Legal

Privacy Policy

Purpose & Applicability

This Privacy Policy governs the collection, management, and protection of data within the EDU-Pulse Media ecosystem. It applies to all consultancy engagements, digital audit activities, and instructional design projects undertaken by the Company.

Strategic Intent

At EDU-Pulse Media, we recognise that in the era of Artificial Intelligence, data is not just information – it is Intellectual Property (IP) and Operational Capital. This policy is specifically engineered to address the high-risk requirements of:

Vocational Education (RTO/CRICOS): Managing regulated student data and compliance records.
Digital Infrastructure: Auditing software stacks, network configurations, and “Shadow AI” vulnerabilities.
Enterprise Protection: Implementing “Walled Garden” AI strategies to ensure that proprietary business logic and instructional IP remain secure and sovereign.

Regulatory Alignment

This framework operates under the strict jurisdiction of the Privacy Act 1988 (Cth) and is designed to meet the enhanced transparency requirements for businesses deploying AI-driven change strategies. By engaging with our services, you are entering a “Zero-Trust” data environment where the security of your business intelligence is our primary directive.

Privacy & Data Governance Policy:

1. Statutory Compliance & Scope

EDU-Pulse Media (“the Company”, “we”, “us”) is committed to the highest standards of data privacy. This policy is governed by the Privacy Act 1988 (Cth), the Privacy Amendment (Notifiable Data Breaches) Act 2017, and the Australian Privacy Principles (APPs).
Due to our engagement with Registered Training Organisations (RTOs) and CRICOS providers, we also adhere to the data handling requirements set out by the National Vocational Education and Training Regulator Act 2011 and the ESOS Act 2000.

2. High-Risk Data Categories Collected

We collect only the information necessary to perform our specialised consultancy and technical services. This includes:

Regulated Educational Data: Student identifiers, enrolment records, and completion data managed on behalf of RTO clients.
Technical Ecosystem Data: Comprehensive maps of your digital architecture, including API keys, software dependencies, and network vulnerability profiles.
Proprietary Intellectual Property (IP): Instructional design frameworks, original curriculum content, and unique business workflows shared for AI augmentation.
Commercial & Financial Intelligence: Invoicing details, ABNs, and business-to-business (B2B) contractual data.
Marketing & Behavioural Data: Database access for CRM platforms (HubSpot), email marketing engagement metrics, and social media authentication tokens.

3. AI Governance & Data Sovereignty

In our capacity as AI Consultants, we enforce a “Sovereign Data Protocol”:

Zero-Training Guarantee: We ensure that client-provided IP and sensitive datasets are processed through private API instances that explicitly opt out of “Global Model Training.” Your business secrets remain yours.
Algorithmic Transparency: We maintain records of the logic behind any AI-driven procedures we implement for your workplace to ensure accountability and error-tracking.
Data Minimisation: We only ingest the minimum data required to train or fine-tune bespoke workplace models.

4. Authorised Disclosure & Third-Party Integrity

We do not sell, trade, or rent personal or business data. Disclosure is strictly limited to:

Essential Service Providers: Cloud infrastructure (Hostinger), secure productivity suites (Google Workspace/Microsoft), and CRM management (HubSpot). These providers are audited for compliance with APP 8 (Cross-border disclosure).
Regulatory Necessity: Disclosure to ASQA, the Department of Education, or law enforcement where a clear legal obligation exists.
Sub-Processors: Any technical specialists sub-contracted by EDU-Pulse Media are bound by identical “Back-to-Back” confidentiality and privacy obligations.

5. Advanced Security & “Zero Trust” Framework

To mitigate high-risk threats, we implement:

AES-256 Encryption: All data at rest and in transit is encrypted.
MFA & IAM: Mandatory Multi-Factor Authentication for all access points. We operate on the principle of Least Privilege Access.
Physical Data Residence: Where possible, we prioritise Australian-domiciled servers for sensitive RTO and financial data to ensure local jurisdictional protection.

6. Retention, Archiving, and Destruction

We comply with mandatory Australian retention periods:

Vocational Records: Retained in accordance with RTO standards for the duration of the engagement or as legally mandated.
Financial Records: 7 years as per ATO requirements.
Consultancy Artefacts: Once an AI Change Strategy is complete, sensitive audit logs are either returned to the client, de-identified, or securely purged using cryptographic erasure.

7. Notifiable Data Breaches (NDB)

In the event of an “Eligible Data Breach,” EDU-Pulse Media invokes its NDB Response Plan. We will notify the Office of the Australian Information Commissioner (OAIC) and all affected individuals immediately if personal information is involved in a way that is likely to result in serious harm.

8. Rights of Access & Correction

Under APPs 12 and 13, you have the right to access and correct any information we hold. Given the high-risk nature of the data we handle (including IP), we reserve the right to perform Enhanced Identity Verification before granting access to technical or educational datasets.

Contact our Privacy Officer

For all enquiries, data access requests, or privacy complaints:
Privacy Officer EDU-Pulse Media Email: privacy@edupulsemedia.com.au
Web: www.edupulsemedia.com.au

EduPulse Media

EduPulse Media is a full-stack consultancy and education ecosystem supporting vocational consulting, instructional design, AI strategy and digital growth.