We are bound by the National Privacy Principles contained in the Privacy Act 1998 as amended by the Privacy Amendment Act 2014.
The easiest way to follow this policy is to remember one simple rule: never give out confidential and or private information about a participant, employee or client unless it’s to an authorised person. This means not even to family members – there is no way of knowing a person’s family situation, and that person has the right to withhold private information from their family members.
POLICY PRIVACY OBLIGATIONS
As a participant, you may volunteer or be exposed to information which can be used to personally identify you or another participant, including but not limited to a participant’s name, age, occupation, marital status, health, sexual orientation, religious affiliation, or opinions (Private Information). We make use of such Private Information only where needed to comply with the Australian Quality Framework and the National VET Regulator Act and Standards.
You agree never to disclose or make any use of the Private Information of another participant other than to the extent required for your participation in the nationally recognised training.
The principles behind this policy are:
- All held data, that identifies a participant or employee is available to employees with appropriate authorisation on a restricted access basis.
- The amount of personal information held is strictly limited to that which is required for us to conduct its business of enrolment, progress and monitoring of participants and employment of employees.
- Participants or employees have the right of access to their personal information retained by us and to correct the information where relevant.
- We will hold participant or employee data in secure databases so as to protect the integrity of the personal information.
- We respect the individual’s right to privacy and undertake to keep personal information in confidence.
WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOW IS THE INFORMATION COLLECTED
The type of information we collect and retain, includes but is not limited to, personal information, including sensitive information, about:
- Participants and their parents and/or guardians (‘parents’) before, during and after the participant’s enrolment in a program.
- Job applicants, employees, industry partners, clients and volunteers.
- Other people who come into contact with our business.
We will generally collect personal information held about an individual by way of forms filled out by participants and employees, face-to-face meetings, interviews, and telephone calls.
In some circumstances, we may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from someone.
HOW WILL WE USE THE PERSONAL INFORMATION AN INDIVIDUAL PROVIDES?
For personal information about participants, the primary purpose for collection is to enable the business to look after and assist in the participant’s development, social, spiritual and medical well-being, for day-to-day administration, to satisfy legal obligations and allow the business to discharge its duty of care
For personal information about job applicants, employees, clients, industry partners and contractors, the primary purpose of collection is to assess and (if successful) to engage the applicant, employees, client, industry partner or contractor, as the case may be.
The purposes for which it uses personal information of job applicants, employees, clients, industry partners and contractors include:
- To administer the individual’s employment or contract (as the case may be);
- For insurance purposes;
- To enable us to maintain necessary employee information for entitlements including long service leave, maternity leave, WorkCover and other necessary industrial or employment purposes
- To satisfy legal obligations.
TO WHOM MIGHT WE DISCLOSE PERSONAL INFORMATION
We may disclose personal information (including sensitive information) held about an individual only to those with a right to know.
- Government departments;
- People providing services to our business (including consultants);
- Anyone to whom the individual authorises us.
Sometimes we may ask individuals to consent to some disclosures or uses of personal information for certain purposes, either in writing or verbally. In other cases, consent may be implied.
Where an employee receives a telephone query by a person claiming to be a participant or employee, concerning information held by us about a particular participant or employee, the employee shall use appropriate means to verify the identity of the person (for example, by confirming the participant or employees date of birth).
Where an employee receives a telephone query from an external organisation concerning information held about a particular participant or employee, the employee shall use appropriate means to verify that the caller is employed by that external organisation and that either:
- The participant or employee has authorised the release of the data to the organisation, or
- There is a requirement in law to provide the information requested.
REQUESTS FOR CONTACT ADDRESSES FOR OTHER PURPOSES
- Where a request is received for a participant or employee contact address, employees shall refuse to divulge the information, but may at their discretion arrange for the forwarding of such a request to the participant or employee.
- Where a third party needs to contact a participant or employee for an emergency purpose, the matter will be referred to the director, or their designate, for a decision.
- We facilitate access to employees through the appropriate medium (e.g. E-mail, letters, etc.) on behalf of third parties as appropriate.
HOW SENSITIVE INFORMATION WILL BE TREATED?
- ‘Sensitive information’ means information relating to a person’s racial or ethnic origin, political opinions, religion, trade unions or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual.
- Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.
MANAGEMENT AND SECURITY OF PERSONAL INFORMATION
- We are required to respect the confidentiality of participant’s personal information and the privacy of individuals.
- We have in place steps to protect the personal information held from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and pass-worded access rights to computerised records.
UPDATING PERSONAL INFORMATION We undertake all endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by contacting the Director, or their designate, at any time. The National Privacy Principles require us not to store personal information longer than necessary
INDIVIDUALS HAVE THE RIGHT TO CHECK WHAT PERSONAL INFORMATION WE HOLD ABOUT THEM
- Under the Privacy Act 1998, individuals may seek access to any personal information that we hold about them and to advice of any perceived inaccuracy. There are some exceptions to this right set out in the Privacy Act 1998.
- For individuals to make a request to access any information we hold about them, they should contact the Director, or their designate, in writing.
- We may require individuals to verify their identity and specify what information they require. A fee may be charged to cover the cost of verifying the individual’s application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the individual will be advised of the likely cost in advance.
STORAGE OF RECORDS
- Records must be correctly stored and eventually destroyed (in line with legal requirements) by authorised personnel to make sure that information of a sensitive nature is not made public.
- All records must be stored in a secure, safe area where there is no possibility of damage by pests, vermin or environmental factors.
- Records are stored both at internal organisational and external storage areas.
- The area must be safeguarded by security, with access determined by an appropriate system to prevent access from individuals that do not have clearance.
- When stored, there is a system for location of records to allow for ease of access by authorised employees.
- Records must be transported in a safe and confidential manner ensuring that access is only given to authorised employees.
DESTRUCTION OF RECORDS
- Any confidential or sensitive paperwork is placed in locked bins and/or shredded prior to being sent for recycling.
- Records are kept for as long as they have value, which varies. It is generally for 7 years but can vary for certain conditions and legal considerations.
- Each State/Territory is covered by legislation and has regulations regarding record retention and disposal. These may be accessed at www.comlaw.gov.au.
For information about the way we manage the personal information we hold, please contact the Director or their designate.
We take the confidentiality and privacy of our participants, employees and clients very seriously, and will not hesitate to take disciplinary action against any employees that are in breach of this policy.