Purpose: This statement is based on principles outlined in Website Privacy – Guidelines for the Victorian Public Sector, Edition 1, May 2004, Office of the Victorian Privacy Commissioner.

Scope: This statement refers to the NMIT website, the NMIT library website, and the staff and student intranets.

Collection of Personal Information
Personal information, i.e. any information from which a user’s identity is apparent and can be reasonably ascertained, is not registered or recorded. Personal information is only collected if the user provides such information to submit an enquiry or email address to subscribe to a distribution list.

A user’s browsing activities are not uniquely identified and are collected solely for monthly aggregated statistical purposes in order to analyse website trends.

Statistics
WebCentral (an Australian web hosting provider) and Google Analytics (a US statistical service provider) records the user’s visit/s* and logs the following information for statistical purposes:

• User's IP address.
• Times and dates of site visits.
• Pages accessed (including most visited and least visited) and files downloaded.
• Browsers and operating systems used
• The country where the user is browsing
• The time spent per visit.

*NMIT records the user’s visit to the NMIT Library website and logs (in server logs) the following information for statistical purposes:

• User's IP address
• Times and dates of site visits
• Pages accessed and files downloaded.

Cookies
The website uses session cookies during the user’s intent to submit an enquiry via a web form. The session cookie is used for the specific purpose of processing the form and automatically expires once the web form is submitted. A limited number of vendor based internet products use automated cookie generation. These are only used when authenticated Secure Sockets Layer (SSL) security is in place. The primary use of these is for active session tracking. All SSL sessions have timeout parameters which in turn expire the cookies. When a user closes their browser, any active session cookies set by the website is automatically terminated and no personal information is stored which might identify the user should the user visit the website at a later date.

Google Analytics may use one or more cookies that may uniquely identify the user’s browser for the purpose of statistical data collection and to identify the user’s browsing behaviour. NMIT is not responsible or legally liable for the conduct of Google and their use of your information. Google Analytics is based in the United States and is governed by United States privacy laws. Visit Google's Privacy Policy web page for further information regarding the use of cookies and how data is collected.

No web beacons are used on this website.

Use, Disclosure and Transborder Data Flows
The personal information collected via the website is used for the purpose for which it was given only.
Personal information about individuals is not provided to third parties such as government agencies, organisations, or companies (whether it be inside or outside Victoria) unless one of the following applies:

• The individual has given consent
• The individual would reasonably expect, or has been informed, that the information is usually given to those individuals, bodies or agencies
• It is required or authorised by law
• It will prevent or lessen a serious and imminent threat to somebody’s life or health.

Data Quality
When a user has consented to providing information for sustained communication, the user’s identifying information is updated when the user provides advice that their details have changed.

Data Security
 Two session types are used for the transmission of personal information
1. Authenticated SSL (128 bit encryption): This is used when the user accesses internal web based facilities from an external location e.g. mail, file access, intranets, etc. All externally available internal services use an SSL based appliance server to proxy these services to the end user who is required to authenticate before accessing their files and internal information.

Authenticated SSL has two levels of access:
1.1 Staff can access a number of services including email, file access, and the intranet.
1.2 Students can access the student intranet only using a generic login. Students can check their unofficial academic results and personal details on SSL encrypted web pages. The personal information is stored internally at NMIT and can only be accessed via password protected logins which are unique to each individual. Only NMIT staff with the proper authorisation have access to the internally stored information.

2. Non secure transmission: The student results system requires a student ID and a date of birth to allow a student to access their results. A user can choose not to use this system if they are concerned about the inherent risks involved in sending data over the internet and may contact the relevant department, information centre or teacher.

Access to and Correction of Personal Information
For student information.
To confirm or correct your details:

• log into your Unofficial Academic Results account.

To change your personal details:

• Download and Print Amendments to Personal Details form
• Complete amendments
• Submit form to any NMIT Information Centre

Alternatively, you can confirm or update your personal details by visiting an NMIT Information Centre. (You will need to show identification).

For access to and correction of personal information not related to the NMIT websites or portals, see:
Staff: QA Doc A/PN/D/7/075A located on the staff intranet.
Student: http://www.nmit.vic.edu.au/pdf/apnd7075b.pdf

Unique Identifiers
A user who submits their details is not assigned any unique identifiers.

Anonymity
A user may elect not to fill in a web form and will be provided with alternative contact means. If a user chooses to submit an enquiry via a web form, the user is only required to enter in an email and a name (whether it be an alias, pseudonym, or a real name). These details are necessary in order to perform the function of providing information to the user.

Sensitive Information
Sensitive information is NOT collected.

Email Lists
A user may submit an email address to an email list via a web form. The Web Developer and Administrator maintains email lists for the purpose of providing specific, requested information to email addresses on the list.
Personal information is NOT collected or stored. The lists are not stored on the website or on any public storage area.
Only staff at NMIT Corporate Communications, have access to the password protected lists.
An email request from the user to the Web Developer and Administrator will activate the removal of their email address from the relevant list.

Internet User Risks
Users should note that there are inherent risks involved in transmitting information over the internet.

Any information submitted via online forms is not transmitted over the internet via a secure connection. The information may be viewed by a third party while it is being transmitted. NMIT is not responsible for any consequential loss, abuse, misuse or any other matters arising from information being sent over the internet.

NMIT does not guarantee that utilities contained on its website will be uninterrupted or without inaccuracies. Please view website disclaimer. NMIT shall not be responsible for the proliferation of computer viruses (including worms) or other detrimental components transmitted from its website and other intermediary sites. Individuals may contact the Web Developer and Administrator (see contact details below) if they have concerns.

NMIT recommends that users update their browsers as required by its producer and ensure their computer is equipped with updated virus protection software.

Contact details
If at any time you believe the principles referred to in this privacy statement have not been followed, please contact:

Web Developer and Administrator
Corporate Communications
NMIT
77-91 St Georges Road
Phone: +61 3 9269 1310
Facsimile: +61 3 9269 1203
Email: web@nmit.vic.edu.au