1. PURPOSE

The purpose of the Privacy Policy and Procedure is to ensure that Yarrawonga Mulwala Community & Learning Centre (YMCLC) (RTO 21765):

• Clearly communicates how YMCLC manages personal information;
• Provides students, staff and other individuals with an understanding of the sort of personal information that YMCLC holds; and
• Enhances the transparency of YMCLC operations.

This Policy and Procedure supports the following Standards for Registered Training Organisations 2015:

• Standard 5

2. POLICY STATEMENT

Yarrawonga Mulwala Community & Learning Centre (YMCLC) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person. YMCLC is required to collect personal information for a range of purposes. However, information will only be used for the purpose for which it was collected, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law. Consent will be obtained from individuals before any information is used for other purposes for example marketing.
All information provided to YMCLC will be protected to ensure that it is only accessible by those who require the information in order to do their jobs.
YMCLC will endeavour to ensure that personal information we hold is accurate, complete, up to date and relevant to our functions or activities
YMCLC recognises the right of individuals to access personal information that is held about them.

Principles
The Privacy Act 1988 (“Privacy Act”) is an Australian law that regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduced many significant changes to the Privacy Act, including 13 Australian Privacy Principles (APPs) that apply to the handling of personal information. As a Recognised Training Organisation (RTO) reporting to the Australian Skills Quality Authority (ASQA), YMCLC is obliged to comply with the APPs for all personal information it collects from students undertaking training and courses with YET.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.

Personal Information – Definition
Personal information is defined under the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a) Whether the information or opinion is true or not, and
b) Whether the information or opinion is recorded in a material form or not.
Some examples of personal information which YMCLC collect may include names, addresses, phone numbers, email addresses, date of birth, and other information that may identify an individual.

Sensitive Information – Definition
Under the Privacy Act, sensitive information which YMCLC may come in contact with is defined as information or an opinion about an individual. Some examples of this include: racial or ethnic origin; religious beliefs or affiliations; or, sexual orientation or practices.

Collection of Personal Information for enrolment into Nationally Recognised Training
Under the Data Provision Requirements 2012, YMCLC is required to collect personal information about their students and to disclose that personal information to the National Centre for Vocational Education Research LTD (NCVER).

Your personal information (including the personal information contained on your enrolment form) may be used or disclosed by YMCLC for statistical, administrative, regulatory and research purposes. YMCLC may disclose your personal information for these purposes to:

• Commonwealth and State or Territory government departments and authorised agencies; and NCVER.

Personal information that has been disclosed to NCVER may be used or disclosed by NCVER for the following purposes:

• Populating authenticated VET transcripts;
• Facilitating statistics and research relating to education, including surveys and data linkage;
• Pre-populating RTO Student enrolment forms;
• Understanding how the VET market operates, for policy, workforce planning and consumer information; and
• Administering VET, including program administration, regulation, monitoring and evaluation.

You may receive a student survey which may be administered by a government department or NCVER employee, agent or third-party contractor or other authorised agencies. Students may choose to opt out of the survey at the time of being contacted. Students may also choose to opt out of being contacted for surveys during their pre-training review.

NCVER will collect, hold, use and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the National VET Data Policy and all NCVER policies and protocols (including those published on NCVER’s website at www.ncver.edu.au).

Information from Individuals
YMCLC uses personal information only for the purposes for which it was provided. Generally, the purposes for which YMCLC collects personal information are when an individual:

• Submits a registration for a course which YMCLC is running
• Submits a complaint about YMCLC services or employee
• Requests a refund
• Submits a request to view their student records
• Submits an application for, or commences employment with YMCLC.

Information collected from a third party or industry partner
Sometimes personal information is collected from a third party, or a publicly available source, but only if the individual has consented to such collection, or would reasonably expect us to collect their personal information in this way.

A third party or industry partner may include any school, university, sporting club, employer or group which is registering individuals into a training course on their behalf. If YMCLC collects personal information from a third party, YMCLC will take reasonable steps to inform affected individuals that their personal information has been collected from a third party as soon as practicable after the collection has taken place.

