This Privacy and Cookies Policy explains how StudyNet Pty Ltd (“StudyNet”, “we”, “us”, “our”) collects, uses, stores, discloses and protects personal information in connection with our online platforms, services and related activities. We are committed to complying with the Privacy Act 1988 (Cth), including the Australian Privacy Principles, the Spam Act 2003 (Cth) and other applicable laws.
If you have any questions about this policy or our privacy practices, please contact our Privacy Officer (see 12. Complaints and Contact).
Who we are and scope of this policy
This policy applies to all personal information we handle in Australia in relation to our websites, platforms, products and services, including bookings and communications with partner institutions and independent counsellors. It explains the kinds of personal information we collect, how we collect and use it, the people and organisations to which we disclose it (including overseas recipients), and how you may access and correct it or make a complaint.
We maintain an internal privacy management framework and review this policy regularly to ensure it remains accurate and up to date. See 13. Changes to this Policy.
Anonymity and pseudonymity
Where lawful and practicable, you may interact with us anonymously or under a pseudonym (for example, for general enquiries). If we need your identity—for example, to create an account, make a booking, verify eligibility, or meet legal requirements—we will let you know why.
What personal information we collect
Categories
- Personal information: name, contact details (email, phone), education history, application or enquiry details, booking information, preferences and communications with us.
- Sensitive information (handled with additional protections): for example, certain health information or cultural background details you choose to provide to support counselling or accessibility needs. We collect sensitive information only with your consent or as otherwise permitted by law.
- Technical and usage information: IP address, device identifiers, browser and operating system details, activity logs and interactions with our sites and apps, including through cookies and similar technologies (see 11. Cookies and Tracking).
How we collect information
We collect personal information directly from you wherever reasonable and practicable (e.g., via forms, bookings, chats, calls and emails). We may also collect information from third parties (e.g., partner education institutions, counsellors, payment and identity verification providers, analytics services), or from publicly available sources, where lawful. If we obtain information about you that we did not request (unsolicited information), we will handle it in accordance with our standard privacy handling processes (see 4. Unsolicited information).
Necessity and fairness
We collect personal information by lawful and fair means and only where it is reasonably necessary for our functions and activities (see 5. How we use your information).
Unsolicited information
If we receive personal information that we did not request and determine that we would not have been permitted to collect it in the ordinary course of our business, we will promptly destroy or de-identify it if lawful and reasonable to do so.
Collection notices and consequences of non-provision
At or before the time we collect your personal information (or, if that is not practicable, as soon as practicable thereafter), we will take reasonable steps to notify you of:
- our identity and contact details;
- the purposes for which we collect the information;
- the main consequences if you do not provide the information (for example, we may be unable to create your account, complete a booking, or connect you with a counsellor);
- the types of third parties to whom we usually disclose personal information (e.g., partner institutions, IT and cloud service providers, analytics and communications providers);
- whether we are likely to disclose personal information to overseas recipients and, if practicable, the countries involved (see 9. Cross-border disclosures);
- how to access and correct your personal information and how to make a privacy complaint.
Where appropriate, we will provide this information in a concise, user-friendly notice at the point of collection (e.g., sign-up or booking screens).
How we use your information
Primary purposes
We use and disclose personal information to:
- operate, provide and support our platforms and services (including bookings, referrals and case management);
- respond to enquiries and provide customer support;
- meet contractual and legal obligations, including obligations we have to partner institutions and regulators;
- maintain the security and integrity of our services (fraud monitoring, incident response and service quality assurance).
Secondary purposes
We may also use and disclose personal information for secondary purposes that are:
- related to the primary purposes and within your reasonable expectations (e.g., internal analytics, service improvement and training);
- expressly consented to by you; or
- required or authorised by law.
Direct marketing
We may use your contact details to send you updates about our platform, study opportunities and partner offers where permitted by law. You may opt out at any time using the unsubscribe link or by contacting us (see 12. Complaints and Contact). We do not use sensitive information for direct marketing without your explicit consent, and we do not sell personal information. Where marketing involves third parties or online identifiers (e.g., cookies or pixels), we will tell you and obtain consent where required (see 11. Cookies and Tracking).
Disclosures we commonly make
We may disclose personal information to:
- Partner education institutions, counsellors, agents or insurers involved in your enquiry, booking or services you request;
- Service providers who support our operations (e.g., cloud hosting, analytics, communications, payments, scheduling and security);
- Professional advisers (e.g., lawyers, auditors) and regulators/law enforcement where required or authorised by law; and
- Other third parties with your consent.
We will not disclose personal information to non-partner institutions without your consent, unless required or authorised by law.
Government-related identifiers
We do not adopt government-related identifiers (e.g., Medicare, passport or driver licence numbers) as our own identifiers. We will not use or disclose such identifiers except as permitted by law, such as for identity verification or where required to meet legal obligations.
