PSF Privacy Policy
Pearsons School of Floristry (PSF) is committed to maintaining the privacy and confidentiality of its RTO personnel and participant records. PSF complies with the Privacy Act 1988 including the 13 Australian Privacy Principles (APPs) as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
This policy is designed to maintain requirements with additional state jurisdictional requirements including:
- Privacy and Personal Information Protection Act 1998 (NSW);
Providing an overall framework for its privacy practices, PSF has developed and implemented this Privacy Policy.
PSF manages personal information in an open and transparent way. This is evident in the implementation of practices, procedures and systems outlined in this policy, that ensures PSF compliance with the APPs and any binding registered APP code, and provide suitable suitable procedures for PSF personnel to be able to deal with related inquiries and complaints that may be received from time to time.
At the time of enrolment, a student is advised of the following Privacy Notice in your enrolment form:
Why we collect your personal information
As a registered training organisation (RTO), we collect your personal information so we can process and manage your enrolment in a vocational education and training (VET) course with us.
How we use your personal information
We use your personal information to enable us to deliver VET courses to you, and otherwise, as needed, to comply with our obligations as an RTO.
How we disclose your personal information
We are required by law (under the National Vocational Education and Training Regulator Act 2011 (Cth) (NVETR Act)) to disclose the personal information we collect about you to the National VET Data Collection kept by the National Centre for Vocational Education Research Ltd (NCVER). The NCVER is responsible for collecting, managing, analysing and communicating research and statistics about the Australian VET sector.
We are also authorised by law (under the NVETR Act) to disclose your personal information to the relevant state or territory training authority.
How the NCVER and other bodies handle your personal information
The NCVER will collect, hold, use and disclose your personal information in accordance with the law, including the Privacy Act 1988 (Cth) (Privacy Act) and the NVETR Act. Your personal information may be used and disclosed by NCVER for purposes that include populating authenticated VET transcripts; administration of VET; facilitation of statistics and research relating to education, including surveys and data linkage; and understanding the VET market.
The NCVER is authorised to disclose information to the Australian Government Department of Education, Skills and Employment (DESE), Commonwealth authorities, State and Territory authorities (other than registered training organisations) that deal with matters relating to VET and VET regulators for the purposes of those bodies, including to enable:
- administration of VET, including program administration, regulation, monitoring and evaluation
- facilitation of statistics and research relating to education, including surveys and data linkage
- understanding how the VET market operates, for policy, workforce planning and consumer information.
The NCVER may also disclose personal information to persons engaged by NCVER to conduct research on NCVER’s behalf.
The NCVER does not intend to disclose your personal information to any overseas recipients.
If you would like to seek access to or correct your information, in the first instance, please contact your RTO using the contact details listed below.
DESE is authorised by law, including the Privacy Act and the NVETR Act, to collect, use and disclose your personal information to fulfil specified functions and activities. For more information about how the DESE will handle your personal information, please refer to the DESE VET Privacy Notice at https://www.dese.gov.au/national-vet-data/vet-privacy-notice.
Surveys
You may receive a student survey which may be run by a government department or an NCVER employee, agent, third-party contractor or another authorised agency. Please note you may opt out of the survey at the time of being contacted.
- correct your personal information
- make a complaint about how your personal information has been handled
- ask a question about this Privacy Notice
Email: school@pearsonsflorist.com.au
Phone number: (02) 9550 7755
The following sections of this policy outline how PSF manages personal information.
Australian Privacy Principle 1 - Open and transparent management of personal information
Purposes for information collection, retention, use and disclosure
PSF retains a record of personal information about all individuals with whom it undertakes any form of business activity. PSF must collect, hold, use and disclose information from its clients and stakeholders for a range of purposes, including but not limited to:
- Providing services to clients;
- Managing employee and contractor teams;
- Promoting products and services;
- Conducting internal business functions and activities; and
- Requirements of stakeholders.
As a government registered training organisation, regulated by the Australian Skills Quality Authority, PSF is required to collect, hold, use and disclose a wide range of personal and sensitive information on participants in nationally recognised training programs.
This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative instruments. In particular, the legislative instruments:
- Student Identifiers Act 2014;
- Higher Education Support Act 2003 (VET FEE HELP – if relevant);
- Standards for Registered Training Organisations (RTOs) 2015; and
- Data Provision Requirements 2020.
It is noted that PSF is also bound by various State Government Acts requiring similar information collection, use and disclosure (particularly Education Act(s), Vocational Education & Training Act(s) and Traineeship & Apprenticeships Act(s) relevant to state jurisdictions of PSF operations).
