VETASSESS Privacy Statement
At VETASSESS, we respect the privacy rights of individuals in regard to the personal and health information they supply to us.
As a brand of Bendigo Kangan Institute trading as VETASSESS ABN 74 802 942 886 (“VETASSESS”) we aim to comply with the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and all other applicable privacy legislation and contractual requirements and to implement practices and procedures to ensure compliance.
This statement applies to personal and health information you provide to us in whatever manner you deal with us. Your rights set out in this privacy statement are additional to any other rights you may have. Nothing in this statement should be read as an attempt to restrict or exclude any right that you are entitled to by law unless we have expressly set this out in this policy.
For VETASSESS employees, any personal or health information we collect is dealt with pursuant to the terms of their employment agreement and is not subject to this policy.
In some circumstances where we obtain personal information from overseas, whether it is obtained directly from you or is collected and provided to us by migration agents, certain additional rights and obligations may attach to that information. Those rights may derive from the laws of the relevant overseas countries, or from the obligations we owe to the agents collecting the information.
1.0 Information Privacy Principles
VETASSESS complies with the Information Privacy Principles as set out in Schedule 1 of the Privacy and Data Protection Act 2014 (Vic) and the Health Privacy Principles as set out in Schedule 1 of the Health Records Act 2001 (Vic). We observe the ten principles outlined below.
- Principle 1 - Collection of Information
‘Personal information’ we collect means any recorded information that can identify someone, this includes your:
- Telephone numbers
- Date of birth
- Email address
- Credit card details for payment of fees
- Passport details
- Qualifications held
- Employment history
- Photographic, video or audio recordings of you
‘Health information’ we collect means health information as defined in the Health Records Act 2001 (Vic) and includes information that can be linked to an individual, about their:
- Physical health
- Mental health
- Psychological health
- Disability status
We will only collect personal information or health information that is relevant for our functions and activities (the “Primary Purpose”) which includes:
- Provision of skills assessment including assessment of qualifications and employment for migration to Australia
- Provision of skills assessment including assessment of qualifications and employment for non-migration purposes such as, seeking professional registration, employment, or stand-alone recognition of your skills
- Provision and/or administration of tests for assessment of your skills and/or knowledge
- Verification of the identity of applicants for skills assessment
- Improvement of the quality of our services
- Research and analysis relating to the quality of our services, the demand for our services and the expectations of our customers
- Dealings with Australian, State and Territory governments
- Record keeping and administrative purposes
How we collect personal information or health information will depend on the circumstances. If it is reasonable and practicable to do so, we will collect personal information or health information from you directly, for example through our on-line application system, via phone calls or emails you send us.
However, we may also collect personal information or health information from an agent acting on your behalf and from third parties such as the:
- Australian Government Department of Employment and Workplace Relations (DEWR)
- Australian Government Department of Home Affairs (DHA)
- Australian Taxation Office (ATO)
- Australian government agencies, including Police and Defence Forces
- Overseas service providers, employers, and referees
Upon collection of any personal information, we will provide you with:
- Our contact details
- A clear explanation as to why we need the information requested, including any law that requires the particular information to be collected
- How we will use the information
- To whom we regularly disclose this information
- The main consequences (if any) for you if all or part of the information is not provided
We will also inform you about your right to access and, if appropriate, correct the information we hold about you.
1.2 Principle Two - Use and Disclosure
Except as otherwise expressly outlined in privacy principle two, use and disclosure, we will not use or disclose any personal information or health information to a third party for a purpose other than the Primary Purpose for its collection unless we informed you when the information was collected, or:
- We have obtained your consent
- We are using or disclosing it for a related (or directly related, if sensitive information) secondary purpose
- We are required, authorised, or permitted by law to disclose the information
We may use your contact details to contact you to:
- Provide information you have requested
- Respond to your feedback
- Confirm receipt of your emails to us
- Contact you for any other reason, for example to ensure that the personal information we have collected about you is accurate and up to date
- Seek qualitative and quantitative market research data and insights, such as surveys and focus groups
1.2.1 Third Party Disclosure
We may disclose your personal information or health information to the following third parties:
- Government agencies
- Department of Industry and Science,
- Department of Home Affairs
- Australian Taxation Office
- Domestic and overseas service providers
- Employers for verification of identity/data purposes
The information we collect about you may also be disclosed to third parties engaged in relevant research into matters such as migration patterns and skill levels.
