At Asset College (ASSET or Asset College), we are committed to protecting your privacy and the information you provide to us.
Asset Training Australia Pty Ltd ACN 072 747 187 trading as Asset College ABN 80 118 083 971 (ASSET), RTO 31718 is committed to ensuring that:
- Confidential and personal information provided to us by course participants is collected and treated in a manner which protects the privacy of that information on behalf of the participant and/or their employer;
- Participants are able to access their training records, such as but not limited to, Statements of Attainment, Qualifications, Record of Results and Verification of Competency Certificates; and
- Information pertaining to participants is not disclosed to a third party without the written consent of the participant.
Asset College (ASSET), acts in accordance with the Information Privacy Act 2009 (Qld), which includes the Privacy Principles. ASSET also complies with provisions of the federal Privacy Act 1988, other associated legislation and related Privacy Principles as well as any other regulatory body requirements for the collection and treatment of private information relating to students, staff and contractors.
The data collected by ASSET primarily relates to student information collected and recorded as per the requirements of the Australian Skills Quality Authority (ASQA) and other regulatory bodies.
We receive and store personal information you provide through our website, our enrolment forms, our social media pages or other mediums from time to time.
Personal information may include but is not limited to, personal details, place of employment, place of origin, language and cultural diversity indicators, disability indicators, previous education history, training records and results, unique student identifier and any RTO documentation issued, for example, Statement of Attainment.
We may also ask you to complete COVID-19 declaration forms or other non-training related forms to enable us to provide a high standard of customer service as well as meet regulatory guidelines.
Some courses, such as those with a licensing outcome, also require you to provide copies of personal documents (for example, drivers licence, passport) to verify your identity. This is a regulatory body requirement, and the RTO does not have any discretion in relation to these documents. If they are not provided, we are unable to continue with your enrolment.
We keep your information protected at all times. Electronic information you provide is stored on a protected server and/or in databases such as aXcelerate that are password protected. Any physical documentation provided is kept secured in locked storage with access only by authorised personnel and destroyed securely once the mandatory retention period has been reached.
Our data retention policies and procedures have more information about storage, security and destruction of documents with personal information. You can request a copy of this policy by sending an email to [email protected].
We are required by law (under the National Vocational Education and Training Regulator Act 2011 (Cth) (NVETR Act)) to disclose the personal information we collect to the National VET Data Collection kept by the National Centre for Vocational Education Research Ltd (NCVER). The NCVER is responsible for collecting, managing, analysing and communicating research and statistics about the Australian VET sector.
We are also authorised by law (under the NVETR Act) to disclose personal information to the relevant state or territory training authority. From time to time, we may also have to disclose your information as a result of a court order, subpoena, warrant or in the course of a legal proceeding or in response to a law enforcement agency request.
We may supply attendance, progress and participation information as well as a copy of outcome of results from training to the parties listed below.
- Schools – if you are a secondary student undertaking VET training as part of a school program
- Employers – if you are enrolled in training paid for by your employer
- Workforce Australia Providers – if you are enrolled in training paid for by Workforce Australia
You must complete a Third Party Release of Information form for results or other information to be released to any other third party not listed above.
ASSET will not supply personal information to any other party without authorisation. Course participants can complete an information release form if they require information about their training to be released to a third party.
ASSET does not provide data to any overseas third parties.
Our RTO may use your personal information to provide direct marketing materials, updates or newsletters pertaining to current and past course enrolments or enquiries. You may unsubscribe from marketing emails at any time by clicking the unsubscribe link on the email or sending an email to [email protected] with the subject ‘unsubscribe’. From time to time, you may be emailed or receive an SMS from us to confirm or change course bookings.
We do not, and will not, sell your personal information to any other party.
