Privacy Policy

Purpose

The purpose of this policy is to ensure that all reasonably available measures are in place to protect the privacy of information collected through user interaction with the Digital Passport (“digitalpassport.co.nz”) Learning Management System (“LMS”).

It is provided in accordance with respect to Digital Passport’s obligations under the New Zealand Privacy Act (2020) and the New Zealand Education and Training Act (2020).

Scope

This policy applies to all personal information provided via user interactions with the Digital Passport and supporting SaaS platforms.

Personal information is any information about the user. Such information may be automatically collected (i.e. information collected by Digital Passport from user-managed devices) and/or, voluntarily provided (i.e. knowingly and actively provided by the user)

Policy Statements

Digital Passport Privacy Policy and Procedures cover the collection, use and disclosure of information by Digital Passport. It details the precautions Digital Passport takes, how individuals can access their personal information, and how complaints can be made if privacy is thought to have been breached.

This policy covers the following:

  • Automatically collected information

  • Voluntarily provided personal information

  • Information collected as part of the learning journey

  • Use and disclosure of personal information

  • Cookies and data security

  • Data retention

  • User access to and correction of personal information

Automatically collected information

  1. Digital Passport cloud-hosted servers automatically log standard data provided by the user’s device and web browser to visit DigitalPassport.co.nz. This data may include:

    • the device’s IP address

    • device type

    • operating system

    • browser type and version

    • the pages visited

    • the time and date of the visit

    • time spent on each page, and 

    • other details about the visit or device.

  2. Device data can depend on the specific device or software settings. Digital Passport recommends checking the policies of the device manufacturer or software provider to learn what information they make available.

  3. In the event of errors, Digital Passport automatically collects data about the error and the circumstances surrounding its occurrence. This data may include technical details about the device, what action was attempted when the error happened, and other information relating to the problem. There may or may not be notice given of such errors. Please be aware that while this information may not be personally identifying by itself, it is possible to combine it with other data to personally identify individual persons.

Voluntarily provided personal information

  1. Digital Passport collects personal information about users through web forms; account registration, LMS Profile creation and support. Digital Passport may collect the following categories of personal data about the user: 

    • Limited personal information (specifically name and email address);

    • date of birth;

    • log in details and passwords;

    • location information either provided by the user, by a mobile device or associated IP address (where permitted by law);

    • usage, viewing and technical data, including device identifier, server address, IP address, domain name, browser type, and activity/conduct on the Site;

    • aggregated data (such as tracking of Website traffic and cookies)

    • other information you choose to provide about interests, educational background, occupation and work experience, learning goals, and, if opted in, information for the purposes of personalising our email and services’ and,

    • other information the user provides to us through any other method (including, without limitation, correspondence and discussions whether on the Website, by phone or via other means).

Information collected as part of the learning journey

Digital Passport gathers various information depending on the Website and/or programme, including, but not limited to:

  1. Personal information provided to us through any digital method (including without limitation correspondence and discussions whether on Digital Passport or via other means) including, but not limited to:

    • comments voluntarily posted while participating in online discussions with the Digital Passport support staff, facilitators educators and other students

    • any email communications with Digital Passport to seek support 

    • any LMS related content submitted electronically, such as assessments (written, video or other relevant submissions) and quizzes

Storage, use and disclosure of personal information

  1. Digital Passport may use the information listed in Section 6 for educational purposes, student communication, statistical purposes and for system administration tasks to maintain this service. Digital Passport does not identify individuals as part of this practice. However, in the event of an investigation by a law enforcement agency or other government agency, Digital Passport may exercise its legal authority to inspect relevant server logs.

  2. Personal information collected by Digital Passport will be held for the purposes of authenticating and authorising users, and administration.

  3. A unique identifier will be assigned to each user, which will be used in conjunction with a secondary means of identification or password.

  4. Staff members and other personnel within Digital Passport will have access to users’ personal information for purposes relevant to normal operations including but not limited to: marketing, study, academic progress, learning advice and support, student services, online security and safety, and managing and improving the quality of services provided by Digital Passport.

  5. Digital Passport will use anonymised information (including learning analytics) gained from Digital Passport student learning activities for academic and marketing purposes, including research and to improve Digital Passport programmes design and delivery. All possible precautions will be taken to ensure that Digital Passport students, past and present, will not be identifiable as individuals.

  6. All users will be deemed to have confirmed their acceptance of our privacy policy through the completion of our registration process, including accepting and signing AEX Terms and Conditions.

  7. Digital Passport will not disclose any personal information held to a third party, unless required by law, or except as set out below:

    • Ministry of Social Development: The funder of Digital Passport is the Ministry of Social Development (MSD) who may use shared data to identify MSD clients. Access to data is for the purpose of understanding the adoption rate of MSD clients as a subset of all users. This data will not be used by MSD for any other purpose.

