NESLI AND NAVITAS
- PROTECTING YOUR PRIVACY
Welcome to the National Excellence in School Leadership Institute and Navitas Pty Ltd’s Privacy Notice. Below you will find information about how the Navitas Professional Institute Pty Ltd (ABN 94 057 495 299) trading as National Excellence in School Leadership Institute (“NESLI”) and its parent company Navitas Pty Ltd manages the security of your privacy.
NESLI and Navitas Pty Limited respect your right to privacy. This privacy notice (the “Privacy Notice”) explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to data collected about all users of www.nesli.org and www.navitas.com and websites of our subsidiary companies, and other related websites, (the “Website”) and the services available on the Website (the “Services”).
The terms “the Company,” “we,” “us,” “our,” and “ours” refer to each of NESLI and Navitas Pty Limited. The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.
We reserve the right to make changes periodically to this Privacy Notice at our sole discretion. Changes to the Privacy Notice will be posted on this page.
If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.
We know that there’s a lot of information here, but we want you to be informed about your rights, and how we use data across the Navitas Group of companies to provide you with the best possible service.
WHO IS NAVITAS?
Navitas Pty Limited (ABN 69 109 613 309) is a global education provider and the parent company of WLNZ. Our head office is located in Perth Western Australia at the following address:
Navitas Pty Ltd
Level 8, Brookfield Place,125 St Georges Terrace
PERTH WA 6000 Australia
The Company has subsidiary companies and affiliated organisations operating in Australia, New Zealand, Canada, Europe, Africa, South East Asia, North Asia, South America, the Middle East and the USA, collectively called the “Company”.
The European head office is located in the UK at the following address:
Navitas UK Holdings Limited
SAE Institute, Littlemore ParkArmstrong Road
Oxford OX4 4FY UK
The following link will provide you with further details of the Navitas Group: www.navitas.com
For ease of reading this notice the “Company” will be referred to as “we” and “us” in this notice.
EXPLAINING THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
The Company is a global company and understands that the laws on data protection may be different in different countries, however, the Company has set out below a number of different reasons for which we may collect and process your personal data, including:
1. In specific situations, we can collect and process your data with your consent for example, when you tick a box to receive marketing material from us.
2. When collecting your personal data, we’ll endeavour to collect the minimum necessary for us to provide our services.
1. Depending upon national and sometimes state law you may be called a “minor” when it comes to signing a contract or consenting for us to collect and process your personal data. This means you have not reached the legal age of consent.
2. In many countries including Australia, New Zealand, Canada, Singapore and the USA, it is usual to require a person to be 18 years of age to have reached the legal age of consent.
3. In Europe it is usual that a person is 16 years of age, 13 in the U.K. to consent to receive marketing information. As part of protecting you and your rights, if the law says you are still a “minor”, we require your parents/guardians consent to directly collect and process your data via online services.
1. Explicit Consent means that you have been presented with an option to agree or disagree with the collection, use, or disclosure of personal information.
2. If we need to collect special categories of data from you in order to provide you with the services you require or meet our legal obligations, we will collect this data on the basis of your explicit consent, national/regional social protection laws or for statistical reporting purposes requested by official bodies.
3. The special category data that we may request from you includes details such as your racial or ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or visa requirements. We may also need to collect data concerning your health (eg medical check reports and immunisation history) to provide additional support to you.
1. In certain circumstances we will need to collect your personal data to meet our contractual obligations to you.
2. We will collect this data so that we can make an offer to you to study or enrol with us or to work with us.
3. We will use this data to establish a contract that sets out your obligations as a student or employee and our obligations as the provider of the study services or employment to you.
1. If the law requires us to, we may need to collect and process your data for a number of reasons, for example to:
- Prevent fraud
- Meet the needs of immigration authorities
- Comply with Consumer Protection law
1. In specific situations, we collect your personal data as part of undertaking our legitimate interests in a way which might reasonably be expected as part of running our business and, which does not materially impact your rights, freedom or interests. It might include:
- Staying in touch with you for purposes of staying in touch with ex-students as part of an alumni programme
- Keeping you informed regarding Company highlights and news
WHEN DO WE COLLECT YOUR PERSONAL DATA?
