• clearly communicate the personal information handling practices The RTO
• give staff and other individuals a better understanding of the sort of personal information that the RTO holds
• enhance the transparency of The RTO’s operations
The Privacy Act 1988 (Privacy Act) is an Australian law that regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduced many significant changes to the Privacy Act, including 13 Australian Privacy Principles (APPs) that apply to the handling of personal information. As an Australian Government agency, The RTO is obliged to comply with the APPs.
2.1 Personal information—definition
Personal information is defined under the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
• whether the information or opinion is true or not
• whether the information or opinion is recorded in a material form or not
Some examples of personal information include names, addresses, phone numbers and email addresses. The definition of personal information only relates to ‘natural’ persons. It does not extend to other ‘legal’ persons, such as companies.
2.2 Sensitive information— definition
Under the Privacy Act, sensitive information is defined as:
(a) information or an opinion about an individual’s:
(i) Racial or ethnic origin
(ii) Political opinions
(iii) Membership of a political association
(iv) Religious beliefs or affiliations
(v) Philosophical beliefs
(vi) Membership of a professional or trade association
(vii) Membership of a trade union
(viii) Sexual orientation or practices
(ix) Criminal record that is also personal information; or
(b) Health information about an individual
(c) Genetic information about an individual that is not otherwise health information
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification
(e) Biometric templates.
3.1 Solicited information
Generally, personal information is collected in order for The RTO to properly and efficiently carry out its functions. The RTO only collects personal information for purposes that are directly related to our functions or activities under the National Vocational Education and Training Regulator Act 2011 (NVR Act), or the Freedom of Information Act 1982 (FOI Act), and only when it is reasonably necessary for or directly related to The RTO’s functions.
The RTO will only collect sensitive information from individuals if the individual consents to the collection, unless:
• the sensitive information is required or authorised by law
• a permitted general situation exists
• a permitted health situation exists
• the sensitive information is required for an enforcement related activity
3.1.1 Information collected from an individual
The RTO uses personal information only for the purposes for which it was provided and for directly related purposes (unless otherwise required by or authorised under law). We also collect information in relation to employment services, human resource management, and other corporate service functions. Generally, the purposes for which The RTO collects personal information are when an individual:
• submits an application relating to registration, including reconsideration of decisions relating to registration
• submits an online complaint form about a training provider
• submits an email complaint about The RTO or an employee
• makes payment for an The RTO fee or charge, either via application or over the telephone, or when The RTO must refund an amount to an individual
• submits a Freedom of Information (FOI) request via email
• contacts The RTO seeking information or advice about The RTO’s functions, application queries or to lodge a complaint
• is interviewed as part of an audit of a registered training organisation
• provides intelligence information to The RTO for audit or investigation
• submits an application for, or commences employment with The RTO, or
• as an employee of The RTO, submits information to human resources for health records, or for a claim for compensation
An individual may, in some circumstances, such as lodging a complaint, prefer to remain anonymous, or to use a pseudonym, when interacting with The RTO. Whilst this is acceptable to The RTO, individuals should be aware that if they choose to do this, it may make investigating complaints or providing specific information impracticable, and it may lessen The RTO’s ability to provide its usual level of service. The RTO generally collects personal information directly from the individual or their authorised representative.
3.1.2 Information collected from a third party
Sometimes personal information is collected from a third party, or a publicly available source, but only if the individual has consented to such collection, or would reasonably expect us to collect their personal information in this way. The RTO may also collect personal information from a third party for a specific purpose, such as an investigation, or when an The RTO is in the process of closing down and The RTO collects student information for the purpose of placing affected students with another training provider. If The RTO collects personal information from a third party, AThe RTOSQA will take reasonable steps to inform affected individuals that their personal information has been collected from a third party as soon as practicable after the collection has taken place. See 4.2 – notifying the individual if information is collected from a third party.
3.2 Unsolicited Information
If The RTO receives unsolicited information, it will determine if the information is required to carry out its functions.
If The RTO determines that the information is not required, and does not form part of a Commonwealth record, than it will destroy or de-identify the information as soon as practicable.
If The RTO determines that the information is required, then the information will be treated as solicited information as per 3.1 Solicited information.
4.1 Notifying the individual at collection
When collecting personal information directly from an individual, The RTO will take reasonable steps to notify, or otherwise ensure that the individual is aware:
• of whether The RTO is likely to disclose an individual’s personal information to overseas recipients and, if it is practicable to specify, the countries in which those recipients are likely to be located.
