Our adoption of the Australian Privacy Principles 2014 (APPs) and the requirements of the Privacy Act 1988 (Cth)(‘the Act’) formalises our commitment to ethical conduct and practice in regard to privacy. CHS Training seeks to observe the privacy safeguards laid down by the Principles when collecting, storing, using and disclosing personal information. We also give individuals access and correction rights in relation to their personal information in compliance with the Act.
Compliance with the new APPs effectively means that CHS Training will further position itself as being privacy sensitive and our clients will have increased confidence and trust in our operations and personal information handling process.
- via our website (www.chstrain.com.au)
- in our Student Handbook (given to all students at Enrolment and also on our website)
- by contacting
- to provide information to you and to ask you whether you are interested in our upcoming training courses or satisfied with our training
- to issue your certificates to you without error at the completion of your training
- for market research and analysis
- for continuous improvement of our training services
- to meet regulatory obligations
- in accordance with legislative requirements or authority
- to enforcement bodies with statutory authority
- in any criminal procedure with court authority
- laws relating to the confiscation of the proceeds of crime
- proceedings by any enforcement or administrative body in a court or tribunal
- confidentiality requirements on our employees
- policies on document storage security
- strict archiving and student record management systems
- security measures for access to our systems
- controlling access to our premises
- Information management is subject to an in-house compliance system with defined standards and monitoring.
- providing access would have an unreasonable impact on the privacy of another individual
- the request is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings between you and us and would not be available by a process of discovery in those proceedings
- providing access would prejudice negotiations we have with you
- providing access would be unlawful or likely to prejudice an investigation into unlawful activity
Collecting Information About You
APP 3 states that an organisation must not collect personal information unless it is reasonably necessary for one of its functions or activities. We collect information from students in our training courses and from people who make enquiries about our training only as is reasonably necessary ie as dictated by our regulatory authority for issuing of certificates and statistic purposes.
We will only collect your name and contact number from you if you make an enquiry about our courses.
Once enrolled in our course, we collect personal information about our students when they complete an enrolment form and attendance sheet at the commencement of training.
We also collect course feedback, although this can be completed anonymously.
APP 4 applies to the receipt of unsolicited personal information. In the very unlikely event that we receive unsolicited personal information about you, we must determine whether we could have lawfully collected the information under APP 3, and if not, we will destroy or de-identify the information as soon as practicable, but only if it is lawful and reasonable to do so.
Use or Disclosure of a Government Related Identifier (APP 9)
APP 9 restricts the adoption, use or disclosure of government related identifiers by organisations. An identifier is a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify the identity of the individual. A government related identifier is an identifier that has been assigned by an agency, a State or Territory authority, an agent of an agency or authority, or a contracted service provider for a Commonwealth or State contract. An identifier, including a government related identifier, is personal information that must be handled in accordance with the APPs. An organisation must not adopt a government related identifier of an individual as its own identifier of the individual, unless an exception applies. An organisation must not use or disclose a government related identifier of an individual, unless an exception applies.
Under APP 9.25 an organisation may use or disclose the government related identifier of an individual if the use or disclosure is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions (APP 9.2(a)). Under APP 9.26 this exception allows an organisation to use a government related identifier to both establish the identity of an individual and to verify that an individual is who or what they claim to be. Under APP 9.28 the use and disclosure of the government related identifier to verify the identity of the individual must be reasonably necessary for the purposes of the organisation’s functions or activities.
What We Use Your Information For
We comply with the requirements of APP 1 where organisations need to have ongoing practices and policies in place to ensure that they manage personal information in an open and transparent way and in relation to APP 6, where we must disclose the purpose for which we collect your information and use it for that purpose only (unless you have consented to such other use or disclosure or an exception applies).
We use information collected about you for a number of purposes:
Who We Might Give Your Information To
APP 6 states we must not use or disclose information for any purpose other than the particular purpose for which it was collected unless the individual has consented to such other use or disclosure or an exception applies. The most notable exception is that the individual would reasonably expect the personal information to be used for the secondary purpose and the secondary purpose is related the primary purpose.
We will only give your information to our Government regulatory authorities as required for the purpose of issuing certification and licences and compliance.
Information regarding your personal information will be given to third parties when necessary or authorised by you.
You should also be aware that there are instances where we are legally obliged to pass on information about you. The following list of compulsory disclosures (i.e. disclosures we must make) provides you with examples but is not intended to be exhaustive or complete:
We will not pass on your personal information to unrelated parties for their marketing purposes.
