1. Policy objective
The objective of this policy is to ensure that information collected for and by RGIT is within Privacy Act 1988 (Cth), Freedom of Information Act (1982), Australian Privacy Principles (APPs) (2014), and protected and utilised only in the light of its primary purpose.
This Policy applies to all students’ managers, officers, workers and contractors. The collected information will be either in electronic or in hard copy format.
The Operations Manager is responsible for the implementation and monitoring of this policy and all Departmental Managers will be responsible to ensure that staff and students are made aware of its application.
4. Policy statement
4.1 To enable to fulfil our responsibilities as a Registered Training Organisation (RTO), RGIT will collect, use, store, and disseminate personal information, as defined by the Privacy and Personal Information Protection Act 1998, in a manner consistent with the Information Protection Principles contained within that Act and those requirements as outlined in the Data Provisions of the VET Quality Framework NVR Standards for RTOs, including all data required for AVETMISS and other required reporting.
4.2 RGIT takes privacy very seriously and is committed to protecting the privacy of individuals. This includes personal, health, financial and other confidential information which is necessary for RGIT to carry out its functions.
4.3 RGIT will take all reasonable steps to protect individual information from loss, misuse or unauthorised disclosure or destruction. The right to privacy is a value that is highly regarded.
4.5 RGIT students’ personal information will be collected by fair and lawful means which is necessary for the purpose of enrolment and function of RGIT and the institute is committed to ensuring the confidentiality and security of the information provided.
4.6 RGIT’s policy is to take reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, up to date, complete and (in the case of use and disclosure) relevant.
5.1 Managing personal information
When managing a student’s personal information, RGIT is required to comply with Government legislation and policy as mentioned above.
RGIT endeavours to balance the rights of privacy with the need to be accountable and transparent in its dealings. RGIT manages students’ personal information in an open and transparent way. However, certain information will not be available under freedom of information laws. This includes private information relating to another individual, RGIT’s internal working documents and material obtained in confidence. In addition, RGIT’s Document and Record Register provides a framework and instructions to staff regarding how and why RGIT collects, stores and uses students’ personal information and how an individual may access his or her personal information held by RGIT. It also consists of a procedure for making complaints about RGIT breaches of the APPs and how the RGIT will deal with a complaint.
5.2 Collection and Use of Information
RGIT will not collect personal information unless the information is reasonably necessary for one or more of RGIT’s functions or activities. Any personal information supplied by individuals to RGIT and/or its Training Representative (where applicable) will only be used to provide information about study opportunities, to enable efficient administration, and for course administration and training and assessment purposes. Only authorised managers and other authorised persons have access to this information. All the information collected is governed by the APPs (2014).
RGIT collects personal information for reasons including:
- statistical purposes for use by State and Commonwealth administration;
- teaching purposes by RGIT; and
- general student administration.
Personal information will not be collected by unlawful or unfair means.
RGIT may use personal information for the purposes of planning, reporting, communicating, research, evaluation, financial administration (including debt recovery), auditing, marketing, and for any other purposes where the individual has provided consent for such use.
RGIT will not use the information without taking reasonable steps to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date and complete.
At or before the time or, if that is not practicable, as soon as practicable after RGIT collects personal information about an individual, RGIT will take steps to notify the individuals about the personal information. Also, RGIT will not use or disclose the information for the purpose of marketing
without prior written student consent. If an individual chooses not to provide RGIT with certain information, then RGIT may be unable to enrol the individual in a program and/or supply them with appropriate information.
5.3 Storage and Security of Personal Information
RGIT and/or its Training Representative (where applicable) will act lawfully and in a fair and nonintrusive way. RGIT will ensure that the personal information that it collects is accurate, up to date, complete and relevant. Wherever possible, it will collect information directly from its students rather than from third parties. The members and staff will do their best to tell students if RGIT collects information about them from a third party. When RGIT collects information it will advise of why it is being collected. RGIT will take all reasonable steps to protect individual information from misuse, interference and loss, and from unauthorised access, modification or disclosure. If (a) RGIT holds personal information about an individual; and (b) the RGIT no longer needs the information for any purpose for which the information may be used or disclosed by the RGIT; and (c) the information is not contained in a commonwealth record; and (d) the RGIT is not required by or under an Australian law, or a court/tribunal order, to retain the information, then RGIT will take reasonable steps in circumstances to destroy the information or to ensure that the information is de-identified.
While RGIT strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that users disclose online: users disclose that information at their own risk. If individuals are concerned about sending their information over the internet, they may contact the RGIT by phone or post. If users become aware of any security breach, they must let us know as soon as possible.
RGIT holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate.
5.4 Disclosure of Personal Information
Personal information about student(s) studying with RGIT may be shared with Australian Government and designated authorities. This information includes personal and contact details, course enrolment details and changes and, for international students, the circumstances of any suspected breaches of the student’s visa conditions.
