Privacy Policy

1. PURPOSE

The purpose of this Policy and Procedure is to ensure the confidentiality, security and proper handling of students’, staff and stakeholder personal data ensuring the protection of individual privacy.

These measures align with the Privacy Act 1988, incorporating the Australian Privacy Principles (APPs) and the amendments made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

2. POLICY

Western Training College (the College) is committed to protecting the privacy and security of personal information and with respect for individual rights. This Privacy Policy and Procedure is designed to ensure that the College handles personal information in accordance with the requirements of the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) contained within, and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. It also complies with the Standards for Registered Training Organisations (RTOs) and the legislative requirements of the National Vocational Education and Training Regulator Act 2011 (Cth) (NVETR Act).

In accordance with the NVETR Act, the College is obligated to disclose personal information
collected from students to the National VET Data Collection managed by the National Centre for Vocational Education Research Ltd (NCVER), and, where applicable, to the relevant state or territory training authority.

All students participating in nationally recognised training are required to have a Unique
Student Identifier (USI) and provide it to the College upon enrolment or the College can apply for a USI on behalf of an individual.

The Student Identifiers Act 2014 authorises the Australian Government’s Student Identifiers Registrar to collect information about USI applicants. When the College applies for a USI on behalf of a student it needs to collect personal information about the student which will be passed on to the Student Identifiers Registrar. This will include:

• name, including first or given name(s), middle name(s) and surname or family name
• date of birth
• city or town of birth
• country of birth
• gender
• contact details

Where a student does not provide the USI Registrar with some or all of the required information that the Registrar will not be able to issue the student with a USI, and therefore the College will be unable to issue a qualification or statement of attainment.

3. RESPONSIBILITY

The CEO/designated Privacy Officer is responsible for implementing and monitoring the Privacy Policy and Procedures and for addressing any queries or concerns about privacy matters.

4. REQUIREMENTS

The College must act in accord with the requirements of the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. It must also comply with the Standards for Registered Training Organisations (RTOs) clauses 8.5 and 8.6 and the legislative requirements of the National
Vocational Education and Training Regulator Act 2011 (Cth) (NVETR Act).

Definitions:

• Personal Information defined under the Privacy Act 1988 (Cth) refers to any information or opinion about an individual, or that may reasonably identify an individual.
• Privacy Act 1988 refers to an Australian law which regulates the handling of personal information about individuals.
• Australian Privacy Principles (APPs) are contained in the Privacy Act 1988 and outline the handling, use and management of personal information.
• Consent as per the Australian Privacy Principles ((s 6(1)) refers to ‘express consent or implied consent’. The four key elements of consent include the individual being adequately informed before giving consent, the individual giving consent voluntarily, the consent is current and specific, and the individual has the capacity to understand and communicate their consent.

5. SCOPE

This policy applies to all employees, students, contractors, and other individuals associated with the College who are involved in the collection, use, and disclosure of personal information.

6. PROCEDURE

This procedure is intended to provide clarity on the management of personal information, ensuring compliance with the APPs, Privacy Act 1988, and the NVETR Act.

Collected Information

1. The College collects personal information only by lawful and fair means and, where
   appropriate, with the consent or knowledge of the individual concerned.
2. The information collected is limited to what is required for the function or activity of the
   College, including names, addresses, email contacts, educational qualifications,
   employment details, and other information relevant to providing its services.
3. Data is acquired through application and enrolment forms, correspondence, meetings,
   financial interactions, and monitoring activities. Information is transferred to the
   College’s electronic student management system.

Use and Disclosure of Personal Information

1. 1. The College uses the information collected for the purpose of providing its training and assessment services, complying with legal and regulatory obligations, and improving its offerings. The College ensures that personal information is handled, used, and disclosed in accordance with the APPs and only for the purposes for which it was collected, or a directly related purpose.
   2. Personal information may be disclosed to third parties where the individual has consented to the disclosure or where disclosure is required or authorized by law.
   3. Consistent with the NVETR Act, the RTO is required to disclose specific personal information to NCVER and may also disclose it to relevant state or territory training authorities. The NCVER is responsible for managing and communicating data and statistics about the VET sector. The information may also be disclosed for the purposes of audits, or to comply with other legal or regulatory requirements.
   4. USI information may be disclosed to:
      • Commonwealth and State/Territory government departments and agencies and statutory bodies performing functions relating to VET for:
        • the purposes of administering and auditing VET, VET providers and VET programs.
        • education related policy and research purposes.
        • to assist in determining eligibility for training subsidies
      • VET Regulators to enable them to perform their VET regulatory functions
      • VET Admission Bodies for the purposes of administering VET and VET programs.
      • RTOs to enable them to deliver VET courses to the individual, meet their reporting obligations under the VET standards and government contracts and assist in determining eligibility for training subsidies
      • the National Centre for Vocational Education Research (NCVER) for the purpose of creating authenticated VET transcripts, resolving problems with USIs and for the collection, preparation and auditing of national VET statistics
      • researchers for education and training related research purposes
      • any other person or agency that may be authorised or required by law to access the information
      • any entity contractually engaged by the Student Identifiers Registrar to assist in the performance of his or her functions in the administration of the USI system
      • will not otherwise be disclosed without the student’s consent unless authorised or required by or under law
   5. Individuals have the right to access their personal information and to request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading information.
   6. Written requests for data access should be responded to within 10 working days.
   7. The College retains personal information for as long as necessary to fulfill the purposes outlined in this policy and to comply with its legal obligations. When no longer required, personal information is securely destroyed or de-identified.
   8. Photos taken during training sessions or taken on-campus at the College’s premises will not be publicly displayed or used for promotional purposes without gaining written permission from the people displayed in the photo(s).

Data Quality and Security

1. The College takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date, complete, and protected from misuse, loss, unauthorised access, modification, or disclosure.
2. The College commits to maintaining accurate and current student information with personal information stored securely and only accessible by authorised personnel.
3. Data is maintained on the College’s systems and is appropriately destroyed or anonymised when no longer necessary.
4. Regular verification of student records is conducted every 6 months, including contact and emergency details.
5. Students must notify the College of any changes within 7 days, and the College will update its systems accordingly.
6. Records are retained for a minimum of 2 years post cessation of enrolment and 30 years for information required the be kept under the National Vocational Education and Training Regulator Act 2011. It includes:

• • Name
  • Address
  • Contact details (telephone, email)
  • Date of Birth
  • Gender
  • Country of birth
  • Language spoken at home
  • Level of English spoken
  • Disability information
  • Highest secondary schooling completed
  • Other qualifications completed
  • Current employment status
  • Unique Student Number (USI)
  • Indigenous Status

Complaints Process

• Concerns regarding privacy breaches can be addressed to the CEO/designated Privacy Officer.
• Complaints will be dealt with in a timely and appropriate manner, according to the College’s Complaints and Appeals Policy and Procedure
• Unsatisfactory responses can be escalated to the Australian Privacy Commission.

7. POLICY IMPLEMENTATION

This policy will be made available to all staff members and stakeholders through the internal communication channels, the website and in the Student Handbook.

8. REVIEW

This Policy and Procedure will undergo an annual review, or sooner if required, to ensure it remains relevant and effective in guiding the operations and strategies or as needed to reflect any changes in the regulatory environment or operational practices. Feedback will be collated and analysed and discussed at the monthly management meetings, for noting or action with any necessary changes documented in a Continuous ImprovementForm and in the Continuous Improvement Register.