Privacy Policy TLK Community College

Privacy Policy

Privacy Policy

Preamble

Tuggerah Lakes Community College Incorporated, trading as TLK Community College, is committed to protecting individual privacy and ensuring confidentiality of personal information in all areas of operations as a community based provider of accredited and lifestyle education and training services.

Scope

The College’s Privacy Policy applies to the protection and handling of personal information by the College in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs), as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

Where the College collects personal information under the services of TLK Alesco School, a division of the College providing accredited high school education, the TLK Alesco School Privacy Policy applies.

Under the Privacy Act, the Australian Privacy Principles do not apply to staff employment records. As a result, this Privacy Policy does not apply to the College’s management of staff employment records, where such management is directly related to a current or former employment relationship between the College and a staff member or former staff member.

The following sections outline how the College manages personal information under the College’s Privacy Policy.

Australian Privacy Principle 1: Open and Transparent Management of Personal Information

The Purpose of Information Collection, Retention, Use and Disclosure
The College retains a record of personal information about individuals, including students and clients, with whom the College undertakes College related activities.

As a Registered Training Organisation (RTO) regulated by the Australian Skills Quality Authority (ASQA), the College is required to collect, hold, use and disclose a wide range of personal and sensitive information on students enrolled in nationally recognised vocational education and training (VET) courses and programs. This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative instruments including:

  • Standards for Nationally VET Regulated (NVR) Registered Training Organisations 2015 and
  • Data Provision Requirements.

Through legal contracts with clients, the College is required under State Government Acts to collect, hold, use and disclose information. In accordance with these legislative requirements, the College supports the delivery of services through a range of Commonwealth and State Government funding contractual agreement arrangements, which also require the collection and disclosure of various information. Under legislative and legal requirements the College discloses information held on individuals for valid purposes to a range of entities including:

  • Governments (Commonwealth, State or Local)
  • Australian Apprenticeships Centres
  • Employers (and their representatives), Job Network Providers, Schools, Guardians and
  • Service providers such as credit agencies and background check providers.

The information the College is required to collect, hold, use and disclose from individuals for a range of purposes, includes but is not limited to:

  • Provision of student services
  • Management of employees and contractors
  • Promotion of products and services provided by the College
  • Conducting internal business functions and activities and
  • Addressing the requirements of students, clients and other stakeholders.

Types of Personal Information Collected and Held by the College
Personal information generally collected, depending on the need for service delivery includes:

  • Contact details
  • Employment details
  • Educational background
  • Demographic Information
  • Course progress and achievement information
  • Financial billing information.

Sensitive information that may also be collected and held includes:

  • Identity details
  • Employee details and Human Resources (HR) information
  • Complaint or issue information
  • Disability status and other individual needs
  • Indigenous status
  • Background checks (such as National Criminal Checks or Working with Children checks).

How Personal Information Is Collected
The College collects required personal information directly from individuals through:

  • Enrolment or application forms
  • Expressions of interest
  • Service delivery records
  • Web based systems including:
    • On line forms
    • Web portals
    • Internal operating systems

The College receives both solicited and unsolicited information from third party sources (other entities) in undertaking service delivery activities. Entities providing such information may include:

  • Governments (Commonwealth, State or Local);
  • Australian Apprenticeships Centres;
  • Employers (and their representatives), Job Network Providers, Schools, Guardians and
  • Service providers such as credit agencies and background check providers.

How Personal Information Is Held
Personal Information held by the College is protected by robust storage and security measures. On collection, personal information is:

  • As soon as practical converted to electronic means
  • Stored in secure, password protected systems, such as:
    • A financial system
    • College server system and
    • Student management system
  • Monitored for appropriate authorised use at all times

Only authorised staff are provided with login information to each system, with system access limited to systems relevant to each staff member’s specific role within the College. The College’s Information and Communications Technology (ICT) systems are hosted in a secure cloud based environment, with robust internal security to physical server locations and server systems access. All systems have virus protection, backup procedures and ongoing access monitoring procedures in place.

Destruction of paper based records occurs as soon as practicable, through the use of secure shredding and destruction services at all sites of the College.

Individual student information held across the College’s systems is linked through a College allocated identification number for each student.

Retention and Destruction of Information
The College undertakes secure destruction of personal information records as soon as possible after required use and storage periods have expired.

Access to and Correction of Personal Information
Individuals have a right to request access to their personal information held and to request the correction of any incorrect information at any time.

A request to access personal information is to be made in writing, using the College’s Request for Access to Individual Records Form, available via the College’s website at www.tlkcc.com.au/forms or from College reception.