It is further noted that, aligned with these legislative requirements, PSF delivers services through a range of Commonwealth and State Government funding contract agreement arrangements, which also include various information collection and disclosure requirements.
Individuals are advised that due to these legal requirements, PSF discloses information held on individuals for valid purposes to a range of entities including:
- Governments (Commonwealth, State or Local);
- Australian Apprenticeships Centres;
- Employers (and their representatives), Job Network Providers, Schools, Guardians; and
- Service providers such as credit agencies and background check providers.
Kinds of personal information collected and held
The following types of personal information are generally collected, depending on the need for service delivery:
- Contact details;
- Employment details;
- Educational background;
- Demographic Information;
- Course progress and achievement information; and
- Financial billing information.
The following types of sensitive information may also be collected and held:
- Identity details;
- Employee details & HR information;
- Complaint or issue information;
- Disability status & other individual needs;
- Indigenous status; and
- Background checks (such as National Criminal Checks or Working with Children checks).
Where PSF collects personal information of more vulnerable segment of the community (such as children), additional practices and procedures are also followed.
How personal information is collected
PSF’s usual approach to collecting personal information is to collect any required information directly from the individuals concerned. This may include the use of forms (such as registration forms, enrolment forms or service delivery records) and the use of web based systems (such as online enquiry forms, web portals or internal operating systems).
PSF does receive solicited and unsolicited information from third party sources in undertaking service delivery activities. This may include information from such entities as:
- Governments (Commonwealth, State or Local);
- Australian Apprenticeships Centres;
- Employers (and their representatives), Job Network Providers, Schools, Guardians; and
- Service providers such as credit agencies and background check providers.
How personal information is held
PSF’s usual approach to holding personal information includes robust storage and security measures at all times. Information on collection is:
- As soon as practical converted to electronic means;
- Stored in secure, password protected systems, such as financial system, learning management system and student management system; and
- Monitored for appropriate authorised use at all times.
Only authorised personnel are provided with login information to each system, with system access limited to only those relevant to their specific role. PSF ICT systems are hosted externally with robust security to physical server locations and server systems access. Virus protection, backup procedures and ongoing access monitoring procedures are in place.
Destruction of paper based records occurs as soon as practicable in every matter, through the use of secure shredding and destruction services at all PSF sites.
Individual information held across systems is linked through a PSF allocated identification number for each individual.
Retention and Destruction of Information
PSF records, in the event of PSF ceasing to operate the required personal information on record for individuals undertaking nationally recognised training with PSF would be transferred to the Australian Skills Quality Authority, as required by law.
Accessing and seeking correction of personal information
PSF confirms all individuals have a right to request access to their personal information held and to request its correction at any time. In order to request access to personal records, individuals are to make contact with the school office:
02 9550 7755 school@pearsonsflorist.com.au
A number of third parties, other than the individual, may request access to an individual’s personal information. Such third parties may include employers, parents or guardians, schools, Australian Apprenticeships Centres, Governments (Commonwealth, State or Local) and various other stakeholders.
In all cases where access is requested, PSF will ensure that:
- Parties requesting access to personal information are robustly identified and vetted;
- Where legally possible, the individual to whom the information relates will be contacted to confirm consent (if consent not previously provided for the matter); and
- Only appropriately authorised parties, for valid purposes, will be provided access to the information.
Complaints about a breach of the APPs or a binding registered APP code
If an individual feels that PSF may have breached one of the APPs or a binding registered APP Code, individual can refer to the Privacy Complaints Procedure described further down in this document.
Making the PSF Privacy Policy available
PSF provides its Privacy Policy free of charge, with all information being publiclyavailable from the Privacy Policy section link on our website. This website information is designed to be accessible as per web publishing accessibility guidelines, to ensure access is available to individuals with special needs (such as individuals with vision impairment).
Review and Update of this Privacy Policy
PSF reviews this Privacy Policy:
- On an ongoing basis, as suggestions or issues are raised and addressed, or as government required changes are identified;
- Through its internal audit processes on at least an annual basis;
- As a part of any external audit of its operations that may be conducted by various government agencies as a part of its registration as an RTO or in normal business activities; and
- As a component of each and every complaint investigation process where the compliant is related to a privacy matter.
Where this policy is updated, changes to the policy are widely communicated to stakeholders through internal personnel communications, meetings, training and documentation, and externally through publishing of the policy on PSF’s website, the Student Portal and other relevant documentation (such as our course enrolment form) for clients.