Under the NVETR legislation, we must include the below Privacy Notice on our enrolment documents:
Other Relevant Organisations
As well as NVETR, we adhere to the privacy and data collection requirements of the following organisation, government bodies and relevant legislation:
- State Training Authorities (STA’s) in each state and territory of Australia
- Industry Licensing Authorities in each state and territory of Australia
- Workplace Health & Safety (WHS) Regulators in each state and territory of Australia
- Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS – The Education Services for Overseas Students Act 2000 (ESOS Act)
- Any other organisation identified as a licensing body, regulator or other authority related to the course which you have enrolled where there is a legislated or licensed requirement to share personal information.
For more detailed information please see our National Privacy Principles application annexed.
Why we collect your personal information
As a registered training organisation (RTO), we collect your personal information so we can process and manage your enrolment in a vocational education and training (VET) course with us.
If you do not provide the information required, we will not be able to enrol you as a student onto the course.
How we use your personal information
We use your personal information to enable us to deliver VET courses to you, and otherwise, as needed, to comply with our obligations as an RTO.
How we disclose your personal information
We are required by law (under the National Vocational Education and Training Regulator Act 2011 (Cth) (NVETR Act)) to disclose the personal information we collect about you to the National VET Data Collection kept by the National Centre for Vocational Education Research Ltd (NCVER). The NCVER is responsible for collecting, managing, analysing and communicating research and statistics about the Australian VET sector.
We are also authorised by law (under the NVETR Act) to disclose your personal information to the relevant state or territory training authority.
How the NCVER and other bodies handle your personal information
The NCVER will collect, hold, use and disclose your personal information in accordance with the law, including the Privacy Act 1988 (Cth) (Privacy Act) and the NVETR Act. Your personal information may be used and disclosed by NCVER for purposes that include populating authenticated VET transcripts; administration of VET; facilitation of statistics and research relating to education, including surveys and data linkage; and understanding the VET market.
The NCVER is authorised to disclose information to the Australian Government Department of Education, Skills and Employment (DESE), Commonwealth authorities, State and Territory authorities (other than registered training organisations) that deal with matters relating to VET and VET regulators for the purposes of those bodies, including to enable:
- administration of VET, including program administration, regulation, monitoring and evaluation
- facilitation of statistics and research relating to education, including surveys and data linkage
- understanding how the VET market operates, for policy, workforce planning and consumer information.
The NCVER may also disclose personal information to persons engaged by NCVER to conduct research on NCVER’s behalf. The NCVER does not intend to disclose your personal information to any overseas recipients.
If you would like to seek access to or correct your information, in the first instance, please contact your RTO using the contact details listed below.
DESE is authorised by law, including the Privacy Act and the NVETR Act, to collect, use and disclose your personal information to fulfil specified functions and activities. For more information about how the DESE will handle your personal information, please refer to the DESE VET Privacy Notice at https://www.dese.gov.au/national-vet-data/vet-privacy-notice.
You may receive a student survey which may be run by a government department or an NCVER employee, agent, third-party contractor or another authorised agency. Please note you may opt out of the survey at the time of being contacted.
Changing your personal information
You can contact us at any time to have your personal details updated. This includes address, phone number, email address. For change of name requests, we will need a verified copy of the change of name document before we can change your records.
If you need to change your details, please contact the ASSET office by sending an email to [email protected]. If you are phoning through the request, you will be asked some identity verification questions to ensure we have the right record to change.
If you believe there has been a breach in this policy or legislation in relation to your information, or if you wish to make a complaint about how your personal information has been treated, please contact the ASSET office and request a complaints form. We take privacy seriously and will investigate all complaints in relation to privacy breaches.
Australian Privacy Principle 1 – Open and transparent management of personal information
Purposes for information collection, retention, use and disclosure
ASSET retains a record of personal information about all individuals with whom we undertake any form of business activity. ASSET must collect, hold, use and disclose information from our clients and stakeholders for a range of purposes, including but not limited to:
- Providing services to clients;
- Managing employee, auspicing arrangements and contractor teams;
- Promoting products and services;
- Conducting internal business functions and activities; and
- Requirements of stakeholders.
