Skip to document content
Policy

Privacy Policy

5 min read 192 views
Version
3.0
Last Version Update
July 11, 2025
Review Cycle
Triennial
Next Review Due
April 2029

Principle Alignment

  • Bushidō (Way of Integrity): Diligent, lawful, and honest management of all personal information.
  • Mottainai (Resource Respect): Valuing all entrusted data; responsible use, access, security, and disposal.
  • Kaizen (Continuous Improvement): Policy, systems, and practice regularly reviewed for compliance and best practice.

1. Purpose

To protect the privacy, confidentiality, and legal rights of all students, staff, contractors, and clients regarding the collection, storage, use, and disclosure of personal information in all College business, study, and clinic activities, in accordance with all applicable privacy laws, regulations, and sectoral standards.

2. Scope

Covers all information collected about applicants, students (past/current/future), staff, contractors, clients (clinic patients), and others engaging with ASC, regardless of source (paper/digital/online) or location.

3. Definitions

TermDefinition
Personal InformationInfo about an identifiable individual (e.g. name, address, contact details, DOB, USI, records).
Sensitive InformationInfo about health, ethnicity, gender, beliefs, or other legally protected attributes.
Health InformationPhysical/mental health, disability, practitioner notes, health service data.
Data BreachAny unauthorised access, disclosure, or loss of personal/sensitive/health information held by ASC.
ContractorsNon-employees providing services/support who may access College data/records.

4. Policy Statement

  • ASC collects, stores, and discloses personal information only as required for education, support, compliance, administration, or legal obligations—with consent, notification, or legal basis at all times.
  • All personal/sensitive/health information is handled in accordance with the Privacy Act 1988 (Cth), Victorian Health Records Act 2001, and RTO sectoral standards.
  • Records are subject to strict confidentiality and are not disclosed to third parties without lawful authority, consent, or regulatory necessity.
  • Direct marketing using personal information is only done with explicit opt-in consent and opt-out available any time.

5. Collection & Use of Information

  • Only information necessary for College business (student enrolment/records, course delivery, assessment, support, clinic, staff employment, legal compliance, security) is collected.
  • Individuals are notified at the point of collection about how their data will be used, who can access it, and their privacy rights.
  • Information collected includes (but is not limited to): name, contact info, date of birth, demographics, USI, results, fees, medical/disability info (where relevant), client health data, and survey/feedback info.

6. Disclosure

  • Some personal information may be disclosed to:
    • NCVER (National VET Data Collection) under the VET Regulator Act
    • Department of Education, relevant state bodies, clinic partners (where required)
    • Third parties (such as trainers or contractors) strictly on a “need-to-know” basis under signed confidentiality agreement
    • Data is never sold; overseas disclosure only if required for College business (with privacy safeguards)
  • Information for research/statistics/audits is de-identified whenever possible

7. Storage, Security & Retention

  • All records are stored in secure physical and digital environments, with role-based access and routine audits to prevent unauthorised access/use/loss
  • Data is protected with strong passwords, 2FA (where required), regular security reviews, encryption, and secure IT protocols
  • Hard and digital copies are only accessed when required, securely destroyed/disposed when retention requirements expire, per the Records Retention and Archiving Policy
  • All data processing activities are based in Australia; no unauthorised overseas data transfers.

8. Web, Social Media, and Analytics

  • Data may be collected through online forms, LMS, and College web platforms.
  • Cookies, web analytics, and browsing information are used for service improvement only—see our separate Website Privacy Policy for further details (applies to all ASC-maintained sites, including the public website, LMS, and clinic booking system).

9. Access, Correction, and Data Rights

  • Individuals may request access to, or correction of, their information by contacting the Privacy Officer (Director – Quality Assurance and Compliance) via info@australianshiatsucollege.edu.au
  • Requests must be processed promptly, identity will be verified
  • Students/clients may ask for correction or deletion unless data is required for legal or compliance reasons
  • Individuals may opt out of use for direct marketing at any time

10. Data Breach Management

  • Suspected or confirmed breaches are immediately investigated, contained, and—where required—reported under the Notifiable Data Breaches scheme.
  • All incidents are documented for audit and improvement.
  • The step-by-step breach response process — including detection, containment, eligibility assessment, OAIC notification, individual notification, and post-incident review — is set out in the Data Breach Response Procedure.

11. Complaints & Feedback

  • Complaints about data handling are to be made in writing to the Privacy Officer (see below).
  • Acknowledged within 14 days and resolved within 30 days where possible.
  • Unresolved issues can be escalated to the Office of the Australian Information Commissioner (OAIC Complaints)

12. Contractors & Third Parties

  • All contractors, trainers, and third-party providers accessing ASC data must sign confidentiality agreements, and receive privacy induction before access.
  • Access is strictly limited to what is necessary for their function.

13. Review

  • Policy is reviewed biennially or following legal, sector, or College process changes
  • Feedback from all stakeholders is valued for each update

14. Linkage Statement

For website visitors, see our Website Privacy Policy for cookies, analytics, and online tracking. For students and clinic clients, privacy notices are provided at enrolment and first appointment—see the ASC Privacy Consent Form or ask Administration for a copy.

15. Contact & Accountability

Privacy Officer (Director – Quality Assurance and Compliance)
PO Box 121, Hurstbridge VIC 3099
info@australianshiatsucollege.edu.au
(03) 9387 1161

Postal Address: PO Box 121, Hurstbridge VIC 3099

+613-9387-1161

info@australianshiatsucollege.edu.au

https://australianshiatsucollege.edu.au

© 2026 Australian Shiatsu College (TOID 3609). All rights reserved

Website Privacy Policy | Terms of Service

Privacy Settings

Having a website issue? Click here to report it