Introduction
Entry Education is committed to protecting the privacy of individuals and handling personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and the Standards for Registered Training Organisations (SRTOs) 2015.
Purpose
The purpose of this policy is to outline how Entry Education collects, uses, discloses, stores, and disposes of personal information, and how individuals can access and correct their personal information held by Entry Education.
Scope
This policy applies to all personal information collected, used, disclosed, or handled by Entry Education, including that of students, staff, and other individuals who interact with the RTO.
Responsibilities
CEO, COO, Quality and Compliance Manager, General Manager Operations, National Training Manager, Administration Staff, Trainers and Assessors
Alignment
Standards for Registered Training Organisations (RTOs) 2015/ legislative requirements
- Clause 3.6 (Participate in the Student Identifier scheme)
- Clause 8.5 (Comply with relevant legislation)
- Privacy Act 1988 (Cth) and Australian Privacy Principles
- Student Identifiers Act 2014
- National Vocational Education and Training Regulator Act 2011
Policy statement
Entry Education is committed to:
- Collecting personal information only when it is reasonably necessary for the RTO’s functions or activities.
- Using and disclosing personal information only for the purpose for which it was collected, or for related purposes that would reasonably be expected, unless consent is obtained or as required by law.
- Storing personal information securely and protecting it from unauthorized access, modification, or disclosure.
- Providing individuals with access to their personal information and the ability to correct it if inaccurate, out of date, or incomplete.
- Handling Unique Student Identifiers (USIs) in accordance with the Student Identifiers Act 2014.
- Ensuring staff are trained in privacy procedures and aware of their obligations.
- Regularly reviewing and updating privacy procedures to ensure ongoing compliance with relevant legislation and standards.
Procedure
1. Collection of personal information
a) Only collect personal information that is necessary for Entry Education’s functions or activities.
b) Collect information directly from the individual where possible.
c) Inform individuals of the purpose for collecting information, and to whom it may be disclosed.
d) Obtain consent for the collection of sensitive information.
2. Use and disclosure
a) Use personal information only for the primary purpose for which it was collected, or for directly related secondary purposes that would be reasonably expected.
b) Obtain consent before using information for a purpose other than that for which it was collected.
c) Only disclose personal information to third parties with the individual’s consent or as required by law.
d) When disclosing personal information to third parties, take reasonable steps to ensure it will be handled in accordance with the Privacy Act.
3. Data quality and security
a) Take reasonable steps to ensure personal information is accurate, complete, and up to date.
b) Implement security measures to protect personal information from misuse, loss, unauthorized access, modification, or disclosure.
c) Securely destroy or de-identify personal information when no longer needed.
4. Access and correction
a) Provide individuals with access to their personal information upon request, unless an exception under the Privacy Act applies.
b) Correct personal information if it is inaccurate, out of date, incomplete, irrelevant, or misleading.
c) Notify other entities to which personal information has been disclosed of any corrections, if requested by the individual.
5. Unique Student Identifiers (USIs)
a) Verify the USI provided by a student before using it or disclosing it.
b) Ensure USIs are not included on any certification documentation.
c) Securely store USI information and only use it for purposes allowed under the Student Identifiers Act 2014.
6. Complaints handling
a) Establish a process for receiving and responding to privacy complaints.
b) Address complaints promptly and provide a response within 30 days.
c) If a complaint remains unresolved, inform the complainant of their right to take the matter external as per the information provided in the Student Handbook.
7. Staff training
a) Provide privacy training to all staff as part of their induction.
b) Conduct regular refresher training on privacy obligations and procedures.
Privacy policy complaints and enquiries
If you have any queries or complaints about our Privacy Policy please contact us at:
Entry Education
reception@entryeducation.com.au
1300 799 447