As a government registered training organisation, regulated by the Australian Skills Quality Authority, ASSET is required to collect, hold, use and disclose a wide range of personal and sensitive information on participants in nationally recognised training programs. This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative instruments. In particular, the legislative instruments:
- Standards for NVR Registered Training Organisations 2012; and
- Data Provision Requirements 2012.
It is noted that ASSET is also bound by various State Government Acts requiring similar information collection, use and disclosure (particularly Education Act(s), Vocational Education & Training Act(s) and Traineeship & Apprenticeships Act(s) relevant to state jurisdictions of ASSET operations).
It is further noted that, aligned with these legislative requirements, ASSET delivers services through a range of Commonwealth and State Government funding contract agreement arrangements, which also include various information collection and disclosure requirements.
Individuals are advised that due to these legal requirements, ASSET discloses information held on individuals for valid purposes to a range of entities including:
- Governments (Commonwealth, State or Local);
- Australian Apprenticeships Centres;
- Employers (and their representatives), Job Network Providers, Schools and Guardians.
Kinds of personal information collected and held
The following types of personal information are generally collected, depending on the need for service delivery:
- Contact details;
- Employment details;
- Educational background;
- Demographic Information;
- Course progress and achievement information; and
- Financial billing information.
The following types of sensitive information may also be collected and held:
- Identity details;
- Employee details & HR information;
- Complaint or issue information;
- Disability status & other individual needs;
- Indigenous status; and
- Background checks (such as National Criminal Checks or Working with Children checks).
How personal information is collected
ASSET’s usual approach to collecting personal information is to collect any required information directly from the individuals concerned. This may include the use of forms (such as registration forms or enrolment forms) and the use of web-based systems (such as online enquiry forms).
ASSET does receive solicited and unsolicited information from third party sources in undertaking service delivery activities. This may include information from such entities as:
- Governments (Commonwealth, State or Local);
- Australian Apprenticeships Centres;
- Employers (and their representatives), Job Network Providers, Schools and Guardians.
How personal information is held
ASSET’s usual approach to holding personal information includes robust storage and security measures at all times. Information on collection is:
- Stored in secure, password protected systems, such as financial system, learning management system and student management system;
- Hard copies are stored in locked filing cabinets and archive facilities; and
- Monitored for appropriate authorised use at all times.
Only authorised personnel are provided with login information or keys to each system, with system access limited to only those relevant to their specific role. ASSET ICT systems are hosted internally with robust internal security to physical server locations and server systems access. Virus protection, backup procedures and ongoing access monitoring procedures are in place.
Individual information held across systems is linked through an ASSET allocated identification number for each individual. Once implemented, the National Unique Student Identifier will also apply.
Retention and Destruction of Information
ASSET retains information for periods as required. Specifically for our RTO records, in the event of our organisation ceasing to operate the required personal information on record for individuals undertaking nationally recognised training with us would be transferred to the Australian Skills Quality Authority, as required by law.
Accessing and seeking correction of personal information
ASSET confirms all individuals have a right to request access to their personal information held and to request its correction at any time. In order to request access to personal records, individuals are to make contact with:
1300 731 602
A number of third parties, other than the individual, may request access to an individual’s personal information. Such third parties may include employers, parents or guardians, schools, Australian Apprenticeships Centres, Governments (Commonwealth, State or Local) and various other stakeholders.
In all cases where access is requested, ASSET will ensure that:
- Parties requesting access to personal information are robustly identified and vetted;
- Where legally possible, the individual to whom the information relates will be contacted to confirm consent (if consent not previously provided for the matter); and
- Only appropriately authorised parties, for valid purposes, will be provided access to the information.
Complaints about a breach of the APPs or a binding registered APP code
If an individual feels that ASSET may have breached one of the APPs or a binding registered APP Privacy code, you can make a complaint or appeal by following ASSET’s Complaints and Appeals Policy and Procedure.
- Accessible at each of ASSET’s premises and auspiced sites.
- Included within our RTO Student Handbook.