4.2 Notifying the individual if information is collected from a third party
If The RTO collects personal information from someone other than the individual, or the individual may not be aware that the organisation has collected the personal information, reasonable steps will be taken to notify the individual, or otherwise ensure that the individual is aware:
• that The RTO collects or has collected the information
• of the circumstances of the collection, including
– from whom the information was collected, and
– the law under which The RTO collected the information
• to whom The RTO may disclose the information, and
• of the consequences of The RTO not collecting the information
5. Use and disclosure of personal information
The RTO will only use and disclose personal information for the primary purposes for which it was collected unless:
• the individual has consented to the information being used for a secondary use or disclosure
• the individual would reasonably expect The RTO to use or disclose the information for the secondary purpose and that purpose is related to the primary purpose, or
• the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order
• a permitted general situation3 exists in relation to the use or disclosure of the information, for example, if The RTO believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or
• The RTO reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The RTO will only use sensitive information for a secondary purpose if it is directly related to the primary purpose. Some personal information provided to The RTO through application forms will be published on the national register, training.gov.au, in accordance with section 216 of the NVR Act. The information may also be shared with state and territory government and other Australian Government authorities and ministers, occupational licensing bodies, overseas authorities, and others in accordance with the information sharing provisions contained in the NVR Act or the provisions of the Privacy Act.
5.1 Disclosing personal information overseas
In situations where The RTO may disclose personal information overseas, The RTO will take reasonable steps to ensure that the overseas entity will comply with the APPs.
5.2 Use of personal information for direct marketing purposes
The RTO will only use personal information for direct marketing purposes where it could be reasonably expected that the individual would be aware that The RTO would use the information in that way.
6. Data quality
The RTO will take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary. The RTO will also take reasonable steps to ensure the accuracy and completeness of the information prior to any disclosure of the information.
7. Data security
The RTO takes steps to protect the personal information we hold against interference, loss, unauthorised access, use, modification or disclosure, and against other misuse. When no longer required, personal information is destroyed in a secure manner, or deleted in accordance with The RTO’s Records Management Policy, in compliance with the General Disposal Authority issued by the National Archives of Australia.
8. Access and correction
8.1 Access and correction under the Privacy Act
Unless The RTO is authorised to refuse access to information under the FOI Act or any applicable provisions of any law of the Commonwealth, The RTO will grant an individual’s request for access to the personal information that The RTO holds about them.
Individuals may also request that The RTO correct any personal information about the individual that The RTO holds. The RTO will only update the information if it is satisfied the information it holds is incorrect. If The RTO is satisfied that an individual’s personal information is incorrect, The RTO will take reasonable steps to correct that information to ensure that it is accurate, up-to-date, complete, relevant and not misleading.
The RTO will provide a response to any request for access or correction to personal information within 30 days. If refusing the request, The RTO will provide a written statement of reasons for the refusal and remind the individual of the available complaint mechanisms, which are outlined below in 9 Complaints. For clarity purposes, The RTO will also take reasonable steps to associate a statement with the personal information that it refuses to correct. Individuals will not be charged for requests for access or correction to their personal information. Members of the public should direct their requests to The RTO’s Privacy Contact Officer. The RTO staff should direct their requests to the Manager, Human Resources.
8.2 Access, amendment or annotation under the FOI Act
Individuals may also make a request to The RTO for access, amendment or annotation to their personal information under the FOI Act. The RTO will respond to these requests in accordance with the FOI Act. If unsatisfied with the response received from The RTO, an individual may seek an internal review of the FOI decision from The RTO. An individual may also request that the Australian Information Commissioner review The RTO’s decision. In accordance with the Freedom of Information (Charges) Regulations 1982, The RTO does not charge for request for, or access to personal information.
If a member of the public wishes to lodge a complaint about how The RTO handles personal information, or if they feel The RTO has breached the APPs, they can contact The RTO to discuss the matter. If an employee of The RTO wishes to lodge a complaint about how The RTO handles personal information, or if they feel The RTO has breached the APPs, they can contact the Chief Executive Officer or their representative.
10. Privacy Contact Officer
10.1 Members of the public
If you have any questions or complaints about privacy, confidentiality or access to your personal information, and are a student or prospective student, please contact The RTO
10.2 The RTO employees
If you have any questions or complaints about privacy, confidentiality or access to your personal information, and are The RTO employee, please contact the designated officer.
Confidentiality Agreement (Document 61)