- Challenge National Pty Ltd, its associate etrainu Pty Ltd and their Associates (collectively in this Policy, “etrainu”) collect Personal Information from Participants for the purpose of providing Training to the Participant or as otherwise described in this Policy.
The purpose of this Policy is to ensure that all personal information collected about Participants is managed in an open and transparent way, used only for recognised purposes, and is stored and managed in compliance with current Australian Privacy Principles.
The Policy describes those procedures and purposes, and provides information for Participants to address any concerns with the way etrainu manages their Personal Information.
This Policy applies to Challenge National Pty Ltd, etrainu Pty Ltd and all their Associates.
This Policy meets Standards for Registered Training Organisations (RTOs) 2015 8.5 – 8.6 and best business practice.
Our policy about the privacy of Personal Information collected by us about Participants is;
(i) to retain it as confidential to us except as required by Government, and
(ii) to be open, honest and transparent with the Participant about the content of that information.
A copy of this Policy is accessible for no charge via our Website or as a PDF upon request.
- The terms used in this document are defined in the Terms and Conditions on our Website or have the meanings assigned to them below:-
“Associates” has the meaning defined in the Corporations Act 2001 (Cth)
“Australian Privacy Principles” has the same meaning as in the Privacy Act 1988 (Cth)
“Business Associate” means an entity with which a Participant has an economic or employment relationship and to which the Participant may choose or be required to advise the results of Training. An example would the hotel for which the Participant works which requires evidence of a responsible service of alcohol certificate.
“Participant” means an individual participant in a training course provided or delivered by etrainu and includes an individual who commences an application to undertake such a course (a prospective Participant)
“Personal Information” has the same meaning as in the Privacy Act 1988 (Cth) which is “information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not”.
“RTO” or ”Registered Training Organisation” means a training organisation registered by the Australian Skills Quality Authority (ASQA) in accordance with the VET Quality Framework.
‘Standards for Registered Training Organisations (RTOs) 2015’means the standards that RTO’s are governed under.
Sensitive Information” has the same meaning as in the Privacy Act 1988 (Cth) which is “(a) information or an opinion about an individual‘s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record that is also personalinformation; or (b) health information about an individual; or c) genetic information about an individual that is not otherwise health information; (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates.”
“Training” means any Accredited Training or Non-accredited Training provided to the Participant by etrainu.
“Terms and Conditions” means the terms and conditions for the Website, which can be accessed on the Website;
“Training” means a training course provided or delivered to the Participant by etrainu;
“Unique Student Identifier” means the number assigned to each Participant by the Federal Government under the Student Identifier Act 2013 (Cth).
“Website” means etrainu.com; and
4. Purpose for Which Information is Collected and Used
- We collect Personal Information for a variety of reasons, including (without limitation) to:
- provide Training to the Participant;
- store Training and personnel records for use by the Participant, its Business Associate and ourselves;
- otherwise facilitate personal development, training, and performance monitoring through the Website; and to meet our RTO obligations outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative requirements such as Standards for Registered Training Organisations (RTOs) 2015
On request by a Participant, we will take all reasonable steps to inform the Participant the purpose or relevance of the Personal Information we have collected.
5. Collection of Data
- We gather Personal Information about the Participant from its completion of the account opening process on the Website and a variety of sources, including websites we operate, websites operated by others, telephone calls with the Participant, enrolment forms, other agreements with us. We may also gather Personal Information about the Participant from other companies with which we maintain business relationships.
Where we collect Personal Information from third parties only where it is necessary for the completion of Training. In this case, we take all reasonable steps to ensure the Participant is aware that Information has been collected.
The Personal Information collected from Participants may include but may not be limited to:
- Information provided by the Participant, such as the Participants’ name, address(es), employer(s), employee identification number(s), telephone number(s), fax number(s), e-mail address(es), date and place of birth, driver’s license number, passport number, credit card information, Unique Student Identifier;
- Information about the Participant’s transactions with us, our affiliates or others, including without limitation, details of the Training undertaken or being undertaken by the Participant, the Participant’s results and records, training plans, personnel records and any relevant certificates or statements of attainment; and
- Information we receive from consumer reporting agencies, such as the Participant’s creditworthiness and credit history.
We may also collect Sensitive Information about the Participant where it is necessary for the purpose of the Training.
We make a note every time Personal Information kept on the Website is accessed
6. Unsolicited Personal Information
- We may receive Personal Information, including Sensitive Information, from third parties.