- On an ongoing basis, as suggestions or issues are raised and addressed, or as government required changes are identified;
- Through our internal audit processes on at least an annual basis;
- As a part of any external audit of our operations that may be conducted by various government agencies as a part of our registration as an RTO or in normal business activities; and
- As a component of each and every complaint investigation process where the complaint is related to a privacy matter.
Where this policy is updated, changes to the policy are widely communicated to stakeholders through internal personnel communications, meetings, training and documentation, and externally through publishing of the policy on ASSET’s website and other relevant documentation (such as our Student Handbook) for clients.
Australian Privacy Principle 2 – Anonymity and pseudonymity
ASSET provides individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us in relation to a particular matter, whenever practical. This includes providing options for anonymous dealings in cases of general course enquiries or other situations in which an individuals’ information is not required to complete a request.
Individuals may deal with us by using a name, term or descriptor that is different to the individual’s actual name wherever possible. This includes using generic email addresses that does not contain an individual’s actual name, or generic usernames when individuals may access a public component of our website or enquiry forms.
ASSET only stores and links pseudonyms to individual personal information in cases where this is required for service delivery (such as system login information) or once the individual’s consent has been received.
ASSET must require and confirm identification in service delivery to individuals for nationally recognised course programs. We are authorised by Australian law to deal only with individuals who have appropriately identified themselves. That is, it is a Condition of Registration for all RTOs under the National Vocational Education and Training Regulator Act 2011 that we identify individuals and their specific individual needs on commencement of service delivery and, collect and disclose Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS) data on all individuals enrolled in nationally recognised training programs. Other legal requirements, as noted earlier in this policy, also require considerable identification arrangements.
There are also other occasions within our service delivery where an individual may not have the option of dealing anonymously or by pseudonym, as identification is practically required for us to effectively support an individual’s request or need.
Australian Privacy Principle 3 — Collection of solicited personal information
ASSET only collects personal information that is reasonably necessary for our business activities. We only collect sensitive information in cases where the individual consents to the sensitive information being collected, except in cases where we are required to collect this information by law, such as outlined earlier in this policy.
Australian Privacy Principle 4 – Dealing with unsolicited personal information
ASSET may from time to time receive unsolicited personal information. Where this occurs, we promptly review the information to decide whether or not we could have collected the information for the purpose of our business activities. Where this is the case, we may hold, use and disclose the information appropriately as per the practices outlined in this policy. Where we could not have collected this information (by law or for a valid business purpose) we immediately destroy or de-identify the information (unless it would be unlawful to do so).
Australian Privacy Principle 5 – Notification of the collection of personal information
Whenever ASSET collects personal information about an individual, we take reasonable steps to notify the individual of the details of the information collection or otherwise ensure the individual is aware of those matters. This notification occurs at or before the time of collection, or as soon as practicable afterwards.
Our notifications to individuals on data collection include:
- ASSET’s identity and contact details, including the position title, telephone number and email address of a contact who handles enquiries and requests relating to privacy matters;
- The facts and circumstances of collection such as the date, time, place and method of collection, and whether the information was collected from a third party, including the name of that party;
- If the collection is required or authorised by law, including the name of the Australian law or other legal agreement requiring the collection;
- The purpose of collection, including any primary and secondary purposes;
- The consequences for the individual if all or some personal information is not collected; and
- Other organisations or persons to which the information is usually disclosed, including naming those parties.
Where possible, we ensure that the individual confirms their understanding of these details, such as through signed declarations or in person through questioning.
Australian Privacy Principle 6 – Use or disclosure of personal information
ASSET only uses or discloses personal information it holds about an individual for the particular primary purposes for which the information was collected, or secondary purposes in cases where:
- An individual consented to a secondary use or disclosure (such as the Third Party Release of Information form);
- An individual would reasonably expect the secondary use or disclosure, and that is directly related to the primary purpose of collection; or
- Using or disclosing the information is required or authorised by law.