We may also disclose information to third parties to act on our behalf, including:
- Information technology suppliers
- Marketing and advertising agencies
- Mailing and logistics providers
- Professional advisors
Where we are requested to provide information to a third party we will:
- Provide that information in an aggregated and/or de-identified format if reasonably practicable
- Inform them of their obligation to observe Australian Privacy Principles and request written confirmation of their intention to observe this requirement
- Require the recipient to store that information securely, not disclose it to any other person and return or destroy it when it is no longer required
- Require that the recipient update or delete any part of the information disclosed where we have agreed to update or delete our corresponding records
If a third party is collecting information for research purposes and proposes to publish or otherwise share the outcome of their research, we will require that neither the published or shared report nor any supporting information made available by VETASSESS contains any personally identifiable information. In addition, if the research includes de-identified data, we will require that it be sufficiently aggregated or otherwise presented such that it cannot be re- identified.
1.3 Principle Three - Data Quality
We will take all reasonable steps to ensure the personal information or health information that is collected, used, or disclosed is complete, accurate and current. If you wish to access or update your personal information or health information, we will provide all reasonable assistance to do so. Any request to update or correct the information we hold should be addressed to the email address given for “further information” below.
1.4 Principle Four - Data Security
Personal information or health information is held by us in printed documents and on electronic databases. We have taken all reasonable steps to ensure your information is protected from:
- Unauthorised access
- Modification or disclosure
Steps to protect your information include:
- Website protection measures
- Security restrictions on access to our computer systems
- Controlled access to our corporate premises and policies on document storage
However, while we make all attempts to secure the personal information or health information you may electronically transmit to us, the nature of electronic transmissions is such that there is a possibility that a third party may observe this information whilst it is in transit.
All information not required will be destroyed in accordance with either:
- Privacy legislation or as required by other legislation
- Public Records Office guidance and requirements
However, we are obliged by the Australian Government to retain in perpetuity the majority of the information we gather in relation to applications and assessments.
1.5 Principle Five - Openness
We will take all reasonable steps to provide you with details of your personal information or health information being held by us upon request including placing this privacy statement on our website.
1.6 Principle Six - Access and Correction
Please contact The VETASSESS Privacy Officer at email@example.com if you wish to:
- Obtain a copy of any personal information we hold that relates to you
- Request that we correct that information
- Make a complaint relating to our collection or use of your personal information
Please note that you will be required to identify yourself when requesting a copy of your personal information.
Generally, we will give you access to your personal information or health information upon written request within 30 days from the time we receive your request, subject to exceptions permitted by law.
If we receive a written request to correct personal information about you and we are satisfied that the personal information held by us is not accurate, complete, or up to date, we will take all reasonable steps to correct the information so that it is accurate, complete, and up to date.
If your request is not approved, we will provide you with reasons for the denial of access or refusal to correct personal information.
We aim to act reasonably in resolving all complaints, but if you are dissatisfied with our response, you may wish to address your complaint to either the:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
(Responsible for the administration of the Privacy Act 1988 (Cth))
Commissioner for Privacy and Data Protection, PO Box 24014, Melbourne VIC 3001
(Responsible for the administration of the Privacy and Data Protection Act 2014 (Vic))
Please note that VETASSESS collects personal information for the purposes of making skills assessments used by the Australian Government. The Australian Government requires VETASSESS to retain details of the assessments and the information it uses in making those assessments.
Consequently, notwithstanding that in other circumstances (such as the European Union’s Global Data Privacy Regulation) an individual may have a right to have their personal records erased, VETASSESS cannot comply with any request for the erasure or destruction of records relating to migration assessment applications unless authorised to do so by the Australian Government. Applicants should consider this when making an application.
1.6.1 Freedom of Information Act 1982 (Vic)
You also have the right to request access to your information by making a Freedom of Information application as specified in the Freedom of Information Act 1982 (Vic). Our provision of access to your information outlined in this statement is in addition to any rights of access you may have under the Act.
