Privacy Policy

This Privacy Policy relates only to data collected on the etrainu website for etrainu’s use. It does NOT relate to data collected through the etrainu website by other parties. Those other parties’ privacy policies apply to that data.

1. Purpose

Challenge National Pty Ltd, its associate etrainu Pty Ltd and their Associates (collectively in this Policy, “etrainu”) collect Personal Information from Participants for the purpose of providing Training to the Participant or as otherwise described in this Policy.

The purpose of this Policy is to ensure that all personal information collected about Participants is managed in an open and transparent way, used only for recognised purposes, and is stored and managed in compliance with current Australian Privacy Principles.

The Policy describes those procedures and purposes, and provides information for Participants to address any concerns with the way etrainu manages their Personal Information.

By agreeing to the Privacy Policy and commencing business with etrainu, the Participant is giving consent for etrainu to collect, store, use and disclose Personal Information including Sensitive Information, and to deal with that information on the terms set out in this Policy.

This Policy applies to Challenge National Pty Ltd, etrainu Pty Ltd and all their Associates.

This Policy meets Standards for Registered Training Organisations (RTOs) 2015 8.5 – 8.6 and best business practice.

2. Policy

This Privacy Policy covers Personal Information collected from individuals who enrol for Training with us (Participants).

Our policy about the privacy of Personal Information collected by us about Participants is;

  • to retain it as confidential to us except as required by Government, and
  • to be open, honest and transparent with the Participant about the content of that information.
  • A copy of this Policy is accessible for no charge via our Website or as a PDF upon request.

3. Definitions

The terms used in this document are defined in the Terms and Conditions on our Website or have the meanings assigned to them below:-

“Associates” has the meaning defined in the Corporations Act 2001 (Cth)

“Australian Privacy Principles” has the same meaning as in the Privacy Act 1988 (Cth)

“Business Associate” means an entity with which a Participant has an economic or employment relationship and to which the Participant may choose or be required to advise the results of Training. An example would the hotel for which the Participant works which requires evidence of a responsible service of alcohol certificate.

“Participant” means an individual participant in a training course provided or delivered by etrainu and includes an individual who commences an application to undertake such a course (a prospective Participant)

“Personal Information” has the same meaning as in the Privacy Act 1988 (Cth) which is “information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not”.

“Privacy Policy” or “Policy” means this statement;

“RTO” or ”Registered Training Organisation” means a training organisation registered by the Australian Skills Quality Authority (ASQA) in accordance with the VET Quality Framework.

‘Standards for Registered Training Organisations (RTOs) 2015’means the standards that RTO’s are governed under.

“Sensitive Information” has the same meaning as in the Privacy Act 1988 (Cth) which is “(a) information or an opinion about an individual‘s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record that is also personal information; or (b) health information about an individual; or c) genetic information about an individual that is not otherwise health information; (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates.”

“Training” means any Accredited Training or Non-accredited Training provided to the Participant by etrainu.

“Terms and Conditions” means the terms and conditions for the Website, which can be accessed on the Website;

“Training” means a training course provided or delivered to the Participant by etrainu;

“Unique Student Identifier” means the number assigned to each Participant by the Federal Government under the Student Identifier Act 2013 (Cth).

“Website” means; and

“we”, “us” or any similar term means Challenge National Pty Ltd, etrainu Pty Ltd and their Associates as that term is defined in the Corporations Act 2001 (Cth).This Privacy Policy includes examples of the types of information we may collect and the kinds of companies to which we may disclose information. These examples are illustrative and should not be considered a complete inventory of our information collection or sharing practices. Accordingly, the words “include” and “including” mean inclusion without limitation.

As used in this Privacy Policy, the words “company” and “companies” mean any corporation(s), limited liability company or companies, partnership(s) or other similar entity or entities.

4. Purpose for which information is collected and used

We collect Personal Information for a variety of reasons, including (without limitation) to:

  • provide Training to the Participant;
  • store Training and personnel records for use by the Participant, its Business Associate and ourselves;
  • otherwise facilitate personal development, training, and performance monitoring through the Website; and to meet our RTO obligations outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative requirements such as Standards for Registered Training Organisations (RTOs) 2015

On request by a Participant, we will take all reasonable steps to inform the Participant the purpose or relevance of the Personal Information we have collected.

5. Collection of Data

We gather Personal Information about the Participant from its completion of the account opening process on the Website and a variety of sources, including websites we operate, websites operated by others, telephone calls with the Participant, enrolment forms, other agreements with us. We may also gather Personal Information about the Participant from other companies with which we maintain business relationships.

Where we collect Personal Information from third parties only where it is necessary for the completion of Training. In this case, we take all reasonable steps to ensure the Participant is aware that Information has been collected.

