Privacy Policy

In Australia, privacy law generally relates to the protection of an individual’s personal information. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The Privacy Act includes thirteen (13) Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, accessing and correction of personal information (including sensitive information). 

As a small business and consistent with its operations and responsibilities, under the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy protection) Act 2012, RTO Doctor is not required to have in place a Privacy Policy that meets the APP’s however, we choose to do so.

This policy is based on the thirteen (13) APP’s that came into force on 12 March 2014 through the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and details how RTO Doctor complies with each of these APP’s.

The Directors of RTO Doctor should ensure that all staff of RTO Doctor undertake awareness training in this policy and its underpinning legislative requirements, and comply with this policy at all times.  The Directors should also ensure that all clients of RTO Doctor have an awareness of this policy.

 

Consideration of Personal Information Privacy

Open and Transparent Management of Personal Information

The Directors of RTO Doctor must:

  • Ensure that personal information that RTO Doctor collects is managed in an open and transparent way;
  • Take reasonable steps to implement practices, procedures and systems relating to RTO Doctor functions or activities that will enable them to deal with enquiries or complaints from individuals about RTO Doctor’s compliance with the Australian Privacy Principles;
  • Ensure that RTO Doctor has a clearly expressed and up to date policy about the management of personal information by RTO Doctor;
  • Ensure that the RTO Doctor Privacy Policy contains the following information:
    • The kinds of information that RTO Doctor collects and holds;
    • How RTO Doctor collects and holds personal information;
    • The purposes for which RTO Doctor collects, holds, uses and discloses personal information;
    • How an individual may access personal information about the individual that is held by RTO Doctor and seek correction of such information;
    • How the individual may make a complaint about a breach of the APP’s and how RTO Doctor will deal with such a complaint;
    • Whether RTO Doctor is likely to disclose information to overseas recipients;
    • If RTO Doctor is likely to disclose information to overseas recipients – the countries in which such recipients are likely to be located (if it is practicable to specify those countries in the policy);
    • The Privacy Policy must be available free of charge and in such form as appropriate;
    • If a person or body requests a copy of the RTO Doctor Privacy Policy in a particular form, RTO Doctor should take reasonable steps to make the RTO Doctor Privacy Policy available in that form.

RTO Doctor advises that it collects, holds and uses the following personal information:

  • Information required for registering or submitting applications to regulatory authorities on behalf of clients including:
    • Australian Business Number
    • Australian Company Number;
    • Fit and Proper Person Declarations;
    • Banking Details;
    • Name, Contact Details, Date of Birth, etc.
    • Photographic Identification if required;
    • Licenses and / or permits, accreditation, etc. where required;
    • Copies of Curriculum Vitae, qualifications, etc.
    • Financial Details including evidence to demonstrate financial viability to regulatory authorities where required;
    • For the purposes of the RTO Doctor Online Store, we collect, hold and use the following information to facilitate your purchase (some information is collected, used and held by our hosted payment gateways provider Card Access Services.  Where this is the case, this information is represented by ‘*’;
      • Name;
      • Email Address;
      • Phone Numbers
      • Physical Address;
      • IP Address
      • Host Name;
      • Browser Information
      • Credit card details * (for further information, see the Card Access Services Privacy Policy http://www.cardaccess.com.au/ and Bankwest Merchant Services http://www.bankwest.com.au/business/business-accounts/business-account-services/merchant-services Privacy Policy)
      • For our Online Training Portal, we collect, use and hold information in relation to:
        •  Name;
        • Email Address;
        • Phone Numbers
        • Physical Address;
        • IP Address;
        • Host Name;
        • Browser Information;
        • During exhibitions, RTO Doctor may collect information, use and hold personal information including:
          • Name;
          • Contact Details;
          • Products and Services interested in;
          • Any information required for any competition we may be running at the time for which you will have provided consent.
          • For the purpose of subscribing to the RTO Doctor Newsletter or Social Media sites, we collect, use and hold the following information:
            • Name;
            • Email Address.
            • When visiting the RTO Doctor website, if an individual is logged in to the website under their user registration, RTO Doctor collects and holds:
              • The individual’s access time;
              • IP Address;
              • Visitor behaviour (e.g. what pages you may have visited to enhance the customer’s visit and preferences).
              • For employees or sub-contractor’s of RTO Doctor, RTO Doctor collects, uses and holds the following private information:
                • Employment Contract or Sub-Contracting Agreement;
                • Banking Details;
                • Next of Kin and Emergency Contact Information (where relevant);
                • Curriculum Vitae;
                • Qualifications, Permits, Licenses, etc.
                • Third Party Reference Checks;
                • Contact Details;
                • Any relevant sensitive information such as health and / or medical;
                • Tax File Number;
                • Superannuation Details;
                • Australian Business Number or Australian Company Number;
                • Eligibility Testing;
                • Application for Employment or Sub-Contracting;
                • All communications that are hard copy or electronic;
                • Medical Certificates, etc. where relevant;
                • Supervisory and/or performance management reports;
                • Attendance records;
                • Complaints and Appeals lodged and received against the individual where relevant;
                • All work related login and password details.
                • Any information that is collected, held and used by RTO Doctor is subject to this policy and where required, this policy will be updated to include any changes to the types of information that are collected, held or used by RTO Doctor.

