1.0 PURPOSE AND SCOPE
RED MAKO LEARNING PTY LTD is committed to protecting the privacy of individuals. This includes personal, health, financial and other confidential information, which is necessary for RED MAKO LEARNING PTY LTD to carry out its functions. The organisation will take all reasonable steps to protect individual information from loss, misuse or unauthorised disclosure or destruction.
All personal information will be collected by fair and lawful means which is necessary for the purpose of enrolment and the functions of RED MAKO LEARNING PTY LTD. RED MAKO LEARNING PTY LTD is committed to ensuring the confidentiality and security of the information provided.
This policy applies to RED MAKO LEARNING PTY LTD clients including students, prospective students and other individuals.
This is in accordance with;
- Australian Privacy Principles as contained within the Privacy Act 1988 (Cth) and
- The Freedom of Information Act 1982
- The standards for Registered Training Organisations (RTOs) 2015
- The Student Identifiers Act 2014 (Cth)
2.0 ABBREVIATIONS / DEFINITIONS
The agreed national data standard for the collection, analysis and reporting of vocational education and training information.
Where personal information is held by an organisation and is lost or subjected to unauthorised access, use, modification, disclosure or other misuse.
Types of information that are specific to an individual for example name, address, contact or bank account details.
A type of personal information that is sensitive in its nature – for example race or ethnic origin, political opinion, religious belief or affiliation, medical history or criminal record.
3.0 POLICY AND PROCEDURE
RED MAKO LEARNING PTY LTD is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988. It is the policy of RED MAKO LEARNING PTY LTD to collect personal information from time to time for the primary purpose of collection (see below), and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which consent has been provided. This policy describes the type of information the business collects, how the information is handled, how and to whom the information is disclosed, and how the information may be accessed.
In order to deliver a high-quality education service RED MAKO LEARNING PTY LTD is required to collect a variety of personal information from both consumers and staff members. Where personal and sensitive information is collected it is stored, disclosed and destroyed in accordance with the Australian Privacy Principles.
- RED MAKO LEARNING PTY LTD takes all reasonable steps required to protect and maintain personal and sensitive information.
- A robust governance framework is used to assess, plan, implement and review the protection of personal information against misuse, loss, inappropriate access, and inappropriate disclosure.
- Prior to the collection of personal and sensitive information the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur.
- Once the individual is well informed consent is obtained for the collection of information.
- Personal and sensitive information is used only for the purpose of its collection and by staff who require the information in order to complete their duties.
- Individuals have access to their information when required and without charge.
- Personal information is stored in either electronic or hardcopy format.
- Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee’s privacy.
- RED MAKO LEARNING PTY LTD will only disclose personal information to a third party where written consent has been obtained from the individual.
- Where RED MAKO LEARNING PTY LTD receives unsolicited information, it is either destroyed or de-identified.
3.1 TYPES OF INFORMATION COLLECTED AND HELD
The type of information the organisation collects and holds includes (but is not limited to) personal information, including sensitive information, about
- students and parents and/or guardians, before, during and after the course of a student’s enrolment at RED MAKO LEARNING PTY LTD;
- job applicants, staff members and contractors
The personal and sensitive information collected, or that may be collected in the future, may include any or all of the following:
- Name, address, email address and telephone contact numbers;
- Date and Place of Birth
- Tax File Number
- Employment history
- Schooling / Qualifications completed
- Verification documentation and evidence
- Reference checks
- Proof of identity – 100-point ID check
- Bank account details
- Medical Details
- Unique Student Identifier (USI)
- Citizenship, Residency and Visa status and information
3.2 HOW PERSONAL INFORMATION IS COLLECTED AND STORED
Individuals may disclose information over the telephone, via email, in person and by the completion of relevant forms. Only information disclosed by the individual is used in the collection of information. Prior to the collection of personal information, the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur.
Written and/or verbal consent is obtained prior to collection of personal information and stored appropriately (e.g. in the students/employee file or on the student management system).
The types of information collected or disclosed by the individual will vary depending on the method of collection, the purpose of that collection and the individual disclosing the information.
Forms used by RED MAKO LEARNING PTY LTD to collect personal information from student include;
- Expression of interest forms
- Enquiry forms
- Enrolment forms
- Application for credit transfer forms
- Assessment forms
- Training plans
Documentation used by RED MAKO LEARNING PTY LTD to collect personal information from staff include;
- Application documentation
- Staff details form
- Superannuation documentation
- Trainer Professional Development Portfolio
- Trainer Matrix
- Tax file declaration
- Bank account details
Information is held in either a locked filing cabinet or electronically on the organisation’s hard drive or student management system. Access to information is limited to personnel with the correct authorisation and is only available to staff for the purpose of collection. Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employees’ privacy. Where staff leave the organisation their access to data is removed/deleted.