A request to correct or update personal information is to be made in writing, using the College’s Request for Amendment to Personal Information Form, available via the College’s website at www.tlkcc.com.au/forms or from College reception.

Approved third parties may also request access, corrections or updates to a student’s personal information. Such third parties may include:

  • Employers
  • Parents, guardians or carers
  • Schools
  • Australian Apprenticeships Centres
  • Governments (Commonwealth, State or Local) and
  • Various other approved / recognised / entitled stakeholders.

In all cases where access, corrections or updates are requested, the College will ensure that:

  • Parties requesting access, corrections or updates to personal information are robustly identified and vetted
  • Where legally possible, the individual concerned will be contacted to confirm consent, if consent has not been previously provided for the matter and
  • Only appropriately authorised parties will be provided access to information and only for validated purposes.

Complaints about a Breach of the Australian Privacy Principles or a Binding Registered Australian Privacy Principles Code
If an individual believes the College may have breached one of the Australian Privacy Principles (APPs) or a binding registered APPs code, they should report the matter under the ‘Resolving Privacy Concerns and Complaints’ procedure, detailed under the final section of this Policy.

Likely Overseas Disclosures
Before the College discloses personal information about an individual to any overseas recipient, the College will undertake reasonable steps to ensure that the disclosure will not breach privacy requirements and has the written consent of the individual concerned. Information may be provided to an overseas parent company or organisation in cases where and individual’s training is being paid for by the employer.

Availability of the College’s Privacy Policy
The Privacy Policy of the College is available:

  • In the College’s Policy and Procedures Manual
  • In other College documents, including extracts provided within:
    • The Student Handbook
    • The Staff Handbook
    • Pamphlets
  • At induction sessions and
  • For public access, free of charge, on the College’s website at www.tlkcc.com.au/policies

Review and Update of the College’s Privacy Policy
Review of the College’s Privacy Policy is undertaken:

  • On an ongoing basis as:
    • Suggestions or issues are raised and addressed
    • Government required changes are identified
  • Through the College’s internal audit processes on at least an annual basis
  • As a component of each and every complaint investigation process where the compliant is related to a privacy matter.

When changes are made to the College’s Privacy Policy the changes are widely communicated through:

  • Internal personal communications
  • Meetings
  • Training
  • Documentation
  • Publication:
    • On the College’s web site www.tlkcc.com.au/policies
    • In client relevant documents.

    Australian Privacy Principle 2: Anonymity and Pseudonymity

    The College provides individuals the option of anonymity or use of a pseudonym where identification is not essential for the College to respond to an enquiry or matter such as:

    • General course enquiries
    • Enquiries of a general nature
    • Anonymous responses to surveys from the College.

    The option of anonymity or pseudonym permits the use of a name, term, description, generic email address or generic user name which is different to the true identity of enquirer.

    Advice may be given of the opportunity to deal anonymously or by pseudonym with the College where the option is applicable.

    When Identification Is Required
    The College requires and confirms identification in supporting service delivery to students for nationally recognised courses and programs. As a Registered Training Organisation (RTO), it is a condition of registration, under the National Vocational Education and Training Regulator Act 2011, that the College establishes a student’s identity and their individual needs at or before commencement of service delivery. The College is also required to collect and disclose Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS) data on all students enrolled in nationally recognised training programs. Other legal requirements, including the Unique Student Identifier (USI) issued nationally to students completing Vocational Education and Training, necessitates the correct and accurate identification of students.

    There may be other situations within the College’s service delivery where an enquirer may not have the option of dealing anonymously or by pseudonym, as identification will be required for the College to respond effectively to the enquiry.

    Australian Privacy Principle 3: Collection of Solicited Personal Information
    The College only collects personal information that is:

    • Required under legislation
    • Otherwise legally required and
    • Reasonably necessary for the business activities of the College.

    Except where sensitive personal information is required under legal requirements, such information will be collected only with the consent of an individual. All information is collected by lawful and fair means. The College collects solicited information directly from the individual concerned, unless it is unreasonable or impracticable for the personal information to be collected (directly) from the individual.

    Australian Privacy Principle 4: Dealing with Unsolicited Personal Information

    The College may from time to time receive unsolicited personal information. When this occurs the College will review the personal information and determine whether it is collectable for the purpose of College business activities. If the information is collectable, the College may hold, use and disclose the information appropriately according to the practices outlined within this policy or, when the information cannot be collected, the College will immediately destroy or de-identify the information.

