Level 6, 11 – 31 York Street
Sydney NSW 2000 Australia
|Approved By||Compliance Manager|
Gradability Pty Ltd., in accordance with the Australian Privacy Principles has a commitment to ensuring that all reasonable steps are taken to protect the privacy of its consumers and staff team. The following policy and procedure outlines how personal information is collected, used, disclosed, stored, destroyed.
The following policy and procedure should be read in conjunction with the Record Retention Policy and Procedure, Engagement and Monitoring of Third Party Providers Policy and Procedure” and the organisation’s Complaints and Appeals Policy and Procedure
AVETMISS – The agreed national data standard for the collection, analysis and reporting of vocational education and training information.1
Data breach – Where personal information is held by an organisation and is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse. 2
Governing Bodies –
For Professional Year Program– this relates to Department of Home Affairs (DHA), Australian Computer Society (ACS) and Accounting PYP (APYP).
For RTO Registration– this refers to Australian Skills Quality Authority (ASQA).
OAIC – Office of the Australian Information Commissioner
Personal information – Types of information that are specific to an individual for example name, address, contact or bank account details.3
Sensitive information – A type of personal information that is sensitive in its nature – for example race or ethnic origin, political opinion, religious belief or affiliation, medical history, or criminal record.4
1 NCVER (2014) Glossary of VET
2 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines
3 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines
4 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines
In order to deliver a high quality education service Gradability Pty Ltd. is required to collect a variety of personal information from both consumers and staff members. Where personal and sensitive information is collected, it is stored, disclosed, and destroyed in accordance with the Australian Privacy Principles. Personal data is any data about an identified or identifiable natural person, or any information that in combination with other non-personal information can reasonably be used to identify a natural person.
Gradability Pty Ltd.’s website may contain links to other websites and applications over which Gradability Pty Ltd. does not have control. Such links do not constitute an endorsement by Gradability Pty Ltd. and Gradability does not control the content or privacy policies or practices of such sites. Any access to and use of such linked websites is governed by the privacy policies of those third parties’ websites.
3.1 Data Control
3.1.1 The data controller of www.Gradability.com.au and any subpages thereto (e.g., https://support.Gradability.com) is Gradability Pty Ltd., Level 6 11-17 York St Sydney, NSW Australia. If you have any questions on this Policy or any of our data processing practices, please contact email@example.com
3.2 Types of information collected and held
The type of information we collect from depends upon the type of interactions individuals have with our websites and services, including the context of their interactions with Gradability Pty Ltd., the choices they make as well as the services they use.
3.2.1 Individuals may choose to give us personal information directly in a variety of situations, such as if a request to receive information or a service from Gradability Pty Ltd., if an application for enrolment through our portal is made, or if a supplier or partner does business with us.
3.2.2 Gradability Pty Ltd. may also collect information relating to the use of our websites and our services through the use of various technologies. For example, when an individual visits our websites, we may log certain information that their browser sends, such as your IP address, browser type and language, access time, and referring web site addresses. We may collect information about the pages that are viewed within our websites and other actions taken while visiting the site.
3.2.3 We may also collect information that pertains to an individual indirectly through other sources, such as vendors or agents. When we do so, we ask the vendors or agents to confirm that the information was legally acquired and that we have the right to obtain it from them and use it.
3.2.4 Personal and sensitive information is routinely collected from staff and consumers for the purpose of either employment or enrolment.
3.2.5 Pertaining to clause 3.2.4, information collected for the purpose of employment may include
3.2.6 Pertaining to clause 3.2.4, information collected for the purpose of enrolment into a program may include
3.3 How personal information is collected and stored
In general, the provision of any personal data or granting of consent to a processing activity is entirely voluntary. However, there are certain circumstances in which Gradability Pty Ltd. cannot act without processing certain personal data, for example to process applicant enrolments, or to assist with use of our services, or to provide access to content, log in to the online Learning Management System or to contact the service for further information. In these cases, it will not be possible for Gradability Pty Ltd. to provide the requested service or product without the relevant personal information.
