Privacy Protection Act 2012 & Privacy Act 1988
The RTO respects the importance of securing any form of personal information which is collected from the student (s) and/or other Stakeholders. The RTO promotes and conducts the following policy in accordance with the privacy Amendment (enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988.
Australian Privacy Principle 1 – Open and transparent management of personal information.
Types of information which will be collected and where it is held
The RTO collects information for training purposes and compliance against NVR standards to ensure quality service is given to its students in an open and transparent way.
The information collected and stored in the RTO’s AVETMISS database includes;
- Student Name
- Age, sex
- Contact information
- Record progress
How information is gathered
This information is collected for statistical purposes by the Government & regulating bodies. How the RTO gathers such information through the AVETMISS data collected on the enrolment form and the Q1 AQTF feedback form.
Australian Privacy Principle 2 – Anonymity and Pseudonymity
Should the student and/or stakeholder choose to remain anonymous or use a pseudonym the individual has the right when it is lawful and practicable to do so.
In the case of enrolling into a nationally recognised qualification, all students must use the identity details on their photo ID which will be verified by the RTO.
Australian Privacy Principle 3 – Collection of solicited personal information
Personal information other than sensitive information
The RTO will only collect personal information that is reasonably necessary for one or more of their functions or activities.
Sensitive information in which the RTO may collect and/or solicit, would be for lawful means as authorised by or under an Australian Law or a court/tribunal order. Should sensitive information related to students health and safety, the RTO may collect this information with the consent of the individual or authorised by or under Australian Law.
Australian Privacy Principle 4 – Dealing with unsolicited personal information
Should the RTO receive personal information although not solicited such information, they will determine as soon as practicable and lawful to do so, destroy the information or ensure the information is de-identified. The RTO will also, within a reasonable period after receiving the information, determine whether or not it could have been collected under APP 3.
Australian Privacy Principle 5 – Notification of the collection of personal information
At or before the time, or if that is not practicable as soon as practicable after, the RTO collects personal information about an individual, such steps will be taken to inform the individual:
- The identity of the RTO and contact details
- If the RTO collects or has collected person details from someone other than the individual
- If the collection of personal information is required or authorised by or under and Australian law or a court/tribunal order.
- The purpose for which the RTO has collected the information
- The consequences (if any) for the individual if all or some of the personal information is not collected by the RTO
- Whom the RTO discloses the personal information too
- How the individual may access the personal information and seek correction of such information
How the individual may complain due to any form of beach
Australian Privacy Principle 6 – Use or disclosure of personal information
The RTO will ensure and promote to its staff that disclosure of personal information for another purpose such as direct marketing, public relations and relationship building is not prohibited unless the individual has consented to the use of disclosing information.
Where State or Commonwealth funding supports training we are obliged to submit personal and progress details for research, statistical analysis, program evaluation, post completion survey and internal management purposes.
Australian Privacy Principle 7 – Direct marketing
The RTO will not use or disclose personal information for the purpose of direct marketing as outlined in APP 6 unless consent is made by the individual.
This includes sharing your personal details with another organisation unless it is a government department.
Australian Privacy Principle 8 – Cross border disclosure of personal information
The RTO will only transfer personal information to an individual or someone overseas if;
- The receipt of the information is subject of law
- The RTO believes that the disclosure of the information is reasonably necessary for one or more enforcement activities.
Australian Privacy Principle 9 – Adoption, use or disclosure of government related identifiers
The RTO must not adopt a government related identifier of an individual as its own identifier of the individual unless required or authorised by or under an Australian law or a court/tribunal order; if:
- The identifier is prescribed by the regulations
- The organisation is prescribed by the regulations
- The adoption, use or disclosure occurs in the circumstances prescribed by the regulations
In this case of Traineeships and Apprenticeships, students will be issued with a Training Contract Identification Number (TCID), which will be used for identified with the relevant government department.
In the case of the Unique Student Identifier (USI) all students will be required to produce this number prior to enrolment.
Australian Privacy Principle 10 – Quality of personal information
All personal information collected by the RTO must be accurate, up to date, complete and relevant.
Australian Privacy Principle 11 – Security of personal information
The RTO must ensure that personal information is protected from misuse, interference and loss from unauthorised access, modification or disclosure. To ensure this, all data is collected and stored on the student management system with limited access to authorised personnel only.
Australian Privacy Principle 12 – Access to personal information
All students have the right to gain access to information on request that fall within the definition of personal information. Should the information be withheld from the individual, the RTO should provide reason why access will not be made available within lawful reasons.