GNLA Privacy Policy The Global Nursing Leadership Academy (GNLA) is committed to providing quality educational resources to nursing community globally. As such, GNLA is required to comply with Federal law regarding Privacy and confidentiality of employees, clients and contractors. The purpose of this policy is to outline how GNLA complies with the Privacy of information collected from students and staff. GNLA is bound by the Australian Privacy Principles (APPs) that have replaced the previous National Privacy Principles in the Privacy Act 1988 (Commonwealth) and the Higher Education Support Act 2003 (NPPs) for organisations from 12 March 2014 as well as other applicable laws and codes affecting the personal information that it collects from staff and students. GNLA is committed to respecting the right to privacy and protecting the personal information of its staff and clients. This Privacy Policy covers GNLA’s treatment of personally identifiable information that GNLA collects through any means as part of the provision of its services. This Privacy and Security Statement does not apply to the practices of companies that GNLA does not own or control or to people that GNLA does not employ or manage. GNLA Privacy Policy is technology neutral, applying equally to paper based and digital environments. This is intended to preserve the relevance and applicability, in a context of continually changing and emerging technology. Definitions Personal Information: Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Student/s: refers to all persons enrolled in a unit of study. Client: refers to student and also means a learner, enterprise or organisation that uses or purchases the services provided by the Global Nursing Leadership. Staff: All the present and past employees of the Global Nursing Leadership Academy (GNLA) group of companies including but not limited to GNLA contract academics. Privacy Statements Collection of Personal Information: Personal information will not be collected unless: o the information is collected for a purpose directly related to students; and o the collection of the information is necessary for or directly related to that purpose. o the purpose for which the information is being collected; o if the collection of the information is authorised or required by law and o with whom the information may be shared (such as the Australian Government). o the information collected is relevant to that purpose and is up to date and complete; and o the collection of the information does not infringe upon the personal affairs of the student in an unreasonable manner. Personal information will not be collected by unlawful or unethical means. Where personal information is collected for inclusion in a record or in a generally available publication, the Global Nursing Leadership Academy will take all reasonable and practicable steps to ensure that, the student concerned is made aware of: o the purpose for which the information is being collected; o if the collection of the information is authorised or required by law and o with whom the information may be shared (such as the Australian Government). Where the Global Nursing Leadership Academy solicits and collects personal information for inclusion in a record or in a generally available publication it will take reasonable steps to ensure that: o the information collected is relevant to that purpose and is up to date and complete; and o the collection of the information does not infringe upon the personal affairs of the student in an unreasonable manner GNLA will ensure that: It maintains and provides a current Privacy Policy; o Information gathered for the express purpose of education matters will not be disclosed to a third party unless prior written consent is provided by the individual concerned, or in the case that it is required by law; o There is provision for the secure storage of all records; o All information maintained on records is held in strict confidentiality. Anonymity and Pseudonymity GNLA respects and acknowledges the choice of anonymity and pseudonymity by individuals dealing with GNLA. GNLA provides opportunities for individuals to interact anonymously or by pseudonym with GNLA where appropriate. For example, of anonymous dealings may include an unidentified individual telephoning an GNLA to make a general enquire about its courses or services. Pseudonymity requires that an individual may contact an GNLA and use a name, term or descriptor that is different from the person’s actual name. Examples may include an email address that does not contain the person’s actual name, and/or a user name that a person uses when participating in an online forum. Personal information should only be linked to a pseudonym if this is required or authorised by law. Situations where it is impractical to implement Anonymity and/or Pseudonymity While GNLA acknowledges Anonymity and Pseudonymity as a privacy principle, there are instances where identification is necessary to proceed with a matter. The following are examples where it may be impracticable to deal with an individual who has not disclosed their actual identity: o Dispute resolution: it would be impracticable to investigate and resolve an individual’s particular complaint about how their case was managed or follow up on a staff member’s behaviour unless the complainant provided their name, contact detail and other relevant information. o Personal information requests: in responding to an individual’s request for personal information, the GNLA would require evidence of the person’s identity before proceeding with the enquiry; and o Eligibility for government subsidies or support: in responding to an individual’s course enquiry and potential government subsidy, the GNLA may not be able to provide definitive information without knowing the potential applicant’s identity, education history and/or personal circumstances. Underpinning Principles Personal Information is defined in the Privacy Act 1988 as “information or an opinion about an identified individual, or an