Australian Privacy Principle 2 – Anonymity and pseudonymity
Individuals may deal with PSF by using a name, term or descriptor that is different to the individual’s actual name. This includes using generic email addresses that does not contain an individual’s actual name, or generic user names when individuals may access a public component of PSF website or enquiry forms.
PSF only stores and links pseudonyms to individual personal information in cases where this is required for service delivery (such as system login information) or once the individual’s consent has been received.
Requiring identification
However, PSF must require and confirm identification in service delivery to individuals for nationally recognised course programs. PSF is authorised by Australian law to deal only with individuals who have appropriately identified themselves. That is, it is a Condition of Registration for all RTOs under the National Vocational Education and Training Regulator Act 2011 that RTOs identify individuals and their specific individual needs on commencement of service delivery, and collect and disclose Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS) data on all individuals enrolled in nationally recognised training programs. Other legal requirements, as noted earlier in this policy, also require considerable identification arrangements.
There are also other occasions within PSF service delivery where an individual may not have the option of dealing anonymously or by pseudonym, as identification is practically required for PSF to effectively support an individual’s request or need.
Australian Privacy Principle 3 — Collection of solicited personal information
PSF only collects personal information that is reasonably necessary for its business activities.
PSF only collects sensitive information in cases where the individual consents to the sensitive information being collected, except in cases where PSF is required to collect this information by law, such as outlined earlier in this policy.
All information PSF collects is collected only by lawful and fair means.
PSF only collects solicited information directly from the individual concerned, unless it is unreasonable or impracticable for the personal information to only be collected in this manner.
Australian Privacy Principle 4 – Dealing with unsolicited personal information
PSF may from time to time receive unsolicited personal information. Where this occurs, PSF promptly reviews the information to decide whether or not it could have collected the information for the purpose of its business activities. Where this is the case, PSF may hold, use and disclose the information appropriately as per the practices outlined in this policy.
Where PSF could not have collected this information (by law or for a valid business purpose), it immediately destroys or de-identifies the information (unless it would be unlawful to do so).
Australian Privacy Principle 5 – Notification of the collection of personal information
Whenever PSF collects personal information about an individual, it takes reasonable steps to notify the individual of the details of the information collection or otherwise ensure the individual is aware of those matters. This notification occurs at or before the time of collection, or as soon as practicable afterwards.
PSF notifications to individuals on data collection include:
- PSF’s identity and contact details, including the position title, telephone number and email address of a contact who handles enquiries and requests relating to privacy matters;
- The facts and circumstances of collection such as the date, time, place and method of collection, and whether the information was collected from a third party, including the name of that party;
- If the collection is required or authorised by law, including the name of the Australian law or other legal agreement requiring the collection;
- The purpose of collection, including any primary and secondary purposes;
- The consequences for the individual if all or some personal information is not collected;
- Other organisations or persons to which the information is usually disclosed, including naming those parties;
- Whether PSF is likely to disclose the personal information to overseas recipients, and if so, the names of the recipients and the countries in which such recipients are located.
- A link to this Privacy Policy on its website or explain how it may be accessed; and
- Advice that this Privacy Policy contains information about how the individual may access and seek correction of the personal information held by PSF; and how to complain about a breach of the APPs, or any registered APP code, and how PSF will deal with such a complaint.
Where possible, PSF ensures that the individual confirms their understanding of these details, such as through signed declarations, website form acceptance of details or in person through questioning.
Collection from third parties
Where PSF collects personal information from another organisation, it:
- Confirms whether the other organisation has provided the relevant notice above to the individual; or
- Whether the individual was otherwise aware of these details at the time of collection; and
- If this has not occurred, PSF will undertake this notice to ensure the individual is fully informed of the information collection.
Australian Privacy Principle 6 – Use or disclosure of personal information
PSF only uses or discloses personal information it holds about an individual for the particular primary purposes for which the information was collected, or secondary purposes in cases where:
- An individual consented to a secondary use or disclosure;
- An individual would reasonably expect the secondary use or disclosure, and that is directly related to the primary purpose of collection; or
- Using or disclosing the information is required or authorised by law.
Requirement to make a written note of use or disclosure for this secondary purpose
If PSF uses or discloses personal information in accordance with an ‘enforcement related activity’ it will make a written note of the use or disclosure, including the following details:
- The date of the use or disclosure;
- Details of the personal information that was used or disclosed;
- The enforcement body conducting the enforcement related activity;
- If the organisation used the information, how the information was used by the organisation;
- The basis for its reasonable belief that PSF was required to disclose the information.