The Personal Information collected from Participants may include but may not be limited to:

Information provided by the Participant, such as the Participants’ name, address(es), employer(s), employee identification number(s), telephone number(s), fax number(s), e-mail address(es), date and place of birth, driver’s license number, passport number, credit card information, Unique Student Identifier;

Information about the Participant’s transactions with us, our affiliates or others, including without limitation, details of the Training undertaken or being undertaken by the Participant, the Participant’s results and records, training plans, personnel records and any relevant certificates or statements of attainment; and

Information we receive from consumer reporting agencies, such as the Participant’s creditworthiness and credit history.

We may also collect Sensitive Information about the Participant where it is necessary for the purpose of the Training.

We make a note every time Personal Information kept on the Website is accessed

6. Unsolicited Personal Information

We may receive Personal Information, including Sensitive Information, from third parties.

Where that information is necessary or an immediate adjunct to providing the Training or complying with the law, we will retain that information and deal with it in the same way as all other Personal Information.

Where that information is not necessary or an immediate adjunct to providing the Training or complying with the law, we will destroy that information as soon as it comes to our attention.

7. Consequences of not providing information

If Personal Information requested by us is not provided then the Participant may be denied access to the Website or the Training, or to certain parts or features of the Website or Training which could limit the Participant’s ability to receive Training, or to access Information through the Website. It may also limit the Participant’s ability to use other features of the Website which a third party, such as its Business Associate may offer.

8. Privacy settings

Where the Participant is undertaking the Training via the Website, the Participant may control the Personal Information available to third parties by making the appropriate selections in the My Training page of the Website.

9. Quality of Personal Information

etrainu takes reasonable steps to ensure that the Personal Information collected is accurate, up to date and complete for the purposes for which we use that data, and that any Personal Information that etrainu uses or discloses is also accurate and up to date.etrainu does this by actively confirming Personal Information when in consultation with the Participant and ensures this information is promptly updated to all relevant records.

Where the Participant considers the Personal Information which we hold is incorrect or has been superseded, it should either correct that information through the Website or contact us without delay if the Website does not provide the necessary access.

If we refuse to correct the Personal Information as requested by the Participant, we will provide a notice setting out the reasons for our refusal and the process available to the Participant to complain about the refusal.

10. How to access or correct data

Participants with accounts on our Website are able to access and edit their contact and similar information through the Website, by logging into their account, clicking the account tab, editing the data and saving the revised personal information.

Where Participants do not have an account on the Website, access to Personal information can only be facilitated by written request. We will respond to such a request as quickly as possible.

We do not charge a fee to Participants to enable them to access and edit their Personal Information.

The participant is notified via email of any physical changes made to their profile. If a participant chooses not to provide their email address, etrainu cannot notify them of any changes.

Certain data, such as the results of tests conducted by and the details of certificates issued by etrainu –cannot be changed by the Participant, in which case the Participant may correct factual errors in that data by sending a request to us that credibly shows the error. The Participant should contact our main office for information about how to exercise these rights. We will respond to any such request in a reasonable and practical time.

A Participant does not have access via the Website to some Information provided by its Business Associate, and should contact the Business Associate for details of the information held.

We may refuse access to Personal Information by a Participant where:

  • providing access would pose a serious and imminent threat to the life or health of the individual;
  • providing access would have an unreasonable impact on the privacy of other people;
  • the request if frivolous or vexatious;
  • the Personal Information relates to existing or anticipated legal proceedings between the Participant and us and the information would not be accessible by the process of discovery in those proceedings;
  • providing access would disclose our intentions in relation to negotiations with the Participant in such a way as to prejudice those negations;
  • providing access would be unlawful or is prohibited by law;
  • providing access would be likely to prejudice an investigation of possible unlawful activity or of improper or prescribed conduct or similar;
  • an enforcement body performing a lawful security function asks us not to provide the information.
  • providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision.

We will provide a reason for any denial of access to some or all Personal Information for a Participant.

11. Employers and Business Associates

We may disclose Personal Information to or receive Personal Information from the Participant’s Business Associates. In some circumstances, Business Associates may be able to post Personal Information about the Participant to, or remove it from the Website, or may alter Personal Information about the Participant which is already recorded on the Website.

The Participant may limit the manner or amount of Personal Information a Business Associate has access to by adjusting their settings in the Permissions section of their profile on the Website.

If the Participant has been registered by their employer for training, by accepting this Policy and undertaking the Training, the Participant agrees that their results and information regarding participation and status will be accessed by their employer (or its nominated representative). In this circumstance, their employer will be a Business Associate of the Participant.

