CISaustralia’s role as a facilitator of educational, study, virtual, volunteer and internship programs requires the collection, storage and use of personal information relating to students, staff and other clients. CISaustralia recognises best practice and its obligation with regards to the collection, storage and use of this information.
The overall responsibility for privacy of information for CISaustralia resides with the Founder and Executive Director and with the day to day management delegated to the Program Managers. The Program Managers are the first point of contact for privacy matters including general information, requests to access and/or amend personal information and for resolution of complaints.
There are two important clarifications as you begin to read. First, this document will varyingly refer to ‘the company’ which is a reference to CISaustralia, the company with whom you are interacting.
The Information We Collect
We collect two types of information: personal information that you provide to us and non-personal information automatically collected through automated means.
Wherever possible, personal information is collected directly from you, although there may be occasions when information is collected about you from third parties, such as host or partner universities, with the prior approval of the individual or a publically maintained record. If you are registered with us, you can access content and services that we offer (only to registered users). Registered users also have the option of changing or deleting the data specified during registration at any time. We are also able to provide you with information about the personal data we hold about you at any time.
If you do not want to provide us with your Personal Information, you are not required to do so; however, while you may still access the website, certain services may not be available to you. By providing your Personal Information to us via the website, you consent to receive information and updates from us, our representatives or our authorised third party service providers (except where prohibited by law).
Personal information that we might collect includes:
- Your contact details to communicate with you, such as your email address, mailing address and phone number.
- Your academic information, such as your transcript and educational background to forward to our affiliated institutions and/or partners so that you may further your educational program of interest.
- Your health and medical information, to ensure your specific needs are addressed (e.g. allergies, prescriptions, disabilities, etc).
- Your national identification information, passport and related data to fulfill international immigration regulations, register you with the proper local institutions and authorities, and organise logistics essential to your program.
When you access our website, information of a general nature is automatically recorded. We use web analytics tools that rely on cookies, web beacons and other automated tracking technologies to help us analyse how users interact with our website, how we can improve our website, how we can personalise your website experience and provide you with information we believe may be of interest to you. This information does not individually identify you as a person. Anonymous information of this kind is statistically evaluated by us to optimise our internet presence and the underlying technology.
Non-personal information that we might collect automatically includes:
- The type of web browser you are using.
- The operating system you are using.
- The name of your internet service provider.
- Your anonymous IP address in our access and error logs.
Our website uses common third party tracking technologies like Google Analytics and Google Conversion Tracking. In both cases these technologies rely on the use of ‘cookies’ and ‘web beacons’. A cookie is a small amount of data which is sent to your browser from a website’s computer and stored on your computer’s hard drive.
Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. However, if a browser is set not to accept cookies or if a user rejects a cookie, some portions of the website and services may not function properly.
A web beacon is an electronic image, also called a ‘gif’, that may be used on our web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon.
To better understand how Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site, see Google Analytics Privacy and Data Sharing. You can obtain more information about cookies by visiting the All About Cookies website.
How We Collect Your Information
As stated above (The Information We Collect), we collect your information for:
- Operations: To operate, maintain, enhance and provide all features of our programming to provide the services and information that you request.
- Improvements: We use the information, not including customer data, to understand and analyse the usage trends and preferences of our visitors and users, to improve our products, services, website, and to develop new products, services, features and functionality.
- Communications: For administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations, or defamation issues related to the customer data or personal data posted on the service or to provide updates on promotions and events, relating to products and services offered by us and by third parties we work with.
None of the information we gather is sold, rented, traded, modified or shared with any third parties who are not directly involved in the delivery of your program. This information is used only internally by company administrators and/or administrators of any company partners, for example in program locations where you are interested to visit.
Please check the privacy statements of these other websites for more information about their policies on collection and use of personal information. We seek to protect the integrity of our site and welcome any feedback about these sites.
Sharing, Disclosure and Accountability for Onward Transfer
We at the company abide by the requirements laid out by Privacy Shield and General Data Protection Regulation (GDPR), which outlines the situations in which an organisation may disclose personal information to a third party. Only as needed, and within specified limited purposes consistent with the consent provided, we may share your personal information with:
- Our internal staff
- Technical consultants
- Host or home universities and institutions
- Host partners
as well as other third parties such as:
- Transit or travel authorities
- Homestay partners
- Medical professionals
- Legal authorities
- Transport providers
Personal information may be disclosed where an individual has consented to the disclosure, or when the disclosure is done in the best interest of the individual such as in the case of a medical emergency, a serious and imminent threat to a person’s life, health or safety, a requirement under law or authorised by law, or a requirement for an enforcement body.
