The National Academy of Professional Studies (NAPS) is committed to providing all stakeholders with the highest levels of professional service. In order to provide that service, we must collect and sometimes share information which you provide. The NAPS Privacy Policy explains how NAPS manages, collects, deals with, protects and allows access to personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (the APPs) as set out within the Act.

NAPS understands the importance placed on the privacy of an individual’s personal information. Accordingly, NAPS will endeavour to make those involved aware of the contents of this Privacy Policy before or as soon as reasonably practicable after collecting any personal information about them. See the NAPS Records Management Policy and Employee Privacy Policy.

▪ In addition to the Privacy Act, NAPS complies with relevant NSW privacy legislation and any additional obligations under:
▪ health records legislation
▪ state and federal surveillance legislation; and
▪ federal legislation that governs email marketing and telemarketing, such as the Spam Act 2003(Cth).

Overview

This Privacy Policy applies to NAPS’ management of the personal information of its students, clients, customers, suppliers and prospective employees. This Privacy Policy does not apply to the acts and practices which relate directly to the employee records of our current and former employees. Employee privacy is dealt with by the NAPS Employee Privacy Policy.

The policy forms part of all NAPS’ agreements, contracts and business practices which involve the collection and/or management of personal information.

NAPS’ Principles and Practices for Privacy Protection

1. The Need for Access to Personal Information

NAPS collects, holds, uses and discloses personal information:
▪ to process applications for study and work; and
▪ when a reasonable person would consider it necessary for NAPS’ business’ functions and activities. Examples include:
   o to send you newsletter and other information relevant to your studies at NAPs
   o share with companies and affiliates to provide support services (eg access to electronic databases) to students Page 3 of 8 Naps P003 Privacy Policy
   o share information with government authorities where we are required to do so
Through this policy and related procedures, NAPS seeks to be open and transparent regarding its collection, use and sharing of personal information.

2. NAPS Commitment to Protect Privacy.

NAPS, through its policies, procedures and practices, will protect the personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. 

3. Requests for Anonymity

If a person would like to access any of NAPS’ services on an anonymous basis or by using a pseudonym, they can choose to request anonymity.
However, NAPS will require that person to be identified if:
▪ NAPS is required by law to deal with individuals who have identified themselves for that specific purpose; or▪ it is impracticable for NAPS to deal with the individual if that person has not identified themselves or if he/she elects to use a pseudonym.

Those requesting to be anonymous or to use a pseudonym need to be aware that this may affect NAPS’ ability to provide that person with the requested goods and/or services. 

4. Details of the Personal Information Stored by NAPS

The nature and extent of personal information that NAPS collects varies depending on the interaction and/or services required and our legal obligations in regard to such information.

Personal information that NAPS’ commonly collects, holds, uses and discloses could include, among other things, a person’s name, position, date of birth, current address, email address, telephone numbers, next of kin, tax file number, education details, Australian Business Number, bank details, business references, financial details, details about the individual’s business, drivers licence number, preferred means of contact, professional and academic credentials, hobbies and interests. 

5. Method of Collection and Storage of Personal Information

Where possible, NAPS will collect personal information directly from the person involved. Such information is collected through various means including interviews, appointments, forms, surveys, applications and questionnaires (whether in hardcopy or electronic format, including information submitted via the website or other electronic means). If a person feels that the information that NAPS is requesting, either on its forms or in its discussions, is not information that the individual wishes to provide, then he/she should feel free to raise this with NAPS.

In some situations, NAPS may also obtain personal information about someone from a third-party source. When personal information is collected in this way, NAPS will take reasonable steps to contact the person and ensure that he/she is aware of the purposes for which the information is being collected and the organisations to which that information may be disclosed, subject to any exceptions under the Privacy Act.

6. Handling of Unsolicited Personal Information

If NAPS receives unsolicited personal information about people that it cannot have collected in accordance with this Privacy Policy and the Privacy Act, it will within a reasonable period, destroy or de-identify such information received. 

7. Data Collection from Website

NAPS’ internet service provider will record details of visits to the NAPS’ site and in most cases, the following information will be collected for research and feedback purposes:
▪ the visitor’s server address, domain name and browser type;
▪ the date and time of the visit to the site;
▪ the pages accessed and the documents downloaded;
▪ the user’s operating system; and
▪ the links followed from other sites to get to the current site.

The information listed above will only be used by NAPS internally for statistical and research purposes and as feedback to improve the quality of services provided through our website.

8. Use and Disclosure of Personal Information

NAPS will only use and disclose personal information:
▪ if it gets the consent of the parties involved;
▪ for purposes which are related to the purposes for which the information was collected; and
▪ in accordance with this Privacy Policy and the Privacy Act.

For the purposes referred to in this Privacy Policy, NAPS may disclose personal information to other parties including:
▪ the person’s referees;
▪ former employers;
▪ education providers;
▪ credit agencies;
▪ NAPS’ professional advisors, including accountants, auditors and lawyers;
▪ NAPS’ Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth));
▪ NAPS’ employees, contractors and suppliers;
▪ professional membership agencies;
▪ disclosure to government agencies with responsibility for administering and regulating education providers in Australia, such as the Tertiary Education Quality Standards Agency (TEQSA), the Australian Skills Quality Authority (ASQA) and the Tuition Protection Service (TPS); and
▪ disclosure to government agencies with responsibility for administering immigration and student visa arrangements (including disclosure of suspected breaches of student visa conditions).

9. Direct Marketing Limitations

NAPS will only use or disclose an individual’s personal information for the purposes of direct marketing if these factors apply:
▪ the information was collected from that person; ▪ it was reasonable to assume it was for direct marketing purposes;
▪ NAPS has provided a simple means to ‘opt-out’ of its direct marketing communications; and
▪ the person has not elected to ‘opt-out’.