RGIT will not disclose any personal information of a student, except as permitted under these policies. RGIT will not disclose personal information to a person, body or agency (other than the individual concerned) unless:
- the individual concerned has expressly or implicitly consented to the disclosure in writing; or
- the person disclosing the information believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the student or of another person; or
- the disclosure is required or authorised by or under law; or
- the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, or for the protection of the interests of the government, statutory authority or statutory office – holder as an employer; or
- the individual concerned is reasonably likely to have been aware or made aware that information of that kind is usually passed to that person or organisation.
RGIT will disclose information for the purpose of the protection of public revenue. RGIT will include a note of the disclosure in the record containing that information. Personal information may be shared with other institutes where students enrol or apply to enrol.
In case of work-based training components and practical placement, RGIT will may require to notify Host Organisation (including approved entity, serviced providers of employer, agents or their authorised contractors) of any concerns, issues or opportunities relating to the practical placement, including student course progression.
For students who are under the age of 18 years; personal information, attendance details, progress and results may be disclosed to respective parent(s)/guardian(s). Except in the case where information is released to a parent or guardian, when RGIT releases information to a third party, it will advise the third party that they should not use the information for any purposes other than the purposes for which it was disclosed.
5.5 Correction and Update of Personal Information
The Freedom of information Act 1982 and APPs Policy (2014) provide for persons (including RGIT students) to make an application for access to information (including personal information) held by RGIT.
RGIT will make all reasonable efforts to ensure that personal information recorded by RGIT is kept up to date. If a student believes that the personal information retained by RGIT is out of date or otherwise misleading or inaccurate, the student may request that RGIT amend his or her personal information. RGIT will amend the information, if it is found that the information is out of date, misleading or inaccurate.
If RGIT corrects and updates personal information about an individual that RGIT previously disclosed to another education provider and the individual requests RGIT to notify the other provider of the correction then RGIT will take steps, as are reasonable in the circumstances, to give that notification unless it is impractical or unlawful to do so.
If RGIT refuses to correct the information as requested by the individual, RGIT will give the individual a written notice that sets out: (a) the reasons for the refusal; and (b) the mechanisms available to complain about the refusal; and (c) any other matter prescribed by the regulations. In the case of refusal, if an individual requests RGIT to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading then the RGIT will take reasonable steps in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
If a request is made for correction or for associating a statement as mentioned above, RGIT will respond to the request within a reasonable period after the request is made. RGIT will not charge the individual for making the request, for correcting the personal information or for associating the statement with the personal information.
5.5 Access to Personal Information
A student may access their own personal information held by RGIT at no charge. Individuals will be advised of how they may access or obtain a copy of their personal information within 10 days of receiving the individual’s written request.
RGIT policy allows students to apply for and receive personal information that RGIT holds about student according to the above requirements. The request should be lodged in writing, addressed to the Student Services Manager, providing full details of the student’s name, ID number and details of the specific information required.
5.6 Direct Marketing
RGIT may use personal information of RGIT clients and non-clients, specifically their name and relevant address details and information about preferences for direct marketing, both as to the preferred communication channels for receiving direct marketing from RGIT and the types of products and services of interest, to let people know about RGIT services, facilities and benefits and those of third-party partners, contractors and/or suppliers to RGIT, where we have the recipient’s consent. RGIT is committed to abiding by the law in all jurisdictions.
Where permitted by law to do so, RGIT or our partners, contractors and/or training representatives may contact persons for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, or online advertising.
5.7 Communication of Individual Consent
Under Australian law, an individual may communicate their consent to RGIT’s use of their personal data for Direct Marketing when:
- providing RGIT with their personal data through our website, online lead forms, clicking on the submit or register or equivalent button indicating their consent;
- providing the RGIT with their personal data through a form, signing on the form indicating their consent; or
- following the instructions in the document on which they are providing your personal data to RGIT.
5.8 Opting Out
Subject to the above, where an individual has consented to receive direct marketing communications from RGIT, their consent will remain current until they advise us otherwise. However, they can, at no cost, opt out at any time, in the following ways:
- clients and prospective clients of RGIT can update their communications preferences (including opting out of participating in surveys) by simply clicking on ‘unsubscribe’; and/ or
- clients, prospective clients and non-clients of RGIT cansend a letter to RGIT:
|Address:||28-32 Elizabeth Street, Melbourne VIC 3000|
|firstname.lastname@example.org or email@example.com|
- advise RGIT team that if they receive a marketing call that they no longer wish to receive these calls; and
- use the unsubscribe facility that RGIT included in our commercial electronic messages (such as emails and SMS) to opt out of receiving those messages.
5.9 Notification of Source
If RGIT has collected the personal information that we use to send an individual direct marketing material from a third party (for example a direct mail database provider), under Australian law they can ask us to notify them of our source of information, and RGIT’s policy is to do so unless this is unreasonable or impracticable.