- Clearly communicate the personal information handling practices of Optec Pty Ltd.
- Give staff and other individuals a better understanding of the sort of personal information that Optec holds, and
- To enhance the transparency of Optec’s operations.
The Privacy Act 1988 as Amended (Currently to 12th March, 2014) is an Australian law that regulates the handling of personal information about individuals, this includes the collection, use, storage and disclosure of personal information. Since its inception in 1988 the Privacy Act has introduced many significant changes including 13 Australian Privacy Principles (APPs) that apply to the handling of personal information to which Optec must comply.
2.1. The definition of personal information
Personal information is defined under the Privacy Act as “information or an opinion about an identified individual, or an individual who is reasonably identifiable”:
A] Whether the information or opinion is true or not, and
b] Whether the information or opinion is recorded in a material form or not.
Some examples of personal information include names, addresses, phone numbers and email addresses and the definition of personal information only relates to ‘natural’ persons, it does not extend to other ‘legal’ persons such as companies.
2.2. The definition of sensitive information
Under the Privacy Act, sensitive information is defined as:
A] Information or an opinion about an individual’s:
I. racial or ethnic origin
ii. Political opinions
iii. Membership of a political association
iv. Religious beliefs or affiliations
V. Philosophical beliefs
vi. Membership of a professional or trade association
vii. Membership of a trade union
viii. Sexual orientation or practices, or
ix. Criminal record
That is also personal information; or
b] Health information about an individual
c] Genetic information about an individual that is otherwise health information
d] Biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
e] Biometric templates.
3. The collection of personal information
Solicited (Requested) Information
Personal information is collected in order for Optec to properly and efficiently carry out its functions and obligations. Optec only collects personal information for purposes that are directly related to our functions or activities under the National Vocational Education and Training Regulator Act 2011 (The NVR Act), the Privacy act (Including Australian Privacy Principles),the Freedom of Information Act (The FOI Act) or the Data Provision Requirements of the National Vocational Education and Training Regulator Act 2011 (The NVR Act), and only when it is reasonably necessary or directly related to Optec’s functions.
Optec will only collect sensitive information from individuals if the individual consents to the collection, unless:
- the sensitive information is required or authorised by law
- a permitted general situation exists (Such as the collection of a USI number)
- a permitted health situation exists (Such as the provision of emergency services to the individual)
- The sensitive information is required for an enforcement related activity.
If Optec receives unsolicited information, it will determine if the information is required to carry out its functions, if Optec determines that the information is not required, it will destroy or de-identify the information as soon as practicable.
If Optec determines that the information is required, then the information will be treated as Solicited Information as above.
Information from a Third Party
In the event that Optec has collected personal information from a third party (such as an emergency services provider), or a publicly available source, it will seek the individuals consent to such collection, or would reasonably expect us to collect their personal information in this way.
If Optec collects personal information from a third party, it will take reasonable steps to inform the affected individual that their personal information has been collected from a third party as soon as possible after the collection has taken place. (See section 4.2 below)
3.1. How does Optec collect personal information?
Optec uses personal information only for the purposes for which it was provided and for directly related purposes (unless otherwise required by or authorised under law), we also collect information in relation to employment services, human resource management and other corporate service functions. Personal information can be collected from an individual when that individual:
- enrols in a training course
- applies for employment
- is interviewed as a process of seeking employment
- submits a complaints form
- sends an email
- makes a training course payment
- when Optec makes a refund to an individual
- makes a claim for compensation
- requires medical assistance
An individual may, in some circumstances, such as lodging a complaint, prefer to remain anonymous, or to use a pseudonym, when interacting with Optec. Whilst this is acceptable to Optec, individuals should be aware that if they choose to do this, it may make investigating complaints or providing specific information impracticable, and it may lesson Optec’s ability provide its usual level of service.
Optec generally collects personal information directly from the individual or their authorised representative.