Employee Records
Employee records include records relating to the engagement, training, disciplining, resignation, termination, terms of conditions of contract details, performance or conduct, remuneration, union membership, health information and financial affairs.

Whilst employee records are not subject to the principles set out above, YMCLC will not use employee records for commercial purposes that are unrelated to the employment context nor will such records be utilised for commercial purposes.

Notification
When collecting personal information directly from an individual, YMCLC will take reasonable steps to ensure that the individual is aware of YMCLC policies which they have in place to protect individuals rights and how to lodge a complaint.

If YMCLC collects personal information from someone other than the individual, or the individual may not be aware that the organisation has provided their personal information to YMCLC, reasonable steps will be taken to notify the individual, or otherwise ensure that the individual is aware. YMCLC will use the following methods to provide this notification:

• Email to the individual about the service which YMCLC has collected the information for; or
• Phone call to follow up with the individual about the service for which the information was collected for.

Use and Disclosure
YMCLC will only use and disclose personal information for the primary purposes for which it was collected unless:

• The individual has consented to the information being used for a secondary use or disclosure;
• The individual would reasonably expect YMCLC to use or disclose the information for the secondary purpose and that purpose is related to the primary purpose; or
• The use or disclosure of the information is required or authorised by or under an Australian law or a court order; or
• YMCLC reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

YMCLC will only use sensitive information for a secondary purpose if it is directly related to the primary purpose. The information may also be shared with state and territory government and other Australian Government authorities and ministers, occupational licensing bodies, and others in accordance with the information sharing provisions contained in the NVR Act or the provisions of the Privacy Act.

Data Quality
YMCLC will take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary. YMCLC will also take reasonable steps to ensure the accuracy and completeness of the information prior to any disclosure of the information.

Data Security
YMCLC takes steps to protect the personal information we hold against interference, loss, unauthorised access, use, modification or disclosure, and against other misuse. When no longer required, personal information is destroyed in a secure manner. YMCLC will take reasonable steps to destroy or permanently de-identify that Personal Information.

Accessing Information
Where YMCLC holds Personal Information about an individual, it will provide the individual with access to that information on request in accordance with the relevant Privacy Principle. Whilst YMCLC may adopt its own identifier of the individual, it will do so only in accordance with the relevant Privacy Principle.

Personal information relating to a nationally recognised training course will be held in paper format for 1 year and electronic format for 30 years. This includes all completed student assessment items for each student from the date on which the judgement of competence for the student was made.

Individuals requesting access to their personal information held by YMCLC will be required to provide information to YMCLC to verify their identity. Any individual should expect that YMCLC is likely to require full and complete disclosure of name, address, contact telephone numbers, postal address, date of birth and email address, and may ask for other information which is has available to verify the individual claim to receive access to any information.

YMCLC will provide a response to any request for access or correction to personal information once identification of the person requesting the information is verified. This will generally be within 20 working days of the application for information. If refusing the request, YMCLC will provide a written statement of reasons for the refusal and remind the individual of the available complaints processes, which are outlined in YMCLC Complaints policy and can be found on the YMCLC website.

Individuals will not be charged for requests for access or correction to their personal information.

Complaints
If a member of the public wishes to lodge a complaint with YMCLC about how privacy and/or personal information is managed, or if they feel that YMCLC has breached the APPs, they can contact the Training Manager via email learning@ymclc.edu.au or the Executive Officer via email jaclarke@ymclc.edu.au

3. APPROVAL AND REVIEW DETAILS

Approval and Review
Approval Authority – Julie-Anne Clarke, Executive Officer
Advisory Committee to Approval Authority – Committee of Management
Administrator – Sharron Johnson, Training Manager
Next Review Date – June 2024

Approval and Amendment History
Original Approval Authority and Date
Amendment Authority and Date – Update to original policy
Notes – Update to Privacy Policy November 2016