Overview

This Policy provides guidelines to ensure data relating to an identifiable individual is held securely and properly managed at Singapore Campus of James Cook University (“JCU” or “JCU Singapore Campus”) in accordance with the Personal Data Protection Act 2012 (“PDPA”) and other data protection laws.

By interacting with or transacting with JCU, accessing JCU’s website and/or submitting information to JCU through forms or other data collection means or processes, you signify that you have read, understood and agreed to JCU’s collection, use and disclosure of your Personal data as described in this Policy.

Please note that JCU’s website may contain links to external websites. These third-party websites are not subject to this Policy and you are encouraged to check the privacy and security policies of each website that you visit. JCU is only responsible for the privacy and security of the data that it collects and has no control over the actions of any third parties in relation to your data.

Scope

JCU collects the following Personal Data from you, your authorised representatives or other publicly available resources to support its functions such as, but not limited to, teaching, learning, research and general administration:

(a) Personal information such as your full name, gender, birth date, marital status, race and religion.
(b) Identification information such as a copy of your passport or any government-issued ID.
(c) Contact information such as your residential address, contact number and email address.
(d) Medical information
(e) Financial information such as bank account details.
(g) Academic and employment records.

This Policy applies to all JCU Singapore Campus staff, students, collaborators and any other third party who collects or manages personal information on behalf of JCU Singapore Campus.

“In the context of prospective students applying for study at JCU, such Personal data will be collected, used, disclosed and/or processed by JCU- for the purpose(s) of:

(a) Processing, administering and/or managing the individual’s application(s) for admission and enrolment, and acceptance to courses in JCU;
(b) Providing student support and administrative services to the individual;
(c) Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by JCU;
(d) Responding to any enquiries by the individual;
(e) Processing the individual’s application(s) for scholarships and/or financial aid as part of the admission process;
(f) Investigating matters involving fraud, misconduct, any unlawful action or omission relating to the individual’s application for admission;
(g) Responding to requests for information from external organisations such as professional bodies, hospitals and schools relating to the practical or clinical component of courses in JCU from time to time;
(h) Generating financial, regulatory, management or survey reports and statistics for JCU’s business and administrative purposes;
(i) Managing and facilitating communications relating to academic progression and milestones, graduation requirements and ceremonies, and alumni relations/engagement; and
(j) If consented to by the individual in the registration form and/or other methods of consent notification, sending the individual marketing and promotional information relating to courses in JCU and general student-related activities within JCU, as well as seminars and/or events by post, phone, electronic mail, text and other electronic means.”

Definitions

Personal data - The Personal Data Protection Act 2012, defines personal data as, "data, whether true or not, about an individual who can be identified -

(a) from that data; or
(b) from that data and other information to which the organisation has or is likely to have access."

Policy

JCU will not use or disclose Personal data for any purpose other than as advised at the time of collection, unless:

• JCU has obtained signed written consent, or
• The information is required by law or court order, or
• A request for information is made by the Ministry of Education or the Council for Private Education, or any statutory authority, or
• Publication or release of information as is customary by universities or other educational institutions, including, but not limited to, awards of prizes, medals, scholarships, classes of honours and other marks of distinction and, student or graduation status, or
• In exceptional circumstances, when withholding information would likely result in a serious threat to the health, safety or life of the student, staff, another individual, individuals or the general public.

JCU will retain the Personal data until the purpose for the collection is being served by retention or the retention is necessary for legal or business purposes. This means that data and records (including Personal data) from JCU’s systems are destroyed and/or anonymised when no longer required.

JCU shall obtain the individual's clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages if the individual is registered in the Do Not Call Registers.

JCU shall designate one or more individuals to implement Personal data protection policies. The business contact information of the data protection officer(s) shall be made available to the public.

Where necessary, JCU may disclose Personal data of its students to external organizations such as professional bodies, hospitals and schools in order to enable those students to undertake an internship, professional attachment, practical experience or a clinical component of their course. JCU may provide information of its students to third parties for administrative and legislative purposes (under the Private Education Act 2009 and the Private Education Regulation 2009) including but not limited to JCU Australia, JCU Student Association; JCU Alumni Association, JCU’s educational representatives and business partners/service providers; Australian Commonwealth and State agencies; other academic institutions to verify their previous qualifications; and the Fee Protection and Medical Insurance providers.

Disclosure of Personal Data for Student Surveys. In accordance with the PDPA, JCU may disclose limited Personal data of students to trusted third-party agencies for the purpose of conducting surveys. These surveys help JCU assess and improve the quality of the educational programmes, student services, and university performance. In this regard, JCU will:

(a) Ensure that third-party agencies are contractually bound to protect the confidentiality and security of your Personal data;
(b) The agencies are permitted to use your data only for the stated purpose of administering surveys on JCU’s behalf;
(c) Personal data will not be used for any other purpose, nor will it be disclosed to unauthorised parties;
(d) Where feasible, responses to surveys will be anonymised.

Your participation in such surveys is voluntary, and you may opt out at any time by contacting our Data Protection Officer.

Residents in the European Economic Area

JCU is also subject to the General Data Protection Regulation (GDPR), which applies when the University is processing the data of individuals resident in the European Union (EU) or the European Economic Area (EEA). “Personal data”, in the context of the GDPR, is defined as any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data subjects also have a right to:

(a) rectify any Personal data that is inaccurate;

(b) restrict or limit the ways in which Personal data is used;

(c) object to the way Personal data is processed e.g. automatic processing;

(d) request that their Personal data be deleted (erasure); and

(e) obtain a copy of their Personal data in an easily accessible format.

Residents of the EU or EEA seeking to request any of the above may do so in accordance with the General Data Protection Regulation (GDPR) Procedure.

Please note that any person to whom JCU may disclose your Personal data under this policy may be situated in a country other than your own. Whenever JCU transfers Personal data across borders, JCU takes legally required steps to ensure that adequate safeguards are in place to protect your Personal data and to make sure it is treated in accordance with this policy.

Automatic processing of data, cookies, and similar technologies

The Singapore website of JCU is administered by the Singapore Campus of James Cook University. The following provides an overview of how privacy is protected during a website visit.

JCU may automatically process information including Personal data and conduct automated decision-making and profiling (that is, automated processing of Personal data to evaluate certain things about an individual).

JCU may collect Personal data and other information using cookies. Cookies allow a website to store information on a machine or mobile device and retrieve it later. Some cookies are managed by JCU (first-party cookies), while others are managed by third parties the University does not control (third-party cookies), such as Google. You may choose not to accept cookies in connection with your use of the University websites and online services by deleting, blocking or disabling cookies via your browser settings

Personal data may also be collected or identified by other data collection or tracking technologies, such as web beacons, which embed graphic files into our websites and online services which can be used to identify when someone visits our websites or online services, or in the case of web beacons, when an email is read or forwarded.

Contact JCU

“If you:
(a)   have any questions relating to JCU’s collection, use and disclosure of your Personal data; or
(b)   wish to access, correct, update, delete, limit or object to the processing of or otherwise change or remove any Personal data that you have provided for JCU’s use; or
(c) request to receive a copy of any Personal data that you have provided to JCU for JCU’s use, and to transmit such Personal data to another organisation of your choosing