1. When you visit any of our websites, (here we just collect transaction-based data).
2. When you complete our online or paper/PDF application forms.
3. When you engage with us on social media.
4. When you contact us by any means with queries, comments etc.
5. When you book any kind of appointment with us.
6. When you book to attend an event.
7. When you’ve given a third-party permission to share with us the information they hold about you.
8. When you attend a college, campus or office, which may have CCTV systems operating for the security of both Students, Visitors and Staff. These systems may record your image during your visit.
9. When you engage with our online learning tools such as Moodle, and attend our online delivery through tools such as Zoom.
10. For employees we collect your personal data throughout the period of your employment with the Company
CATEGORIES OF PERSONAL DATA WE COLLECT
1. Your contact details i.e. your:
- Date of birth
- Postal address (can be a postal box number and/or a street address)
- Social media contacts
- Telephone number/s (mobile and landline)
2. Identity and Immigration documentation i.e. your:
- Driver’s licence
- Identity card
- Visa details
3. Your bank account details.
4. Your educational history inclusive of but not limited to your:
- Current qualifications
- Institution/s you studied at
- Most recent study experience
5. Details of your interactions with us, such as:
- We collect details of enquiries and comments you make in the web pages you visit or when you contact us by email, telephone or in person
6. Additionally, for employment purposes:
- Social security (or equivalent) details
- Next of Kin details
- Health information
- Your image, voice and written contributions
- As you interact with our website and other platforms made available by the company, we may automatically collect technical data about your equipment, browsing actions and patterns.
WHY WE USE YOUR PERSONAL DATA?
1. To ensure that we provide you with the information and service you need we sometimes combine the data we have about you. This is allowed as part of our legitimate interest to provide you with the optimum service.
2. If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
3. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.
4. The reasons we use your personal data include:
- To operate and administer our business to provide you with the best possible service. This is done on the basis of our legitimate business interests.
- To respond to your queries and requests.
- We may keep a record of communication with you. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
- To protect our business and you from fraud and other illegal activities.
- We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
- To protect our students, visitors and staff, premises and assets, we operate CCTV systems in some of our colleges, campuses and offices which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions. This is done on the basis of our legitimate business interests and to help protect you from fraud.
- With your consent, we will use your personal data preferences, to keep you informed by email, web, text, social media and telephone about relevant services and events.
- To protect your vital interests if you become unable to provide consent.
- To hire and manage employees and contractors. We do this as part of our contract with you.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. (For example, updates to this Privacy Notice). These service messages will not include any marketing content and do not require prior consent when sent by email or text message. We need to keep you informed as part of complying with our legal obligations.
- To comply with our contractual or legal obligations to share data with law enforcement if necessary, for example:
- If a court order is presented that requires us to share your personal data with law enforcement agencies or courts of law
HOW WE LOOK AFTER YOUR PERSONAL DATA?
1. We know how much data security matters. We will treat your data with the utmost care and respect and take all appropriate steps to protect it.
2. We secure access to all transactional areas of our websites and apps using ‘https’ technology.
3. Access to your personal data is restricted and secure, and sensitive personal data such as health information is secured via password protection and encryption.
4. Storage systems for paper copies are secured and access is managed through the Company’s access protocols.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
1. We have a detailed records management programme in place and all records (paper and electronic) are required to be managed in accord with its security and disposal steps.
2. Whenever we collect or process your personal data, we will store it safely and only for as long as is necessary for the original purpose for which it was collected or as required by law.
3. At the end of the documented retention period, your data will either be deleted completely or anonymised.
SHARING YOUR PERSONAL DATA
WE SHARE YOUR PERSONAL DATA WITH TRUSTED THIRD PARTIES
1. We sometimes share your personal data with trusted third parties to provide services and business functions. An example of a third party would be a Navitas contracted education agency in your region and/or a University Partner.
2. We set very clear directions and expectations for those organisations regarding the safety and protection of your privacy and personal data.
