VETASSESS Privacy Statement
Bendigo Kangan Institute trading as VETASSESS ABN 74 802 942 886 (“VETASSESS”) aims to comply with the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and all other applicable privacy legislation and to implement practices and procedures to ensure compliance. The Information Privacy Principles as set out in Schedule 1 of the Privacy and Data Protection Act 2014 (Vic) and the Health Privacy Principles as set out in Schedule 1 of the Health Records Act 2001 (Vic) are incorporated in this Privacy Statement.
At VETASSESS, we respect the privacy rights of individuals in regard to the personal and health information they supply to VETASSESS.
This Statement applies to personal and health information you provide to us in whatever manner you deal with us, whether by visiting our website or in any other dealing you have with us. For employees, any personal or health information we collect is dealt with pursuant to the terms of their employment agreement and is not subject to this policy.
In some circumstances, where we obtain personal information from overseas, whether it is obtained directly from you or it is collected and provided to us by migration agents or legal practitioners, certain additional rights and obligations may attach to that information. Those rights may derive from the laws of the relevant overseas countries, or from the obligations we owe to the agents/legal professionals collecting the information. Your rights set out in this privacy statement are in addition to any other rights you may have. Except to the extent expressly set out below, nothing in this statement should be read as an attempt to restrict or exclude any right that you are entitled to by law. We will observe the following principles in the collection, storage and use of the personal information and health information we collect:
1. Collection of information
‘Personal information’ we collect means any recorded information that can identify someone, and this includes your name, address, telephone numbers, date of birth, e-mail address, credit card details for payment of fees, passport details, qualifications held, employment history and photographic, video or audio recordings of you.
‘Health information’ we collect means health information as defined in the Health Records Act 2001 (Vic) and includes information that can be linked to an individual, that is about their physical, mental or psychological health, or disability status.
We will only collect personal information or health information that is relevant for our functions and activities (the “Primary Purpose”) which include:
- skills assessment of qualifications and employment for migration to Australia;
- skills assessment of qualifications and employment for non-migration purposes including, but not limited to, seeking professional registration, employment or stand-alone recognition of your skills;
- provision and/or administration of tests for assessment of your skills and/or knowledge;
- the verification of the identity of applicants for skills assessment;
- the improvement of the quality of our services;
- research and analysis relating to the quality of our services, the demand for our services and the expectations of our customers;
- related dealings with Australian, State and Territory governments; and
- keeping and administrative purposes.
How we collect personal information or health information will depend on the circumstances. If it is reasonable and practicable to do so, we will collect personal information or health information from you directly, for example through our on-line application system, via phone calls or e-mails you send us. However, we may also collect personal information or health information from an agent acting on your behalf and from third parties such as the Australian Government Department of Education, Skills and Employment (DESE), Australian Government Department of Home Affairs (DHA), the Australian Taxation Office (ATO), domestic government agencies, including Police and Defence Forces, overseas service providers, employers and referees.
At the time of collection, we will provide you with:
- our contact details;
- a clear explanation as to why we need the information requested (including any law that requires the particular information to be collected);
- what purposes we use this information for;
- to whom we regularly disclose this information; and
- the main consequences (if any) for you if all or part of the information is not provided.
We will also inform you about your right to access and, if appropriate, correct information we hold about you.
2. Use and Disclosure
Except as otherwise expressly contemplated in this clause 2, we will not use or disclose any personal information or health information to a third party for a purpose other than the Primary Purpose for its collection unless:
- we have obtained your consent;
- use or disclosure is for a related (or directly related, if sensitive information) secondary purpose; or
- is required, authorised or permitted by law. We may use your contact details to contact you to:
- provide you with information you have requested;
- respond to your feedback;
- confirm receipt of e-mails you have sent to us;
- contact you for any other reason, for example to ensure that the personal information we have collected about you is accurate and up to date;
- seek qualitative and quantitative market research data and insights, such as surveys and focus groups.
We may disclose your personal information or health information to third parties including government agencies (for example, Department of Industry and Science, Department of Home Affairs, the Australian Taxation Office), domestic and overseas service providers and, employers for verification of identity/data purposes. We may disclose information we collect to third parties engaged in relevant research into matters such as migration patterns and skill levels. We may also disclose information to third parties to act on our behalf, including, for example, information technology suppliers, marketing and advertising agencies, mailing and logistics providers and professional advisors. Where we are requested to provide information for these purposes we will:
- if reasonably practicable, provide that information in an aggregated and/or de-identified format;
- require the recipient to store that information securely, not disclose it to any other person and return or destroy it when it is no longer required;
- require that the recipient update or delete any part of the information disclosed where we have agreed to update or delete our corresponding records; and
- if the recipient proposes to publish or otherwise share the outcome of their research, require that neither the published or shared report nor any supporting information made available in relation to that report contains any personally identifiable information or, if it includes de-identified data, is sufficiently aggregated or otherwise presented such that it cannot be re- identified.
If we discover that you have provided false, misleading or incorrect information to support your application and we have relied on that information to award a successful skills assessment outcome, we may recommend that your application or assessment be rejected or reviewed. This may apply at any time, even after your application or assessment has been finalised, and we may recommend that a certificate be rescinded and/or notify the relevant Australian Government agency.
3. Data Quality
We will take all reasonable steps to ensure the personal information or health information that is collected, used or disclosed is complete, accurate and current. If you wish to access or update your personal information or health information, we will provide all reasonable assistance to do so. Any request to update or correct the information we hold should be addressed to the email address given for “further information” below.
