Policies and Procedures
- We acknowledge the importance of information security and the protection of privacy;
- We adhere to the principles of privacy by design and privacy by default;
- To demonstrate compliance to the latest regulations, such as GDPR we continually seek improvement via the ISPM.
- A risk assessment has shown how your data is being used in our processes;
We have implemented measures to ensure adequate protection of data, both in transit and at rest;
- Processes have been adjusted to make sure data is never stored longer than necessary to perform our services;
- If you want to find out which measures and security controls have been implemented, we have prepared an Assurance statement which is available upon request.
- ENS commitment to continual improvement is demonstrated through our Risk assessment and treatment process and Incident management process which includes the assessment of privacy practices and management of Personally Identifiable Information (PII).
- To provide, improve and properly manage our products and services we continually improve by developing new products, responding to requests or queries, verifying your identity, conduct surveys and seek your feedback.
Privacy at ENS
What is personal information?
What personal information do we collect?
We collect personal information in order to provide our training services, to conduct our business and to improve customer service. The types of personal information we collect will depend on how you interact with us.
Typically, we collect the following personal information:
- title or position
- business address
- e-mail address
- phone number
- Information you provide to us through customer surveys, evaluation forms and when you register for ENS events and courses
We do not normally collect sensitive information about you such as information relating to your health, religion, political beliefs, date of birth or race. If we do collect sensitive information which is reasonably necessary for the operation of our business functions or activities, we will obtain your consent to do so.
If your organisation is a ENS client and you do not agree to provide us with your personal information, this may limit our ability to provide our services to your organisation. When PII is collected backups will capture this information and procedure is in place to responsibility restore the recent changes to maintain PII data accuracy. Backups are retained for a period of 28 days and two weeks would be required for restoration of systems including PII.
How do we collect personal information?
We collect personal information directly from you unless it is unreasonable or impracticable to do so. We may collect your personal information in the following ways:
- when you purchase our services
- when we respond to your inquiries and requests
- during conversations or email exchanges between you and our representatives
- when we obtain feedback from you about our services including through student evaluation forms
- when we conduct our administrative and business functions
- when you register for our events or subscribe to our mailing lists and newsletters
- when we market our services to you
- through your access and use of our websites
Personal information may be obtained directly from you, through another contact in your company if you are a corporate client, or through a third party by who we have been informed that your details may be provided to us.
We may at times obtain personal information that relates to you through third parties. Where we do so, we will ask any third parties to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and to use it.
For what purposes do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information for the following purposes:
- to send communications
- to manage and maintain our business relationships
- to respond to inquiries and requests
- to improve the services we provide
- to inform you about our services
- to obtain feedback from you on our services
- to organise training certification exams
- to provide access to online portals
- to provide you with a more personalised experience when you interact with us
- to conduct administrative and business functions
- to provide our services
- to update our records and keep contact details up to date
- to enable you to subscribe to our website, newsletters and mailing lists and to register for ENS events and courses
- to assess the performance of our website and to improve its operation
- to process and respond to privacy complaints
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country
To whom do we disclose personal information?
We may disclose your personal information to our employees and related bodies corporate for the purposes set out in clause 5 above. We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.
We may also disclose your personal information to:
- contractors, suppliers, vendors, partners, and other third parties with whom we have a commercial relationship for business, marketing, and related purposes
- any organisation for any authorised purpose with your express consent
Except as set out above, ENS will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the Privacy Act.
Do we disclose personal information to anyone outside Australia?
We may disclose your personal information to service providers located outside Australia such as the United Kingdom, the United States of America, Singapore and the Netherlands for some of the purposes set out in clause 5 above. We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the APPs.
How do we store and secure personal information?
We store personal information to ensure that we can manage and maintain communications with organisations with whom we do business. Contact may be verbal, electronic or written. We will only store your personal information if it is relevant to your organisation conducting business with us. We do not normally store information that is sensitive information.
We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure using a combination of physical, administrative and technical safeguards. We hold personal information in either paper-based records in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. ENS personnel are also contractually bound by confidentiality obligations.
ENS’ website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where ENS is required by law or a court/tribunal order to retain the information.
We may send you direct marketing communications and information about our services that we consider may be of interest to you. We may send communications in various forms, SMS and email, in accordance with applicable laws, such as the Spam Act 2003 (Cth). You consent to us sending you those communications by any of those methods. If you indicate a preference for a method of communication, we will use reasonable endeavours to use that method whenever practical to do so.
We do not provide your personal information to other organisations for the purposes of direct marketing.
How can you access and correct personal information?
We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete. You may request access at any time to personal information that we hold about you and we will give you access in the manner that you request where it is reasonable and practicable to do so, except where we deny access as permitted by the Privacy Act. For example, we may need to refuse access if granting access would interfere with the privacy of others, is unlawful or would result in a breach of confidentiality. You may also request that we correct your personal information when it is inaccurate, incomplete or out of date.
If you wish to access or correct your personal information, please send a written request to our Privacy Officer using the contact details set out below or by using the customer portal services. Our Privacy Officer will respond to your request within 30 days after you make the request. If we deny your request for access to or correction of your personal information, we will provide you with written reasons for refusing your request and the mechanisms available to you to complain about our refusal.
How can you complain about a breach of your privacy?
If you have concerns about how your personal information is being handled by ENS or you wish to make a complaint about a breach of the APPs by ENS, please send your complaint in writing to the Privacy Officer using the contact details set out below. The Privacy Officer will respond to you in writing within 30 days of receiving your complaint, setting out what action ENS will take as a result of your complaint or alternatively providing an explanation to you if there has been no breach of the law.
Using our website
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.
You may request for your personally identifiable information consent withdrawal at any time by contacting ENS using the channels below. We may require the request to be in writing depending on the data being withdrawn as well as proof of identity. Click for more information on your Personal Information Rights.
- Email: firstname.lastname@example.org
- Phone: +61 2 9299 9688
- Post: Data Protection Officer, ENS, Level 11, 153 Walker St, North Sydney, NSW, Australia 2060