Australian Privacy Principle 7 – Direct marketing
PSF does not use or disclose the personal information that it holds about an individual for the purpose of direct marketing, unless:
- The personal information has been collected directly from an individual, and the individual would reasonably expect their personal information to be used for the purpose of direct marketing; or
- The personal information has been collected from a third party, or from the individual directly, and the individual does have a reasonable expectation that their personal information will be used for the purpose of direct marketing; and
- PSF provides a simple method for the individual to request not to receive direct marketing communications (also known as ‘opting out’).
On each of its direct marketing communications, PSF provides a prominent statement that the individual may request to opt out of future communications, and how to do so.
An individual may also request PSF at any stage not to use or disclose their personal information for the purpose of direct marketing, or to facilitate direct marketing by other organisations. PSF complies with any request by an individual promptly and undertake any required actions for free.
PSF also, on request, notifies an individual of the source of their personal information used or disclosed for the purpose of direct marketing unless it is unreasonable or impracticable to do so.
Australian Privacy Principle 8 – Cross-border disclosure of personal information
Before PSF discloses personal information about an individual to any overseas recipient, it undertakes reasonable steps to ensure that the recipient does not breach any privacy matters in relation to that information.
Australian Privacy Principle 9 – Adoption, use or disclosure of government related identifiers
PSF does not adopts, uses or discloses a government related identifier related to an individual except:
- In situations required by Australian law or other legal requirements;
- Where it is reasonably necessary to verify the identity of the individual;
- Where it is reasonably necessary to fulfil obligations to an agency or a State or Territory authority; or
- As prescribed by regulations.
Australian Privacy Principle 10 – Quality of personal information
PSF takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete. PSF also takes reasonable steps to ensure that the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant. This is particularly important when:
- the personal information is initially collected; and
- the personal information is used or disclosed by PSF.
PSF takes steps to ensure personal information is factually correct. In cases of an opinion, it ensures information takes into account competing facts and views and makes an informed assessment, providing it is clear this is an opinion. Information is confirmed up-to-date at the point in time to which the personal information relates.
Quality measures in place supporting these requirements include:
- Internal practices, procedures and systems to audit, monitor, identify and correct poor quality personal information (including training staff in these practices, procedures and systems);
- Protocols that ensure personal information is collected and recorded in a consistent format, from a primary information source when possible;
- Ensuring updated or new personal information is promptly added to relevant existing records;
- Providing individuals with a simple means to review and update their information on an on-going basis through our online portal;
- Reminding individuals to update their personal information at critical service delivery points (such as completion) when PSF engages with the individual;
- Contacting individuals to verify the quality of personal information where appropriate when it is about to be used or disclosed, particularly if there has been a lengthy period since collection; and
- Checking that a third party, from whom personal information is collected, has implemented appropriate data quality practices, procedures and systems.
Australian Privacy Principle 11 — Security of personal information
PSF takes active measures to consider whether it is able to retain personal information it holds, and also to ensure the security of personal information it holds. This includes reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
PSF destroys or de-identifes personal information held once the information is no longer needed for any purpose for which the information may be legally used or disclosed.
Access to PSF offices and work areas is limited to our personnel only - visitors to its premises must be authorised by relevant personnel and are accompanied at all times. With regard to any information in a paper based form, PSF maintains storage of records in an appropriately secure place to which only authorised individuals have access.
Regular staff training and information bulletins are conducted with PSF personnel on privacy issues, and how the APPs apply to its practices, procedures and systems. Training is also included in its personnel induction practices.
Australian Privacy Principle 12 — Access to personal information
Where PSF holds personal information about an individual, it provides that individual access to the information on their request. In processing requests, PSF:
- Ensures through confirmation of identity that the request is made by the individual concerned, or by another person who is authorised to make a request on their behalf;
- Responds to a request for access:
- Within 14 calendar days, when notifying its refusal to give access, including providing reasons for refusal in writing, and the complaint mechanisms available to the individual; or
- Within 30 calendar days, by giving access to the personal information that is requested in the manner in which it was requested.
- Provides information access free of charge.
Australian Privacy Principle 13 – Correction of personal information
PSF takes reasonable steps to correct personal information it holds, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.