3.3.1 In some circumstances, Gradability Pty Ltd. may need to terminate an individual’s ability to use the services without access to personal data. Gradability Pty Ltd. intends to notify the individual of whether such communication or data sharing is deemed mandatory and the impact of not sharing.
3.3.2 Individuals may disclose information through the website, over the telephone, via email, in person and by the completion of relevant forms. Written and/or verbal consent is obtained prior to collection of personal information obtained outside of the website personal data and stored appropriately (e.g., in the students/employee file or on the student management system, the CRM). In this instance, only information disclosed by the individual is used in the collection of information. Relating to this instance, prior to the collection of this personal information the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur.
3.3.3 The types of information collected or disclosed by the individual will vary depending on the method of collection, the purpose of that collection and the individual disclosing the information.
3.3.4 Forms used by Gradability Pty Ltd. to collect personal information from students include but are not limited to
3.3.5 Documentation used by Gradability Pty Ltd. to collect personal information from staff team members include but are not limited to
3.3.6 For students: Information is held in either a locked filing cabinet or electronically on the organisations hard drive and/or student management system. Access to information is limited to personnel with the correct authorisation and is only available to staff for the purpose of collection or management of student progression.
3.3.7 Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee’s privacy. Where staff team members leave the organisation their access to data is removed/deleted.
3.3.8 Where a prospective student completes an online enquiry or payment, the student’s privacy is protected by:
3.3.9 Student payments are processed by Ezypay Pty Ltd, an external provider. Details of Ezypay’s privacy & security policies are located https://www.ezypay.com/privacy-security/.
3.3.10 Students are provided unique password access to their student portal. More than five incorrect attempts will lock the account. Students must make enquiries with Gradability Pty Ltd. to unlock the portal. In this instance verification of identity is required to authenticate the person making the request.
3.4 Personal data usage and processing
If an individual uses our website, we may use various website navigation information including tracking technologies such as cookies and web beacons to collect and store information. Website navigation information includes standard information from the individual’s Web browser (such as browser type and browser language), language choices, time zone, your Internet Protocol (IP) address, actions you take on our websites, URL and page metadata, installation data (such as the operating system type and application version), system crash information, system activity and hardware settings. We may also automatically collect and store certain information in activity logs such as: details of how the individual uses our websites, their search queries, and their IP address.
Providing the requested information or services.
3.4.1 If an individual requests information on our Services, order our services or become our business partner, we typically ask for personal contact information such as name, business email address, business telephone number, company name and address, job title, role and, if payment is to be made to Gradability Pty Ltd., financial and billing information, such as billing name and address, credit card information, bank details or other payment information. We use the personal data only to process the order or to provide the requested Service. Specifically, this includes, taking the necessary steps prior to entering into a contract, responding to applicant’s enquiries, processing, or providing customer feedback and support, information about changes to our services and other related notices or disclosures as required by law.
188.8.131.52 We collect, share, and use data collected from our websites principally for the following purposes:
3.4.2 When an individual chooses to provide us with information, including personal data, they understand that we are storing this and/or transferring it to Gradability Pty Ltd. locations, internally between management systems and to affiliates or service providers and government departments.
3.4.3 Gradability Pty Ltd. complies with applicable law when transferring your personal information outside of the country where the information has been collected. For data originating from a European Union member state, Gradability Pty Ltd. uses a variety of data transfer mechanisms (including standard contractual clauses) for this purpose.
3.4.4 Gradability Pty Ltd. may invite students, team members, alumni to participate in questionnaires and surveys designed to improve its services. Personal information in these surveys is only used for the purpose of its collection outlined in the survey invitation. Participation is voluntary. Individuals provide Gradability Pty Ltd. with permission to use information captured through these documents by participating in and completing these documents in full or part thereof.