The company establishes contracts with all third party organisations affirming that they will abide by the same regulations and principles as the company. Furthermore, the third party organisations will only process the provided information for the limited and specified purposes consistent with the consent provided by you.
This means that they will take all reasonable efforts to protect your data, but also not use, share or alter the provided personal information in any way that was not previously and explicitly consented to by you. The company will not share your personal data with any third party or organisation that you do not agree to.
At no time will CISaustralia disclose or externally publish personal information to third parties who are not related to CISaustralia or are a partner university or program provider. Further, CISaustralia will not sell or receive payment for licensing or disclosing personal information.
CISaustralia will only publish personal information on its website, where the individual has consented that the personal information be collected and disclosed for this particular purpose. The individual should be aware that information published on websites is accessible to millions of users from all over the world, that it may be indexed by search engines and that it may be copied and used by any web user. Once personal information is published on the CISaustralia website, it will not be possible to control subsequent use and disclosure.
You may request to CISaustralia, through your Program Advisor (or similar), that your information not be shared to a particular outside organisation.
The company is committed to cooperate with European Data Protection Authorities and will disclose information as required in response to any lawful requests made by public authorities, including to meet national security or law enforcement requirements.
Keeping Your Information Secure
In alignment with GDPR Article 32 and section 4 of the Privacy Shield framework, the company takes all reasonable and appropriate measures to protect your data from unauthorised access, disclosure, loss, use, modification or other misuse.
The company also consistently destroys hard copies of personal information that is no longer required. This destruction is undertaken by secured means. When in digital form, your personal information is contained within secured networks (i.e. HTTPS, AES Encryption, Salesforce, etc.) and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
GDPR Information Rights and Practices
As of 25 May 2018, all European Union residents and citizens are granted personal privacy as a fundamental human right. This also applies to our participants while they are residing in Europe during our various programs. As such, under these regulations, the company will not hold onto participant data for longer than is legally necessary and usually for a period of 7+ years, inline with Australian taxation regulations.
You also have the right to rectify any mistakes or incomplete information that may have been provided in order to ensure accurate and complete records. You may also object to the processing of data relating to themselves except in the cases of a specific legal obligation. The company agrees to not collect more personal data than necessary for its legitimate business interest of providing safe and rewarding international programs. All customers have the right to revoke consent to the onward transfer of their personal information or to be forgotten, so long as there is no conflicting legitimate business or individual interest.
In addition, customers may request to have a copy of their personal data sent to them. However, we are not responsible for removing your personal information from the lists or systems of any third party who has previously been provided your information in accordance with this policy. Once data is no longer relevant to our legitimate business purposes, it is pseudonymised or anonymised based on the kind and calibre of information. The information that we keep exists strictly for analytical purposes to better serve the interests of future customers.
Your Access to Your Data
CISaustralia recognises your rights to access your personal data, and will take all reasonable steps to ensure that personal information is accurate. To aid this, you may request to see and make amendments in your record. Requests for access to personal information must be made in writing to the Program Managers at firstname.lastname@example.org. CISaustralia reserves the right to recover reasonable costs associated with providing information requested.
You have the right to request that your personal details be removed from our records (a.k.a., “opt out”), provided there is no legal requirement or legitimate business interest relating to the purpose for which they were collected or processed.
Such requests need to be made in writing to CISaustralia via your Program Advisor (or similar), who then will investigate the validity of the request and proceed to take all reasonable steps, including technical measures, to inform controllers that are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Requests for removal will not be honoured in the cases of the following:
- The removal impinges on the ‘right of freedom and expression’.
- There is a corresponding legal obligation which requires processing or holding of financial or medical records.
- Reasons of public interest in the area of public health.
- For archiving purposes in the public interest, scientific, historical research or statistical purposes.
- For the establishment, exercise or defense of legal claims.
You may opt out of receiving promotional emails or text messages from us at any time by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as messages about your account or our ongoing business relations, as well as emergency communications regarding our programs.
Data Protection Questions and Concerns
For any questions regarding the company’s compliance of personal information privacy requirements, or to request removal of personal data, please contact CISaustralia via your Program Advisor (or similar) or email email@example.com.
CISaustralia commits to resolve complaints about our collection or use of your personal information as a priority.
If you believe that we have violated our privacy obligations, you may contact the Office of the Australian Information Commissioner. You may find instructions to do this through the Australian Government OAIC website.
CISaustralia is committed to cooperate with EU data protection authorities (DPAs) and will comply with the appropriate advice given by such authorities in regard to human resources and non-human resources data transferred from the EU.