1. Background

Aesthetic and Skin Institute (we, us, our) provides open access to online aesthetic and skin related education. In providing these services, we collect, use and disclose personal information.

Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable.

We are committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose and otherwise handle personal information. It also tells you how you can ask to access and correct the personal information we hold about you or complain about a suspected privacy breach.

We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled.

We are also required to comply with more specific privacy legislation in some circumstances, such as applicable State and Territory health privacy legislation, theSpam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

2. What types of information do we collect?

2.1 Personal Information

The type of personal information that we collect and hold about you depends on the type of dealings that you have with us. If we need to identify you or verify your identity, we may collect your name, gender, date of birth, driver's licence and/or passport details, student ID number, username, password, security question and answer. If we need to communicate with you, we may collect your email, residential and postal addresses and telephone numbers. If you apply to enrol in a unit of study or otherwise access our services, we may collect details of your educational qualifications, banking and payment details and tax file number (TFN)

To help us improve our services, we may collect your responses to surveys and details about how, when and why you access our services.

2.2 Sensitive information Sensitive information is personal information such as health information and information about racial or ethnic origin that is generally afforded a higher level of privacy protection.

We only collect sensitive information where it is reasonably necessary for our business functions and you have consented, or we are required to do so by law.

2.3 Information other than personal

information ("non-personal information")

When you visit our website, some of the information that is collected about your visit is not personal information, because it does not reveal your identity. We use this information to help us improve our services and for marketing purposes. We may

aggregate this information for our own statistical purposes. Provided that it remains anonymous, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.

Site visit information

We may record your server address, the date, time and duration of your visit, search terms you used, the pages you viewed, any documents you downloaded and the type of device, browser and operating system you used.

Cookies

A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users.

We use cookies to hold anonymous session information. This information is used to personalise your current visit to the website. It may also be used as a basis for targeting online advertising.

Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. Rejecting cookies can, however, limit the functionality of our websites.

Read more information about our use of cookies.

3. How do we collect personal information?

3.1 Methods of collection

We will collect personal information by lawful and fair means as required by the Privacy Act. We will also collect personal information directly from you where this is reasonable and practicable.

We collect personal information in a number of ways, including:

Directly from you in person, over the phone, through written communications (either on paper or electronic) or by you completing forms or answering questions on our websites;

From third parties, including our education providers, direct marketing database providers, government agencies, our related companies and your authorised representatives;

From our own records of your use of our services.

3.2 Collection notices

Where we collect personal information directly from you, we will take reasonable steps to notify you of certain matters in a collection notice. We will do this at or before the time of collection, or as soon as practicable afterwards.

Collection notices provide more specific information than this Privacy Policy in relation to particular collections of personal information. The terms of this Privacy

Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services. We encourage you to read those provisions carefully.

Where we collect information about you from your authorised representative, we will take reasonable steps to make sure that you are made aware of the collection.

If you provide to us personal information about someone else (as their authorised representative), we rely on you to inform them that you are providing their personal information to us and to advise them that we can be contacted for further

information.

4. Why do we collect, hold, use and disclose your personal information?

4.1 General

The main purposes for which we collect, hold, use and disclose personal information are:

To identify you and verify your identity.

To communicate with you about our services;

To provide our services to you, including:

Facilitating your access to online education;

Facilitating your communications with others via our website; and

Obtaining payment for our services;

to help us improve our services;

for any other purposes that you have consented to.

4.2 Direct marketing

Where we have your express or implied consent, or where we are otherwise permitted by law, we may use your personal information to send you information about the services we offer, as well as other information. We may send this information by mail, email, SMS and telephone.

Opting out

You can opt out of receiving these communications at any time, in the following ways:

If you have an online account via our website, you can update your communications preferences by logging in to your account and following the instructions on our website.

Contact us (see section 10 below) and tell us;

Use the unsubscribe facility that we include in our commercial electronic messages

(i.e., email or SMS) to opt out of receiving those messages.

5. To whom do we disclose your personal information?

We may disclose your personal information to any of the organisations that we deal with in the ordinary administration of our business for the purposes set out in section 4 above, including:

Our contracted service providers, including:

Education providers and tutors;

Information technology service providers (including cloud services providers);

Marketing, communications and research agencies;

Mailing houses, postal, freight and courier service providers;

Printers and distributors of direct marketing material;

External business advisers (such as recruitment advisers, auditors and lawyers).

In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you.

We may de-identify and aggregate the personal information of you and others for our own statistical purposes. Provided that it remains permanently de-identified, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.

If you post comments or otherwise communicate publicly with other users via our website, any information about yourself that you include in the communication may be stored on the website and accessed by other users. For this reason, we encourage you to use discretion when deciding whether to post any information that can be used to identify you.

6. Cross border disclosure of personal information

It is our current policy not to disclose personal information to third parties located overseas.

If we change our policy at some time in the future, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information and this Privacy Policy will be amended accordingly.

7. Data quality and security

7.1 General

We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in secure premises. Paper files may also be archived offsite in secure facilities. We take reasonable steps to:

Make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;

Protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;

Destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.

7.2 Security

The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.

Payment security

We process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.

Website security

While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about

sending your information over the internet, you can contact us by telephone or post (see section 10 below).

You can also help to protect the privacy of your personal information by maintaining the confidentiality of your account (including your password), and by ensuring that you log out of your account on our website when you have finished using it. In

addition, if you become aware of any security breach, please let us know as soon as possible.

8. How can you access and correct your personal information?

You can request access to the personal information that we hold about you and request corrections by contacting our Privacy Officer (see section 10 below).

If you have an online account via our website, you can access and change some of your personal information by logging in to your account and following the instructions on our website.

9. Complaints

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer (see section 10 below).

Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.

If your complaint can't be resolved at first instance, we will ask you to complete a Privacy Complaint Form.

10. Further information

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details for privacy queries are set out below.

Aesthetic and Skin Institute

Mail: Level 1, 56-58 Stud Road, Dandenong, VIC 3175

Email: [email protected]

Telephone: +61401110065

11. Changes to this Policy

We may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained by sending your request to us via email.