Who does this policy apply to?
This policy applies to all business activities involving personal data provided to, and used to provide services by Peer2Peer Education globally.
Our Personal Data Management Policy
Peer2Peer Education places the privacy of personal data first. This policy explains how we manage, collect and store personal data from you, and why we need it.
Our Approach to Personal Data Management
We design, review and update our approach to information management of personal data in compliance with two legal frameworks:
Australian Privacy Principles (Schedule 1, Australian Privacy Act, 1988) (APP’s)
The European Union General Data Protection Regulation (GPDR)
Personal data is information about you, that could reasonably identify you in any form.
For example:
- A photograph
- A video
- An online post
- A student identification number
- A passport identify card or another document that proves your identity
What definition of personal data do we use?
We use the definition of personal data from Article 4 of the GPDR
“personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
This is why our person-first approach to protecting your privacy and data in how we manage information is found in greater detail in our Privacy Policy and Social Media Policy
Personal data we collect
We collect information to meet legal and administrative requirements to deliver our core programs.
Examples of the type of information we collect are:
- Students – for students enrolled in accredited education programs with Australian Registered Training Organisations, information will be collected related to proof of identity, previous education and language, literacy and numeracy.
- Employees – for employees, we collect all necessary information to comply with government legislation in each country or jurisdiction, and all information required to carry out legal duties as an employer.
- Businesses and stakeholders – we collect information required to conduct business, e.g. to send out and record invoices for payment and other day to day business activities
Sensitive personal data
Some information required we collect may be sensitive in nature.
- Students– This includes identification documents and date of birth, place of birth, educational level attained, and if you identify as having a disability.
- Employees -Some information requested to be provided by our employees is sensitive, for example, work permit documents, criminal records checks, proof of identity, proof of employment history and child protection checks.
How we collect personal data
We ask permission to collect personal data from each person we collect it from. When permission is given, we collect information – usually by completing an enrolment form, enquiry form, or entering data for administration purposes.
This is called informed consent.
We ask for consent in writing, which means completing a Privacy Form.
- Students – We use enrolment forms for Peer2Peer Education or our partner Registered Training Organisations
- Employees- we use employment checklists, contracts and forms that are standard across the whole organisation. Where possible, we collect this information directly from you. If we are conducting referee checks, we will request a signed consent form to speak to a third party (previous employer) about you.
We may collect information
- Verbally – in speaking with you
- In writing – through standard forms, including identification checks and all required assessment tasks as part of the education program
- Electronically – through our website or e-learning and mobile learning sites and applications.
How we use personal data
We use the information we collect to carry out Peer2Peer Education core business activities in a manner that is ethical, and lawful. We collect information related to our primary purpose – providing high-quality workplace focused, skills-based education programs. We use the information to
- Preform core tasks related to the delivery of education programs
- Meet legal requirements (for example to complete an education program leading to the award of a qualification
- Complete administration tasks, including insurance purposes, and accounting
- Employ staff
- Enrol students
How we keep and store personal data
We take the security and storage of personal information seriously. We use a system of both electronic and paper-based storage of information. This includes
- Scanned copies of information stored electronically in secured locations
- Hard copies of information stored in locked filing cabinets in a secure office location
- A database of suppliers, contractors, businesses, to which we restrict access to those engaged in necessary functions of the business
- Records for accounting purposes including timesheets, invoices and records of payment
- A database of students, to which we restrict access to those engaged in necessary functions of the business
We require our third-party providers and stakeholders for example registered training organisations and businesses in which you work, to sign a privacy and confidentiality agreement.
When and how do we share personal data
We share information about you when
- We are legally required to
- When you have given us permission, fully understanding what information will be collected and how it will be used, in what form
- It is required as part of an education program in which you are taking part
- If sharing information could reasonably prevent a threat to health or safety in the workplace, to the general public or to an individual