individual who is reasonably identifiable: o whether the information or opinion is true or not; and o whether the information or opinion is recorded in a material form or not”. Sensitive Personal Information is defined in the Privacy Act 1988 as “information or an opinion about an individual’s” that is also personal information, such as: o racial or ethnic origin; o political opinions; o membership of a political association; o religious beliefs or affiliations; o philosophical beliefs; o membership of a professional or trade association; o membership of a trade union; o sexual orientation or practices; or o criminal record. Information about students: GNLA collects personally identifiable information that students provide when they register or enrol for any educational courses or programs, when they use certain GNLA online services or products, or when they enter promotions. The Institute’s preferred source of personal information is the individual concerned. However, GNLA may also receive information from other sources such as other members of the Global Nursing Leadership Academy Group. Under the Freedom of Information Act, Vic 1982, the Global Nursing Leadership Academy will permit a Student to apply for and receive a copy of their VET personal information that the provider holds on the student’s record. Information about Staff: GNLA collects personal information from its staff which may be used for Selection, Appointment, Promotion, General Administration or Provision of Services to staff. The Institute’s preferred source of personal information is the individual concerned. However, GNLA may also receive information from other sources such as o previous employers and referees nominated by prospective and current staff members; o academic assessors; o promotion and performance review assessments. GNLA takes all reasonable steps to ensure that information collected: o is necessary for the Institute’s purposes; o is relevant to the purpose of collection; and o is collected in a fair way, without unreasonable intrusion. Release of information on staff employed by the Institute: Personal and confidential information about individual staff members will not be released, without the staff members consent or request, to persons within or outside the Institute, except in circumstances required by law (e.g. income tax certificate). Information about staff members employed by the Institute is considered confidential although some staff members may be identified publicly in publications such as hand books. The Institute is also required to comply with external authorities and submit general statistics about itself. These statistics do not specific identify individuals. In certain circumstances relating to the employment of staff members, the Institute releases information to other organisations. For example, if a staff member of the Global Nursing Leadership Academy resigns from their position to work for another organisation, it may be necessary to release information to the other organization, such as details of tha staff member’s study and long service leave credits and superannuation agreement. In such matters, the Institute will act as if it has the member’s consent unless informed to the contrary. At the written request of a staff member, the Institute may release personal information to another organisation stating, for example, that the person is a staff member of the Institute, the position they occupy and the remuneration they receive. Release of information about students of the Institute: The Institute does not release personal information about any student without the student’s written consent. Information on a student’s individual file is only accessible to Institute staff whose official responsibilities involve them in student and student related matters. Releasing confidential information (including units attempted, units passed, grades, address, and phone number) to anyone other than the student or authorised Institute personnel, or as part of legal reporting requirements to relevant and authorised authorities is strictly prohibited. If a student wishes to have information released concerning their enrolment at GNLA, they must: o Write and submit a signed and dated letter of request. The letter will be retained in the student’s file. o Each request will require a separate written authorization. o The Institute has the right to withhold a request if there is any financial debt to the Institute or any disciplinary action pending in relation to that student. The Institute may receive telephone messages for a student (and thereby acknowledge the students enrolment) but no personal details are disclosed to any caller. Cookies In some circumstances, GNLA uses cookies to enhance the functionality of its website and offer improved services. A cookie is a packet of information that allows the server to identify and interact more effectively with computers using the website. GNLA do not store any personal details using cookies. Users can configure their browser to accept all cookies, reject all cookies, or notify them when a cookie is sent by referring to their browser instructions. If users reject all cookies, they may be unable to use GNLA web sites. Sharing Information with Third Parties Unless instructed otherwise, personal information may be shared with related companies within Institute of Health and Nursing (IHNA) where it will remain confidential. GNLA does not collect or compile personally identifiable information for the dissemination or sale to outside parties for consumer marketing. It will only disclose information when: o Required by the regulators. o Required by the law. o The individual has consented to disclosing the information. o It is needed to share in order to provide the product or service that was requested. o In certain circumstances GNLA may rely on outside contractors to carry out specialised activities on their behalf such as the mail out of GNLA Information, or the dispatch of high volume Internet messages, (e-mail) or short messaging