POLICIES AND PROCEDURES

Privacy policy

Holmesglen Privacy Statement

Holmesglen respects your right to privacy. This statement outlines how we handle personal and health information in line with our obligations under the Privacy Act 1988 (Cth), Privacy and Data Protection Act 2014 (Vic), and the Health Records Act 2001 (Vic). It applies to all personal and health information provided to us and information about you obtained from other sources, including information collected for the purposes of providing and/or administering Victorian and Commonwealth government subsidies and Commonwealth student loans (including VET Student Loans and HELP Loans).

Collection of personal information and health information

We collect and hold information about:

  • prospective, current and former learners
  • learners’ parents, guardians and care providers
  • prospective, current and former employees
  • officers, including directors, and external members of committees and other advisory bodies
  • employers of apprentices and trainees who are training with us
  • representatives of employers hosting our learners on practical placement or work-integrated learning
  • volunteers
  • contractors and third-party providers
  • members of the public we are interacting with.

This information is collected for the purpose of:

  • delivering educational programs and services
  • enabling individuals to access and use our website and systems
  • employing individuals and appointing and managing contractors
  • providing fee payment options, including payment plans and Commonwealth student loan schemes where Holmesglen is an approved provider under relevant legislation
  • sending messages, reminders, updates and information
  • providing a range of support services to learners and employees
  • conducting research and evaluation activities including surveys and gathering feedback about your experience of engaging with us
  • maintaining a safe work and learning environment
  • meeting our wider functional needs, including the objectives, powers and functions under the Education and Training Reform Act 2006 (Vic) and other relevant legislation
  • meeting legislative and regulatory obligations.

The type of personal information that we may collect and handle about you will depend on the nature of our dealings with you. This may include:

  • identity and contact information
  •  financial information
  • education and training information
  • employment history
  • background checks required for employment or enrolment in a course of study
  • location information
  • images recorded by security and surveillance systems
  • records of complaints, appeals and disciplinary matters
  • other personal information that may be required to facilitate your dealings with us, including types of personal or health information set out in a collection notice.

Sensitive information

We will collect sensitive information about an individual:

  • with the individual’s consent
  • when the collection is reasonably necessary for, or directly related to, one of the purposes outlined above.

Health information

We will collect health information about an individual:

  • only if the information is necessary for one or more of our functions or activities and with the consent of the individual
  • pursuant to an exception specified in the Health Records Act 2001 (Vic).

Method of collection

We take all reasonable steps to ensure that information collected is:

  • necessary for our purposes
  • relevant to the purpose of collection
  • collected in a lawful and fair way, with consent where reasonably possible and without unreasonable intrusion
  • as up to date and complete as reasonably possible.

Notice of collection

Where we collect your personal or health information directly from you, we will take reasonable steps to ensure that you are aware of:

  • our identity and contact details
  • the fact that you can gain access to the information
  • the purpose for which the information is collected (“the primary purpose”)
  • to whom (or the types of individuals or organisations to which) we usually disclose information of that kind, including to parents / guardians (where relevant)
  • any law that requires specific information to be collected
  • the main consequences (if any) for you if all or part of the information is not collected.

Sources of personal or health information

Important sources of personal or health information, collected by us includes the following.

Learners:

  • schools, Victorian Tertiary Admissions Centre (VTAC), its successors and equivalent interstate and overseas bodies
  • other tertiary education institutions and providers
  • education recruitment agencies
  • health practitioners and other agencies supporting learners.

Employees (includes volunteers):

  • previous employers and referees nominated by prospective and current employees
  • health practitioners and rehabilitation providers
  • employment review assessors
  • other government bodies for the purposes of employment eligibility.

Other persons:

  • Parents’, guardians’ and/or care providers’ personal information may be collected from learners, as relevant to the learner’s enrolment.
  • Contractor personal information may be collected where required by legislation or where goods and services are provided to Holmesglen.

We will not collect personal information other than from you or one of the sources outlined above unless:

  • prior consent is provided by you
  • we are required or authorised to collect the information under legislation or by a court/tribunal order
  • it is impractical or unreasonable to obtain your consent.