3.4.5 Personal information is only for the purpose of its collection and by staff who require the information in order to complete the tasks associated with their role and function or to ensure that the services offered meet your needs.
Student personal information is used to.
3.4.6 Team Members’ personal information is used to
Usage Data details.
3.4.7 In the course of providing our services to stakeholders, we may collect, use, process and store usage data such as number of sessions, users, number of users, page views, number of page views per sessions, average session duration, bounce rate, percentage of new sessions, language of user, country, city, new versus returning users, browser type, operating system, internet service provider, IP address, screen resolution size, service used, service version number and mobile device brand. The usage data is collected and processed in order to create, and compile anonymised, aggregated datasets and/or statistics about the services for the following purposes:
Please note that such aggregated datasets and statistics will not enable any living individual to be identified.
Relationship Intelligence Products.
3.4.8 Gradability Pty Ltd. employs the use of legitimate relationship intelligence products that may collect supplemental usage data including without limitation IP address, company identifier, browser type, browser language and locale, operating system, device type, date and time of request, user id, and the person or company name being looked up. The supplemental usage data may be used for the following purposes:
Supplemental usage data will not be shared with third parties except for lookup parameters which may be provided to third party content providers in order to provide enriched data response.
3.5 Sharing your personal data
3.6 Direct Marketing
3.6.2 Individuals have the opportunity to be removed from circulation or subscription lists if they choose not to receive organisation related materials. We do not, in any event, sell or lease any personal information to any party.
3.6.3 Where individual’s post information to our Blogs, Facebook, Social Media Environments, or websites this information will been seen and shared with those audiences within those platforms. Individuals may be required to create a user profile which may provide them with the option to display personal information to others. This includes, but is not limited to their name, photo, social media accounts, postal address, email address, telephone number, personal interests, skills, and basic information about themselves or their company. All of the information that individuals post will be available to all visitors to our site.
3.6.4 Gradability Pty Ltd. is not responsible for the personal information that individuals choose to submit in these forums. This is the sole responsibility of the individual and Gradability Pty Ltd. will not be liable for this information in any way. Individuals are not permitted to provide any personal information about other data subjects in those forums and blogs, and we also encourage limiting any personal information to a minimum.
3.6.5 We may share personal data based on good faith that disclosure of this information is necessary to investigate, prevent, or act regarding legal activities, suspected fraud, or potential threats to the safety of any person or peoples. We may also use personal data in litigation in which we are involved, to protect the safety of any person or entity, to protect the rights of any person or entity, to respond to judicial or government enquiry or as required by law.
3.7 Disclosure of personal information to a Third Party
3.7.1 Gradability Pty Ltd. only discloses information to a third party where written consent has been provided from the individual. Where possible, data is encrypted so that the individual has a level of pseudonymity. Gradability Pty Ltd. does not disclose any individual’s personal information to overseas recipients.
3.7.2 In accordance with legislative and regulatory requirements Gradability Pty Ltd. is required to provide information to State and Commonwealth government departments and other government de[artments for the purpose of administration, research, and quality assurance. Gradability Pty Ltd. does not use or disclose government related identifiers.
3.8 Accessing and seeking correction of personal information
3.8.1 Gradability Pty Ltd. acknowledges the rights of individuals to have access to their personal information under the Freedom of Information Act and provides opportunities to review this information on request.
3.8.2 Students and team members are encouraged to update their personal information as it changes to maintain the currency and accuracy of records/data. Where Gradability Pty Ltd. members identify/suspect that personal information is inaccurate, out of date, incomplete or misleading they will contact the individual for further clarification and action any rectifications as required. There is no charge to an individual who wishes to correct personal information or an associating statement.
3.8.3 If Gradability Pty Ltd. uses an individual’s personal data based on their consent or to perform a contract with the individual, Gradability Pty Ltd. may request a copy of the personal data in a portable format for verification purposes.