service (SMS). These outside contractors act on behalf of GNLA and do not operate their own personal agendas while processing personal information. At times personal information may be provided to these outside contractors to undertake the contracted task. All information remains the property of GNLA at all times and the outside contractors are bound by specific confidentiality and non-disclosure agreements. Where personal information is disclosed for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the purpose of the protection of the public revenue, the record-keeper shall include in the record containing that information a note of the disclosure. This will be noted on staff/student file. A person, body or agency to whom personal information is disclosed will not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency. Storage and Security of Data GNLA takes the protection of customers, their information and their profile most seriously. GNLA adheres to strict industry procedures and professional standards of conduct for the operation of enrolments and online education systems. It utilises high-level security practices and employs multiple layers of security mechanisms to ensure that all data is protected and secure. Global Nursing Leadership Academy will ensure that: o all records are protected, by robust security safeguards that are reasonable in the circumstances to ensure against loss, unauthorised access, use, modification or disclosure, and against other misuse; and o if it is necessary for a record to be given to a person in connection with the provision of a service to a VET Provider, the Provider will take every reasonable precautions within its power to safeguard and prevent unauthorised use or disclosure of information contained in the record. Collection of Personal Information for online payment While registering or paying for a course through GNLA’s website (, GNLA will need to collect the credit card details (if paying by credit card) along with other personal information. This allows GNLA to process and complete the enrolment. GNLA utilises the “Stripe” facility for the receipt and processing of all electronic card payments. GNLA does not store any information about an individual’s credit card. Access and Correction of Data Access of data available with GNLA GNLA acknowledges that as per the new APP 12, it is required to provide access to all of an individual’s personal information it holds, even if that information is also the personal information of another individual, unless there are mitigating circumstances precluding access or legal grounds to refuse access. GNLA shall consider whether the individual has a right of access to the information under other legislation. If not, GNLA may make a discretionary decision to either grant or deny access to the information. Verifying an individual's identity GNLA must be satisfied that a request for personal information under APP 12 is made by the individual concerned, or by another person who is authorised to make a request on their behalf, for example, a legal guardian or authorised agent. It would be impracticable for GNLA to deal with an anonymous request for personal information. The steps appropriate to verify an individual’s identity will depend on the circumstances. In particular, whether the individual is already known to or readily identifiable by the GNLA. The minimum amount of personal information needed to establish an individual’s identity will be sought. Where possible, the information may be sighted rather than copied or collected for inclusion in a record. For example, in a face-to-face dealing with an individual GNLA may reserve the right to record that an identity document was sighted without copying the document. GNLA shall consider an application to access information not exceeding 30 calendar days after the request has been raised by an individual or other party and after the necessary verifying process is completed. GNLA also provides that, without limiting APP 12.5, ‘access may be given through the use of a mutually agreed intermediary.' where direct access would otherwise be refused. For example, an intermediary may need to be a qualified health service provider if used to give access to health information Correction of Data available with GNLA In line with the APP 13.1, GNLA will take reasonable steps to correct personal information it holds, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard for the purpose for which it is held. The requirement to take reasonable steps applies in two circumstances: o Where GNLA is satisfied, independently of any request, that personal information it holds is faulty; or o Where an individual requests GNLA to correct their personal information. GNLA will follow minimum procedural requirements in relation to correcting personal information, by:-. o Providing a written notice to an individual when a correction request is refused, including the reasons for the refusal and the complaint mechanisms available to the individual; o Responding in a timely manner to an individual’s request to correct personal information or to associate a statement with the information; and o Not charging an individual for making a request to correct personal information or associate a statement, or for making a correction or associating a statement. Resolving Concerns on Privacy Issues If an individual wish to raise or discuss any issues about the Privacy Policy, they can: o Speak directly to a staff member who will do their best to resolve the issue. o Call the Feedback Line on 1800 22 52 83 during normal business hours. o Email the issue to o If an investigation is required GNLA will keep the individual advised of the progress. If staff is unable to resolve the matter, it will be escalated as appropriate to facilitate a solution. For Complaints and Appeals: o A complaint should initially be made to GNLA using any of the above avenues o Follow GNLA’s Complaints and Appeals Policy located at GNLA website. o Allow reasonable time (usually 30 days) for GNLA to respond.