services. |