Skip to Main Content

Privacy Notice

Yayasan Deakin Dan Lancaster University Indonesia operates Deakin University Lancaster University Indonesia (DLI) under agreements with Deakin University and Lancaster University and with the support of PT Navitas Educational Services, an Indonesian subsidiary of global education provider Navitas Pty Ltd.

The privacy notice listed below explain how DLI and its service provider PT Navitas Educational Services collects, uses, processes, and keeps your personal data safe.

The privacy notice may be updated from time to time, so we encourage you to check back here regularly to review any changes.

DLI Privacy Notice

The DLI Privacy Notice listed below explain how Deakin University Lancaster University Indonesia (DLI) and its service provider, PT Navitas Education Services (PT Navitas), a subsidiary of Navitas Pty Ltd, process your personal data and keep it safe.


DLI respects your right to privacy. This privacy notice (the “Privacy Notice”) explains who we are, how we collect, share and use personal information about you (personal data), and how you can exercise your privacy rights. This Privacy Notice applies to personal data collected about applicants for enrolment into DLI and about students of DLI.

DLI is a collaboration between Deakin University of Australia and Lancaster University of the United Kingdom.  The universities are authorised by the Indonesian government to offer higher education courses in Indonesia through a not for profit foundation named Yayasan Deakin dan Lancaster University Indonesia (Foundation), of which they are the founders.  They have engaged PT Navitas to provide administrative support to the DLI campus.

The terms “we”, “us”, “our”, and “ours” refer to the Foundation, DLI and its service provider PT Navitas. The terms “you,” “your,” and “yours” refer to the applicant, student or viewer of the Website, as applicable.  The term “process”, with respect to your personal data, includes collection, recording, organising, structuring, storing, retrieving, using, disclosing, erasing and destroying.

We reserve the right to make changes periodically to this Privacy Notice at our sole discretion. Changes to the Privacy Notice will be posted on this page.

This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.

We know that there’s a lot of information here, but we want you to be informed about your rights, and how we use your data to provide you with the best possible educational experience.

For your convenience we have split the information into manageable sections which we hope will answer any questions you have but if not, please do get in touch with us, details are shown in the contact section at the end of this notice.

Explaining the legal basis for processing your Personal Data

We have set out below a number of different reasons for which we collect and process your personal information, including:


  1. In specific situations, we collect and process your personal information with your consent, for example, when you tick a box to receive marketing material from us or consent to us staying in touch with you as part of an alumni programme.
  2. When collecting your personal information, we’ll endeavour to collect the minimum necessary for us to perform our legitimate functions and meet our legal obligations.

Parental Consent

  1. Depending upon the applicable law in your location you may be a “minor” when it comes to signing a contract or consenting for us to collect and process your personal data. This means you have not reached the legal age of consent.
  2. In many countries including Indonesia it is usual to require a person to be 18 years of age to have reached the legal age of consent.
  3. As part of protecting you and your rights, if the law says you are still a “minor”, we require your parents’/guardians’ consent to directly collect and process your personal data.

Explicit consent

  1. Explicit Consent means that you have been presented with an option to agree or disagree with the collection, use, or disclosure of personal information.
  2. If we need to collect special categories of data from you in order to provide you with the services you require or meet our legal obligations, we will collect this data on the basis of your explicit consent, national/regional social protection laws or for statistical reporting purposes requested by official bodies.
  3. The special category data that we may request from you includes details such as your racial or ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or visa requirements. We will also collect data concerning your health (eg if you have declared a disability or special needs) to provide additional support to you.

Contractual obligations

  1. In certain circumstances we need to collect your personal data to meet our contractual obligations to you.
  2. We will collect this data so that we can make an offer to you to study or enrol with us or to work with us.
  3. We will use this data to establish a contract that sets out your obligations as a student and our obligations as the provider of the educational services to you.

Legal compliance

If the law requires us to, we will collect and process your data for a number of reasons, for example to:

  1.  Prevent fraud
  2. Comply with the requirements of educational regulatory authorities
  3. Comply with the requirements of immigration authorities
  4. Comply with consumer protection laws.

Legitimate interest

In specific situations, we collect your personal data as part of undertaking our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

When do we collect your Personal Data?