 

Collection of Personal Information

Purpose of Collecting Personal Information

RTO Doctor collects, holds and uses the previously mentioned personal information and records for the purposes outlined above but specifically to support the work that it is engaged by the client to undertake (submit applications to regulatory authorities on their behalf), keep RTO Doctor clients and VIP clients up to date with changes to the industry and to facilitate the transmission of quotes, project requirements, contractual arrangements and payment processing.

RTO Doctor only collects information as and when required by requesting it to be submitted by the individual with their consent in writing (this consent may be in the form of an application for enrolment or employment).  Information can be collected by RTO Doctor through:

  • Physical hard copy;
  • Electronic submission via:
    • Email
    • Facsimile
    • RTO Doctor website including social media sites
    • Promotions, Open Days and exhibitions.

 

Dealing with Personal Information

Use and Disclosure of Personal Information

RTO Doctor will not use or disclose personal or sensitive information for any purpose other than what it was collected for unless the relevant person has provided written consent to use or disclose the information in circumstances that are different to those for which it was collected.  The circumstances where there may be an exception to this are:

  • Where the use or disclosure of this information is required or authorised by or under an Australian law or a court/tribunal order;
  • The individual would reasonably expect RTO Doctor to use or disclose the information for the secondary purpose;
  • A permitted general situation exists in relation to the use or disclosure of the information by RTO Doctor;
  • A permitted health situation exists in relation to the use or disclosure of the information by RTO Doctor;
  • RTO Doctor reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by or on behalf of, an enforcement body.  Where RTO Doctor uses an individual’s personal information under this clause, RTO Doctor must obtain consent in writing to release, use or disclose the personal information.

Where the individual chooses to maintain anonymity or use a pseudonym and this is not detrimental to their engagement with RTO Doctor and it does not inhibit RTO Doctor’s adherence to legislative compliance, RTO Doctor will act upon the individual’s request as is reasonable in relation to the requested and particular matter.


Direct Marketing

Where RTO Doctor holds personal information and excluding any sensitive information about an individual, RTO Doctor will not use or disclose this information for the purpose of direct marketing unless the following circumstances apply:

  • Written consent has been collected by the individual;
  • The individual would reasonably expect RTO Doctor to use or disclose the information for that purpose;
  • RTO Doctor provides an opt-out method that is easily accessible for individuals to request not to receive direct marketing communications from RTO Doctor;
  • The individual has not made such a request to RTO Doctor.

Where RTO Doctor does have written consent for the collection, holding and use of their personal details (excluding sensitive information), RTO Doctor must provide a simple means by which the individual can easily request not to receive direct marketing communications from RTO Doctor.  RTO Doctor provides this through an unsubscribe function on it’s newsletter and social media sites or by contacting RTO Doctor directly and requesting that direct marketing that the individual believes it has not consented to or no longer wishes to receive to cease.