3. The directions and expectations are set out in our contract with the third party and include:
- Providing them only the information they need to perform their specific services
- Setting out the purpose for which the personal data is being shared
- Confirmation that they will make every reasonable effort to ensure that your privacy is respected and protected
- If we stop using their services, they will undertake to either securely delete or render anonymous any of your personal data held by them
- They will inform us immediately in the event of a suspected or actual breach being detected
THE TYPES OF THIRD PARTIES WE WORK WITH INCLUDE:
2. IT companies supporting our websites
3. Cloud storage companies
4. Customer Relationship Management application providers
5. Educational establishments
6. Educational professionals
7. Regulatory authorities
8. Accommodation providers
9. Estate services
10. Online webinar providers
12. Financial service providers
13. Travel service providers
14. Migration Agents
HOW DO THIRD PARTY PARTNERS USE YOUR PERSONAL DATA?
1. When you use a service from one of our chosen partners, your data will be collected and used by them under the terms of their own separate privacy policies.
WHY DO WE SHARE YOUR PERSONAL DATA?
1. We need to share your personal data with trusted third parties in order to meet legal and regulatory obligations and fulfil our contractual promise to you.
2. We will only share your data with third parties in very specific circumstances, for example:
- With your consent, given at the time you supplied your personal data, to us, we may pass that data to a third party for their direct marketing purposes.
- When working with academic professionals as part of ensuring the delivery of high quality services to you.
- We may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- If we receive a valid request from the police or other law enforcement agency, regulatory or Government authority in your country of origin or elsewhere, we may be required to disclose your personal data
- We may, from time to time, expand, reduce or sell the Company and this may involve the transfer of business entities or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
- We may share recordings of online delivered sessions such as classes, webinars and tutorials with other individuals in your College or Campus, and the wider Navitas group in order for us to ensure the ongoing quality of our course delivery, and to help to further educate our teaching staff.
PROCESSING AND TRANSFERRING YOUR PERSONAL DATA
NAVITAS PTY LTD – A GLOBAL ORGANISATION
1. We have operations in many different geographic regions and our head office is in Australia, therefore, we will sometimes need to share your personal data across national boundaries and borders for example:
- outside the European Economic Area (EEA)
- between North America and Australia
- Asia and Australia
- New Zealand and Australia
- Canada and Australia
- Europe and Australia
2. The transfer of data, inclusive of personal data, may include transferring it to:
- Our head office in Australia
- Other Company businesses in Australia and elsewhere within the Company’s global structure (intra-company transfers)
- International third parties for data storage purposes e.g. EU member- state business operation to Singapore
3. If we do transfer your personal data across an international border, we have procedures in place to ensure your data receives the same protection as if it were being processed inside your country of residence for instance an EEA member-country or Australia or Asia or Canada or the USA etc.
4. For further information on the transfer of your personal data you can contact:
- email@example.com (if you are resident in Europe)
- Privacy@navitas.com (the rest of the world)
- DataProtection@navitas.com (the rest of the world)
YOUR RIGHTS OVER YOUR PERSONAL DATA EXPLAINED
YOUR PERSONAL RIGHTS
1. We need you to understand the rights you have when it comes to your personal information.
2. Not all countries extend the same rights under their respective privacy regulation. The examples of rights available under privacy regulation noted below, show how those rights vary across the world and the many different nations in which the Company operates. We have set out a few of these below for your information.
3. If your country is not listed below, please contact: firstname.lastname@example.org for further information. In your email to email@example.com please set out the country and region within that country you are enquiring about, in order that we can provide you with the right information.
4. The rights you have may be different depending on where you live in the world for instance, in the EU, EEA or the UK you have the right to:
- Access and review personal data we hold about
- Rectify/correct any inaccurate personal information we hold about you.
- Request a copy of data you supplied to us, in a machine readable format or for the transfer of this data to another company
- Request the restriction of processing of your personal data
- Object to us processing your personal data
- Request the erasure of your data, (right to be forgotten)
5. For any of these EU/EEA/UK requests please contact: firstname.lastname@example.org
6. If you live in Australia you have the right to:
- Request anonymity and pseudonymity
- Request for information not to be used for marketing purposes
- Access and review personal data we hold about you
- Rectify/Correct any inaccurate personal information we hold about you
7. If you live in New Zealand or Canada you have the right to:
- Access and review personal data we hold about you
- Rectify/Correct personal data we hold about you
- If you live in the United States of America you have the right to:
- Access and review personal data we hold about you
- Rectify/Correct personal data we hold about you
- Be informed of any disclosures
- Certain residents of US States may have additional privacy rights including certain California residents under the California Consumer Privacy Act (CCPA). Such rights include a right to:
- Obtain information about personal data that we may collect, share or sell
- Request deletion of certain personal data we hold about you
- Opt-out from the sale of personal data relating to you
- Not be discriminated against for the exercise of legal privacy rights
8. For any privacy rights in regions/countries/states outside of Europe please contact: email@example.com
9. For an explanation of your rights in the country in which you live, work or study with one of our business entities please contact: firstname.lastname@example.org. Set out the nature of your request and the Company will inform you of how it is able to assist you. Please note that the same rights do not apply in all of our operating regions, countries or states.
