PRIVACY AND PERSONAL INFORMATION

PRIVACY AND PERSONAL INFORMATION

  1. Policy & Procedure 1.7
    Privacy & Personal Information

    1. Policy

    Emergency First Aid Pty Ltd is committed to protecting employee and client privacy and confidentiality in line with State and Federal Privacy legislation.
    This policy refers to the Privacy Act 1988 and the Student Identifiers Act 2014.

    This policy focuses on Emergency First Aid Pty Ltd commitment to protecting the privacy of its students, and outlines the various ways in which it ensures this protection. For the purpose of this policy personal information is described as follows:

    Personal information

    Is information or an opinion that identifies an individual or allows their identity to be readily identified from such information. It includes but is not limited to information such as a person’s name, address, financial information, marital status or billing details.

    Standards for RTO’s 2015.v2 – Chapter 6 – Regulatory Compliance & Governance Practice

    The Users Guide for Standards for RTO’s 2015.v2 – Chapter 6 focuses on the Standards for Registered Training Organisations 2015 (the Standards) and clauses relevant to registered training organisations’ (RTOs) regulatory compliance, reporting and governance practice underpin the good management of RTOs—and, as a result, their effective functioning and sustainability as businesses.
    These Standards support RTOs to provide high-quality student experiences and learning outcomes.
    Under the Standards relevant to regulatory compliance and governance, RTOs are responsible for:
    • ensuring authorised executive officers are in place and meet Fit and Proper Person Requirements (clause 7.1)
    • satisfying Financial Viability Risk Assessment Requirements (clause 7.2)
    • complying and reporting (clauses 2.1 and 8.4 to 8.6)
    • recording, monitoring and reporting third-party arrangements (clauses 2.3, 2.4 and 8.3)
    • holding public liability insurance (clause 7.4)
    • meeting Data Provision Requirements (clause 7.5)
    • providing requested information to ASQA (clauses 8.1 and 8.2). Privacy Act 1988

    The Privacy Act 1988

    (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information.
    When Australian, ACT and Norfolk Island Government agencies and ministers’ offices collect, store, use and disclose any personal information about individuals, they must comply with the 11 Information Privacy Principles (IPPs) in section 14 of the Privacy Act 1988. The IPPs also allow individuals to request access to their personal information and ask for information to be amended or deleted.

    Student Identifiers Act 2014

    Generally, a registered training organisation must not issue a VET qualification or VET statement of attainment to an individual after 2014 unless the individual has a student identifier.

    The Student Identifiers Registrar must assign a student identifier to an individual on application. On request by an individual, or an organisation or body involved with vocational education and training, the Registrar may verify that an identifier is the individual’s student identifier, or give the individual’s student identifier.

    Records of student identifiers must be protected from misuse. Collection, use and disclosure of an individual’s student identifier without the individual’s consent is prohibited, unless it is authorised by this Act. The Information Commissioner may deal with breaches of these rules as interferences with privacy under the Privacy Act 1988.

    On request, the Registrar may give all or part of an authenticated VET transcript of an individual who has a student identifier to the individual, a registered training organisation or a VET‑related body. This is subject to access controls set by the individual.

    The Student Identifiers Act 2014 authorises the Student Identifiers Registrar to collect personal information about USI applicants. When you apply for a USI on behalf of an individual who has authorised you to do so, you will be asked to provide personal information about that individual.

    This will include:
    • name, including first or given name(s), middle name(s) and surname or family name;
    • date of birth;
    • city or town of birth;
    • country of birth;
    • gender; and
    • contact details, so the Student Identifiers Registrar can provide individuals with their USI and explain how to activate their USI account.

    Provision of personal information ensures that USIs are correctly assigned to individuals. If the required personal information is not provided a USI cannot be assigned.

    What is a Unique Student Identifier (USI)?

    All students studying nationally recognised training in Australia from 1 January 2015, will be required to have a Unique Student Identifier (USI). A USI is an account (or reference number) made up of numbers and letters. The USI will allow your students online access to their training records and results (transcript) through their online USI account.
    • A USI is required for your new and continuing students undertaking nationally recognised Vocational Education and Training (VET) courses to receive their statement of attainment or qualification.