We require all third parties to which we grant access to Personal Information to agree to be bound by the conditions of this Privacy Policy however we are not responsible for, and accept no liability in respect of, any unauthorised use or disclosure of Personal Information by a third party in breach of this Privacy Policy.

12. Other parties to which we disclose data

We may use Personal Information about the Participant for a variety of purposes.

We may disclose Personal Information about the Participant to any individual or company that we retain to assist us in the conduct of our business, including an individual or company that performs marketing services on our behalf, but only if that individual or company agrees to use the Personal Information about the Participant solely for the purposes of performing the tasks on behalf of, and under the instruction of, us and to observe the relevant provisions of our Privacy Policy.

We also may disclose information in response to requests from law enforcement and government agencies, which will have their own privacy and disclosure policies.

Change of Ownership

As we develop our businesses, we may acquire or sell assets, including ownership interests in our businesses and companies, and third parties may acquire financial interests in us. In those transactions, Personal Information about the Participant may be among the transferred business assets. We may disclose Personal Information about the Participant to any entity in connection with a proposed or actual sale, merger, transfer or exchange of all or a portion of a business or operating unit, but only if that entity agrees to use the data prior to any acquisition solely for the purpose of making its acquisition decision and to observe the relevant provisions of our Privacy Policy with respect to the data. In the event that Personal Information about the Participant is transferred to a purchaser, we will require that purchaser to agree to observe the relevant provisions of our Privacy Policy with respect to Personal Information about the Participant.

Licensing Authorities

If the Participant is undertaking specific licencing courses then by accepting the Terms and Conditions and this Privacy Policy, the Participant acknowledges that their training history, results and course feedback may be required by the respective authorities:

Queensland Office of Liquor and Gambling:

  • RSA – Responsible Service of Alcohol
  • RSG – Responsible Gambling Services
  • RMLV – Responsible Management of Licenced Venues

Worksafe State authorities:

  • Queensland or Western Australian Construction Induction Card (White Card)
  • Work safely in the construction industry

Cross border disclosure of personal information

etrainu does not disclose Personal Information about a Participant to any overseas recipient unless, if the circumstance arose, etrainu had firstly obtained the Participant’s consent.

Adoption, use or disclosure of Government related identifiers

etrainu does not adopt or disclose a Government related identifier relating to a Participant unless it is required by law or is reasonably necessary to fulfil obligations to an agency or a State or Territory authority or as prescribed by regulations. The Unique Student Identifier is such a requirement.

In the case of some Training, the Participant’s Drivers Licence number must be collected and in other cases the Passport number may be required for identification, and whereas these Government related identifiers are collected and retained, they are not held in computer readable form.

NCVER – For the purposes of Accredited Training

Under the Data Provision Requirements 2012, Challenge National Pty Ltd, etrainu Pty Ltd and all their Associates is required to collect personal information about you and to disclose that personal information to the National Centre for Vocational Education Research Ltd (NCVER).

Your personal information (including the personal information contained on this enrolment form), may be used or disclosed by Challenge National Pty Ltd, etrainu Pty Ltd and all their Associates for statistical, administrative, regulatory and research purposes. Challenge National Pty Ltd, etrainu Pty Ltd and all their Associates may disclose your personal information for these purposes to:

  • Commonwealth and State or Territory government departments and authorised agencies; and NCVER.
  • Personal information that has been disclosed to NCVER may be used or disclosed by NCVER for the following purposes:
  • populating authenticated VET transcripts;
  • facilitating statistics and research relating to education, including surveys and data linkage;
  • pre-populating RTO student enrolment forms;
  • understanding how the VET market operates, for policy, workforce planning and consumer information; and
  • administering VET, including program administration, regulation, monitoring and evaluation.
  • You may receive a student survey which may be administered by a government department or NCVER employee, agent or third party contractor or other authorised agencies. Please note you may opt out of the survey at the time of being contacted.

NCVER will collect, hold, use and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the National VET Data Policy and all NCVER policies and protocols (including those published on NCVER’s website at

For more information about NCVER’s Privacy Policy go to

13. Direct Marketing (Secondary purposes)

We may aggregate and analyse all of the Personal Information about the Participant to enable us to develop targeted marketing programs and service offerings that we consider are tailored to the needs of particular groups of Participants. We may then use the Personal Information about the Participant to contact them regarding programs and services (both our own programs and services and third party programs and services) which may be of interest to them. We provide Participants with a simple means by which the Participant can easily request to not receive direct marketing communications from etrainu with the provision of an ‘Unsubscribe’ button for ‘opting out’ or they can notify us directly either in writing or via telephone to be removed from our Direct Marketing database.

14. Retention of Personal Information

With the exception of duplication of records and or Personal Information, we retain Personal Information about Participants indefinitely or until the Participant requests us to delete the Personal Information.