10. All requests related to your rights and your personal data, will be examined in detail and a member of the Privacy team will respond to you as quickly as possible.
11. We will make all reasonable efforts to meet with your request and will keep you informed as to our progress in getting the information to you in a format that is acceptable and usable.
WITHDRAWAL OF CONSENT
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
1. You have the right to stop the use of your personal data for marketing activity through all channels, or selected channels.
2. We will always comply with your request. To action this:
- Click the ‘unsubscribe’ link in any email communication that we send you
- We will then stop any further emails from being sent to you
3. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
QUESTIONS OR ISSUES YOU MAY HAVE
1. If you require any further information we will be pleased to provide you with further detail.
2. If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint so that we can deal with your concern quickly and effectively.
3. We will take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently.
4. We’d be grateful for your cooperation with us during this process by providing us with any relevant information that we may need.
OUR CONTACT DETAILS
1. A Data Protection Officer (DPO) has been appointed for the EU (this includes the UK) companies and ‘local’ EU Data Protection Managers have been appointed as per the table below
2. The DPO and DPMs can be contacted directly on the relevant link below:
Data Protection Manager Australasia and Africa
Australia, New Zealand, Singapore, Sri Lanka, Indonesia, Thailand, South Africa and any country not listed in other regions below
+61 8 93149628
Data Protection Officer UK/EU
Data Protection Manager UK
England, Wales, Scotland and Northern Ireland
Data Protection Manage Germany, Switzerland and Austria
Germany, Switzerland and Austria
Data Protection Manager South Western Europe
Belgium, France, Greece, Italy, Netherlands, Spain, Sweden
Data Protection Manager Canada
Data Protection Manager United States of America and South America
USA, Mexico and Colombia
Data Protection Manager Middle East
Jordan, Saudi Arabia and United Arab Emirates
Title: Data Protection Manager Australasia and Africa
Countries: Australia, New Zealand, Singapore, Sri Lanka, Indonesia, Thailand, South Africa and any country not listed in other regions below
Telephone: +61 8 93149628+61 (0) 498 023 385
Title: Data Protection Officer UK/EU
Title: Data Protection Manager UK
Countries: England, Wales, Scotland and Northern Ireland
Title: Data Protection Manage Germany, Switzerland and Austria
Countries: Germany, Switzerland and Austria
Title: Data Protection Manager South Western Europe
Countries: Belgium, France, Greece, Italy, Netherlands, Spain, Sweden
Title: Data Protection Manager Canada
Title: Data Protection Manager United States of America and South America
Countries: USA, Mexico and Colombia
Title: Data Protection Manager Middle East
Countries: Jordan, Saudi Arabia and United Arab Emirates
CONTACTING YOUR SUPERVISORY AUTHORITY
EUROPE (INCLUSIVE OF THE UK AND NON-EU MEMBER STATES)
1. The Company has nominated the Information Commissioner’s Office (ICO) as its Supervisory Authority for Europe.
2. If you feel that we have not handled your data correctly, or you are unhappy with our response to any requests regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office, (ICO), in the UK, or your National Supervisory Authority or data regulator.
3. You can contact the ICO by calling +44 303 123 1113 or go online to www.ico.org.uk
1. Australia has nominated the Office of the Australian Information Commissioner (OAIC) as the primary Supervisory Authority.
2. You can contact the OAIC by calling +61 1300 363 992
3. Email: email@example.com or go online to www.oaic.gov.au
ALL OTHER COUNTRIES
1. A complete list of all supervisory authorities in the host nations in which the Company operates is available from: firstname.lastname@example.org
2. Please ensure that you confirm in your email to email@example.com the business entity and country you are working for or studying in.