1.1 IVET complies with the National Privacy Principles, the Information Privacy Principles contained in the Commonwealth Privacy Amendment Act (2000), the Victorian Information Privacy Act (2000), and the Privacy Amendment (Notifiable Data Breaches) Bill 2016.
1.2 For many services provided, IVET is required to collect personal information including the client’s name, address, contact details and information specific to the service being delivered. Collection is by lawful and fair means and is not unreasonably intrusive.
1.3 IVET makes every effort to collect personal information directly from the individual client. Where this is not possible, such as when a client is referred by a third party or when taking group enrolments, IVET contacts each individual client to ensure they are aware of the points listed above.
1.4 IVET collects sensitive information only when the client has given written consent.
1.5 When collecting personal and sensitive information, IVET ensures that clients are made aware of:
- IVET identity and how to contact us
- their right to access their personal information
- the purpose for collection
- the organisation/s we disclose their personal information to
- any law that requires the particular information to be collected the consequences, if any, for the client if they do not provide the information required
1.6 IVET ensures information provided remains private and protected from misuse, loss, unauthorised access, modification or disclosure. Security measures in place include;
- individual password access to systems and databases
- secure filing cabinets
- secure storage and office facilities
- restricted access to authorised staff only
1.7 IVET will provide an individual with access to personal information it holds on that person upon request (at no cost). Client will be asked to provide evidence of identity using a combination of methods e.g. USI, date of birth, driver’s license or bank card. Where an individual can show that information held about them is not accurate, current or complete, IVET will take reasonable steps to correct that information.
1.8 The CEO is responsible for implementing this policy and reviewing its effectiveness in compliance with regulatory guidelines.
1.9 This policy is implemented in compliance with the requirements of the Standards for Registered Training Organisations (RTOs) 2015 Standards.