3.9 Retention, restriction, and destruction of personal information
Gradability Pty Ltd.’s policy is to retain personal data no longer than
(a) is necessary to fulfil the purposes for which the personal data is processed,
(b) if processing is based on consent, until consent is withdrawn or
(c) if processing is based on a legitimate interest of Gradability Pty Ltd., until objection is made by the individual to such processing.
3.9.1 Personal information is securely destroyed in accordance with the organisations Records Retention and Management Policy and Procedure. See this policy and procedure for more information. The duration of processing and storage of personal data depends on the legal basis and reporting requirements according to Australian legislation. Gradability Pty Ltd. may need to retain data and personal information in accordance with National Vocational Education and Training Regulator Act 2011 and the Standards for RTOs 2015. However, if required by law Gradability Pty Ltd. will retain personal data for a longer period of time.
3.9.2 Gradability Pty Ltd. will also store data for a longer period of time if such data is required to assert, support, or defend against legal claims. If this is the case, we will retain such data until the relevant retention period or until the claims related to the data have been settled. Gradability Pty Ltd. can only delete personal data if there is no statutory obligation or prevailing right of Gradability Pty Ltd. to retain it. Deletion of any individual’s personal data will result in an inability to continue with any Gradability Pty Ltd. services to said individual that require the use the data, including, but not limited to, enrolment and completion of a Gradability Pty Ltd. course.
3.9.3 Individuals can request that Gradability Pty Ltd. restrict further processing of their personal data without deleting said personal data for the following reasons
3.9.4 Should an individual request Gradability Pty Ltd. to withdraw a consent to use their personal data any withdrawal has no effect on past processing of personal data up to the point in time of the withdrawal.
3.9.5 If the use of services requires consent and the consent is withdrawn, Gradability Pty Ltd. will no longer be able to provide these services.
3.10 Complaints and appeals
If the complainant is dissatisfied with the outcome of their complaint they can approach their relevant ASQA for further resolution. Further action may be taken by approaching the state-based Training Ombudsman, or the OAIC.
See Complaints and Appeals policy and procedure for more information.
3.11 Use of Gradability Pty Ltd. website by children
Gradability Pty Ltd. does not intend for the use of their website by children under 16 years of age and thereby does not target audiences below the age of 16 years old. Gradability Pty Ltd. does not knowingly collect personal data from children under 16 years of age. Gradability Pty Ltd. supports and encourages parents and guardians to take an active role in their children’s online activities and interests.
3.12 Governance mechanisms
Gradability Pty Ltd. has a governance framework in place to ensure its compliance with the Australian Privacy Principles. The following governance framework underpins and supports the operationalisation of this policy through the following actions,
The organisation’s Compliance Manager monitors the effectiveness of the policy/procedure and is actively involved in its review
3.13 General Business communications
Gradability Pty Ltd. communicates with users of the service on a regular basis. Communications can take place via email or phone contact. These such communications are not marketing related but are required to conduct relevant business related services to ensure the delivery of our product and services.
Marketing- related communication may be made by phone or email where an individual may have opted in to receiving these. Gradability Pty Ltd. will always provide the opportunity to opt out of receiving any further marketing information. Individuals can contact the Gradability team to request this action.
3.11 Personal data transference
If in the event that Gradability Pty Ltd. is acquired by or merged with another entity, or part of all of our assets are acquired, or Gradability Pty Ltd. has gone into bankruptcy, individuals’ personal information will be transferred to the acquiring entity for purposes that are similar to those that Gradability Pty Ltd. has originally used said information for.
3.12 Data received from third parties
Our business partners or agents may register leads with us in which they provide contact details of prospective customers. Collected information may include, name, email address, contact details, phone number and services requested. We also may use such personal data to assist our business partners in responding to requests.
We also may receive personal data from third parties such as marketing or advertising companies, organisers of events that provide us with such information as a part of their relationship with us. Such data could include contact details (such as name, company, title, company address, and email and phone number). This information is used for evaluating a potential business relationship or for combining the information with personal data that we may have already collected.