4. Notification of collection of personal information
4.1 notifying the individual at collection
When collecting persona; information directly from an individual, Optec will take reasonable steps to notify, or otherwise ensure that the individual is aware:
- Of whether Optec is likely to disclose an individual’s personal information to overseas recipients and, if it is practicable to specify, the countries in which those recipients are likely to be located.
4.2 Notifying the individual if information is collected from a third party
If Optec collects personal information from someone other than the individual, or the individual may not be aware that the organisation has collected the personal information, reasonable steps will be taken to notify the individual, or otherwise ensure that the individual is aware:
- that Optec collects or has collected the information
- of the circumstances of the collection, including
- from whom the information was collected, and
- the law under which Optec collected the information
- Of the consequences of Optec not collecting the information.
5. Use and disclosure of personal information
5.1 The use and disclosure Within Australia
Optec will only use and disclose personal information for the primary purposes for which it was collected unless:
- the individual has consented to the information being used for a secondary use or disclosure
- the individual would reasonably expect Optec to use or disclose the information for the secondary purpose and that purpose is related to the primary purpose, or
- the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order
- a permitted general situation exists in relation to the use or disclosure of the information for example Optec need to use the individuals USI number needs to complete the reporting of data to AVETMISS
- Optec reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by or, on behalf of, an enforcement body.
Optec will only use sensitive information for a secondary purpose if it is directly related to the primary purpose.
5.2 The use and disclosure overseas
In situations where Optec may disclose personal information overseas, Optec will take reasonable steps to ensure that the overseas entity will comply with the APPS.
5.3 Use of personal information for direct marketing purposes
Optec will only use personal information for direct marketing purposes where it could be reasonably expected that the individual would be aware that Optec would use the information in that way.
6. Data quality
Optec will take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete, these steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed and at other times as necessary. Optec will also take reasonable steps to ensure the accuracy and completeness of the information prior to any disclosure of the information.
7. Data security
Optec takes steps to protect the personal information we hold against interference, loss, unauthorised access, use, modification or disclosure and against other misuse.
When no longer required personal information is destroyed in a secure manner.
8 Access and correction
8.1 Access and correction under the Privacy Act
Unless Optec is authorised to refuse access to information under the Freedom of Information (FOI) Act or any applicable provisions of any law of the Commonwealth, Optec will grant an individual;’ request for access to the personal information that Optec holds about them.
Individuals may also request that Optec correct any personal information about the individual that Optec holds. Optec will only update the information if it is satisfied the information it holds is incorrect. If Optec is satisfied that an individual’s personal information is incorrect, Optec will take reasonable steps to correct that information to ensure that it is accurate, up-to-date, complete, relevant and not misleading.
Optec will provide a response to any request for access or correction to personal information within 30 days. If refusing the request, Optec will provide statement of reasons for the refusal and remind the individual of the available complaint mechanisms, which are outlined below in Complaints. For clarity purposes, Optec will also take reasonable steps to associate a statement with the personal information that it refuses to correct.
Individuals will not be charged for requests for access or correction to their personal information, individuals can make a request by contacting the Training Coordinator at Optec.
8.2 Access, amendment or annotation under the FOI Act
Individuals may also make a request to Optec for access, amendment or annotation to their personal information under the FOI Act. Optec will respond to these requests in accordance with the FOI Act. If unsatisfied with the response received from Optec, an individual may seek an internal review of the FOI decision from Optec. An individual may also request that the Australian Information Commissioner review Optec’s decision.
In accordance with the “Freedom of Information (Charges) Regulations, Optec does not charge for request for, or access to personal information.
The Optec Training Coordinator can be contacted at; firstname.lastname@example.org
If an individual wishes to lodge a complaint about how Optec handles personal information, or if they feel Optec has breached the APPs, or if they wish to correct their personal information, or they wish Optec to disclose their personal information to a third party, or if they wish to obtain access to their personal information under the FOI Act they can contact Optec’s Training coordinator who will provide them with the correct form which needs to be completed and lodged with Optec as indicated below.