AIM Policy: Privacy

Purpose

The purpose of this policy is to provide AIM students and staff clear information about AIM’s position in relation to how we manage student information.

Scope

The policy applies to prospective AIM students and AIM students enrolled in Vocational Education and Training (VET) courses with AIM. It also includes other individuals who may interact with AIM in conducting its business. The policy includes collection and use of personal information, disclosure of personal information, security of personal information and rights and access to records.

Principles

  • AIM complies with the Standards for Registered Training Organisations (RTOs) 2015 including the clauses related to compliance and reporting (clauses 8.5 and 8.6) and providing requested information to the Australian Skills Quality Authority (ASQA) (clauses 8.1 and 8.2).
  • AIM complies with all relevant Commonwealth, State and Territory legislation and regulatory requirements relevant to its operations, including the Australian Privacy Principles set out in the Privacy Act 1988.
  • AIM is committed to and guided by principles of access, equity, fairness and ethical behaviour

Definitions

Personal and sensitive information

Under the Privacy Act 1988 and Privacy Amendment (Enhancing Privacy Protection) Act 2012 (s6(1)), personal and sensitive information is defined as follows:

  • Personal information: “information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.”
  • Sensitive information: “(a) information or an opinion about an individual’s: (i) racial or ethnic origin, or (ii) political opinions, or (iii) membership of a political association, or (iv) religious beliefs or affiliations, or (v) philosophical beliefs, or (vi) membership of a professional or trade association, or (vii) membership of a trade union, or (viii) sexual preferences or practices, or (ix) criminal record, that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d) biometric information that is to be used for the purposes of automated biometric verification or biometric identification; or (e) biometric templates”.

Australian Privacy Principles (APPs)

The Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act), outline how most Australian and Norfolk Island Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.

While the APPs are not prescriptive, each APP entity needs to consider how the principles apply to its own situation. The principles cover:

  • the open and transparent management of personal information including having a privacy policy
  • an individual having the option of transacting anonymously or using a pseudonym where practicable
  • the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
  • how personal information can be used and disclosed (including overseas)
  • maintaining the quality of personal information
  • keeping personal information secure
  • right for individuals to access and correct their personal information

 

Policy

In the course of its business, AIM may collect information from students or persons seeking to enrol with AIM and other individuals who interact with AIM in the course of its business, either electronically or in hard copy format, including information that personally identifies individual users. AIM may also record various communications between individuals and AIM.

In collecting personal information AIM will comply with the requirements of the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Act).

From time to time, AIM may be related to other entities (related entities) and this Privacy Policy applies if your personal information is dealt with by those related entities.

Authority to collect information

AIM is an approved RTO, registered with ASQA. This registration is issued under the authority of the National Vocational Education and Training Regulator Act 2011.

This legislation requires AIM to collect personal and sensitive information from potential students and students. This requirement is specified in the Data Provision Requirements 2012 which is one of five legislative instruments that AIM must comply with as a condition of its registration. The data provision requirements require AIM to collect data from students in accordance with the Australian Vocational Education and Training Information Statistical Standard (AVETMISS). This is a complex information standard that defines information about who the student is, where the training is delivered and what they are studying. The Standards for RTOs require AIM to retain and store this information for up to 30 years and to report training activity to government agencies in accordance with mandatory reporting requirements.

Together these requirements form a statutory obligation to collect, store and report information of any student participating in nationally accredited training. The publications referred to in this section can be accessed from the ASQA website.

Collection and use

AIM collects personal information, either directly or indirectly, that is reasonably necessary for, or directly related to its delivery of the services it offers. Some of the information collected may be regarded as ‘sensitive’ as defined by the Privacy Act. In broad terms the kinds of personal information and purposes for which it is collected are:

Solicited information

  • Contact information such as name, organisation, position, address, telephone, and email are collected for marketing, support services, mandatory reporting and for communicating with stakeholders as part of our day to day operation.
  • In addition to information collected training activity, AIM will also collect, store and report information relating to satisfaction surveys, complaint handling and on our client employers.
  • Names, addresses, phone numbers, emergency contact details, bank account details and other employment related information is collected from employees for the purpose of managing human resources. The management of staff personal information complies with this policy.

Student personal and sensitive information as well as training activity information is prescribed by the AVETMIS Standard. This information is collected directly from students using enrolment forms which may be electronic, or paper based and other administrative forms including but not limited to complaint forms, recognition of prior learning applications, requests for refund etc.

Survey responses are collected using our Employer and Learner Satisfaction Surveys which are issued in electronic format.

Enquiry information from prospective students including personal contact information is collected directly from individuals who make data requests either by telephone or email in person or via our website.

AIM personal information is also collected from individuals on employment commencement.

Sensitive information

Personal information collected by AIM that may be regarded as ‘sensitive’ under the Privacy Act includes:

‘Disability’ and ‘long-term impairment status’ (health); and ‘indigenous status’, ‘language spoken at home’, ‘proficiency in spoken English’, ‘country of birth’ (implies ethnic/racial origin). This information is specified in the AVETMISS data elements and is collected for the national VET data collections, national VET surveys, and may be collected for VET-related research.