Where that information is necessary or an immediate adjunct to providing the Training or complying with the law, we will retain that information and deal with it in the same way as all other Personal Information.
Where that information is not necessary or an immediate adjunct to providing the Training or complying with the law, we will destroy that information as soon as it comes to our attention.
7. Consequences of not providing Information
- If Personal Information requested by us is not provided then the Participant may be denied access to the Website or the Training, or to certain parts or features of the Website or Training which could limit the Participant’s ability to receive Training, or to access Information through the Website. It may also limit the Participant’s ability to use other features of the Website which a third party, such as its Business Associate may offer.
8. Privacy Settings
- Where the Participant is undertaking the Training via the Website, the Participant may control the Personal Information available to third parties by making the appropriate selections in the My Training page of the Website.
9. Quality of Personal Information
- etrainu takes reasonable steps to ensure that the Personal Information collected is accurate, up to date and complete for the purposes for which we use that data, and that any Personal Information that etrainu uses or discloses is also accurate and up to date.etrainu does this by actively confirming Personal Information when in consultation with the Participant and ensures this information is promptly updated to all relevant records.
Where the Participant considers the Personal Information which we hold is incorrect or has been superseded, it should either correct that information through the Website or contact us without delay if the Website does not provide the necessary access.
If we refuse to correct the Personal Information as requested by the Participant, we will provide a notice setting out the reasons for our refusal and the process available to the Participant to complain about the refusal.
10. How to Access or Correct Data
- Participants with accounts on our Website are able to access and edit their contact and similar information through the Website, by logging into their account, clicking the account tab, editing the data and saving the revised personal information.
Where Participants do not have an account on the Website, access to Personal information can only be facilitated by written request. We will respond to such a request as quickly as possible.
We do not charge a fee to Participants to enable them to access and edit their Personal Information.
The participant is notified via email of any physical changes made to their profile. If a participant chooses not to provide their email address, etrainu cannot notify them of any changes.
Certain data, such as the results of tests conducted by and the details of certificates issued by etrainu –cannot be changed by the Participant, in which case the Participant may correct factual errors in that data by sending a request to us that credibly shows the error. The Participant should contact our main office for information about how to exercise these rights. We will respond to any such request in a reasonable and practical time.
A Participant does not have access via the Website to some Information provided by its Business Associate, and should contact the Business Associate for details of the information held.
We may refuse access to Personal Information by a Participant where:
- providing access would pose a serious and imminent threat to the life or health of the individual;
- providing access would have an unreasonable impact on the privacy of other people;
- the request if frivolous or vexatious;
- the Personal Information relates to existing or anticipated legal proceedings between the Participant and us and the information would not be accessible by the process of discovery in those proceedings;
- providing access would disclose our intentions in relation to negotiations with the Participant in such a way as to prejudice those negations;
- providing access would be unlawful or is prohibited by law;
- providing access would be likely to prejudice an investigation of possible unlawful activity or of improper or prescribed conduct or similar;
- an enforcement body performing a lawful security function asks us not to provide the information.
- providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision.
We will provide a reason for any denial of access to some or all Personal Information for a Participant.
11. Employers and Business Associates
- We may disclose Personal Information to or receive Personal Information from the Participant’s Business Associates. In some circumstances, Business Associates may be able to post Personal Information about the Participant to, or remove it from the Website, or may alter Personal Information about the Participant which is already recorded on the Website.
The Participant may limit the manner or amount of Personal Information a Business Associate has access to by adjusting their settings in the Permissions section of their profile on the Website.
If the Participant has been registered by their employer for training, by accepting this Policy and undertaking the Training, the Participant agrees that their results and information regarding participation and status will be accessed by their employer (or its nominated representative). In this circumstance, their employer will be a Business Associate of the Participant.
12. Other Parties to Which We Disclose Data
- We may use Personal Information about the Participant for a variety of purposes.
We also may disclose information in response to requests from law enforcement and government agencies, which will have their own privacy and disclosure policies.
Change of Ownership
- Queensland Office of Liquor and Gambling:
- RSA – Responsible Service of Alcohol
- RSG – Responsible Gambling Services
- RMLV – Responsible Management of Licenced Venues
- Worksafe State authorities:
- Queensland or Western Australian Construction Induction Card (White Card)
- Queensland Office of Liquor and Gambling:
Work safely in the construction industry
Cross border disclosure of personal information
etrainu does not disclose Personal Information about a Participant to any overseas recipient unless, if the circumstance arose, etrainu had firstly obtained the Participant’s consent.
