ISM is committed to protecting the privacy and confidentiality of its students, clients and employees in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs) and in compliance with EU – General Data Protection Regulation (GDPR) 2016/679 as outlined below:
Under the Data Provision Requirements 2012, ISM is required to collect personal information about you and to disclose that personal information to the National Centre for Vocational Education Research Ltd (NCVER). Your personal information (including the personal information contained on this enrolment form and your training activity data) may be used or disclosed by ISM for statistical, regulatory and research purposes. ISM may disclose your personal information for these purposes to third parties, including:
- School – if you are a secondary student undertaking VET, including a school-based apprenticeship or traineeship;
- Employer – if you are enrolled in training paid by your employer;
- Commonwealth and State or Territory government departments and authorised agencies;
- Organisations conducting student surveys; and
Personal information disclosed to NCVER may be used or disclosed for the following purposes:
- Issuing statements of attainment or qualification, and populating authenticated VET transcripts;
- Facilitating statistics and research relating to education, including surveys;
- Understanding how the VET market operates, for policy, workforce planning and consumer information; and
- Administering VET, including program administration, regulation, monitoring and evaluation.
You may receive an NCVER student survey, which may be administered by an NCVER employee, agent or third party contractor. You may opt out of the survey at the time of being contacted. NCVER will collect, hold, use and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the VET Data Policy and all NCVER policies and protocols (including those published on NCVER’s website at www.ncver.edu.au).
For the purpose of this policy personal information is described as follows: Personal information Is information or an opinion that identifies an individual or allows their identity to be readily identified from such information. It includes but is not limited to information such as a person’s name, address, financial information, marital status or billing details.
ISM will collect personal information via an enrolment process or through other means, which will be used by the RTO for purposes of meeting VET requirements for awarding qualifications and complying with reporting requirements of the relevant government regulator. Personal information may also be accessed for the purposes of an audit by ASQA or reasonably expected secondary purposes, and in other circumstances authorised by the Privacy Act.
ISM external accountant and Authorised Tax Office Staff may access personal information of staff.
When taking credit card payments, ISM staff will not copy or record details other than for the specific use of processing the payment.
Access to Personal Information
You can gain access to personal information held about you by emailing a request to the CEO. We will handle all requests for access to personal information in accordance with the APPs and GDPR.
Management of Personal Information
ISM will take all reasonable steps to maintain the privacy and security of personal information. Information stored electronically is kept on a secure server and access is restricted to authorised employees. This server is regularly backed up and kept in a secure location.
Paper-based documents containing personal information are in a locked filing cabinet and held within a secure area within the RTO premises.
Where documents are required to be transferred to another location, personal information is transported securely in an envelope or document box. Any third party person (such as scanning personnel) will be required to sign a non-disclosure document.
Reasonable steps will be taken to destroy or permanently de-identify personal information when it is no longer required for any purpose.
Student information will be kept electronically for 30 years.
Some personal information we collect is ‘sensitive information’. Sensitive information includes personal information relating to a person’s health, racial or ethnic origin, political opinions, and religion, trade union or other professional or trade association membership, sexual preferences, or criminal record.
Sensitive information will be used or disclosed only for the primary purpose for which it was collected or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (for example, where required by law).
Updates to Policy
- ISM will ensure that only authorised personnel have access to its LMS and eLearning portal at all times. Upon ceasing employment / contract with ISM all accesses will be revoked.
- ISM will ensure it uses and maintains a secure and protected LMS and eLearning portal that meets privacy legislation
- ISM will ensure that any third party persons or companies that may have access to private or sensitive information signs a non-disclosures agreement / contracts.
- ISM will ensure at all times paper-based documents are in lockable cabinets whilst not being worked on.
- ISM will ensure that the enrolment terms and conditions and declaration is clear with straightforward language, up to date and current at all times.
- ISM will ensure that this policy is reviewed and amended as required.
- ISM will ensure that this policy is displayed on its website for all staff and students.
- ISM will inform learners/users without delay in case of harmful data breach.