    Privacy

    The personal information collected by you from the individual that you are applying on behalf of and that you provide to the Student Identifiers Registrar is subject to the provisions of the Student Identifiers Act 2014 and the Privacy Act 1988.

    Personal Information may include, but is not limited to: name, address, date of birth and other identifying information.

    The collection, use and disclosure of USI’s is protected by the Student Identifiers Act 2014.

    You must ensure that your organisation handles the individual’s personal information in accordance with the requirements of the Privacy Act and the Student Identifiers Act 2014.

    2. Procedure

    2.1 Collection of personal information
    Staff

    • Emergency First Aid Pty Ltd will collect personal information from staff in order to obtain the information required to meet employment, legal and taxation obligations.
      • Information collected includes general personal details, and may include details of any disability or health issue that may affect the staff member’s ability to meet the requirements of their position.

    Students

    • Emergency First Aid Pty Ltd is required to collect personal information from students in order to process enrolments and obtain the information required to provide suitable training and assessment services. Where applicable information may also be required to comply with AVETMISS standards as specified by government regulators.
      • Information collected includes general personal details, and may include details of any disability or health issue that may affect the student’s ability to undertake training and/or assessment activities.
      • Emergency First Aid Pty Ltd will only collect personal information that is required for the purposes of employment or education, or in meeting government reporting requirements.
      • Emergency First Aid Pty Ltd collects all personal information in writing, either from an employment application and personal details form, or an enrolment form, directly from the person whom the information is about. (Where applicable information may be collected from the parent or guardian of a student under the age of 18.)

    • Applying for a USI

    If you are an RTO or a VET Admission Body you can apply for a USI in accordance with sub-section 9(2) of the Student Identifiers Act 2014.

    If you are applying for a USI on behalf of an individual you must have the authorisation of that individual.

    Identity

    When you apply for a USI on behalf of an individual you will need to verify their identity. You must do so through the Document Verification Service (DVS) which is built into the USI online application process if the individuals have documents such as a Medicare card, birth certificate, driver licence, Australian passport, certificate of registration by descent, citizenship certificate, Visa (with Non Australian Passport) and ImmiCard.

    2.2 Use and disclosure of personal information

    Staff

    • Emergency First Aid Pty Ltd uses personal information of its staff for the purposes of meeting employment requirements including payroll, superannuation and taxation.

    Students

    • Emergency First Aid Pty Ltd uses personal information of its students for the purposes of meeting VET requirements for the awarding of national qualifications, and to comply with reporting requirements where relevant, as specified by government regulators.
      • Personal information as collected through the enrolment form or online enrolment or through other means will be passed on to government regulators as per legal data collection requirements. This personal information may also be accessed for the purposes of an audit by the government regulator ASQA.
    • • Your email address and mobile number will be used to remind you of expiring certification via email or sms as well as to alert you of promotions that Emergency First Aid are running. Students can opt out of promotional contact using the included unsubscribe link provided on marketing emails as required by the Australian Spam Act 2003.
      • Personal information will not be used in any way other than those outlined in this policy, and any other ways that might reasonably be expected.

    2.3 Access to personal information

    • It is a policy of Emergency First Aid Pty Ltd to allow access to personal files at any time to the person to whom those files relate, upon written request.
      • Staff and students may access their files by submitting their written application to Student Administration.

    2.4 Storage and security of personal information

    • Emergency First Aid Pty Ltd will take all reasonable steps to maintain the privacy and security of personal information.
      • Information stored electronically is kept on a secure server and access is restricted to authorised employees only. This server is regularly backed up and kept in a secure location.
      • Paper-based documents containing personal information are in a locked filing cabinet and held within a secure area within the RTO premises.
      • Where documents are required to be transferred to another location, personal information is transported securely in an envelope, folder or document bag.
      • Reasonable steps will be taken to destroy or permanently de-identify personal information when it is no longer required for any purpose.
      • Non-active files are archived at a secure location for 30 years.