4. Data Security
Personal information or health information is held by us in printed documents and on electronic databases. We have taken all reasonable steps to ensure that information is protected from misuse, unauthorised access, modification or disclosure including website protection measures, security restrictions on access to our computer systems, controlled access to our corporate premises and policies on document storage. However, while we make all attempts to secure the personal information or health information you may electronically transmit to us, the nature of electronic transmissions is such that there is a possibility that a third party may observe this information whilst it is in transit.
All information not required will be destroyed in accordance with privacy legislation or as required by other legislation or as required under guidance from the Public Records Office. However, we are obliged by the Australian Government to retain in perpetuity the majority of the information we gather in relation to applications and assessments.
6. Access and Correction
If you wish to obtain a copy of any personal information we hold which relates to you, request that we correct that information or make a complaint relating to our collection or use of your personal information, please contact The Privacy Officer at email@example.com. Please note that we will require you to adequately identify yourself when requesting a copy of your personal information.
You also have the right to request in the form of an application under the Freedom of Information Act. Our provision of access to information under this policy is in addition to any rights of access you may have under the Freedom of Information Act.
Generally, we will give you access to your personal information or health information upon written request within 30 days from receipt of the request, subject to exceptions permitted by law.
If we receive a written request to correct personal information about you and we are satisfied that the personal information held by us is not accurate, complete or up to date, we will take all reasonable steps to correct the information so that it is accurate, complete and up to date.
We will provide you with reasons for denial of access or refusal to correct personal information.
We aim to act reasonably in resolving all complaints, but if you are unsatisfied with the response from VETASSESS, you may wish to address your complaint to either:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
(Responsible for the administration of the Privacy Act 1988 (Cth))
Commissioner for Privacy and Data Protection, PO Box 24014, Melbourne VIC 3001
(Responsible for the administration of the Privacy and Data Protection Act 2014 (Vic))
Please note that VETASSESS collects personal information for the purposes of making skills assessments used by the Australian Government. The Australian Government requires VETASSESS to retain details of the assessments and the information it uses in making those assessments. Consequently, notwithstanding that in other circumstances (such as the European Union’s Global Data Privacy Regulation) an individual may have a right to have their personal records erased, VETASSESS cannot comply with any request for the erasure or destruction of records relating to migration assessment applications unless authorised to do so by the Australian Government. Applicants should consider this when making an application.
Any request for access or correction of the information we hold should be addressed to the email address given for “further information” below.
7. Unique identifiers
Sometimes we have to collect unique identifiers in order to carry out our functions. These may include Australian Government issued identifiers, such as Centrelink numbers, Tax File Numbers or Medicare Card Numbers, their equivalents issued by foreign governments, such as National Insurance and Social Security numbers, details of identity documentation, such as passports, ID cards and drivers licences, and other identifiers such as student numbers or health insurance numbers. If we do need this information the purposes for collecting these numbers will be explained to you.
We will not use these unique identifiers for any other purposes than those for which they were collected.
If we ascribe a unique identifier to you for internal use, this will be used only for managing our dealings with you and monitoring the progress of your application or assessment will not otherwise be shared with any other body or person without your consent.
You have the option of not identifying yourself when entering transactions with us wherever it is lawful and practicable.
9. Transborder data flows
Our services are provided on-line and may be made available to clients located outside Australia (Overseas Clients). Where we offer services to Overseas Clients we will, at minimum, store and manage their personal information in accordance with this policy and the Privacy Laws applicable in Victoria, Australia. If the laws of the country in which the Overseas Client is located afford the Overseas Client additional protections or rights with respect to the use and management of their personal information, we will, so far as reasonably practicable, afford the Overseas Client the benefit of those additional protections or rights, provided that doing so does not conflict with our legal obligations with respect to the handling and retention of their personal information.
If we are unable to reasonably comply with an Overseas Client’s requirements with respect to the use and management of their personal information, we may elect instead to cease providing services to the Overseas Client.
By indicating their acceptance of this policy, and by registering to use our services, each Overseas Client consents to our collection of their personal information and to our storage and use of that information in Australia in accordance with this policy. In addition, to the extent that any permitted use of their personal information requires us to engage an agent or representative in the country in which the Overseas Client is located, each Overseas Client consents to our disclosure of their personal information to such agents or representatives.
We collect sensitive information about an individual only with consent of the person or if required or permitted by law. ‘Sensitive information’ is information or an opinion about an individual's:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious belief or affiliations
- sexual preferences
- criminal record
- membership of a trade union
- membership of a professional or trade association.
11.Website Usage and Cookies
Cookies are pieces of information that a website downloads to your computer to record your preferences while you browse. Other technologies that may be used by us include web beacons (which may operate in conjunction with cookies). The information collected through these technologies may be used by us to improve and customise your experience on our website. In addition, we may collect aggregated non-personally identifiable data from our website to help us maintain and improve delivery of our services and to provide a consistent experience. This aggregated information assists us in improving content and website navigation. You can configure your web browser to reject and block cookies. If you decide to delete or block certain cookies, your experience on our website may be limited. When you visit any of our websites, our site’s server may record information about your visit, including:
- IP address;
- A top-level domain name (for example .com, .au, etc.);
- the date and time of your visit to the site;
- the pages you accessed and documents downloaded during your visit;
- the previous site you visited;
- if you’ve visited our site before; and
- the type of browser used.
All of this information is collected for statistical purposes, which enables us to assess the number of visitors to the different sections of the site and assists us to make the website more useful to visitors.
There are ways for you to opt out of third-party cookies; (i) by contacting us; or (ii) visiting youronlinechoices.com.au that allows you to opt out of some online behavioural advertising. These services provided by third party vendors generally operate without the collection or use of any personal information. In many cases, the information relates only to a device or is of a statistical nature, and we will not be able to identity the user.
Please contact VETASSESS for further information about this policy.