This policy is also supported by and does not replace or supersede the following legislation:

  • Do Not Call Register Act 2006;
  • Spam Act 2003; or
  • Any other legislative document of the Commonwealth government.

Cross-Border Disclosure of Personal Information

Before RTO Doctor discloses personal information about an individual to a person who is an overseas recipient and who is not the individual or RTO Doctor, RTO Doctor must take such steps to ensure that the overseas recipient does not breach the Australian Privacy principles (other than Australian Privacy Principle 1) in relation to the information.  This does not apply if the recipient of the information is:

  • Subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APP’s protect the information; and
  • There are mechanisms that the individual can access to take action to enforce the protection of the law or binding scheme; or
  • Both of the following apply:
    • RTO Doctor expressly informs the individual that if they consent to the disclosure of the information, the above clauses will not apply, and
    • After being so informed, the individual consents to the disclosure.
    • Any of the reasons that apply for exemption under ‘Dealing with Personal Information’ previously.

It should be noted that RTO Doctor does have clients and followers of its website and social media sites in overseas locations (overseas recipients) and all information that is communicated between these parties is subject to this Privacy Policy and any other legal instrument that RTO Doctor is required to abide by including, but not limited to the Corporations Act 2001.

Adoption, Use or Disclosure of Government Related Identifiers

RTO Doctor must not adopt a government related identifier of an individual as its own identifier of the individual unless:

  • The adoption of the government related identifier is required or authorised by or under Australian law or a court/tribunal order; or
  • The identifier is prescribed by the regulations and the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.

At RTO Doctor such government identifiers would include (but are not limited to):

  • RTO Identification Numbers;
  • Application Numbers;
  • Legal Records and Case numbers.

RTO Doctor must not use or disclose a government related identifier of an individual unless it is in the circumstances described under the exceptions to ‘Dealing with Personal Information’ previously.

 

Integrity of Personal Information

Quality of Personal Information

RTO Doctor must take steps to ensure that the personal information that it collects is accurate, up to date and complete. RTO Doctor must take steps (as are reasonable in the circumstances) to ensure that the personal information that RTO Doctor uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.  In all cases at RTO Doctor, this includes all physical hard copy and electronic records.

In relation to its Newsletters, RTO Doctor’s Newsletter distribution software Mailchimp removes any email addresses from our distribution lists that are no longer active.  For the Privacy Policy of Mailchimp, please refer to http://mailchimp.com/

 

Security of Personal Information

RTO Doctor must take steps that are reasonable in the circumstances to protect the information from misuse, interference and loss as well as unauthorised access, modification or disclosure.  RTO Doctor achieves this by:

  • Ensuring any hard copy files containing physical, hard copy personal information is held in a secure home office with lockable doors and windows and security alarms at all times, including where this information is archived.  This would include records such as old training and assessment documentation, archived application documents in draft format, etc.  Under no circumstances does RTO Doctor store financial information in this manner.
  • All electronic payment transactions are conducted on a securely hosted website with appropriate intrusion protection and logical system access requiring each user to enter a user name and password for access. 
  • The RTO Doctor Online Store through its hosted payment gateway provides real time credit card processing, 256 bit SSL certificate with all data encrypted over 3DES & PCI standard.
  • All physical, hard copy sensitive personal information is to be stored in a lockable filing cabinet in the Director’s secure home offices (as described previously).
  • All archived documentation and back ups that RTO Doctor maintains on behalf of clients is stored in Google Drive in the RTO Doctor secure account or, alternatively on the RTO Doctor external independent Server which only has secure access by the Directors and resides at the Founding Director’s secure home office.
  • Where the user is physically absent from the personal information or sensitive personal information for any period of time (for example when RTO Doctor or its representatives are on site with a client and must leave their computer momentarily), that individual must return the personal information or the sensitive personal information to its secure storage area in accordance with these instructions.

 

  • RTO Doctor will conduct regular audits, either combined with or separate to its internal audits for registration purposes to confirm compliance with this policy and the Australian Privacy Principles.