    2.5 Confidential Information

    • Emergency First Aid Pty Ltd will make all reasonable efforts to protect confidential information received from clients or partner organisations during the course of business operations. This information will not be disclosed without the prior consent of the client or partner organisation.

    2.6 Privacy Statement

    A privacy statement is available for all persons in contact with Emergency First Aid Pty Ltd to identify the way in which personal information is handled by the RTO. (Appendix A)

    2.7 The USI and reporting

    Each time your students complete nationally recognised training, you must collect and verify their Unique Student Identifier (USI) before you can confer a qualification or statement of attainment. (More information on collecting students USIs.)

    When you submit your data according to the new VET data collection and reporting requirements, it will now include the USI for each of your students. This USI will be reported to the National Centre for Vocational Education Research (NCVER) and entered in the national data collection.
    The new Unique Student Identifier (USI) scheme is underpinned by the Student Identifiers Act 2014, Standards for NVR Registered Training Organisations (RTO) 2014 and Student Identifiers Regulation 2014 and these require that you, the training organisation:
    • Collect a USI from each student
    • Verify a USI supplied by a student
    • Ensure a student has a valid USI before conferring a qualification or statement of attainment on that student
    • Ensure the security of USIs and related documentation
    • Destroy any personal information which you collected solely for the purpose of applying for a USI on behalf of a student
    • Adhere to all legislative requirements under the USI legislative requirements
    You will be required to have a valid and verified USI for each of your students before you issue a qualification or statement of attainment to that student.

    2.8 The USI – Retention and destruction of Information

    As an RTO you declare that you will ensure the security of USIs and all related documentation under your control, including information stored in your student management systems.

    In accordance with section 11 of the Student Identifiers Act 2014, you declare that you will securely destroy personal information which you collect from individuals solely for the purpose of applying for a USI on their behalf as soon as practicable after you have made the application or the information is no longer needed for that purpose, unless you are required by or under any law to retain it.

    Appendix A

    Emergency First Aid Pty Ltd
    Privacy & Personal Information Statement

    The Privacy Notice explains how personal information provided by the student may be collected, held, used or disclosed, together with training activity information. It also assists to establish a student’s expectations of how their personal information and training data may be handled.

    The Privacy Notice also makes it clear that the Notice is in addition to any other specific requirements RTOs are obligated to provide to their students, for example, under state or territory privacy laws.

    Privacy Notice

    Under the Data Provision Requirements 2012, Emergency First Aid Pty Ltd is required to collect personal information about you and to disclose that personal information to the National Centre for Vocational Centre for Vocational Education Research Ltd (NCVER).

    Your personal information (including the personal information contained on this enrolment form), may be used or disclosed by Emergency First Aid Pty Ltd for statistical, administrative, regulatory and research purposes. Emergency First Aid Pty Ltd may disclose your personal information for these purposes to:

    • Commonwealth and State or Territory government departments and authorised agencies; and
    • NCVER.

    Personal information that has been disclosed to NCVER may be used or disclosed by NCVER for the following purposes:

    • populating authenticated VET transcripts;
    • facilitating statistics and research relating to education, including surveys and data linkage;
    • pre-populating RTO student enrolment forms;
    • understanding how the VET market operates, for policy, workforce planning and consumer information; and
    • administering VET, including program administration, regulation, monitoring and evaluation.

    You may receive a student survey which may be administered by a government department or NCVER employee, agent or third party contractor or other authorised agencies. Please note you may opt out of the survey at the time of being contacted.

    NCVER will collect, hold, use and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the National VET Data Policy and all NCVER policies and protocols (including those published on NCVER’s website at www.ncver.edu.au).

    For more information about NCVER’s Privacy Policy go to https://www.ncver.edu.au/privacy.

    Emergency First Aid Pty Ltd is committed to protecting the privacy of your personal information. This statement explains how we handle your personal information.

    This statement only applies to our databases and files and does not cover any State, Territory or Commonwealth Government database or file. You are advised to contact the relevant government agency for a copy of their privacy policy.

