Intent

This policy provides guidelines to ensure data relating to an identifiable individual is held securely and properly managed at Singapore Campus of James Cook University.

Scope

Singapore Campus of James Cook University (JCU) collects personal data to support its organisational functions such as, but not limited to, teaching, learning, research and general administration. This includes for example, sending or storing medical information by electronic means, either via a website or by email.

This policy applies to all JCU staff, students, contractors and any other third party who collects or manages personal information on behalf of JCU.

“In the context of prospective students applying for study at JCU, such personal data will be collected, used, disclosed and/or processed by JCU- for the purpose(s) of:

(a) Processing, administering and/or managing the individual’s application(s) for admission and enrolment, and acceptance to courses in JCU;
(b) Providing student support and administrative services to the individual;
(c) Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by JCU;
(d) Responding to any enquiries by the individual;
(e) Processing the individual’s application(s) for scholarships and/or financial aid as part of the admission process;
(f) Investigating matters involving fraud, misconduct, any unlawful action or omission relating to the individual’s application for admission;
(g) Responding to requests for information from external organisations such as professional bodies, hospitals and schools relating to the practical or clinical component of courses in JCU from time to time;
(h) Generating financial, regulatory, management or survey reports and statistics for JCU’s business and administrative purposes; and
(i) If consented to by the individual in the registration form and/or other methods of consent notification, sending the individual marketing and promotional information relating to courses in JCU and general student-related activities within JCU, as well as seminars and/or events by post, phone, electronic mail, text and other electronic means.”

Definitions

Personal data - The Personal Data Protection Act 2012, defines personal data as, "data, whether true or not, about an individual who can be identified -

(a) from that data; or
(b) from that data and other information to which the organisation has or is likely to have access."

Policy

JCU will not use or disclose personal information for any purpose other than as advised at the time of collection, unless:

• JCU has obtained signed written consent, or
• The information is required by law or court order, or
• A request for information is made by the Ministry of Education or the Council for Private Education, or any statutory authority, or
• Publication or release of information as is customary by universities or other educational institutions, including, but not limited to, awards of prizes, medals, scholarships, classes of honours and other marks of distinction and, student or graduation status, or
• In exceptional circumstances, when withholding information would likely result in a serious threat to the health, safety or life of the student, staff, another individual, individuals or the general public.

JCU shall make every effort to ensure the data collected is accurate and complete and will take every precaution to protect personal data from loss, misuse, unauthorised access, or disclosure, copying, alteration, or destruction.

JCU will retain the personal information until the purpose for the collection is being served by retention or the retention is necessary for legal or business purposes.

JCU shall obtain the individual's clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages if the individual is registered in the Do Not Call Registers.

JCU shall designate one or more individuals to implement personal data protection policies. The business contact information of the data protection officer(s) shall be made available to the public.

Where necessary, JCU may disclose personal information of its students to external organizations such as professional bodies, hospitals and schools in order to enable those students to undertake an internship, professional attachment, practical experience or a clinical component of their course. JCU may provide information of its students to third parties for administrative and legislative purposes (under the Private Education Act 2009 and the Private Education Regulation 2009) including but not limited to JCU Australia, JCU Student Association; JCU Alumni Association, JCU’s educational representatives and business partners; Australian Commonwealth and State agencies; other academic institutions to verify their previous qualifications; and the Fee Protection and Medical Insurance providers.

JCU is also subject to the General Data Protection Regulation (GDPR), which applies when the University is processing the data of individuals resident in the European Union (EU) or the European Economic Area (EEA). Data subjects may also have a right to:

1.4.1 rectify any Personal Information that is inaccurate;

1.4.2 restrict or limit the ways in which Personal Information is used;

1.4.3 object to the way Personal Information is processed e.g. automatic processing;

1.4.4 request that their Personal Information be deleted (erasure); and

1.4.5 obtain a copy of their Personal Information in an easily accessible format.

Residents of the EU or EEA seeking to request any of the above may do so in accordance with the General Data Protection Regulation (GDPR) Procedure.

Automatic processing of data, cookies, and similar technologies

Singapore web site of JCU is administered by Singapore Campus of James Cook University. The following provides an overview of how privacy is protected during website visit.

JCU may automatically process information including personal information and conduct automated decision-making and profiling (that is, automated processing of personal data to evaluate certain things about an individual).

JCU may collect personal and other information using cookies. Cookies allow a website to store information on a machine or mobile device and retrieve it later. Some cookies are managed by JCU (first-party cookies), while others are managed by third parties the University does not control (third-party cookies), such as Google. You may choose not to accept cookies in connection with your use of the University websites and online services by deleting, blocking or disabling cookies via your browser settings

Personal information may also be collected or identified by other data collection or tracking technologies, such as web beacons, which embed graphic files into our websites and online services which can be used to identify when someone visits our websites or online services, or in the case of web beacons, when an email is read or forwarded.

“If the individual has any questions relating to Singapore Campus of James Cook University’s collection, use and disclosure of the individual’s personal data, the individual may contact the Data Protection Officer at [email protected] or call +65-67093602 or such other person as Singapore Campus of James Cook University may designate, from time to time, whether by informing the individual through any letter, circular, notice or email.”