Privacy Policy

Purpose  

The purpose of the Privacy Policy is to ensure that the Australian Compliance Institute (ACI) meets its legal and ethical requirements regarding the collection, storage and disclosure of the personal information it holds regarding individuals, companies and other stakeholders. 

 

In addition, it ensures the gathering, organising, and recording of assessment evidence and decisions made in the delivery of education are in line with ethics, privacy and confidentiality requirements. 

 

This policy aligns with the principles and obligations outlined in the Privacy Act 1988 (and subsequent amendments) which makes provision to protect the privacy of individuals and provides 13 Australian Privacy Principles (APP) to which the ACI Privacy Policy abides. 

   

Privacy Policy  

 

Principles   

 

The ACI is committed to ensuring the following: 

 

  1. Confidential and personal information provided to the Institute by ACI stakeholders is collected and treated in a manner which protects the privacy of that information on behalf of the individual, their employer, the company, or organisation.
  2. If it is lawful and practicable to do so, ACI will give people the option of interacting anonymously with it.
  3. ACI will only collect personal information that is necessary for undertaking its functions, activities and reporting to government agencies including, but not limited to, its reporting obligations as an RTO.
  4. ACI is committed to the protection and appropriate management of personal information. 
  5. ACI does not meet the definition of an Australian Privacy Principles entity but seeks to ensure the organisation deploys effective Privacy practices, procedures and systems. 

 Collection of Personal Information 

 

  1. ACI will use fair and lawful ways to collect personal information and will collect such information directly from an individual unless it is not reasonable or practicable to do so.
  2. ACI will obtain consent from the stakeholders to collect sensitive information unless any specified exemptions apply.
  3. At the time of collecting personal information or as soon as practicable afterwards, ACI will take reasonable steps to make an individual aware of:
    1. why it is collecting information about them;
    2. who else it may give the information to; and
    3. other specified matters. 
  4.  Personal information is generally collected through individual and corporate membership applications; course enrolment forms; workplace assessments and other assessment records; social media pages, including online forms and submissions. 
  5. The types of personal information collected include:  
    • personal details (this may include place of origin, language and cultural diversity and disability indicators) 
    • contact details, including postal, telephone and email address. 
    • employment information 
    • Information associated with corporate membership including details of nominated Primary Contact and employee members 
    • Membership history  
    • Academic history  
    • training, participation and assessment information. 
    • Event attendance. 
    • fee and payment information. 
    • continuing professional development information 

 

Dealing with Personal Information 

 

  1. Information about ACI individual member will not be disclosed to a third party (except outsourced providers supporting ACI) without the stakeholder’s written consent.
  2. Membership or other stakeholder lists will not be sold, lent, or given to third parties, including Members, for commercial gain unless as provided by law.  On occasion ACI will share compliance information from third parties with our members.  All correspondence with the membership is undertaken by ACI. 

 

Storage and Security of Information 

 

  1. ACI securely stores all records containing personal information and takes reasonable security measures to protect the information collected from unauthorised access, misuse or disclosure.
  2. Personal information is stored in either paper-based files that are kept in a secure location or electronically via our password-protected server in a secure environment to which only authorised staff (or authorised third parties providing support services to ACI), have access.
  3. ACI may use the personal information provided by an individual or corporate member to provide benefits and services to them as members of the Institute or to promote other internal products and services to them. 
  4. The ACI will comply with the record retention requirements of Australian agencies and authorities and securely retain, and produce records as required by those authorities, including but not limited to demonstrate compliance with the Standards for Registered Training Organisations (RTOs).
  5. The ACI will retain student assessment evidence in line with ASQA directions for at least six months from the date on which our judgement of competence for the student was made, or longer as required. 
  6. Any information processed outside the ACI or any training or assessing for workplace-based programs or assessments marked offsite, must be stored securely and the information contained is treated as confidential. 

 

Disclosure of information 

 

  1. ACI will never disclose personal information about any of its members, students, employees, contractors or partners without their expressed consent to disclose that information, unless lawfully required to do so.  
  2. For ACI students, personal or assessment progression/outcome information about a student enrolled in a course may be shared with the following external organisations:
    • Registered training authorities in each state and territory of Australia, where applicable 
    • industry licensing authorities in each state and territory of Australia, where applicable 
  3. Subject to appropriate identity verification, ACI stakeholders can access any records of personal information to which they are entitled to review but cannot take copies of such information
  4. Subject to appropriate identification, ACI Students will have access to their learning records such as, but not limited to, Statements of Attainment, Qualifications, Record of Results, Verification of Competency Certificates and copies of assessments.
  5. ACI will not charge for access to any records that is held about individuals, however, there may be a charge for any copies made where required. Arrangements will be made within five business days for a stakeholder to access their records.
  6. Only those members who have given permission will have their personal details made available to other members, provided such information is used solely for the purposes of the Institute.
  7. Attendees at events will be invited to nominate if their Name and Affiliation can be released to other delegates. 

 

Integrity of Personal Information 

 

  1. ACI stakeholders can ask to have any incorrect personal information corrected and are able to lodge a complaint if they believe their information has been mishandled.  Refer to the Complaint Handling Policy. 

 

Procedures : 

 

Privacy notices   

  

  1. Make best endeavours to ensure that stakeholders have access to and the opportunity to read and understood the Privacy Policy on joining or enrolling with the ACI. 

 

Marketing 

  

  1. Website/social media: 

Ensure a stakeholder’s permission has been given before using any picture, image or stated words from an individual on ACI’s website or social media presence. 

 

  1. Surveys: 

For all surveys conducted by ACI ensure the respondents name and details are noted as optional on the form, and if provided, the individual consents to have their personal information disclosed. 

 

 

 

 

 

Access to Training Records 

 

  1. Request to access training records: 
  • Stakeholders may request to access their training or event attendance records in writing and directed to the CEO at admin@compliance.org.au 
  • On receiving a request in writing, confirm that the request is valid and has been made by the person to whom the records relate –check identification documents such as photo ID 
  • Arrangements for delivery of documents should be confirmed in writing within ten business days of receiving the request. 
  • Where records are to be mailed, they should only be mailed to the address on file for that learner unless an alternate change of address information is provided along with proof of identity – such as a driver’s license or utility bill. 

 

Amendments to Training, Attendance Records 

 

  1. Request for Records to be Amended. 
  • Requests to correct personal information or records held about a stakeholder should be provided in writing to the CEO, or their delegate. 
  • If it is a change of address, contact details, payment details of a current stakeholder, there changes can be made on the web portal or emailed to admin@compliance.org.au  
  • ACI will advise what action were taken to follow up on their request. 

 

Definitions 

 

Course means any nationally recognised qualification, unit of competency, skill set, or short course delivered by the ACI under its RTO or any other education program offered by the ACI. 

  

Personal information is defined in the Privacy Act 1988 (Cth) as ’Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.’”.  

. 

Primary Contact: Is the individual nominated in writing by a Corporate Member of the ACI to be the person authorised to receive and provide personal information on behalf of that company. 

 

RTO means Registered Training Organisation. 

 

ACI Stakeholder refers to individual members, corporate members, students of ACI courses, employees, contract staff, vendors, and volunteers. 

 

Privacy Policy V4.0 9 May 2024