There are strict privacy laws in Australia that cover how businesses can collect, use and disclose personal information. It is important for any training organisation to have a robust privacy policy in order to protect the personal information of their students and staff. This means having a privacy policy that sets out how you collect, use and disclose personal information. Your privacy policy must meet the Australian Privacy Principles (APPs). The APPs are contained in the Privacy Act 1988.
You don’t have to register your privacy policy with the Office of the Australian Information Commissioner (OAIC), but it must be available to anyone who asks for it.
Here are some things to consider when creating a privacy policy for your training organisation:
What personal information do you collect and hold?
Why do you collect, hold, use and disclose personal information?
How do you collect, store and use this information?
Who has access to this information?
Who do you disclose personal information to?
How do you ensure the security of this information?
What are your procedures for dealing with data breaches?
What rights do individuals have in relation to their personal information?
How individuals can access the personal information you hold about them and seek correction of that information?
How will you communicate your privacy policy to individuals?
How individuals can complain about a breach of the APPs, and how you will deal with such a complaint?
Whether you are likely to disclose personal information to overseas recipients; and
The types of third parties (if any) located in countries outside Australia to which you usually disclose personal information.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.
Examples of personal information include (but are not limited to) an individual’s name, date of birth, address, email address, phone number and occupation.
Sensitive information is a type of personal information that is given a higher level of protection under the APPs. Sensitive information includes (but is not limited to) information or opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership in a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership in a professional or trade association;
- membership of a trade union;
- sexual orientation or practices; and
- criminal record.
What are the Australian Privacy Principles?
The Australian Privacy Principles (APPs) are contained in schedule 1 of the Privacy Act 1988 (Cth) and regulate how organisations, including training organisations, collect, use, disclose, store and provide access to personal information.
The APPs came into effect on 12 March 2014 and replace the National Privacy Principles and the Information Privacy Principles that were contained in the Privacy Act 1988 (Cth).
Your privacy policy should be reviewed and updated regularly in order to keep up with changes in technology, law and business practices.
You may use our template privacy policy below as a starting point for developing your own policy. For more information, always seek legal advice as we can only provide general advice through our newsletters.
Privacy policy template
This privacy policy sets out how YOUR ORGANISATION NAME collects, uses, discloses and manages personal information.
YOUR ORGANISATION NAME is committed to protecting the privacy of personal information and complies with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (APPs).
What personal information does YOUR ORGANISATION NAME collect and hold?
YOUR ORGANISATION NAME may collect a range of personal information including an individual’s name, contact details, date of birth, gender, employment history, educational qualifications and criminal history.
YOUR ORGANISATION NAME collects personal information for the following purposes:
- to provide training and education services;
- to assess individuals for entry into training courses;
- to administer and manage training courses;
- to comply with legislative and funding requirements; and
- for any other purpose an individual would reasonably expect.
If YOUR ORGANISATION NAME collects personal information that it does not need, it will take reasonable steps to destroy or de-identify the information.
How does YOUR ORGANISATION NAME collect personal information?
YOUR ORGANISATION NAME collects personal information in a number of ways, including:
- when individuals complete enrolment forms or other application forms;
- when individuals participate in interviews, assessments or other evaluation processes;
- when individuals provide information to YOUR ORGANISATION NAME over the phone, in person or via email or other correspondence;
- when individuals use YOUR ORGANISATION NAME’s website or social media pages; and
- when YOUR ORGANISATION NAME collects personal information from third parties, such as other training organisations, employers, education institutions, criminal history checking services or government agencies.
YOUR ORGANISATION NAME may also collect personal information from cookies that are downloaded onto an individual’s computer when he or she visits YOUR ORGANISATION NAME’s website. For more information about cookies and how they are used, please see our Cookie Policy.
In some cases, YOUR ORGANISATION NAME may collect personal information about an individual from a third party without the individual’s knowledge or consent. This will only occur where:
- it is unreasonable or impracticable to obtain the individual’s consent;
- YOUR ORGANISATION NAME suspects that the individual has committed a serious offence and disclosure is necessary to prevent a threat to life or health;
- disclosure is required or authorised by law;
- disclosure will prevent or lessen a serious threat to public safety; or
- it is necessary for a law enforcement activity.
How does YOUR ORGANISATION NAME hold personal information?
YOUR ORGANISATION NAME holds personal information in both paper and electronic form. YOUR ORGANISATION NAME takes reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
YOUR ORGANISATION NAME will destroy or de-identify personal information once it is no longer needed for any purpose for which it may be used or disclosed under the APPs.
Who does YOUR ORGANISATION NAME disclose personal information to?
YOUR ORGANISATION NAME may disclose an individual’s personal information to:
- other training organisations;
- employers;
- education institutions;
- criminal history checking services;
- government agencies; and
- contractors and service providers who assist YOUR ORGANISATION NAME in providing its services.
YOUR ORGANISATION NAME will only disclose an individual’s personal information to a third party if:
- the individual has consented to the disclosure;
- disclosure is necessary for the provision of training or education services;
- disclosure is required or authorised by law; or
- it is otherwise permitted by the APPs.
An individual has a right to access his or her personal information that is held by YOUR ORGANISATION NAME, subject to some exceptions provided by law. If an individual would like to access his or her personal information, he or she should contact YOUR ORGANISATION NAME’s Privacy Officer.
If an individual believes that his or her personal information that is held by YOUR ORGANISATION NAME is inaccurate, incomplete or out-of-date, he or she may request that YOUR ORGANISATION NAME amend the information. If YOUR ORGANISATION NAME refuses to make the requested amendments, the individual will be notified of the reasons for the refusal and given the opportunity to have a statement of correction attached to the record.
An individual may also lodge a complaint with YOUR ORGANISATION NAME if he or she believes that his or her privacy has been breached. If an individual has a concern about the way in which YOUR ORGANISATION NAME has handled his or her personal information, he or she should contact YOUR ORGANISATION NAME’s Privacy Officer.
YOUR ORGANISATION NAME will investigate all complaints and aim to resolve them in a timely and efficient manner. If an individual is not satisfied with the outcome of his or her complaint, he or she may lodge a complaint with the Office of the Australian Information Commissioner.
This Privacy Policy was last updated on DATE.
YOUR ORGANISATION NAME
ACN 000 000 000
ABN 11 111 111 111
Address: 1 Street Name, Suburb VIC 3999
Telephone: (03) 1234 5678
Email: info@yourorganisationname.com.au
Website: www.yourorganisationname.com.au
Privacy Officer: Mr John Smith
Telephone: (03) 1234 5678
Email: privacyofficer@yourorganisationname.com.au