    Australian Privacy Principle 5: Notification of the Collection of Personal Information

    Whenever the College collects personal information about an individual, the College will take reasonable steps to notify the individual that their personal information is being collected. That notification occurs before or at the time of collection or, when not possible, as soon as practicable afterwards.
    Whenever the College collects personal information about an individual from a third party such as another organisation, the College will confirm whether the third party has provided the relevant notice to the individual. If notice has not occurred, the College will provide notification to ensure the individual is fully aware of the information collection.

    Australian Privacy Principle 6: Use or Disclosure of Personal Information

    The College only uses or discloses personal information held about an individual for the particular primary purposes for which the information was collected or secondary purposes in cases where:

    • An individual consented to a secondary use or disclosure
    • An individual would reasonably expect the secondary use or disclosure or
    • Using or disclosing the information is required or authorised by law.

    Australian Privacy Principle 7: Direct Marketing

    The College does not use or disclose the personal information that it holds about an individual for the purpose of direct marketing unless:

    • The personal information has been collected directly from an individual and the individual would reasonably expect their personal information to be used for the purpose of direct marketing or
    • The College provides a simple method for the individual to request not to receive direct marketing communications (also known as ‘opting out’).

    On each of the College’s direct marketing communications, the College provides a prominent statement that the individual may request to opt out of future communications. Requests may be made by email to info@tlkcc.com.au or by telephone to the College on (02) 43530017.

    An individual may request the College at any stage not to use or disclose their personal information for the purpose of direct marketing, or to facilitate direct marketing by other organisations. The College will comply with any request by an individual promptly and undertake any required actions without charge.
    The College, on request, also notifies individuals of the College’s source of their personal information used or disclosed for the purpose of direct marketing unless it is unreasonable or impracticable to do so.

    Australian Privacy Principle 8: Cross-Border Disclosure of Personal Information

    Information may be provided to an overseas parent company or organisation in cases where and individual’s training is being paid for by the employer. Before any disclosure of personal information about an individual to any overseas recipient, the College will undertake reasonable steps to ensure that the disclosure does not breach any privacy matters and has the written permission from the individual concerned.

    Australian Privacy Principle 9: Adoption, Use or Disclosure of Government Related Identifiers

    The College does not adopt, use or disclose a government related identifier related to an individual except:

    • In situations required by Australian law or other legal requirements
    • Where reasonably necessary to verify the identity of the individual
    • Where reasonably necessary to fulfil obligations to an agency or a State or Territory authority or
    • As prescribed by regulations.

    Australian Privacy Principle 10: Quality of Personal Information

    The College takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete. The College also takes reasonable steps to ensure that the personal information used or disclosed is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant. This is particularly important when initially collecting personal information and when using or disclosing personal information.

    The College takes steps to ensure personal information is factually correct. In cases of an opinion, the College ensures information takes into account competing facts and views and makes an informed assessment, providing it is clear this is an opinion. Information is confirmed up-to-date at the point in time to which the personal information relates.

    Quality measures in place supporting these requirements include:

    • Internal practices, procedures and systems to audit, monitor, identify and correct poor quality personal information, including training staff in these practices, procedures and systems
    • Protocols that ensure personal information is collected and recorded in a consistent format, from a primary information source when possible
    • Ensuring updated or new personal information is promptly added to relevant existing records
    • Providing individuals with a simple means to review and update their information
    • Reminding individuals to update their personal information at critical service delivery points, such as completion, when the College engages with the individual
    • Contacting individuals to verify the quality of personal information where appropriate when it is about to be used or disclosed, particularly if there has been a lengthy period since collection
    • Checking that a third party, from whom personal information is collected, has implemented appropriate data quality practices, procedures and systems.

    Australian Privacy Principle 11: Security of Personal Information

    The College takes active measures to ensure the security of personal information held by the College. This includes reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
    The College destroys or de-identifies personal information held once the information is no longer needed for any purpose for which the information may be legally used or disclosed.

    Access to the College offices and work areas is limited to College staff. Visitors to College premises must be authorised by relevant staff and accompanied at all times. With regard to any information in a paper based form, the College maintains storage of records in an appropriately secure place to which only authorised individuals have access.

    Regular staff training is conducted with College staff on privacy issues and applications of the APPs to College practices, procedures and systems. Training is also included in the College' staff induction practices.

    The College conducts ongoing internal audits to test the adequacy and currency of security and access practices, procedures and systems implemented.

    Australian Privacy Principle 12: Access to Personal Information

    Where the College holds personal information about an individual, the College provides that individual access to the information on their request.

    To request access to personal records, individuals should apply in writing, using the Request for Access to Individual Records Form available via the College’s website at www.tlkcc.com.au/forms or from College reception.