‘Dietary requirements’ (health-related) are collected for event catering purposes only.

Biographical information, which may contain information on ‘affiliations’ and ‘membership of a professional or trade association’ are obtained from key note speakers for event marketing purposes.

‘Memberships of professional associations’ and ‘health and work injury information’ is collected from AIM employees for HR management purposes.

Direct marketing

AIM respects an individual’s right not to receive marketing material, and provides an option within communications and on its website for individuals to unsubscribe from receiving marketing material. AIM conducts its marketing communications and dissemination of service information in accordance with Australian Privacy Principle 7 (Direct marketing), the Spam Act 2003 (in respect of electronic communications), and the Do Not Call Register Act 2006. It is not, however, AIM’s practice to ‘cold call’ for the purpose of marketing its products and services.

Google Analytics and cookies

Google Analytics is a web service provided by Google Inc. Cookies are used to generate data on website activity and usage. The cookies, which include IP addresses, are transmitted to and stored in Google servers in the United States where they are used to compile web-use reports. Google may transfer this information to third parties, where required by law, or for information processing on its behalf. Google will not associate IP addresses with any other data held by Google. More information on Google’s privacy policy can be found on their website www.google.com.au in the policies section. It is possible to disable cookies by adjusting web-browser setting and to opt-out of Google Analytics. Doing so, however, may affect web-site functionality.

The AIM web servers automatically log information such as server address, date and time of visit and web pages accessed. No personal information is recorded. These logs are used for website management and improvement.

Unsolicited personal information

If AIM should receive unsolicited personal information, it will be treated and managed according to the Australian Privacy Principles.

Notification of collection

AIM seeks to notify individuals of the collection of their personal information before, or at the time of collection, or as quickly as possible thereafter. Notifications are usually in writing, but may be verbal for telephone help-desk services, or research conducted by telephone interview.

Marketing – notification is provided on our website course application page. Individuals are also notified at the time of collecting personal information for events. A privacy notice is provided in all AIM marketing communications.

Quality Indicator surveys – this is a mandatory requirement for all RTOs and participants are informed of their invitation to participate via email along with a link to the survey.

AIM staff – Notification is provided on employment commencement.

Disclosure of personal information

AIM does not disclose personal information other than for the purpose for which it was collected, or an individual has consented to a secondary purpose, or an individual would reasonably expect this (such as receiving communications about upcoming events), or if required by law.

AIM may share personal information with the Commonwealth government in accordance with Commonwealth contractual obligations. In these circumstances AIM will take reasonable steps to inform and seek consent from the individuals concerned and take all reasonable steps to ensure that the recipient handles the personal information according to the APPs.

AIM does not sell its lead lists to third-parties for marketing purposes.

AIM does not disclose personal information to overseas recipients. While people around the world can access material published on our website, no statistical or research publications contain identifiable personal information.

Management of personal information

AIM endeavours to ensure the personal information it collects and uses or discloses is accurate, up to date, complete and relevant. AIM routinely updates the information held in its customer relationship management system. In addition to periodically checking with stakeholders if their personal contact details have changed.

Access to and correction of personal information

Individuals may, subject to the exceptions prescribed by the Australian Privacy Principles, request access to and correction of their personal information where this is collected directly from individuals by AIM.

AIM does not charge for giving access to or for correcting personal information.

Requests for access to or correction of personal information should be made in writing. Requests will be answered within 14 business days.

Information retention and disposal

Personal information is held in electronic format:

  • Information collected from student enrolment applications and survey responses is held in databases.
  • Names and contact details of stakeholders are held in the Student Management System and email contact lists.
  • Names and contact details collected during the delivery of services may be held either in electronic form in AIM’s document management system.
  • Personal staff information is held in the HR management, pay roll database.
  • Backup copies of all electronic files held in AIM’s systems are kept in the event of system failure/loss. All backup copies of system files are secured.

AIM retains personal information for 30 years. When personal information is no longer necessary for AIM’s business functions, and it is lawful to do so, AIM destroy the information.

Information security

AIM takes active steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

AIM’s systems and internal network are protected from unauthorised access using appropriate technologies. Most system data transferred over the internet is protected by Secure Socket Level protocol (SSL). The inherent risks associated with data transmission over the internet are, however, commonly acknowledged. Individuals, who do not wish to provide their personal information via the online website forms have the option of mailing this information to AIM.

Access to the Student Management System is protected through user log-on and password, and assignment of user access rights.

Third-party providers used by AIM for the delivery of services are required to be compliant with the Australian Privacy Principles and offer appropriate safeguards to protect personal information.

AIM’s premises and data storage systems are fully secured. AIM practices clean-desk policy and locking workstations when working with personal information. Paper documents containing names and addresses are required to be locked away and shredded when destroyed. All hardware is properly ‘sanitised’ before disposal.

Concerns and complaints

Complaints or concerns about AIM’s management of personal information should be directed in writing. AIM will respond in writing within 14 business days.

Contacting AIM

Requests for personal information, changes to information or for concerns or complaints related to privacy should be directed to AIM at:

Privacy Compliance Officer
AIM
PO Box R515
Royal Exchange NSW 1225

Version: 1.4.0