The Quality of the Information We Collect
Under APP 10 we are required to ensure that the personal information we hold is accurate, up-to-date and complete. In addition, we are also required to ensure that it is relevant, having regard to the purpose for which it is used or disclosed. In all cases we endeavour to ensure that information collected is correct, relevant and current. We ask that you contact us immediately you become aware that your details require updating or alteration.
The Security of Your Information
Under APP 11 we must take reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss, from unauthorised access, modification or disclosure and when we no longer need the information for any purpose for which it was disclosed to us, and if it is not contained in a Commonwealth record and its retention is not required by law, we must take reasonable steps to destroy the information or ensure it is de-identified.
We have statutory requirements to maintain our records for two years in hard copy form and for thirty years in electronic copy as per SNR 19.1(e).
We endeavour to protect any personal information that we hold from misuse and loss, and to protect it from unauthorised access, modification and disclosure. Some of the ways we achieve this are:
Access to and/or Correction of Your Personal Information We Hold
Under APP 5 we must let you know how to obtain access to and correct personal information we hold about you.
We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect, disclose or use it, but if we are satisfied that certain personal information is inaccurate, out of date, incomplete, irrelevant or misleading or we have received a request for correction, we must take reasonable steps to correct, update and complete the information (APP 13).
Please contact us immediately you become aware that any information we have about you is incorrect and we will endeavour to update it accordingly.
If requested we will take reasonable steps to disclose your corrected information unless it is impracticable or unlawful to do so your corrected information to the concerned Authority.
We do not charge for you access to your own personal records or for corrections to student records. Charges will apply for reissuance of certificates as per the Student Handbook.
In the event we dispute a correction you wish to make, we shall place your disputed information on the file, together with the unaltered statement of information, until such time as the matter can be reasonably resolved by the CEO. You will be notified in writing on the reasons for the refusal and the CEO will contact you directly within 7 days as to the resolution process.
We must give you access to the information we hold about you (APP 12). Unless there are exceptional circumstances around the openness of your files, we will provide you with copies of our current records about you. If you wish to see your information, we ask that you make a request in writing and allow us seven working days in which to forward it to you.
Circumstances in which access to your records might be denied or restricted could be as follows. Please note this list is not intended to be exhaustive:
If we refuse access on one of the specified grounds, we will take reasonable steps to give access in a way that meets both parties’ needs.
Dealing With us Anonymously or by Using a Pseudonym
APP 2 states we are to allow, where lawful and practicable to do so, you to deal with us anonymously or by using a pseudonym, unless identification is required by law or it is impracticable for you to deal with individuals who have not fully identified themselves e.g. general inquiries about the services we can offer you. Due to legislative requirements you must disclose your true information for training certification, and we must have your legal name on enrolment and attendance forms to allow us to issue correct, valid certification.
You may contact us to obtain any general information or assistance you wish without identifying yourself. However, for reasons of security, you will not be able to obtain information about your student records without identifying yourself first.
Transborder Data Flows
Under APP 5 we must let you know if we are likely to disclose your personal information overseas and if so to which countries. This includes where the information is collected from someone other than the individual.
Generally, information about you would only be sent to a foreign country at your request. At present, we have no arrangement which would require the transfer of any information regarding you or your information to a foreign country. Thus APP 8 is not applicable in this case.
APP 3 clarifies that, unless an exception applies, sensitive information must only be collected with an individual’s consent if the collection is also reasonably necessary for one or more of the organisation’s functions or activities. Sensitive information is information about you which is information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union or criminal record. Information in respect of your health is also sensitive information.
Usage of Personal Information for Direct Marketing Purposes
APP 7 provides that we may only use or disclose personal information for direct marketing in certain circumstances, including what the individual would reasonably expect it to be used for that purpose, there is a simple means to opt out and the individual has not so opted out. Where an individual would not reasonably expect personal information to be used for direct marketing, in addition to a simple opt out procedure, consent must have been given unless it would have been impracticable to obtain such consent.
CHS Training does not use personal information for advertising purposes on Facebook or our website.
Have You a Comment or Complaint About Your Privacy?
Under APP 5 we must let you know about our complaints processes.
If we have breached any of our obligations in keeping your information, or you are uncomfortable about any of our information management practices which have come to your attention, please do not hesitate to contact our RTO Manager by calling (02) 6642 5559 or by writing to us at PO Box 1443, Grafton NSW 2460.
We expect our conduct to deliver standards and performance of the highest order and welcome your comments and complaints. All reasonable action will be taken to rectify your complaint within a satisfactory timeframe by the CEO.
If you are not satisfied with our response or would like to know more about your privacy rights, you can contact the Office of the Privacy Commissioner by calling 1300 353 992 or visiting the website at www.privacy.gov.au.