    On receipt of a request to access personal information the College will:

    • Confirm the identity and authority of the person making the request including any third party
    • Respond to request for access by:
      • Giving access to the personal information that is requested in the manner in which it was requested or
      • Notifying refusal to give access including reasons for refusal in writing and the complaint mechanisms available to the individual or third party
    • Process requests and provide any access given free of charge.
    • Australian Privacy Principle 13: Correction of Personal Information

      The College takes reasonable steps to correct personal information held, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.

      Individual Requests
      On an individual’s request, the College will:

      • Correct personal information held and confirm the correction with the individual
      • Notify any third party of the corrections made to personal information if this information was previously provided to the third party.

      In cases where the College refuses to update personal information, the College will:

      • Give written notice to the individual, including the reasons for the refusal and the complaint mechanisms available to the individual
      • Upon request by the individual whose correction request has been refused, take reasonable steps to associate a ‘statement’ to all personal information held, noting personal information that the individual believes to be inaccurate, out-of-date, incomplete, irrelevant or misleading
      • Respond promptly to these requests
      • Complete all actions free of charge.

      Request for Corrections and Updates of Records Procedure
      Individuals or third parties may at any time request that their records held by the College relating to their personal information be updated. Updates may be required in a range of circumstances, for example, a change of address or name of an individual. The following procedure is followed on each individual request for records updates:

        A request for records update is provided by the requester, with suitable information provided to be able to:
        • Identify the individual concerned
        • Confirm their identity
        • Identify the specific information requested to be updated on their records
        • This request may be made using the College’s Request for Amendment to Personal Information Form available at www.tlkcc.com.au/forms
        • Upon receiving the request form, the College will:
          • Confirm the identity of the individual or party to whom the record relates
            • Search the records held by the College to assess whether the information requested for correction or update exists on file
            • Assesses the information already on record and the requested correction or update, to determine whether the requested should proceed
          • Once identity and information assessment is confirmed:
            • Personal information Is corrected or updated, free of charge and
            • Third parties are notified of corrections or updates to information previously provided to the third party.

            If the identity of the individual cannot be confirmed, or there is another valid reason why the College is unable to update the personal information, refusal to update records will be provided to the requester in writing, free of charge. The notification will include the reasons for the refusal and the complaint mechanisms available to the individual.

            Upon the request of an individual whose update has been refused, the College will also take reasonable steps to associate a ‘statement’ to all personal information held, noting personal information that the individual believes to be inaccurate, out-of-date, incomplete, irrelevant or misleading. This statement will be promptly applied, free of charge, to all personal information relevant across College systems.

            Correcting on the College’s Initiative
            The College takes reasonable steps to correct personal information it holds in cases where the College is satisfied that the personal information held is inaccurate, out-of-date, incomplete, irrelevant or misleading. This awareness may occur through collection of updated information, in notification from third parties or by other means.
            Resolving Privacy Concerns and Complaints

            If an individual believes that the College has breached its obligations in the handling, use or disclosure of their personal information, they may lodge a complaint with the College.

            Individuals should initially discuss the complaint or appeal informally with their trainer or a College staff member involved, or in the case of a staff member with their line manager, in an effort to resolve the complaint or appeal satisfactorily at that level where possible

            If the individual is not satisfied with the response provided, they can formally submit a Complaints and Appeals Form available from the College’s website at www.tlkcc.com.au/forms or from College reception. Forms should be submitted in person or by mail, facsimile or email to:

            TLK Community College
            Suite 16, 1 Reliance Drive, Tuggerah Business Park
            PO Box 5013, Chittaway Bay NSW 2261
            Facsimile to (02) 43535960 or
            Email to info@tlkcc.com.au

            Depending on the nature of the complaint, individuals have the option to post completed forms (marked confidential) to:

            • The CEO
            • Tuggerah Lakes Community College Incorporated
            • PO Box 5013, Chittaway Bay NSW 2261.

            The College will investigate the circumstances and respond to the individual according to either the Student and Client Complaint and Appeal (Consumer Protection) Policy or the Staff Complaint Resolution and Appeal Policy as applicable.

            Should the individual still not be satisfied, after considering the final outcome of the complaints and appeal process, they may escalate their complaint directly to the Office of the Australian Information Commissioner (OAIC) for investigation by contacting the:

            • Office of the Australian Information Commissioner:
            • Internet: www.oaic.gov.au or
            • Telephone 1300 363 992

            When investigating a complaint, the OAIC will initially attempt to conciliate the complaint, before considering the exercise of other complaint resolution powers.