Notification of collection through third party

We will take all reasonable steps to ensure you are aware that personal information has been collected about you and the circumstances of collection if the:

  • information has been collected from another person or entity
  • you could not reasonably be expected to know that the information has been collected.

The Notice of Collection above sets out the information that will be provided to you, where practicable. 

Use or disclosure

We use or disclose personal information and health information for the reason it was collected (the primary purpose). In some situations, we may need to use or disclose personal or health information for a secondary purpose, this can occur where:

1.         You have given your consent to for us to use or disclose your information for that secondary purpose.

2.         The secondary purpose is related to the primary purpose and a person in a similar situation would reasonably expect the information to be used or disclosed for that secondary purpose (for sensitive information or health information, the secondary purpose must be directly related to the primary purpose).

3.         Use or disclosure of the personal or health information is required or authorised by or under law, such as relevant legislation or a court/tribunal order.

4.         The use or disclosure is necessary for research, or the compilation or analysis of statistics, in the public interest, other than where the information will be disclosed in a publication in a form that identifies any individual:

i)          it is impracticable for us to seek your consent before the use or disclosure

ii)         in the case of disclosure, we reasonably believe that the recipient will not disclose the information

iii)        and for health information, the purpose cannot be served by information that does not identify you or from which your identity is not reasonably able to be ascertained and in accordance with the Statutory Guidelines on Research February 2002 issued under the Health Records Act 2001 (Vic).

5.         We reasonably believe that the use or disclosure is necessary to lessen or prevent a serious threat to:

i)          your life, health, safety or welfare

ii)         public health, public safety or public welfare.

6.         We have reason to suspect that unlawful activity has been, is being or may be engaged in, and we use or disclose the personal information or health information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities.

7.         We reasonably believe that the use or disclosure of the information is reasonably necessary for specified types of law enforcement functions conducted by, or on behalf of, a law enforcement agency.

We may also disclose learners’ information to third parties in the following circumstances:

  • academic progress information may be disclosed to another tertiary institution or related body as required where a learner is transferring to a new institution
  • personal and enrolment information, including academic results, where learners are undertaking cross-institutional study, may be disclosed to the relevant institution as required to confirm the learner’s enrolment or qualification
  • personal information may be disclosed to contractors engaged by Holmesglen where this is required for the services being acquired eg debt recovery services
  • personal and enrolment information, including academic results, of apprentices and trainees may be disclosed to their employer
  • personal and health information may be disclosed to government and regulatory bodies where this is required under legislation, a court/tribunal order or in compliance with regulatory, funding or loan arrangements (including HELP and VET Student Loans)
  • personal and health information may be disclosed to external organisations such as professional bodies or licensing agencies in connection with your studies
  • personal and health information may be disclosed to a parent, guardian or care giver, where learners have provided consent.
Direct marketing

We may use or disclose personal information about you for direct marketing activities if:

  • we collected the information from you
  • you have consented to receive direct marketing or would reasonably expect us to use or disclose your information for that purpose
  • we provide a simple means for you to request that we stop sending direct marketing (also known as opting out)
  •  you have not made such a request to us.

We will not use sensitive information for direct marketing without your consent. We will not use health information for direct marketing.

Data quality

We will take reasonable steps to make sure that the personal and health information we collect, use or disclose is accurate, complete and up to date. To ensure quality and accuracy of personal information and health information, we request that you provide relevant and accurate information and notify us where that information requires updating as follows:

Data security

We will take reasonable steps to ensure that the personal and health information we hold is protected from misuse, loss, or unauthorised access, modification or disclosure.  We incorporate information security controls to minimise the risk of data loss or misuse by:

  • implementing industry-standard security measures, including encryption, firewalls, and access control mechanisms, to protect information
  • ensuring that data creation, storage, and processing occur on approved ICT systems.
  • providing induction and ongoing information security training for staff
  • documenting and assigning security roles and responsibilities to employees with specific information security functions
  • classifying data in accordance with the current Victorian Protective Data Security Guidelines
  • conducting risk assessments on information assets containing personally identifiable information
  • ensuring that the disposal of personal and health information is authorised and complies with the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic)
  • requiring that Holmesglen’s partners, contractors, and service providers be bound by Victoria’s privacy principles, and ensuring that information exchanged is handled in accordance with security standards, privacy principles, and contractual agreements.