We collect your personal data:

  1. When you visit any of our websites, (here we just collect transaction-based data).
  2. When you make enquiries of us about becoming a student or complete our online or paper/PDF application forms.
  3. When you engage with us on social media.
  4. When you contact us by any means with queries, comments etc.
  5. When you book any kind of appointment with us.
  6. When you book to attend an event.
  7. When you’ve given a third-party permission to share with us the information they hold about you.
  8. When you attend DLI facilities, which may have CCTV systems operating for the security of both students, visitors and staff. These systems may record your image during your visit.
  9. When you engage with our online learning tools such as Moodle, and attend our online delivery through tools such as Zoom.
  10. When you complete surveys about our services.

Categories of Personal Data we collect

  1. Your contact details i.e. your:
    1. Name
    2. Gender
    3. Date of birth
    4. Postal address (can be a postal box number and/or a street address)
    5. Social media contacts
    6. Telephone number/s (mobile and landline)
    7. Emergency contact details
  2. Identity and Immigration documentation i.e. your:
    1. Country of birth
    2. Passport / National ID KTP number
    3. Driver’s licence
    4. Visa details
  3. Your bank account details.
  4. Your educational history inclusive of but not limited to your:
    1. Current qualifications
    2. Grades
    3. Institution/s you studied at
    4. Most recent study experience
    5. English language proficiency
  5. Details of any access, support requirements or special needs that may affect your studies
  6. Details of your interactions with us, such as:
    1. Enquiries and comments you make in the web pages you visit or when you contact us by email, telephone or in person
    2. Information gathered by the use of ‘cookies’ in your web browser. (Learn more about our ‘cookie policy’)
    3. As you interact with our website and other platforms made available by DLI, we may automatically collect technical data about your equipment, browsing actions and patterns.

Why we use your Personal Data?

  1. The reasons we use your personal data include:
    1. To operate and administer DLI to provide you with the best possible educational experience. This is done on the basis of our legitimate business interests.
    2. To respond to your queries and requests.
    3. To keep a record of communication with you for the purpose of fulfilling our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
    4. To protect us and you from fraud and other illegal activities.
    5. To protect our students, visitors and staff, premises and assets, we may operate CCTV systems in DLI facilities which record images for security. We do this on the basis of our legitimate business interests.
    6. To enable the Foundation to process payments and to prevent fraudulent transactions. This is done on the basis of our legitimate business interests and to help protect you from fraud.
    7. We use your personal data preferences, to keep you informed by email, web, text, social media and telephone about relevant services and events.
    8. To protect your vital interests if you become unable to provide consent.
    9. To manage our employees and contractors.
    10. To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.. These service messages will not include any marketing content and do not require prior consent when sent by email or text message. We need to keep you informed as part of complying with our legal obligations.
    11. To comply with our contractual or legal obligations to share data with law enforcement if necessary, for example:
      1. If a court order is presented that requires us to share your personal data with law enforcement agencies or courts of law

How we look after your Personal Data

  1. We know how much data security matters. We will treat your data with the utmost care and respect and take all appropriate steps to protect it.
  2. We secure access to all transactional areas of our websites and apps using ‘https’ technology.
  3. Access to your personal data is restricted and secure, and sensitive personal data such as health information is secured via password protection and encryption.
  4. Storage systems for paper copies are secured and access is managed through our access protocols.

How long do we keep your Personal Data?

  1. We have a detailed records management programme in place and all records (paper and electronic) are required to be managed in accord with its security and disposal steps.
  2. Whenever we collect or process your personal data, we will store it safely and only for as long as is necessary for the original purpose for which it was collected or as required by law.
  3. At the end of the documented retention period, your data will either be deleted completely or anonymised.

Sharing your Personal Data

Sharing with Deakin University and Lancaster University

Your awards will be issued by each of Deakin University (Deakin) and Lancaster University (Lancaster).  You will become a student of each university and on graduation, an alumni of each.   You may be required or wish to interact with employees of each university from time to time.  To ensure that you are properly entered into the student records of each institution and have access to any services and resources made available directly by one of the universities, your personal information will be provided to each of Deakin and Lancaster and on collection will be subject to their respective privacy statements.