    Where we use the words ‘we’ and ‘us’ in this document, it means Emergency First Aid Pty Ltd.

    Your Personal Information

    In order to provide you with training, employment and associated services, we may need to collect personal information such as your name, address, work history, qualifications, job seeker identification number, government benefit card, etc.

    If you’re studying nationally recognised training in Australia from 1 January 2015, you will be required to have a Unique Student Identifier (USI). There are laws that protect a student’s USI and USI’s must not be collected, used or disclosed by anyone except as allowed by the laws. The student’s privacy is further protected by laws requiring that any personal information collected by a training organisation solely for the purpose of creating a USI on their behalf is to be destroyed after the USI is created.

    The personal details of individuals held by the Student Identifiers Registrar will be protected by the Privacy Act 1988 (Cth).

    If you decline to provide your personal information, Emergency First Aid Pty Ltd may not be able to:
    • provide the product or service you requested, or
    • enter into a business relationship with you.

    Collection of personal information

    Where practicable, we will endeavour to collect personal information directly from you.

    Where services are provided on behalf of a Commonwealth and/or State Government Department, we may collect personal information from such government departments and agencies.

    We may also need to collect personal information from other third parties with or without your direct involvement or consent, such as an employer. However, this will not include sensitive information.

    Collection of personal information for the Unique Student Identifier

    The personal information that you provide to the Student Identifiers Registrar is collected, used, and may be disclosed, in accordance with the provisions of the Student Identifiers Act 2014 and the Privacy Act 1988. The Student Identifiers Registrar’s Privacy Policy provides information about the protection of your information, including how you can access and seek correction of your personal information held by the Student Identifiers Registrar and how to make a complaint about a breach of your privacy and how such complaints are handled.

    Use and disclosure

    We will use our best efforts to ensure that the information you provide to us remains private and is used only for the purposes you agree to.
    We will only disclose personal information to a third party where one or more of the following apply:
    • you have given consent (verbal or written)
    • it is authorised or required by law, or necessary for enforcement of law
    • it will protect the rights, property or personal safety of another person
    • the assets and operations of the RTO business are transferred

    Access to personal information

    You can access the personal information we hold on you, except when government legislation requires or authorises the refusal of access.

    To access your personal information, you will need to contact the Student Administration department in writing and specify the type/s of information you wish to view. You will be required to provide proof of identification.

    Storage & Security

    We will take reasonable steps to maintain the privacy and security of personal information. We ensure this by having such security measures as:
    • storing electronic information on a secure server with restricted access
    • storing paper-based documents securely on our premises
    We will take reasonable steps to destroy or permanently de-identify personal information when it is no longer required for any purpose.

    The students USI will be stored by the USI Registry System, along with some personal information about the student, such as their name, date of birth and a way of contacting them such as an email address. The USI will also be held by the National Centre for Vocational Education Research (NCVER) in a separate database along with their training records.

    Where is my USI stored?

    For safety and security your personal details are held in a different location to your training records and results but your USI is held in both locations.
    Your USI will be stored by the USI system, along with some personal information about you, such as your name, date of birth and a way of contacting you such as an email address. The USI will also be held by the National Centre for Vocational Education Research (NCVER) in a separate database along with your training records.

    Then each time you login into your USI account the two systems will talk to each other and your personal information and training records and results will both appear in your account even though the information comes from two different locations, as required by law. This happens because the protection of your USI and the information it stores is paramount so these safeguards are in place.

    Resolving privacy concerns

    If you wish to raise a concern about a privacy matter should contact the Student Administrations Department.
    For further information:
    – USI’s
    http://www.usi.gov.au/Students/Pages/student-privacy.aspx
    – Privacy Act 1988 – Office of the Australian Information Commissioner
    http://www.oaic.gov.au/privacy/the-privacy-act

    Emergency First Aid P/L/Operational System/QMS/POL.PRO 1.7 – Privacy & Personal Information 01.2021 .v5

SMS.ADM.03 Privacy Notice 02.2021 v2

CALL US NOW