Last updated 09/11/2023
The purpose of this policy is to ensure that all reasonably available measures are in place to protect the privacy of information collected through user interaction with digital learning platforms, content creation and services delivered by AcademyEX PTY Ltd (Australia) & academyEX Education Limited Partnership (New Zealand), collectively referred to as academyEX. It is provided in accordance with respect to academyEX’s obligations under the Australian Privacy Act 1988 and the New Zealand Privacy Act (2020), the New Zealand Education and Training Act (2020).
AcademyEX PTY Ltd (AU)
+614 0155 7588
Suite 2, Level 25/1 Bligh St
Sydney NSW 2000
academyEX Education Limited Partnership (NZ)
+64 09 964 4444
99 Khyber Pass Road, Grafton,
This policy applies to all staff members and processes at academyEX. AcademyEX must ensure that, when using or dealing with personal information relating to leads, learners, alumni, staff members, users, clients, contractors or any other individuals, they comply fully with this policy.
This policy applies to all personal and client information provided, whether in person or via other means, including through academyEX sites including, but not exclusive to the Learning Management System and supporting SaaS platforms. Personal information is any information about the user. Such information may be automatically collected (i.e. information sent to academyEX by user-managed devices used to access academyEX services), voluntarily provided (i.e. knowingly and actively provided by the user) and/or via learning analytics used to support learners and improve customer experience.
This policy applies to information collected from all users of academyEX’s products and services.
3. Policy Statements
This policy covers the following:
Automatically collected information
Voluntarily provided personal information
Information collected as part of the learning journey
Storage, use and disclosure of personal information
Cookies and data security
User access to and correction of personal information
4. Automatically collected information
AcademyEX servers automatically log standard data provided by the user’s device and web browser to visit academyEx.com & academyEX.com.au. This data may include:
the device’s IP address
browser type and version
the pages visited
the time and date of the visit
time spent on each page, and
other details about the visit or device.
Device data can depend on the specific device or software settings. AcademyEX recommends checking the policies of the device manufacturer or software provider to learn what information they make available.
In the event of errors, academyEX automatically collects data about the error and the circumstances surrounding its occurrence. This data may include technical details about the device, what action was attempted when the error happened, and other information relating to the problem. There may or may not be notice given of such errors. Please be aware that while this information may not be personally identifying by itself, it is possible to combine it with other data to personally identify individual persons.
5. Voluntarily provided personal information
AcademyEX collects personal information about users through website registration & enquiry forms, enrolment, academic record keeping, online accounts and personal transactions over the phone or online. AcademyEX may collect the following categories of personal data about the user:
Contact details (including name, title, address, telephone number, email address and employee/company information);
date of birth;
log in details and passwords;
credit card/payment details;
location information either provided by the user, by a mobile device or associated IP address (where permitted by law);
usage, viewing and technical data, including device identifier, server address, IP address, domain name, browser type, and activity/conduct on the Site;
aggregated data (such as tracking of site traffic and cookies);
other information you choose to provide about interests, educational background, occupation and work experience, learning goals, and, if opted in, information for the purposes of personalising our email and services’ and;
other information the user provides to us through any other method (including, without limitation, correspondence and discussions whether on the Site, by phone or via other means);
ethnicity, academic and professional achievements and identification information (e.g from passports, visas, driver's license;
information collected as part of the learning journey.
6. Information collected as part of the learning journey
AcademyEX gathers various information depending on the site and/or programme (from application through to matriculation and graduation), including:
Personal information required for enrolment in academyEX programmes or courses provided by academyEX, including identification, qualification, academic, professional, community and immigration information where relevant.
Personal information provided to us through any other method (including without limitation correspondence and discussions whether on academyEX sites or via other means) including, but not limited to:
comments voluntarily posted while participating in online discussions with the academyEX academic staff, facilitators, educators and other students
any email communications with academyEX to seek support or to send queries related to academic work
any academic-related content submitted electronically, such as assessments (written, video or other relevant submissions), quizzes, and examinations, and the results of any assessments
any data and documentation submitted as part of the identity verification process where required to obtain a certificate or academic accreditation
When you are participating in an academyEX programme or courses provided by academyEX, we and third parties may collect and store the following additional information:
comments you voluntarily post while participating in online discussions
any email communications with academyEX to seek user support or to send queries and responses you voluntarily provide in questionnaires, surveys, or user research that you participate in related to the programme
learning analytics data (generated from activity on the Learning Management System)
7. Storage, use and disclosure of personal information
AcademyEX may use the information listed in Sections 4, 5 & 6 for educational purposes, student and client communication, statistical purposes and system administration tasks to maintain this service. AcademyEX does not identify individuals as part of this practice. However, in the event of an investigation by a law enforcement agency or other government agency, academyEX may exercise its legal authority to inspect relevant server logs.
