Enrollment and Account Creation

Setting up access to arcinthova courses requires establishing identity records. Your full legal name appears on completion certificates. We verify age eligibility for certain workshops (participants under 18 need guardian consent for specific programs).

Email addresses function as primary communication channels—course updates, assignment feedback, instructor messages all route through this contact point. Phone numbers serve backup purposes when email delivery fails or urgent program changes require immediate notification.

Address Information Purposes

Physical addresses come into play during specific circumstances. Students ordering physical art supply kits receive deliveries. Portfolio reviews sometimes involve printed materials. Exhibition opportunities for advanced students require shipping coordinates.

Payment information passes through third-party processors. We don't store complete card numbers on our servers. Transaction records show amounts, dates, and which course or material purchase occurred—nothing more.

Creative Work and Learning Activity

Every sketch uploaded, every assignment submitted, every forum comment posted generates records. These artifacts form the core of your educational journey with us.

Instructors access your submissions to provide personalized guidance. Sometimes exceptional student work gets featured in promotional materials (always with explicit permission requested separately). Advanced students occasionally have portfolios shared with visiting industry professionals during networking events.

Platform Interaction Patterns

Technical systems capture behavioral patterns automatically. These aren't deliberate surveillance—they're inherent to digital platform operation.

Browser types, device models, screen resolutions help us optimize course delivery. Videos that won't play on certain devices get our attention. Interface elements that confuse mobile users trigger redesign conversations.

IP addresses reveal geographic locations at city level. This informs decisions about scheduling live workshop sessions across Australian time zones. Connection timestamps show when students typically engage with materials, helping instructors plan real-time feedback availability.

Operational Rather Than Marketing

We're not building advertising profiles. Behavioral data serves educational improvement. If most students abandon a particular tutorial module at the twelve-minute mark, that signals content problems. When forum activity drops during certain weeks, scheduling adjustments might help.

Error logs capture technical failures—pages that won't load, uploads that fail, payment processing glitches. These reports often contain incidental details about your activity at the moment problems occurred.

External Service Dependencies

arcinthova relies on specialized providers for functions outside our core expertise. Video hosting, payment processing, email delivery—each involves transferring information beyond our immediate control.

These relationships operate under contractual agreements limiting what recipients can do with transferred material. They're prohibited from using student information for their own marketing or selling it to other parties. Australian data protection standards apply to domestic providers; international services must demonstrate equivalent safeguards.

Security Approach and Known Limitations

Protecting student information involves technical measures and realistic acknowledgment of digital vulnerability. No system achieves perfect security—claims otherwise aren't credible.

Passwords undergo one-way encryption. Even our administrators can't retrieve original passwords (hence the "reset" rather than "remind" process when you forget credentials). Database access requires multi-factor authentication. Staff members see only the information relevant to their specific roles—financial personnel don't access artwork files, instructors don't view payment details.

What Could Still Go Wrong

Sophisticated attacks might breach defenses despite precautions. Employee errors could expose information accidentally. Third-party providers might suffer their own security failures affecting data they hold on our behalf.

Physical risks exist too. Devices stolen from staff members could contain student information if theft occurred before remote-wipe protocols activated. Natural disasters affecting data center facilities might compromise backup systems.

When security incidents occur, affected individuals receive direct notification within 72 hours of discovery (regulatory requirement, but also just decent practice). Notices explain what happened, what information was involved, and what steps we're taking in response.

Control Mechanisms You Can Exercise

Australian privacy law establishes specific rights regarding information organizations hold about you. arcinthova's operational structure determines how you activate these rights.

Formal Request Procedures

Requesting comprehensive records of what we hold about you triggers a structured response process. Submit requests to info@arcinthova.com with "Information Access Request" in the subject line. We'll deliver complete records within 30 days—sometimes faster, occasionally requiring the full month for complex accounts.

Correction requests work similarly. Point out inaccurate records and we'll update them. When factual disputes arise (you claim something is wrong, we think it's correct), both versions get noted in our systems until resolution.

Deletion requests get complicated. Active student accounts can't simply vanish—grades, completion records, and financial transactions have legitimate retention requirements. After program completion, you can request removal of most materials. Some elements persist: financial records (tax law), serious misconduct documentation (institutional safety), certificates issued (credential verification).

Objection and Restriction

You can object to specific uses of your information. Marketing communications stop immediately upon request (unsubscribe links appear in every promotional email). Featured student work gets removed from promotional materials when creators withdraw permission.

Restricting processing means information stays in our systems but stops being actively used. This might make sense during disputes—freeze everything until resolution rather than full deletion you might later regret.

Retention Timeframes and Deletion Triggers

Different information categories follow different lifecycle rules. Nothing stays forever, but departure timelines vary dramatically.

Active student accounts—those enrolled in current courses or with active subscriptions—maintain full records indefinitely. "Active" means logged in within the past 18 months or holding valid enrollment.

After account closure or enrollment conclusion, staged deletion begins. Course materials you submitted remain accessible for 12 months (supports transcript requests, credential verification, dispute resolution). Then personal identifiers get stripped while anonymous performance data might persist for educational research.

When legal obligations require extended retention despite deletion requests, you'll receive explanation of what's staying, why it must stay, and when standard deletion will eventually proceed.

Legal Foundations and Geographic Scope

Australian Privacy Principles under the Privacy Act 1988 establish the baseline framework governing our practices. arcinthova qualifies as an organization subject to these requirements based on revenue thresholds and operational characteristics.

Different processing activities rest on different legal justifications. Enrollment requires information to fulfill our educational service obligations—basic contract performance. Marketing communications require consent, obtained through opt-in mechanisms during signup (pre-checked boxes don't appear on our forms). Legitimate interests justify some operational uses where processing benefits both parties without overriding privacy concerns.

International Considerations

Some service providers maintain servers outside Australia. Cloud storage might involve Singapore facilities. Video hosting could route through United States infrastructure. These arrangements require safeguards ensuring foreign processors provide protection meeting Australian standards.

Students located outside Australia receive equivalent protections. Our practices don't degrade based on your physical location—everyone gets the same treatment regardless of where they access our platform.

Youth Participants and Guardian Involvement

Students under 18 can enroll in most arcinthova courses. Certain advanced workshops involving industry networking or intensive critique sessions require guardian consent—these programs involve interactions extending beyond typical educational contexts.

Guardian consent means a parent or legal guardian reviews program details and explicitly approves participation. We verify guardian identity before accepting consent to prevent unauthorized approvals.

Guardians can access youth student accounts to review progress, monitor communications, and exercise privacy rights on the student's behalf. At 18, these access privileges terminate and the student gains full independent control.

Changes to Information Practices

Educational technology evolves. Regulatory requirements shift. Our information handling approaches will adapt accordingly.

Significant changes trigger active notification. Emails go to all active accounts explaining what's different and why. Minor updates—clarifying existing language, correcting errors, adjusting formatting—happen without notification, but the "Current as of" date at the top of this document updates to reflect modifications.

You can reject material changes by closing your account before they take effect. Notification emails include implementation dates giving you time to decide whether continued participation works for you under modified terms.