When handling personal information received from third parties, we do so according to the originator’s instructions.

If we become aware that your personal or health information has been inappropriately handled, we will inform you of the incident and take appropriate action to ensure such mishandling does not occur again.

We will also take reasonable steps to destroy or permanently de-identify personal and health information if it is no longer needed for any purpose. This obligation is subject to the Public Records Act 1973 (Vic), which requires us to keep full and accurate records and to retain them for periods of time. Destruction of personal and health information will be carried out according to Holmesglen’s retention and disposal schedule and its Records Management Policy.

Transfer of information outside Victoria

We will only transfer personal or health information about you to someone (other than ourselves or you) who is outside Victoria if:

  • we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Information Privacy Principles set out in the Privacy and Data Protection Act 2014 (Vic) or Health Privacy Principles set out in the Health Records Act 2001 (Vic) (as relevant); or
  • you consent to the transfer
  • the transfer is necessary for the performance of a contract between us or for the implementation of pre-contractual measures taken in response to your request
  • the transfer is necessary for the performance of a contract concluded in your interest between us and a third party
  • all the following apply:
    • the transfer is for your benefit
    • it is impracticable to obtain your consent to that transfer
    • if it were practicable to obtain that consent, you would likely give it
  • we have taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Information Privacy Principles or Health Privacy Principles (as relevant)
  • for health information, the transfer is authorised or required by law.
Openness

This Privacy Policy is available on our website and upon request to our Privacy Officer (privacy@holmesglen.edu.au).

If requested, our Privacy Officer will take reasonable steps to let you know, generally, what sort of personal and health information we hold, for what purposes, and how we collect, hold, use and disclose that information.

Access to and correction of information

We are subject to the Freedom of Information Act 1982 (Vic) and are required to manage requests for access to and correction of personal information and health information under that legislation. Please refer to our Freedom of Information Policy or contact the Freedom of Information Officer for further assistance on foi@holmesglen.edu.au

Unique identifiers

We assign unique identifiers to employees and learners, which are necessary for us to carry out our functions efficiently.

All learners undertaking study in a nationally recognised training course will need to have a Unique Student Identifier (USI), as required by the Australian Government. More information is accessible from the Australian Government USI Website

We will not adopt a unique identifier of an individual that has been assigned by another organisation. However, we may collect and store unique identifiers used by other organisations. These may be included in reports to relevant Commonwealth and Victorian departments and agencies.

Anonymity

You may, in some circumstances where it is lawful and practicable, be able to request and receive information from us anonymously.

We will not be able to offer anonymity if:

  • we are required or authorised by law, including by a court or tribunal order, to deal with certain individuals
  • it is impractical for us to deal with individuals who have not identified themselves.
Sensitive information

We will not collect sensitive information about you unless:

  • you have consented
  • collection is required under law
  • collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is either physically or legally incapable of giving consent to the collection or physically cannot communicate consent to the collection.

Despite the above, we may collect sensitive information about you if the collection:

  • is necessary for research, or the compilation or analysis of statistics, relevant to government funded targeted health, welfare, support or educational services
  • is of information relating to your racial or ethnic origin and is collected for the purpose of providing government funded targeted welfare or educational services
  •  there is no reasonably practicable alternative to collecting the information for that purpose
  • it is impractical for us to seek your consent to the collection.
Information privacy enquiries

All enquiries must be in writing to the Privacy Officer, PO Box 42, Holmesglen VIC 3148 or privacy@holmesglen.edu.au 

Breaches of this policy

In the first instance, alleged privacy breaches or complaints about the way we have handled your personal and/or health information should be referred to the area where you initially lodged the information.

If a satisfactory resolution cannot be reached at this level, the alleged breach or complaint should be submitted in writing to our Privacy Officer (privacy@holmesglen.edu.au ). All matters received through this process will be managed in accordance with Holmesglen’s complaint resolution process.