10. Criteria for Sending Information Overseas

It is likely that NAPS will disclose personal information to overseas recipients. It is not practical for NAPS to specify to which countries. However, if NAPS does disclose an individual’s personal information to an overseas recipient, NAPS will take reasonable steps to ensure that such recipients do not breach the Privacy Act and the APPs unless:
▪ NAPS believes that the overseas recipient is subject to a law that has the same effect of protecting personal information in a way that, overall, is at least substantially similar to the way in which the Privacy Act and the APPs protect personal information and there are mechanisms available for the person involved to take action to enforce that protection of law; or
▪ NAPS obtains the individual’s express consent to the disclosure of personal information to overseas recipients. 

11. Access and Correction of Personal Information

Unless otherwise protected by confidentiality or law, a NAPS staff member or student has the right to access his/her own personal information and make corrections. NAPS reserves the right to levy a reasonable administrative fee to recover costs in cases where such a request involves a significant expenditure of time and costs for production of documents. If students or staff wish to review and request changes to their personal information that NAPS collects through if one has questions about NAPS privacy practices, please contact the President’s office directly.

However, NAPS is not obliged to allow a person access to his/her personal information if:
▪ NAPS reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
▪ giving access would have an unreasonable impact on the privacy of other individuals; Page 6 of 8 Naps P003 Privacy Policy
▪ the request for access is frivolous or vexatious;
▪ the information relates to existing or anticipated legal proceedings between the individual and NAPS and would not ordinarily be accessible by the discovery process in such proceedings;
▪ giving access would reveal NAPS’ intentions in relation to negotiations with an individual in a way that would prejudice those negotiations;
▪ giving access would be unlawful;
▪ denying access is required or authorised by or under an Australian law or a court/tribunal order;
▪ NAPS has reason to suspect that unlawful activity or misconduct of a serious nature relating to NAPS’ functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
▪ giving access would be likely to prejudice one or more enforcement-related activities conducted by, or on behalf of, an enforcement body; or
▪ giving access would reveal internal evaluative information in connection with a commercially sensitive decision-making process.

If a person makes a request for access to or correction of personal information, NAPS will:
▪ respond to the request within a reasonable period, and
▪ if reasonable and practicable, give access to or correct the information in the manner requested.

If NAPS refuses to give access to the personal information because of an exception or in the manner requested, it will give the individual a written notice that sets out at a minimum:
▪ the reasons for the refusal (to the extent it is reasonable to do so), and
▪ the mechanisms available to complain about the refusal. If NAPS refuses a request to correct personal information, it will:
▪ give a written notice setting out the reasons for the refusal and how to make a complaint, and
▪ take reasonable steps to associate a statement with personal information it refuses to correct.

NAPS reserves the right to charge an individual a reasonable expenses for providing access or making a correction to personal information, for example, a fee for photocopying any information requested by the person. If required, such charges must:
▪ not be excessive, and
▪ not apply to the making of the request for access or correction to personal information.

Nothing in this Privacy Policy replaces other informal or legal procedures by which an individual can be provided with access to or to correct personal information. 

12. Maintaining Integrity of Personal Information

NAPS will take reasonable steps to:
▪ ensure that the personal information that is collected is accurate, up-to-date and complete;
▪ ensure that the personal information that is held, used or disclosed, with regard to the relevant purpose, is accurate, up-to-date, complete and relevant; and
▪ will secure all personal information. This includes taking reasonable steps to prevent its misuse, interference and loss; and unauthorised access, modification or disclosure.

When the information is no longer needed for the primary purpose for which it was collected, NAPS will take reasonable steps to destroy or de-identify the personal information unless it is required by law to retain it.

13. Codes of Conduct

An important component policy of privacy protection is also grounded in codes of conduct and the responsibility of every individual in NAPS community to act reasonably and responsibly in protecting their accounts and personal information. Students, staff and other members of the NAPS community who have access to NAPS’ information system and services have a responsibility to keep their account and information secure. They should conduct themselves reasonably, including keeping access to their accounts and information secure from unauthorised access. For example, they should not share passwords with friends and others who are not authorised to access the account. 

14. Complaints Procedure

Individuals may make a complaint if they believe NAPS has mishandled their personal information. NAPS is committed to a quick resolution of all complaints. Concerned individuals may also make a complaint directly to the Office of the Australian Information Commissioner (OAIC) by mail, email or online at the OAIC website http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

NAPS staff must report the following to the NAPS’ President:
▪ concerns that the personal information contained in a record of a client may have been mishandled;
▪ any complaints/allegations about a breach of privacy; and
▪ all privacy-related matters referred from the Privacy Commissioner within the Office of the Australian Information Commissioner.

Each breach will need to be dealt with on a case-by-case basis as the types of information involved and level of harm will vary. All complaints and alleged breaches will be investigated by an independent privacy officer designated by the President and the complainant will be advised of the outcome.

Further Questions
For more information on privacy or any questions in relation to NAPS Privacy Policy, contact the Office of NAPS’ President and CEO.

Policy Review
NAPS may make changes to this policy and procedures from time to time to improve the effectiveness of its operation, comply with changes in the law, etc. In this regard, any staff member who wishes to make any comments about this Policy may forward their suggestions to their supervisor or to NAPS’ Registrar.
 
Further Assistance
Any staff member who requires assistance in understanding this policy should first consult their nominated supervisor who is responsible for the implementation and operation of these arrangements in their work area. Should further advice be required staff should contact the NAPS’ Registrar.