Requirement to make a written note of use or disclosure for this secondary purpose
If ASSET uses or discloses personal information in accordance with an ‘enforcement related activity’ we will make a written note of the use or disclosure, including the following details:
- The date of the use or disclosure;
- Details of the personal information that was used or disclosed;
- The enforcement body conducting the enforcement related activity;
- If the organisation used the information, how the information was used by the organisation;
- The basis for our reasonable belief that we were required to disclose the information.
Australian Privacy Principle 7 – Direct marketing
ASSET may use the personal information that it holds about an individual to undertake direct marketing activities to market other internal products and services to them. ASSET does not disclose the personal information that it holds about an individual onto any third-party marketing companies for the purpose of direct marketing without the prior written consent of the individual.
An individual may request us at any stage not to use or disclose their personal information for the purpose of direct marketing, or to facilitate direct marketing by other organisations. We comply with any request by an individual promptly and undertake any required actions for free. We also, on request, notify an individual of our source of their personal information used or disclosed for the purpose of direct marketing unless it is unreasonable or impracticable to do so.
Australian Privacy Principle 8 – Cross-border disclosure of personal information
Before ASSET discloses personal information about an individual to any overseas recipient, we undertake take reasonable steps to ensure that the recipient does not breach any privacy matters in relation to that information.
Australian Privacy Principle 9 – Adoption, use or disclosure of government related identifiers
ASSET does not adopt, use or disclose a government related identifier related to an individual except:
- In situations required by Australian law or other legal requirements;
- Where reasonably necessary to verify the identity of the individual;
- Where reasonably necessary to fulfil obligations to an agency or a State or Territory authority;
- Where required under the Standards for NVR Registered Training Organisations 2012; and
- Data Provision Requirements 2012 or
- As prescribed by regulations.
Australian Privacy Principle 10 – Quality of personal information
ASSET takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete. We also take reasonable steps to ensure that the personal information we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.
This is particularly important where:
- When we initially collect the personal information; and
- When we use or disclose personal information.
Australian Privacy Principle 11 — Security of personal information
ASSET takes active measures to consider whether we are able to retain personal information we hold, and also to ensure the security of personal information we hold. This includes reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
We destroy or de-identify personal information held once the information is no longer needed for any purpose for which the information may be legally used or disclosed.
Access to ASSET offices and work areas is limited to our personnel only – visitors to our premises must be authorised by relevant personnel and are accompanied at all times. With regard to any information in a paper based form, we maintain storage of records in an appropriately secure place to which only authorised individuals have access.
Regular staff training is conducted with ASSET personnel on privacy issues, and how the APPs apply to our practices, procedures and systems. Training is also included in our personnel induction practices.
We conduct ongoing internal audits (at least annually and as needed) of the adequacy and currency of security and access practices, procedures and systems implemented.
Australian Privacy Principle 12 — Access to personal information
Where ASSET holds personal information about an individual, we provide that individual access to the information on their request.
In processing requests:
- You may access your records where necessary at any time. If you wish to access your records, you must first contact the office administrator to obtain permission.
- You will be required to provide sufficient evidence of identification (preferably a driver’s licence or passport) before the office administrator will grant you access to your records.
- You will be able to view all records privately and take copies where necessary for a nominal charge.
- No other parties will have access to your records without your prior written permission.
- Should you wish to permit a third party access to your records, this will need to be clearly indicated.
- You will need to provide the details of the third party seeking to access your records and the third party will have to provide suitable identification prior to any records being released.
Australian Privacy Principle 13 – Correction of personal information
ASSET takes reasonable steps to correct personal information we hold, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.
On an individual’s request, we:
- Correct personal information held; and
- Notify any third parties of corrections made to personal information if this information was previously provided to these parties.
Correcting at ASSET’s initiative
We take reasonable steps to correct personal information we hold in cases where we are satisfied that the personal information held is inaccurate, out-of-date, incomplete, irrelevant or misleading (that is, the information is faulty). This awareness may occur through collection of updated information, in notification from third parties or through other means.
Please do not hesitate to contact our office at anytime should you have any questions regarding this policy on 1300 731 602 or email [email protected].