V1.2 March 2021/Review Dec 2022
Policy / Procedure
The CMTO is committed to protecting employee, student, and client privacy and confidentiality, in line with state and federal privacy legislation.
This policy focuses on the CMTO’s commitment to protecting the privacy of its students and outlines the various ways in which it ensures this protection. For the purpose of this policy, personal information is described as follows:
This is information, or an opinion, that identifies an individual or allows their identity to be readily discerned. It includes, but is not limited to, a person’s name, address, financial information, marital status, or billing details.
Collection of personal information
CMTO will collect personal information from staff in order to meet employment, legal and taxation obligations.
Information collected includes general personal details, and may include details of any disability or health issue that may affect the staff member’s ability to meet the requirements of their position.
CMTO is required to collect personal information, recordings, and assessments from students in order to process enrolments and provide suitable training and assessment services. Where applicable, information may also be required to comply with AVETMISS standards as specified by government regulators.
Information collected includes general personal details, and may also include details of any disability or health issue that may impact on the delivery of training or a person’s ability to engage in assessment activities.
CMTO will only collect relevant personal information required for the purposes of employment or education, or those needed to meet government reporting requirements.
CMTO collects all personal information in writing, either from an employment application and personal details form, or a registration or enrolment form, directly from the person whom the information is about. (Where applicable, information may be collected from the parent or guardian of a student under the age of 18.)
Students may have their name and contributions recorded in a course or unit completed online for quality and assurance purposes.
Use and disclosure of personal information
CMTO uses personal information about its staff for the purposes of meeting employment requirements including payroll, superannuation, and taxation.
CMTO uses personal information, recordings, and assessments from its students for the purposes of meeting VET requirements for the awarding of qualifications, and to comply with reporting requirements where relevant, as specified by government regulators.
Personal information, as collected through the CMTO’s enrolment and registration Forms or other means, will be passed on to government regulators as per legal data collection requirements. This personal information may also be accessed for the purposes of an audit by ASQA.
Personal information will not be used in any way other than those outlined in this policy, or any other way than might reasonably be expected.
Except as required under the Standards for Registered Training Organisations, Government Contracts or by law, information about a student will not be disclosed to a third party without the written consent of the participant.
Access to personal information
It is a policy of the CMTO to allow access to personal files at any time to the person to whom those files relate, upon written request.
Staff and students may access their files by submitting their written application to the CMTO and providing proof of identity.
All requests for private information must be approved by the CMTO CEO.
Storage and security of personal information
CMTO will take all reasonable steps to maintain the privacy and security of personal information.
Information stored electronically is kept on a secure server and access is restricted to authorised employees. This server is regularly backed up and kept in a secure location.
Paper-based documents containing personal information are in a locked filing cabinet and held within a secure area within the CMTO premises.
Where documents are required to be transferred to another location, personal information is transported securely in an envelope, folder or document bag.
Reasonable steps will be taken to destroy or permanently de-identify personal information when it is no longer required.
Non-active files are archived at a secure location.
CMTO will make all reasonable efforts to protect confidential information received from clients or partner organisations during the course of business operations. This information will not be disclosed without the prior consent of the client or partner organisation.
For a detailed explanation of the rules, regulations, laws, and privacy considerations the CMTO adheres to when handling personal information, please refer to FORM 27 Privacy Notice V1.5.