 

If RTO Doctor holds personal information and an individual and:

  • RTO Doctor no longer needs the information for any purpose for which the information may be used or disclosed by RTO Doctor; and
  • The information is not contained in a Commonwealth record; and
  • RTO Doctor is not required by or under an Australian law, or court/tribunal order, to retain the information;

RTO Doctor must take such steps as are reasonable in the circumstances to destroy the information or to ensure the information is de-identified.  In relation to RTO Doctor, clients usually request (and expect) RTO Doctor to keep a secure copy of any documentation that it creates on behalf of the client in the event of their data failure.  Consistent with the expectations of our clients, RTO Doctor does store all client information for this purpose however, should a client wish for us to not store their personal information in this way, they can advise us in writing and request that it be securely destroyed. 

 

Access to, and Correction of, Personal Information

If RTO Doctor holds personal information about an individual, RTO Doctor must, upon request by the individual, give the individual access to the requested information.

Exception to Access

If despite the above clause RTO Doctor is not required to give the individual access to the personal information to the extent that:

  • The RTO Doctor reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety; or
  • Giving access would have an unreasonable impact on the privacy of other individuals; or
  • The request for access is vexatious or frivolous;
  • The information relates to existing or anticipated legal proceedings between RTO Doctor and the individual and would not be accessible by the process of discovery in those proceedings; or
  • Giving access would reveal the intentions of RTO Doctor in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
  • Giving access would be unlawful; or
  • Denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  • Both of the following apply:
    • RTO Doctor has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to RTO Doctor’s functions or activities has been, is being or may be engaged in;
    • Giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
    • Giving access would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
    • Giving access would reveal evaluative information generated within RTO Doctor in connection with a commercially sensitive decision-making process.

Dealing with Requests to Access

RTO Doctor must respond to the request within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.

 

Other Means of Access

If RTO Doctor refuses:

  • To give access to the personal information for reasons previously outlined; or
  • To give access in the manner requested by the individual.  Access may be given through the use of a mutually agreed intermediary.

 

Access Charges

As an organisation RTO Doctor may charge for giving access to the personal information however the charge must not be excessive and must not apply to the making of the request.  Where RTO Doctor charges a fee to give access to personal information held about the individual, this charge will be provided up front and will only cover the cost of providing the information where this is reasonable for photocopying and printing, as well as postage if required.

Refusal to Give Access

If RTO Doctor refuses to give access to the personal information because of any of the reasons outlined previously under ‘Exception to Access’, or where RTO Doctor refuses to give access in the manner requested by the individual, RTO Doctor must give the individual a written notice that sets out:

  • The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
  • The mechanisms available to complain about the refusal; and
  • Any other matter prescribed by the regulations.

 

If RTO Doctor refuses to give access to the personal information because giving access would reveal evaluative information generated within RTO Doctor in connection with a commercially or legally sensitive decision-making process, the reasons for the refusal may include an explanation for the commercially or legally sensitive decision.

Correction of Personal Information

If RTO Doctor holds personal information about an individual, and is either satisfied that having regard to a purpose for which the information is held, the information is inaccurate, incomplete, irrelevant or misleading or the individual requests that RTO Doctor correct the information, RTO Doctor must take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

 

Refusal to Correct Information

If RTO Doctor refuses to correct the personal information (including a request to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading) as requested by the individual, RTO Doctor must give the individual a written notice that sets out:

  • The reasons for the refusal except to the extent that it would be unreasonable to do so; and
  • The mechanisms available to complain about the refusal; and
  • Any other matter prescribed by the regulations.

Where RTO Doctor is required to provide a statement, RTO Doctor must take steps that are reasonable in the circumstances to associate a statement in such a way that will make the statement apparent to users of that information.

RTO Doctor must issue the statement within a reasonable period after the request is made and must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).

For further questions or clarity regarding this new legislation, please contact:

Office of the Australian Information Commissioner

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au or visit the website http://ww.oaic.gov.au

 

 

 

For more information please call 0408 144 002

© Copyright RTO Doctor 2017 All rights reserved.   |   Privacy Policy   |   Refund Policy   |   Terms & Conditions   |   Licensing Agreement   |   Website by TMC