Personal information collected by academyEX will be held for the purposes of authenticating and authorising users, and administration.
A unique identifier will be assigned to each user, which will be used in conjunction with a secondary means of identification or password.
Staff members and other personnel within academyEX will have access to users’ personal information for purposes relevant to normal operations including but not limited to: marketing, study, academic progress, learning advice and support, student services, online security and safety, and managing and improving the quality of services provided by academyEX.
AcademyEX will use anonymised information (including learning analytics) gained from academyEX student learning activities for academic and marketing purposes, including research and to improve academyEX programmes design and delivery. All possible precautions will be taken to ensure that academyEX students, past and present, will not be identifiable as individuals.
AcademyEX will not disclose any personal information held to a third party unless required by law or except as set out below:
AcademyEX works with third-party service providers who provide hosting, maintenance, backup, storage, infrastructure, payment processing, subscription, analysis, marketing and other services for us, which may require them to access information about the user.
If a service provider needs to access information about a user to perform services on their behalf, they do so under instruction from academyEX, including abiding by policies and procedures designed to protect the user's information. Some of these service providers may be located in countries other than New Zealand and Australia.
In exceptional circumstances, academyEX may share information about a user with a third party if academyEX believes that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce academyEX agreements, policies and terms of service, (c) protect the security or integrity of academyEX sites and services, or (d) protect academyEX, related companies, customers or the public from harm or illegal activities.
Sale of our business
In the event that academyEX proposes to sell the business or any of its assets, academyEX may provide user personal data as part of a database to a prospective buyer solely so that they can consider the purchase of the business. Should academyEX proceed to sell the business (or a material part of it), academyEX may provide user personal data as part of that sale so that the purchaser can continue to operate the business and contact users about their plans for the business.
8. Cookies and Data Security
A cookie is a very small text file that is sent to a browser from our web server and stored on the user’s computer. Cookies help provide users with a customised experience without having to re-enter their preferences each time they return to academyEX websites. Customers may disable cookies, however doing so may restrict access to some web pages.
AcademyEX takes all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse and alteration of the information held by academyEX. When personal information is no longer required for the purposes for which it was collected, it may be deleted.
Where applicable to the scope of the project, academyEX booking and payment systems can form part of the solution. These systems are PCI-DSS compliant. NB. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment.
AcademyEX has in place measures to ensure the security of the personal data that is collected and stored about users. academyEX uses all reasonable endeavours to protect personal data from unauthorised disclosure and/or access, including (but not limited to) the use of network and database security measures, such as database segregation, WAF and firewalls and data encrypted-in-transit, regular patching and security updates, access control (including the enforcement of MFA and regular audits of users, roles and groups) and the gathering, monitoring and alerting of security telemetry
AcademyEX has put in place procedures to deal with any suspected personal data breach and will notify users and any applicable regulator of a breach where legally required to do so.
9. Data Retention
AcademyEX will hold a user’s information for as long as their User Account is active or as is needed to provide services to the user, or as long as AEX is legally obliged to. This retention policy extends to:
Automatically collected information
In the case of automatically collected information, we will make a good-faith effort to retain server logs for no longer than 90 days.
Voluntarily submitted personal information
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process personal information, we will either delete or anonymise it or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store personal information and isolate it from any further processing until deletion is possible.
10. User access to and Correction of Personal Information
A user may request access to their personal information by emailing [email protected]. If a user contacts academyEX by email or phone (+64 9 964 4444), academyEX may need to verify their identity for security purposes. Changes may take up to 10 days to take effect. If a user has questions regarding the specific personal information about them that academyEX holds, they can contact [email protected].
If a user wishes to cancel their Account or request that academyEX no longer use their information to provide services, they can contact academyEX at [email protected].
The role of the Privacy Officer is a shared responsibility between representatives from the Digital Advisory Working Group and the academyEX management team. These include but are not limited to: Chief Technology Officer, Academic Director, GM and Head of Data.
If you would like to lodge a complaint or think your information has been mishandled, please contact our Privacy Officer at [email protected]. All complaints will be regarded as critical and attempted to be resolved within 10 days, or beforehand. The New Zealand and Australian Privacy Commissioners are listed in the “Relevant Documents and Information” section of this document.
11. Limits of our policy
Please be aware that we have no control over the content and policies of third-party websites that may be linked to from within LMS content and supporting material and therefore, academyEX cannot accept responsibility or liability for their respective privacy practices.
12. Changes to this policy
If required by law, we will get permission or give the opportunity to opt in to or opt out of, as applicable, any new uses of personal information.
13. External links
14. Relevant Documents and Information
New Zealand Privacy Commissioner enquiries line - 0800 803 909.
Office of the Australian Privacy Commissioner - or 1300 363 992.