Individual Requests
On an individual’s request, PSF:
- Corrects personal information held; and
- Notifies any third parties of corrections made to personal information, if this information was previously provided to these parties.
n cases where PSF refuses to update personal information, PSF:
- Gives a written notice to the individual, including the reasons for the refusal and the complaint mechanisms available to the individual;
- Upon request by the individual whose correction request has been refused, takes reasonable steps to associate a statement with the personal information that the individual believes it to be inaccurate, out-of- date, incomplete, irrelevant or misleading;
- Responds within 14 calendar days to these requests; and
- Completes all actions free of charge.
Correcting at PSF’s initiative
PSF takes reasonable steps to correct personal information it holds in cases where it is satisfied that the personal information held is inaccurate, out-of-date, incomplete, irrelevant or misleading (that is, the information is faulty). This awareness may occur through collection of updated information, in notification from third parties or through other means.
‘Request for Records Access’ Procedure
Individuals or third parties may at any stage request access to records held by PSF relating to their personal information. The following procedure is followed on each individual request for access:
- A request for access is provided by the requester, with suitable information provided to be able to:
- Identify the individual concerned;
- Confirm their identity; and
- Identify the specific information that they are requesting access to. This request may be in any form.
- Upon receiving a request for access, PSF then:
- Confirms the identity of the individual or party requesting access;
- Confirms that this individual or party is appropriately authorised to receive the information requested;
- Searches the records that it possesses or controls to assess whether the requested personal information is contained in those records; and
- Collates any personal information found ready for access to be provided.
Confirming identity
PSF personnel must be satisfied that a request for personal information is made by the individual concerned, or by another person who is authorised to make a request on their behalf. The minimum amount of personal information needed to establish an individual’s identity is sought, which is generally an individual’s name, date of birth, last known address and signature.
When meeting the requesting party in person, identification may be sighted.
If confirming details over a telephone conversation, questions regarding the individual’s name, date of birth, last known address or service details may be confirmed before information is provided.
- Once identity and access authorisation is confirmed, and personal information is collated, access is provided to the requester within 30 calendar days of receipt of the original request. PSF will provide access to personal information in the specific manner or format requested by the individual, wherever it is reasonable and practicable to do so, free of charge.
Where the requested format is not practical, PSF will consult with the requester to ensure a format is provided that meets the requester’s needs.
2. If the identity or authorisation access cannot be confirmed, or there is another valid reason why PSF is unable to provide the personal information, refusal to provide access to records will be provided to the requester, in writing. PSF notification will include reason(s) for the refusal, and the complaint mechanisms available to the individual. Such notifications are provided to the requester within 30 calendar days of receipt of the original request.
‘Request for Records Update’ Procedure
Individuals or third parties may at any stage request that their records held by PSF relating to their personal information be updated. The following procedure is followed on each individual request for records updates:
- A request for records update is provided by the requester, with suitable information provided to be able to:
- Identify the individual concerned;
- Confirm their identity; and
- Identify the specific information that they are requesting be updated on their records.
This request may be in any form, preferably by email sent to school@pearsonsflorist.com.au
- Upon receiving a request for records update, PSF then:
- Confirms the identity of the individual or party to whom the record relates;
- Searches the records that it possesses or controls to assess whether the requested personal information is contained in those records; and
- Assesses the information already on record, and the requested update, to determine whether the requested update should proceed.
Assessing Update
PSF personnel assess the relevant personal information PSF holds, and the requested updated information, to determine which version of the information is considered accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.
This may include checking information against other records held by PSF, or within government databases, in order to complete an assessment of the correct version of the information to be used.
- Once identity and information assessment is confirmed, personal information is:
- Updated, free of charge, within 14 calendar days of receipt of the original request; and
- Notified to any third parties of corrections made to personal information, if this information was previously provided to these parties.
- If the identity of the individual cannot be confirmed, or there is another valid reason why PSF is unable to update the personal information, refusal to update records will be provided to the requester in writing, free of charge, within 14 calendar days.
Our notification will include the reasons for the refusal and the complaint mechanisms available to the individual.
- Upon request by the individual whose correction request has been refused, PSF will also take reasonable steps to associate a ‘statement’ with the personal information that the individual believes it to be inaccurate, out-of-date, incomplete, irrelevant or misleading. This statement will be applied, free of charge, to all personal information relevant across PSF systems within 30 calendar days of receipt of the statement request.
Privacy Complaints Procedure
If an individual feels that PSF has breached its obligations in the handling, use or disclosure of their personal information, they may raise a complaint as per the Complaints and Appeals Policy available on our website.
*** Document control management: Uncontrolled when printed