We cannot control how long third parties retain information which they have obtained from Participants or us, or otherwise through the Website, and while we require all parties to whom we disclose information in accordance with this Privacy Policy to comply with its requirements we cannot warrant that on their behalf.

In the event that etrainu ceases to operate, all RTO records are required to be transferred to our regulator the Australian Skills Quality Authority (ASQA).

15. Data Security

We maintain reasonable physical, electronic, and procedural safeguards to protect Personal Information about Participants from loss, misuse and unauthorized access, disclosure, alteration and destruction. As part of those precautions, we seek to protect Personal Information about Participants through technologies designed to safeguard the data during its transmission. However there is no method of transmitting or storing data that is completely secure. Although their physical characteristics are different, postal mail, telephone calls, faxes and transmissions over the Internet all present possibilities of loss, misrouting, interception and misuse of the data being transmitted. Our systems including our Website, our student management system and financial systems are password protected. We restrict access to Personal Information about Participants to those employees who we determine need to know that information, for us and our licensees to provide Training to the Participant. Employee misuse of Personal Information about Participants is treated as a serious offence for which disciplinary action may be taken. When we decide what data to seek from or communicate to our Participants, or how to seek or communicate it, we try to strike a reasonable balance between the security of the Participant’s data and their convenience. We do this because Participants attach value to both. As a result, we sometimes use a method of communication that is less secure than some of its less convenient alternatives. For example when we send e-mail to Participants, we send it in an unencrypted form because many Participants do not have the capability to receive encrypted e-mail. As a consequence, if our unencrypted e-mail intended for Participants were misrouted or intercepted, it could be read more easily than encrypted e-mail. Because e-mail to and from us is not encrypted, Participants should not include any information they regard as confidential in any e-mail they send us. If a Participant has reason to believe that any account with us is no longer secure, they must immediately notify us.

16. Use of “Cookies” and other tracking technologies

We may use cookies to track our Participants and others who visit our websites or receive our html-formatted commercial electronic mail messages (“html e-mail”), and to facilitate their use of the Training offered on our websites or in connection with html e-mail. Any cookie that we use will not retrieve data other than that data required for undertaking the Training through the Website. We use 2 types of cookies: Persistent cookies identify pages accessed and provide personalised features, for example choosing which page you would like to make your start page. They are used to help us develop the design and layout of the web site, improve applications, and measure their effectiveness. Session cookies are used for security reasons as part of the customer identification process. These cookies allow you to be recognised once you have logged into our LMS and provide you with your account information. Once your session time expires you will automatically be terminated for your protection. We also use these types of cookies in multi-page forms, to help the site remember what you do from one page to the next. We may also allow third parties to collect statistical data from our site using their persistent cookies. However these cookies do not capture information that can personally identify you. They are simply used to evaluate and measure the effectiveness of our marketing (e.g. banner ads). In addition, we may transmit web site usage information about our site visitors to third party ad servers for the purpose of targeting our Internet banner advertisements on other sites. The information that is collected is not personally identifiable to our third-party ad servers and we do not capture or transmit any web site usage information that can personally identify you.

17. Third Party Websites

Our Website and html e-mail may contain links to third party websites, which may or may not be operated in conjunction with our websites. We do not monitor or control the information collected when Participants choose to “click through” links to these websites. The treatment of user data by the operators of thirdparty websites may be different from ours. For details regarding their treatment of Personal Information, Participants will need to read their privacy policies or contact them directly.

18. Information regarding former participants

We disclose Personal Information about former Participants with inactive accounts only in accordance with our Privacy Policy.

19. Future changes in Policy

We reserve the right to change our Privacy Policy in the future. Subject to applicable laws, any changes to our Privacy Policy will be effective upon posting of the revised Privacy Policy on the Internet, accessible from a link appearing on the home page of our website.

If we change our Privacy Policy in a way that is less protective of the Participants’ privacy, then the change will not apply to our use of any Personal Information about the Participant that was collected by us before the change was made, unless we notify the Participant and provide them with the opportunity to direct us not to make new uses of Personal Information about them.

20. Australian Privacy Policy

We endeavour to conduct our business in a way which complies with the Australian Privacy Policy.

21. Complaints

You may make a complaint about the handling or misuse of your personal information, including if you feel we have breached the Privacy Act 1988, by contacting us in writing, via mail or email. Your complaint will be acknowledged within 14 days and a resolution for the complaint will be determined within 30 days. For any concerns or queries about your Personal Information or our Privacy Policy the contact details are as follows:

Mailing Address: GPO Box 1473, Brisbane QLD 4001 Phone: 07 3114 2958