Adoption, use or disclosure of Government related identifiers
etrainu does not adopt or disclose a Government related identifier relating to a Participant unless it is required by law or is reasonably necessary to fulfil obligations to an agency or a State or Territory authority or as prescribed by regulations. The Unique Student Identifier is such a requirement.
In the case of some Training, the Participant’s Drivers Licence number must be collected and in other cases the Passport number may be required for identification, and whereas these Government related identifiers are collected and retained, they are not held in computer readable form.
13. Direct Marketing (Secondary Purposes)
- We may aggregate and analyse all of the Personal Information about the Participant to enable us to develop targeted marketing programs and service offerings that we consider are tailored to the needs of particular groups of Participants. We may then use the Personal Information about the Participant to contact them regarding programs and services (both our own programs and services and third party programs and services) which may be of interest to them.
We provide Participants with a simple means by which the Participant can easily request to not receive direct marketing communications from etrainu with the provision of an ‘Unsubscribe’ button for ‘opting out’ or they can notify us directly either in writing or via telephone to be removed from our Direct Marketing database.
14. Retention of Personal Information
- With the exception of duplication of records and or Personal Information, we retain Personal Information about Participants indefinitely or until the Participant requests us to delete the Personal Information.
In the event that etrainu ceases to operate, all RTO records are required to be transferred to our regulator the Australian Skills Quality Authority (ASQA).
15. Data Security
- We maintain reasonable physical, electronic, and procedural safeguards to protect Personal Information about Participants from loss, misuse and unauthorized access, disclosure, alteration and destruction. As part of those precautions, we seek to protect Personal Information about Participants through technologies designed to safeguard the data during its transmission. However there is no method of transmitting or storing data that is completely secure. Although their physical characteristics are different, postal mail, telephone calls, faxes and transmissions over the Internet all present possibilities of loss, misrouting, interception and misuse of the data being transmitted.
Our systems including our Website, our student management system and financial systems are password protected. We restrict access to Personal Information about Participants to those employees who we determine need to know that information, for us and our licensees to provide Training to the Participant.
Employee misuse of Personal Information about Participants is treated as a serious offence for which disciplinary action may be taken.
When we decide what data to seek from or communicate to our Participants, or how to seek or communicate it, we try to strike a reasonable balance between the security of the Participant’s data and their convenience. We do this because Participants attach value to both. As a result, we sometimes use a method of communication that is less secure than some of its less convenient alternatives. For example when we send e-mail to Participants, we send it in an unencrypted form because many Participants do not have the capability to receive encrypted e-mail. As a consequence, if our unencrypted e-mail intended for Participants were misrouted or intercepted, it could be read more easily than encrypted e-mail. Because e-mail to and from us is not encrypted, Participants should not include any information they regard as confidential in any e-mail they send us.
If a Participant has reason to believe that any account with us is no longer secure, they must immediately notify us.
16. Use of “Cookies” and Other Tracking Technologies
We use 2 types of cookies:
Persistent cookies identify pages accessed and provide personalised features, for example choosing which page you would like to make your start page. They are used to help us develop the design and layout of the web site, improve applications, and measure their effectiveness.
Session cookies are used for security reasons as part of the customer identification process.
These cookies allow you to be recognised once you have logged into our LMS and provide you with your account information. Once your session time expires you will automatically be terminated for your protection.
We also use these types of cookies in multi-page forms, to help the site remember what you do from one page to the next.
We may also allow third parties to collect statistical data from our site using their persistent cookies. However these cookies do not capture information that can personally identify you. They are simply used to evaluate and measure the effectiveness of our marketing (e.g. banner ads).
In addition, we may transmit web site usage information about our site visitors to third party ad servers for the purpose of targeting our Internet banner advertisements on other sites. The information that is collected is not personally identifiable to our third-party ad servers and we do not capture or transmit any web site usage information that can personally identify you.
17. Third Party Websites
- Our Website and html e-mail may contain links to third party websites, which may or may not be operated in conjunction with our websites. We do not monitor or control the information collected when Participants choose to “click through” links to these websites. The treatment of user data by the operators of thirdparty websites may be different from ours. For details regarding their treatment of Personal Information, Participants will need to read their privacy policies or contact them directly.
18. Information Regarding Former Participants
19. Future Changes in Policy
- Mailing Address: GPO Box 1473, Brisbane QLD 4001
- Phone: 07 3114 2958
- Email: [email protected]