    • Service Providers: Digital Passport works with third-party service providers who provide hosting, maintenance, backup, storage, infrastructure, payment processing, subscription, analysis, marketing and other services for us, which may require them to access information about the user.

    • If a service provider needs to access information about a user to perform services on their behalf, they do so under instruction from Digital Passport, including abiding by policies and procedures designed to protect the users information. Some of these service providers may be located in countries other than New Zealand.

    • Legal Obligations: In exceptional circumstances, Digital Passport may share information about a user with a third party if Digital Passport believes that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce Digital Passport agreements, policies and terms of service, (c) protect the security or integrity of Digital Passport sites and services, or (d) protect Digital Passport, related companies, customers or the public from harm or illegal activities.

Cookies and Data Security

  1. A cookie is a very small text file that is sent to a browser from our web server and stored on the user’s computer. Cookies help provide users with a customised experience without having to re-enter their preferences each time they return to Digital Passport websites. Customers may disable cookies, however doing so may restrict access to some web pages.

  2. Digital Passport takes all reasonable precautions to guard against unauthorised access to confidential and personal information including the loss, misuse and alteration of the information held by Digital Passport. When personal information is no longer required for the purposes for which it was collected, it may be deleted.

  3. Digital Passport has in place measures to ensure the security of the personal data that is collected and stored about users. Digital Passport uses all reasonable endeavours to protect personal data from unauthorised disclosure and/or access, including (but not limited to) the use of network and database security measures, such as database segregation, WAF and firewalls and data encrypted-in-transit, regular patching and security updates, access control (including the enforcement of MFA and regular audits of users, roles and groups) and the gathering, monitoring and alerting of security telemetry.

  4. Digital Passport has put in place procedures to deal with any suspected personal data breach and will notify users and any applicable regulator of a breach where legally required to do so.

  • A potential infringement of your privacy may be due to the following contingencies:

    • Misplacement of your personal data.

    • Accidental disclosure of your personal information to an unauthorized entity.

    • Theft of your private information.

    • Illicit access to your sensitive data.

  • We regard violations of privacy with utmost severity. In the event that such a transgression occurs, we will promptly conduct an analysis to determine whether it may lead to serious detriment for you or any other individuals involved.

  • Should our assessment conclude that significant harm might ensue, we shall:

    • Notify you promptly, enabling you to take necessary precautions to safeguard your privacy.

    • Report the incident to the Privacy Commissioner.

    • In scenarios where the infringement involves a substantial number of individuals, we may not be able to notify each person individually. In such instances, we will issue a public announcement detailing the breach and providing guidance on the appropriate measures to be taken.

Data Retention

  1. Digital Passport will hold a user’s information for as long as their User Account is active or as is needed to provide services to the user, or as long as Digital Passport is legally obliged to. This retention policy extends to:

    • Automatically collected information

      • In the case of automatically collected information, we will make a good-faith effort to retain server logs for no longer than 90 days.

    • Voluntarily submitted personal information

      • We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

  2. When we have no ongoing legitimate business need to process personal information, we will either delete or anonymise it or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store personal information and isolate it from any further processing until deletion is possible.

Access to, Correction and Deletion of Personal Information

  1. A user may request access to their personal information by emailing [email protected]. If a user contacts Digital Passport by email or phone (+64 9 964 4444), Digital Passport may need to verify their identity for security purposes. Changes may take up to 10 days to take effect. If a user has questions regarding the specific personal information about them that Digital Passport holds, they can contact [email protected]

  2. If a user wishes to cancel their Account or request that Digital Passport no longer uses their information to provide services, they can contact Digital Passport at [email protected].

  3. We provide users with full control over their data, including what data is retained and what data is deleted. End users can request all or part of their data to be deleted by sending an email to [email protected]. We take up to 1-2 weeks to process the request and notify the user after the data is deleted from our system.

  4. The role of Privacy Officer is a shared responsibility held by the creators of Digital Passport. The creators are academyEX Education Limited Partnership (academyEX), located at 99 Khyber Pass Road, Grafton, Auckland 1023. The Privacy Officer role is collectively overseen by members of academyEX’s  Digital Advisory Working Group and the Digital Passport management team. These include, but are not limited to: Chief Technology Officer, Head of Delivery and Chief Data Officer.

Limits of our policy

  1. Please be aware that we have no control over the content and policies of third-party websites that may be linked to from within LMS content and supporting material and therefore, Digital Passport cannot accept responsibility or liability for their respective privacy practices.

Changes to this policy

  1. At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

  2. If required by law, we will get permission or give the opportunity to opt in to or opt out of, as applicable, any new uses of personal information.

External links

  1. In the event our Website contains links to third party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, please read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of activities that occur after leaving our site.

Relevant Documents and Information

  • New Zealand Privacy Act (2020)

  • Harmful Digital Communications Act 2015