Privacy Policy and Procedure

Last updated: March 2026
RTO: 41448

1. Objective

This policy outlines Emergency Australia's commitment to protecting personal and sensitive information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the National VET Data Policy, and the Student Identifiers Act 2014. This policy also ensures Emergency Australia's compliance with the Standards for RTOs 2025, particularly Outcome Standards 6 and 8.

The purpose is to:

• Ensure personal information collected is handled transparently and lawfully
• Enable learners and staff to access and amend their personal information
• Maintain the security and integrity of data
• Support compliance with mandatory data collection and reporting

2. Scope

This policy applies to all personal and sensitive information collected, stored, used or disclosed by Emergency Australia relating to:

• Students (current, former, or prospective)
• Employees
• Trainers and assessors
• Contractors and third-party partners
• Employers and job service providers interacting with Emergency Australia

It also applies to all platforms and methods used to collect information including paper forms, electronic systems, enrolment portals, websites, email correspondence, and phone communications.

3. Regulatory Environment

Emergency Australia is obligated to collect and report data as a condition of registration with ASQA and to comply with the following:

• Total VET Activity (TVA) requirements
• AVETMISS reporting
• National VET Data Policy (current version)
• Student Identifiers Act 2014

Data collected is used for planning, auditing, funding, and statistical reporting and may be shared with:

• National Centre for Vocational Education Research (NCVER)
• State and territory training authorities
• Department of Education
• Commonwealth and state regulators

4. Australian Privacy Principles (APPs)

Emergency Australia complies with the 13 APPs, including:

• Open and transparent management of personal information
• Anonymity and pseudonymity where legally permitted
• Collection of solicited information only when necessary
• Unsolicited personal information managed appropriately
• Notification of the collection of personal information
• Use or disclosure of personal information only for its intended purpose
• Direct marketing opt-in practices
• Cross-border disclosure of personal information (e.g., third-party systems)
• Adoption of government-related identifiers limited to legal obligations
• Quality of personal information ensured through validation
• Security of personal information (technical and physical safeguards)
• Access to personal information by the individual
• Correction of personal information upon request

5. Unique Student Identifier (USI)

Under the Student Identifiers Act 2014, Emergency Australia must collect, verify, and report a USI for all students enrolling in nationally recognised training. Key principles:

• USIs are verified through the official registry
• Learners must provide consent
• Certification cannot be issued without a verified USI (unless exempt)
• The USI is stored securely and not printed on certificates

6. Use and Disclosure

Emergency Australia uses personal information to:

• Deliver and assess training
• Maintain enrolment and academic records
• Communicate results and progress
• Support learners and address concerns
• Fulfil regulatory obligations

We may disclose information to:

• ASQA
• NCVER
• State Training Authorities
• The USI Registry System
• Government bodies upon request
• Employers, where written consent is obtained

We will not:

• Sell information to marketing agencies
• Disclose information outside legal and consent-based requirements

7. Website and Marketing Use

Emergency Australia may use personal information for sending training updates and course invitations to subscribed recipients, analysing website usage data anonymously, and improving online services. Consent will be sought for direct marketing, and individuals may opt out at any time. No personal data is sold or disclosed to third-party marketing platforms.

8. Security and Retention

We ensure data is kept secure and retained as required by law:

• Digital records are stored on secure platforms with access controls and encryption
• Physical records are kept in locked cabinets within restricted-access locations
• Learner records are retained for 30 years to comply with Outcome Standard 8.3
• Backup systems are maintained and tested regularly
• Data no longer required is destroyed securely and permanently

9. Access and Correction

Individuals have the right to request a copy of their personal information held by Emergency Australia and corrections to any inaccurate or incomplete data. Requests must be made in writing and may require ID verification. Responses are typically provided within 30 calendar days. Access is free unless administrative or postage costs apply.

10. Complaints Process

Complaints relating to privacy or misuse of information should be submitted to the Privacy Officer via email, written form, or through a supervisor. Complaints will be acknowledged within 5 business days, investigated within 7–10 business days, and responded to in writing with outcomes or next steps. Unresolved matters may be escalated to ASQA (for RTO regulatory concerns) or The Office of the Australian Information Commissioner (OAIC).

11. Smart and Skilled Data Privacy and Compliance

Emergency Australia complies with the privacy, confidentiality, and data management obligations outlined in the Smart and Skilled Contract and Operating Guidelines administered by Training Services NSW (TSNSW).

11.1 Purpose
This section ensures that personal information collected, used, and disclosed in relation to Smart and Skilled-funded training programs meets all requirements under the Smart and Skilled Contract and Operating Guidelines, the NSW Privacy and Personal Information Protection Act 1998, the Privacy Act 1988 (Cth) and APPs, and the Student Identifiers Act 2014.

11.2 Collection and Use of Information
Emergency Australia collects personal information from students applying for or participating in Smart and Skilled-funded training for the purposes of determining eligibility, managing funding contracts, complying with reporting requirements, and monitoring program quality. Learners are informed at enrolment that their information will be shared with Training Services NSW and the NSW Department of Education. Consent for this disclosure is obtained as part of the enrolment process.

11.3 Disclosure of Information
Personal information may be disclosed to Training Services NSW, the NSW Department of Education, and other government agencies as authorised or required by law. Emergency Australia will not disclose any information to unauthorised third parties or for non-related purposes without the learner’s consent.

11.4 Data Security and Retention
All Smart and Skilled data is stored in secure systems that comply with NSW government information security standards. Digital files are encrypted and access-controlled. Physical records are stored in locked facilities. Smart and Skilled records are retained for seven (7) years from the end of the relevant contract period.

11.5 Data Accuracy and Correction
Emergency Australia ensures all data submitted to Training Services NSW is accurate and complete. Learners may request access to, or correction of, their Smart and Skilled-related data at any time. Data discrepancies identified through validation reports or audits are corrected promptly.

11.6 Complaints and Privacy Concerns
Learners may raise privacy-related concerns through Emergency Australia’s internal complaints process. If unresolved, Smart and Skilled-funded learners may also contact Training Services NSW – Smart and Skilled Customer Support Centre at smartandskilled.nsw.gov.au or 1300 772 104.

11.7 Continuous Improvement
Emergency Australia reviews its Smart and Skilled data management processes annually to ensure ongoing compliance with contractual, legislative, and audit requirements.

Related Standards – Standards for RTOs 2025

• Outcome Standard 6.1 – The RTO complies with all relevant legislation and regulatory requirements.
• Compliance Standard 6.3 – The RTO maintains records and evidence of compliance with privacy and data legislation.
• Outcome Standard 8.2 – The RTO issues and maintains accurate learner records and ensures secure data retention.
• Compliance Standard 8.3 – RTOs must retain certification records securely for at least 30 years.
• Compliance Standard 6.6 – The RTO ensures learners are informed about how their personal information is used and stored.
• NSW Privacy and Personal Information Protection Act 1998
• Smart and Skilled Operating Guidelines & Contract Terms and Conditions

Smart and Skilled Requirement Mapping