Where a prospective student completes an online enquiry or payment, the student’s privacy is protected by:
- Security certificate attached to our URL
- Unique Application Reference ID for students to track their progress. Using the Reference ID, students are able to come back, return and complete at a later date.
- Different levels of system access for staff depending on role and permissions given based on their responsibilities.
3.3 USE OF INFORMATION
Personal information is only for the purpose for its collection and by staff who require the information in order to complete the tasks associated with their role and function.
Student personal information is used to;
- Identify individuals enrolled in a RED MAKO LEARNING PTY LTD program
- Process application and enrolment requests including credit transfer applications
- Process payments for service delivered
- Monitor student progression and provide individualised support
- Enter student assessment results
- Identify students enrolled in a training product
- Report data required by government (data provision and contractual data requirements).
- Monitor and evaluate organisational performance
- Ensure certification documentation is awarded to the correct graduate
Staff personal information is used to;
- Ensure staff have the correct qualification, registration/licensing requirements to deliver and assess nationally recognised training.
- To mitigate risk and ensure student safety
- To support human resources processes and systems
- Manage logistical requirements associated with training and assessment
- Meet superannuation and taxation legislative requirements
3.4 DIRECT MARKETING
RED MAKO LEARNING PTY LTD only uses or discloses personal information for direct marketing purposes if consent has been gained. Individuals have the opportunity to be removed from circulation or subscription lists if they choose not to receive organisation related materials.
3.5 DISCLOSURE OF PERSONAL INFORMATION
RED MAKO LEARNING PTY LTD only uses or discloses personal information to a third party where written consent has been gained from the individual. Where possible, data is encrypted so that the student has a level of pseudonymity. In accordance with legislative and regulatory requirements RED MAKO LEARNING PTY LTD is regularly required to provide information to State and Commonwealth government departments for the purpose of administration, research and quality assurance. RED MAKO LEARNING PTY LTD does not use or disclose government related identifiers.
3.6 ACCESSING AND SEEKING CORRECTION OF PERSONAL INFORMATION
RED MAKO LEARNING PTY LTD acknowledges the rights of individuals to have access to their personal information under the “Freedom of Information Act” and provides opportunities to review this information on request.
Students and staff are encouraged to update their personal information as it changes to maintain the currency and accuracy of records/data. Where RED MAKO LEARNING PTY LTD staff identify/suspect that personal information is inaccurate, out of date, incomplete or misleading they will contact the individual for further clarification and action any rectifications as required. Students will be notified to access their student portal where they can update personal information. There is no charge to an individual who wishes to correct personal information or an associating statement.
3.7 DESTRUCTION OF PERSONAL INFORMATION
Personal information is securely destroyed in accordance with the organisation’s Records Retention and Management policy and procedure.
3.8 COMPLAINTS AND APPEALS
If the complainant is dissatisfied with the outcome of their complaint, they can approach their state-based Training Ombudsman, the Office of the Australian Information Commissioner (OIAC) or the Australian Skills Quality Authority (ASQA) for further information and/or action. Please see Complaints and appeals policy and procedure for more information.
3.9 GOVERNANCE MECHANISMS
RED MAKO LEARNING PTY LTD has robust governance framework in place to ensure its compliance with the Australian Privacy Principles. The following governance framework underpins and supports the operationalisation of this policy and procedure;
- Risk assessments including privacy impact assessments are undertaken when required.
- Staff receive training on the handling of personal and sensitive information on employment commencement and as changes and/or amendments occur.
- Staff who regularly handle personal information are provided with supervision and support from their line manager.
- Performance development and management processes ensure staff have the knowledge and skills required to complete their role requirements.
- Where an agent or partner is collecting personal information from a consumer on behalf of RED MAKO LEARNING PTY LTD systematic process are implemented to monitor compliance and maintain the student’s privacy – see Engagement and monitoring of third-party provider’s policy and procedure.
- RED MAKO LEARNING PTY LTD takes all reasonable steps required to protect and maintain personal and sensitive information in accordance with the Australian Privacy Principles. If a data breach was to occur the organisation has a systematic approach to managing the critical incident in an open and transparent manner that manages risk effectively. The process for managing a data breach includes conducting a preliminary assessment and investigation, undertaking a risk assessment, notifying all relevant parties and developing an action plan to prevent potential future breaches.
- The organisation’s Leadership Team and Compliance Manager monitor the effectiveness of the policy/procedure and is actively involved in its review.