Cross-border disclosures and safeguards
Some of our service providers and partners may be located outside Australia. Likely countries include (but are not limited to) Bangladesh, Nepal and India. When disclosing personal information overseas, we take reasonable steps to ensure recipients handle your information in a manner consistent with Australian privacy standards. These steps may include contractual safeguards, due diligence checks and technical or organisational measures. Where it is not practicable to identify specific countries in advance, we will update this policy as our vendor locations change or provide details at the point of collection. Exceptions may apply (for example, where you consent to the disclosure or where disclosure is required or authorised by law).
Data quality, security, retention and destruction
Data quality
We take reasonable steps to ensure the personal information we hold is accurate, up-to-date, complete and relevant. Please tell us if your details change.
Security
We implement administrative, technical and physical safeguards appropriate to the sensitivity of the information we hold, which may include encryption in transit and at rest, access controls, logging and monitoring, and secure development and testing practices. We require our personnel and service providers to comply with appropriate confidentiality and security obligations.
Retention and de-identification
We retain personal information only for as long as needed for our functions and activities or to comply with legal and contractual requirements, and then we securely destroy or de-identify it. Unless otherwise required by law:
- Account-level data is ordinarily deleted or de-identified within 24 months of account inactivity; and
- Transactional and record-keeping information (e.g., financial or booking records) may be retained for at least 7 years or as required by applicable laws and partner obligations.
“De-identification” means information that can no longer reasonably identify an individual.
Cookies and tracking technologies
We use cookies and similar technologies to operate our sites and improve your experience.
Types of cookies
- Essential cookies enable basic functions such as login and page navigation.
- Functional cookies remember preferences and enhance features.
- Analytics cookies collect aggregated information about usage to improve performance.
- Marketing cookies/pixels support referral tracking, personalisation and advertising.
Consent and controls
When you first visit our site, you will see a banner that allows you to Accept all, Reject non-essential cookies, or Manage preferences. You can also control cookies via your browser settings. Disabling certain cookies may affect functionality.
Third-party technologies
We use third-party services (for example, Google Analytics, Meta Pixel and Microsoft Bookings) for analytics, advertising/retargeting and scheduling. These providers may set cookies in accordance with their own privacy policies. We maintain a current list of our key processors (see 14. Third-party processors (transparency)).
Access, correction and complaints
Access and correction
You may request access to the personal information we hold about you and request correction if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We may need to verify your identity before actioning a request. We aim to respond within 30 days.
We do not charge for correction requests; we may charge a reasonable fee to cover the cost of providing access. If we refuse access or correction as permitted by law, we will provide a written explanation and information about how to complain.
Complaints and OAIC escalation
If you have a privacy concern or complaint, please contact:
Privacy Officer
Email: hello@studynetglobal.com
We will acknowledge your complaint and aim to respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Visit the OAIC website for contact details and guidance on how to make a privacy complaint.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices, technologies or legal requirements. We will post the updated version on our website and indicate the “Last updated” date at the top. For material changes, we will take additional steps to notify you where appropriate (e.g., email or in-product notice).
Third-party processors (transparency)
We engage trusted third parties to help deliver our services. The types of providers we use include:
- Analytics and advertising: Google Analytics; Meta Pixel
- Scheduling and bookings: Microsoft Bookings
- Cloud hosting and infrastructure: selected cloud providers supporting our platform operations
- Communications: email/SMS providers and in-product messaging tools
- Security and monitoring: services that help detect fraud, abuse or technical issues
For each provider, we assess purpose, data categories, processing location (country) and relevant contractual and security measures. We will publish or provide on request a current list including processing purpose and links to provider privacy notices. Some providers may process personal information outside Australia—see 9. Cross-border disclosures.
Children and young people
We are mindful of decision-making capacity and consent for younger users. Where appropriate, we may:
- use age-appropriate notices and explanations;
- seek parent/guardian consent for users under 18 before collecting or using certain information; and
- provide support channels for parents/guardians to exercise access and correction rights on behalf of the child, consistent with the child’s best interests and applicable laws.
Withdrawing consent and opting out
Where we rely on your consent (for example, to process sensitive information or to place non-essential cookies), you may withdraw your consent at any time. You can opt out of marketing communications via the unsubscribe link in our emails or by contacting us. Withdrawal of consent will not affect processing that has already occurred in reliance on valid consent.
Additional notes for transparency
- Consequences of non-provision: If you choose not to provide requested information, we may be unable to provide parts of our services (for example, creating an account, completing a booking or connecting you with a counsellor).
- Lawful disclosures: We may disclose information where required or authorised by law, including to regulators and law enforcement under applicable legislation.
- No sale of data: We do not sell personal information.
Effective date: This version takes effect on the date shown under Last updated above.