Privacy Policy

 

Privacy Policy and Procedures

  1. Purpose

The purpose of this Privacy Policy is to ensure that the Australian Compliance Institute (ACI) meets its legal and ethical obligations regarding the collection, storage, use, and disclosure of personal information about individuals, companies, and other stakeholders.

This policy aligns with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the Student Identifiers Act 2014, the National VET Data Policy, and reflects obligations under the Notifiable Data Breaches (NDB) scheme.

ACI is committed to protecting privacy, maintaining the security of personal information, and ensuring compliance with the Standards for RTOs 2025.

  1. Scope

This policy applies to:

  • Directors and Board Members
  • Employees, contractors, and volunteers
  • Members (individual and corporate)
  • Students of ACI courses
  • Vendors and service providers
  • Any third parties interacting with ACI
  1. Guiding Principles

ACI commits to:

  • Collecting personal information only where necessary for our functions and activities, or as required by law.
  • Informing individuals why and how their information is collected.
  • Using fair and lawful means to collect personal information, obtaining consent where required.
  • Ensuring individuals may interact anonymously, where lawful and practicable.
  • Protecting personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.
  • Not disclosing personal information to third parties unless authorised or required by law.
  • Notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) of eligible data breaches.
  • Providing clear avenues for individuals to access and correct their personal information.
  • Ensuring third-party service providers comply with privacy obligations.
  • Managing personal information in accordance with the National VET Data Policy and AVETMISS reporting requirements.
  • Collecting, verifying, and using Unique Student Identifiers (USIs) in compliance with the Student Identifiers Act 2014.
  • Seeking consent for any use of personal information in marketing materials or promotions (e.g., photos, testimonials).
  1. Collection of Personal Information

ACI collects personal information directly from individuals unless unreasonable or impracticable. This includes:

  • Membership and enrolment applications
  • Workplace assessments and training records
  • Event attendance
  • Surveys and marketing activities

Types of information collected:

  • Personal and contact details
  • Unique Student Identifier (USI)
  • Employment and academic history
  • Membership and training participation
  • Payment details
  • Continuing professional development records

Consent is obtained for the collection of sensitive information, except where exemptions apply.

ACI collects and reports personal information as required under the National VET Data Policy and AVETMISS for regulatory reporting to the National Centre for Vocational Education Research (NCVER) and relevant funding bodies.

Personal information is held in Australia and ACI currently does not use services or third parties where personal information is held or accessible by overseas recipients (as defined at APP 8.5). If ACI engages such services or third party providers, equivalent privacy protections will apply, in compliance with APP 8 (Cross-border disclosure).

  1. Use of Personal Information

ACI uses personal information to:

  • Provide services and benefits to members and students
  • Manage memberships and course enrolments
  • Verify and manage USIs
  • Comply with legal and regulatory obligations
  • Report training activity in accordance with the National VET Data Policy and AVETMISS
  • Promote ACI services (with opt-out options)
  • Conduct internal reporting and analysis

ACI honours the right of members and stakeholders to opt out of marketing communications at any time.

Where personal information is collected for use in marketing materials or promotional activities (including photographs or testimonials), informed consent is obtained prior to use.

Third-party service providers engaged by ACI are contractually bound to manage personal information responsibly and in compliance with applicable privacy laws.

  1. Disclosure of Personal Information

ACI will not disclose personal information without consent, unless:

  • Required by law
  • Necessary to prevent a serious threat to life, health, or safety
  • Permitted under this policy

ACI may share student information with:

  • Registered training authorities
  • Industry licensing bodies
  • NCVER and funding bodies, in compliance with the National VET Data Policy

ACI will never sell or rent stakeholder information for commercial gain.

  1. Data Security and Storage

ACI stores personal information securely:

  • Electronically in password-protected environments
  • Physically in secure locations

Only authorised staff and service providers have access to personal information.

Record retention:

  • Student assessment evidence: minimum 6 months post-completion
  • AQF certification documentation and attainment records: minimum 30 years (as per regulatory requirements)

Any information processed outside ACI or offsite must comply with this policy and maintain confidentiality.

  1. Access and Correction

Individuals can access and request correction of their personal information by contacting the ACI at admin@compliance.org.au.

Requests will be verified (e.g., photo ID). Records will be provided within ten business days. No charge applies for access, though fees may apply for physical copies.

If information is incorrect, ACI will promptly correct it and confirm the update.

  1. Data Breach Notification

In the event of a data breach likely to result in serious harm, ACI will notify affected individuals and the OAIC, in accordance with the Notifiable Data Breaches (NDB) scheme.

  1. Privacy Complaints

If you have concerns about how ACI has handled your personal information, please contact admin@compliance.org.au. Complaints will be managed in accordance with the ACI Grievance, Complaints & Appeals Policy.

 

If you are not satisfied with the response, you may escalate your complaint to the OAIC at:

  1. Related Documents
  • Constitution and By-Laws
  • Grievance, Complaints & Appeals Policy
  • Student Handbook
  • National VET Data Policy [External]

Authorising Body:

Australian Compliance Institute Board

Responsible Office:

CEO

Document Code:

GOV Privacy Policy

Revision Record:

Date

Approver

Version

Description

29/04/2025

AUSTRALIAN COMPLIANCE INSTITUTE BOARD

5.0

Major Review (OAIC reforms; RTO Standards 2025)

Due for Review:

30/04/2027