Information about privacy at Deakin and how Deakin handles personal data is available at:

Information about privacy at Lancaster and how Lancaster handles personal data is available at:

We share your Personal Data with trusted Third Parties

  1. We share your personal data with trusted third parties to provide services and business functions as a service provider to us.
  2. We set very clear directions and expectations for those organisations regarding the safety and protection of your privacy and personal data.
  3. The directions and expectations are set out in our contract with the third party and include:
    1. Providing them only the information they need to perform their specific services
    2. Setting out the purpose for which the personal data is being shared
    3. Confirmation that they will make every reasonable effort to ensure that your privacy is respected and protected
    4. If we stop using their services, they will undertake to either securely delete or render anonymous any of your personal data held by them
    5. They will inform us immediately in the event of a suspected or actual breach being detected

The types of third parties we work with include:

  1. Navitas Pty Ltd, which is the parent company of Navitas PT and provider of the student management system and other IT support systems used at DLI
  2. Educational Agents
  3. IT companies supporting our websites
  4. Cloud storage companies
  5. Customer Relationship Management application providers
  6. Educational establishments
  7. Educational professionals
  8. Regulatory authorities
  9. Accommodation providers
  10. Estate services
  11. Online webinar providers
  12. Insurers
  13. Financial service providers
  14. Travel service providers
  15. Migration Agents

How do third party partners use your Personal Data?

When you use a service from one of our chosen partners, your data will be collected and used by them under the terms of their own separate privacy policies.

Why do we share your Personal Data?

  1. We need to share your personal data with trusted third parties in order to meet legal and regulatory obligations and fulfil our contractual promise to you.
  2. We will only share your data with third parties in very specific circumstances, for example:
    1. When working with academic professionals as part of ensuring the delivery of high quality services to you.
    2. When working with educational regulatory authorities as part of ensuring that we are meeting our regulatory obligations.
    3. We may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
    4. If we receive a valid request from the police or other law enforcement agency, regulatory or Government authority in your country of origin or elsewhere, we may be required to disclose your personal data.
    5. If you are undertaking a Pathway course at DLI, we may share recordings of online delivered sessions such as classes, webinars and tutorials with other individuals in DLI, at Deakin University or at Lancaster University in order for us to ensure the ongoing quality of our course delivery, and to help to further educate our teaching staff.

Processing and Transferring your Personal Data

If we do transfer your personal data across an international border, we have procedures in place to ensure your data receives the same protection as if it were being processed inside your country of residence.

Your rights over your Personal Data explained

Your personal rights

  1. We need you to understand the rights you have when it comes to your personal information.
  2. Your rights as a data subject in Indonesia are set out in Law 27 of 2022 about Personal Data Protection.  These rights include:
    1. Access to the personal data held about you;
    2. Termination of processing of your personal data, subject to any legal obligations of DLI or PT Navitas;
  3. When your information is transferred to Deakin or Lancaster, your data subject rights are set out in their respective privacy statements.
  4. All requests related to your rights and your personal data, will be examined in detail and a member of the Privacy team will respond to you as quickly as possible.
  5. We will make all reasonable efforts to meet with your request and will keep you informed as to our progress in getting the information to you in a format that is acceptable and usable.

Withdrawal of consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.

Legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.


  1. You have the right to stop the use of your personal data for marketing activity through all channels, or selected channels.
  2. We will always comply with your request. To action this:
    1. Click the ‘unsubscribe’ link in any email communication that we send you
    2. We will then stop any further emails from being sent to you
  3. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

Questions or Issues you may have

  1. If you require any further information we will be pleased to provide you with further detail.
  2. If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint so that we can deal with your concern quickly and effectively.
  3. We will take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently.
  4. We’d be grateful for your cooperation with us during this process by providing us with any relevant information that we may need.

Contact Details for privacy matters

If you have any questions or concerns about our use of your personal data, please contact us using the contact details provided below.

  1. For matters relating to the Foundation, DLI and PT Navitas, the Data Protection Officer can be contacted by emailing
  2. For matters relating specifically to Lancaster University and how it handles your personal data in the United Kingdom, Lancaster University’s Data Protection Officer can be contacted by emailing
  3. For matters relating to Deakin University and how it handles your personal data in Australia, Deakin University’s Privacy Officer can be contacted by emailing

If you are not happy with the way we have handled your question or concerns, or feel we have not handled your personal data correctly, you may submit a complaint to the relevant supervisory authority:

  1. In Indonesia, this is the Ministry of Communications and Informatics (Kominfo), which you can contact by emailing or you can visit its website at
  2. In Australia, this is the Office of the Australian Information Commissioner (OAIC), which you can contact by calling +61 1300 363 992, emailing or you can visit its website at

In the United Kingdom, this is the Information Commissioner’s Office (ICO), which you can contact by calling +44 303 123 1113 or you can visit its website at

Back to Top