Contact us on 1300 200 705

Privacy Policy

Privacy Policy (Version 2.17)

ISM is committed to protecting the privacy and confidentiality of its students, clients and employees in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs) and in compliance with EU – General Data Protection Regulation (GDPR) 2016/679 as outlined below:


Under the Data Provision Requirements 2012, ISM is required to collect personal information about you and to disclose that personal information to the National Centre for Vocational Education Research Ltd (NCVER).

Your personal information (including the personal information contained on this enrolment form), may be used or disclosed by ISM for statistical, administrative, regulatory and research purposes. ISM may disclose your personal information for these purposes to:

  • Commonwealth and State or Territory government departments and authorised agencies; and

Personal information disclosed to NCVER may be used or disclosed for the following purposes:

  • populating authenticated VET transcripts;
  • facilitating statistics and research relating to education, including surveys and data linkage;
  • pre-populating RTO student enrolment forms;
  • understanding how the VET market operates, for policy, workforce planning and consumer information; and
  • administering VET, including program administration, regulation, monitoring and evaluation.

You may receive a student survey, which may be administered by a government department or NCVER employee, agent or third party contractor or other authorised agencies. Please note you may opt out of the survey at the time of being contacted.

NCVER will collect, hold, use and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the National VET Data Policy and all NCVER policies and protocols (including those published on NCVER’s website at

Collection of personal information

For the purpose of this policy personal information is described as follows: Personal information Is information or an opinion that identifies an individual or allows their identity to be readily identified from such information. It includes but is not limited to information such as a person’s name, address, financial information, marital status or billing details.

 Use and disclosure of personal information

ISM will collect personal information via an enrolment process or through other means, which will be used by the RTO for purposes of meeting VET requirements for awarding qualifications and complying with reporting requirements of the relevant government regulator. Personal information may also be accessed for the purposes of an audit by ASQA or reasonably expected secondary purposes, and in other circumstances authorised by the Privacy Act.

ISM external accountant and Authorised Tax Office Staff may access personal information of staff.

When taking credit card payments, ISM staff will not copy or record details other than for the specific use of processing the payment.

Access to Personal Information

You can gain access to personal information held about you by emailing a request to the CEO. We will handle all requests for access to personal information in accordance with the APPs and GDPR.

Management of Personal Information

ISM will take all reasonable steps to maintain the privacy and security of personal information. Information stored electronically is kept on a secure server and access is restricted to authorised employees. This server is regularly backed up and kept in a secure location.

Paper-based documents containing personal information are in a locked filing cabinet and held within a secure area within the RTO premises.

Where documents are required to be transferred to another location, personal information is transported securely in an envelope or document box. Any third party person (such as scanning personnel) will be required to sign a non-disclosure document.

Reasonable steps will be taken to destroy or permanently de-identify personal information when it is no longer required for any purpose.

Student information will be kept electronically for 30 years.

Sensitive Information

Some personal information we collect is ‘sensitive information’. Sensitive information includes personal information relating to a person’s health, racial or ethnic origin, political opinions, and religion, trade union or other professional or trade association membership, sexual preferences, or criminal record.

Sensitive information will be used or disclosed only for the primary purpose for which it was collected or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (for example, where required by law).

Updates to Policy

We will review our privacy policy from time to time to take account of new laws and technology, changes to our operations and practices, and the changing business environment. We will notify you about changes to our privacy policy by posting an updated version on our website and through direct email.

Privacy Procedures

  • ISM will ensure that only authorised personnel have access to its LMS and eLearning portal at all times. Upon ceasing employment / contract with ISM all accesses will be revoked.
  • ISM will ensure it uses and maintains a secure and protected LMS and eLearning portal that meets privacy legislation
  • ISM will ensure that any third party persons or companies that may have access to private or sensitive information signs a non-disclosures agreement / contracts.
  • ISM will ensure at all times paper-based documents are in lockable cabinets whilst not being worked on.
  • ISM will ensure that the enrolment terms and conditions and declaration is clear with straightforward language, up to date and current at all times.
  • ISM will ensure that this policy is reviewed and amended as required.
  • ISM will ensure that this policy is displayed on its website for all staff and students.
  • ISM will inform learners/users without delay in case of harmful data breach.