1.7 Principle Seven - Unique Identifiers
Sometimes we are required to collect unique identifiers in order to conduct our functions. If we do need this information the purposes for collection these numbers will be explained to you. Such information may include Australian Government-issued identifiers, such as:
- Centrelink numbers
- Tax File Numbers
- Medicare Card Numbers
We also may collect unique identifiers issued by foreign governments, such as:
- National Insurance numbers
- Social Security numbers
- Passport numbers
- ID card numbers
- Drivers licence numbers
- Student numbers
- Health insurance numbers
We will not use these unique identifiers for any other purposes than those for which they were collected.
If we ascribe a unique identifier to you for internal use, this will only be used for managing our dealings with you and monitoring the progress of your application or assessment. It will not otherwise be shared with any other body or person without your consent.
1.8 Principle Eight - Anonymity
You have the option of not identifying yourself when entering transactions with us wherever it is lawful and practicable.
1.9 Principle Nine - Transborder Data Flows
Our services are provided on-line and may be made available to clients located outside Australia (overseas clients). Where we offer services to overseas clients we will, at a minimum, store and manage their personal information in accordance with this policy and the Privacy Laws applicable in Victoria, Australia. Where some of our services may be outsourced, the service providers are contracted to comply with Australian Privacy Requirements.
However, if the laws of the country in which the overseas client is located afford the overseas client additional protections or rights with respect to the use and management of their personal information, we will, so far as is reasonably practicable, afford the overseas client the benefit of those additional protections or rights, provided that doing so does not conflict with our legal obligations with respect to the handling and retention of their personal information.
If we are unable to reasonably comply with an overseas client’s requirements with respect to the use and management of their personal information, we may elect instead to cease providing services to the overseas client.
By indicating their acceptance of this policy, and by registering to use our services, each overseas client consents to our collection of their personal information and to our storage and use of that information in Australia in accordance with this policy.
In addition, to the extent that any permitted use of their personal information requires us to engage an agent or representative in the country in which the overseas client is located, each overseas client consents to our disclosure of their personal information to such agents or representatives.
1.10 Principle Ten - Sensitive Information
We collect sensitive information about an individual only with the consent of the person or if required or permitted by law. ‘Sensitive information’ is information or an opinion about an individual's:
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious belief or affiliations
- Sexual orientation
- Criminal record
- Membership of a trade union
- Membership of a professional or trade association
2.0 Website Usage and Cookies
Cookies are pieces of information that a website downloads to your computer to record your preferences while you browse. Other technologies that may be used by us include web beacons (which may operate in conjunction with cookies). The information collected through cookies and web beacons may be used by us to improve and customise your user experience on our website.
In addition, we may collect aggregated non-personally identifiable data from our website to help us maintain and improve delivery of our services and to provide a consistent experience. This aggregated information assists us in improving content and website navigation. You can configure your web browser to reject and block cookies. If you decide to delete or block certain cookies, your experience on our website may be limited. When you visit any of our websites, our site’s server may record information about your visit, including:
- Your IP address
- A top-level domain name (e.g. .com, .au, etc.)
- The date and time of your visit to the site
- The pages you accessed, and documents downloaded during your visit
- The previous site you visited
- If you have visited our site before
- The type of browser used
All of this information is collected for statistical purposes, which enables us to assess the number of visitors to the different sections of the site and assists us to make the website more useful to visitors.
There are several methods and packages that we use to collect visitor behaviours. We may use tools to measure and analyse internet usage across our website. This enables us to track the number of unique browsers to our websites.
There are ways for you to opt out of third-party cookies; (i) by contacting us; or (ii) visiting youronlinechoices.com.au that allows you to opt out of some online behavioural advertising. These services provided by third party vendors operate without the collection or use of any personal information. In many cases, the information relates only to a device or is of a statistical nature, and we will not be able to identify the user.
3.0 Provision of False and Misleading Information to VETASSESS
If we discover that you have provided false, misleading, or incorrect information to support your application and we have relied on that information to award a successful skills assessment outcome, we may recommend that your application or assessment be rejected or reviewed. This may apply at any time, even after your application or assessment has been finalised, and we may recommend that a certificate be rescinded and/or notify the relevant Australian Government agency.
4.0 Further information
Please contact VETASSESS for further information about this policy.