We are committed to ensuring the proper handling of your personal information in accordance with the Privacy Act 1988 ('Privacy Act'). We are an 'APP entity' that must comply with the Australian Privacy Principles (APPs) which are set out in Schedule 1 of the Privacy Act. The Privacy Act and APPs regulates how entities must collect, use, disclose and hold personal information, and how people may access and correct their personal information.
The privacy policy has been developed in accordance with APP 1, and the purpose of this privacy policy is to explain:
-
what kinds of personal information we collect, use and disclose
-
how we collect, use, disclose and hold your personal information
-
the purposes for which we collect, use and disclose your personal information
-
how you can access your personal information held by us and seek correction of that information (if necessary)
-
what you can do if you have a query, concern or complaint regarding our handling of your personal information.
The privacy policy also provides information about accessing information under the Freedom of Information Act 1982.
What personal information we collect and hold
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
We collect a broad range of personal information that is reasonably necessary for, or directly related to, our functions and activities, including our role under the Student Identifiers Act 2014 .
Personal information we collect may include and hold (but is not limited) to the following:
-
full name
-
preferred name
-
mailing address which could be the physical/street address and/or postal address
-
email address
-
telephone numbers
-
date of birth
-
city or town of birth
-
country of birth
-
gender
-
what services you have obtained or which you have asked about
-
cookie and clickstream data (eg information about the websites a person has visited)
We only collect some personal information from cookies and clickstream data and people who do not wish to receive cookies can turn this function off on their web browser
-
we temporarily hold transcript data for third party viewing
-
answers to personal account security (check) questions
-
data from previous revoked accounts
-
details of identification (such as the state and number listed on a driver's license).
-
any other information we need to deliver services to you and to respond to your questions.
Where we hold a mailing address for a student, it may be a postal address rather than the physical/street address. Only the type of your identification documents will be stored indefinitely.
We know that sometimes you might not want to give your personal information to us. In some cases, you will be able to remain anonymous or use a pseudonym, however, there will be occasions where it is impracticable for you to remain anonymous or use a pseudonym.
For example, without your personal information, we may not be able to provide you the services you want. We normally ask for your identity so that we can reply to your request and carry out our roles and activities.
For students who are undertaking Vocational Education & Training (VET) studies, the National Centre for Vocational Education and Research (NCVER) holds your training information, which is used to electronically create authenticated VET transcripts.
We do not hold or store the information received from the NCVER for this purpose.
How we collect your personal information
We collect your personal information in a few different ways. For example:
-
directly from you, when you access and use our website and online systems
-
indirectly from you when you use our website and online systems such as cookies and clickstream data
-
when we or someone on our behalf talks to you on the telephone and in person such as through the contact centre or customer surveys
-
in writing, for example by letter or via email
-
when you apply, or someone on your behalf applies, for a USI.
We may also collect your personal information from other people (relevant third parties), including:
-
other government agencies
-
law enforcement agencies
-
education or training providers
-
entities that provide services to us
-
individuals who assist you in creating a USI.
We will usually collect your personal information directly from you. However, we may collect your personal information from a third party if:
-
you consent (including where you have authorised an entity under Section 9 of the Student Identifiers Act to apply for a USI on your behalf)
-
we are required or authorised to collect the information by or under an Australian law, or a court or tribunal order
-
it is unreasonable or impractical for us to collect personal information directly from you.
When we collect personal information, we are required under the APPs to notify you of several matters. These include:
-
the purposes for which we collect the information
-
whether the collection is required or authorised by law
-
any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our forms and website.
Personal information is sometimes provided to us without us having requested it. This is called ‘unsolicited personal information.’ When we receive unsolicited personal information we will consider if we could have collected the information if we asked for it and if so, we will follow the Privacy Act in handling that information. If we determine that we could not have collected the information, subject to the requirements of the Archives Act 1983, we will destroy or de-identify the information.
Why we collect, use and disclose your personal information
We collect, use and disclose your personal information for a variety of different purposes relating to our functions and activities, including our role under the Student Identifiers Act, to:
-
identify you
-
process your application for a USI
-
verify and or assign a USI
-
resolve problems with a USI
-
create an authenticated VET transcript
-
provide services to you and to send system generated notifications to you
-
answer questions, and provide information or advice about existing and new services
-
give you access to protected areas of our website
-
assess how our website is working and to make it work better
-
conduct business processing functions
-
update our records and keep your contact details up to date
-
process and respond to any complaint you make.
We will usually only use or disclose your personal information for the purpose for which it was collected, which you would be notified of at the time your information is collected.
There are some circumstances in which we are permitted to use or disclose personal information for another purpose, such as where a permitted general situation exists as set out in section 16A of the Privacy Act (e.g. to lessen or prevent a serious threat to life, health or safety).
For additional information regarding use or disclosure of personal information, please refer to the Office of the Australian Information Commissioner APP 6 Guideline.
Likely secondary purposes for which we may use or disclose your personal information include (but is not limited to):
-
conduct planning, service and policy development; program evaluation; complaints handling; quality control and assurance
-
to conduct research
-
to investigate fraud or misconduct
-
give information to our contractors or service providers to allow them to assist in providing our services to you
-
administer our obligations under legislation, for example in relation to freedom of information and privacy.
Who we may disclose your personal information to
We may disclose your personal information to several authorised organisations, departments, regulators and other persons where it is reasonably necessary for the purposes of performing functions or exercising powers
Detailed information about the use of your information can be found in Division 5 - Collection, use or disclosure of student identifiers of the Student Identifiers Act 2014.
Disclosure of personal information overseas
Sometimes, we may disclose your personal information to third parties who are located overseas. Situations in which this may occur will usually be limited to circumstances where you authorise us to do so.
Before disclosing your personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information, unless at least one of the following applies:
-
the recipient is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement
-
you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure the overseas recipient does not breach the APPs
-
a permitted general situation exists as set out in section 16A of the Privacy Act (e.g. to lessen or prevent a serious threat to life, health or safety)
-
disclosure is required or authorised by or under an Australian law, a court or tribunal order, or an international agreement relating to information sharing to which Australia is a party
-
disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.
If you would like further information regarding this, including to find out which countries’ (if any) recipients your personal information has been given to are located, please contact us at BusinessStrategy@usi.gov.au
Security and storage
We take all reasonable steps to ensure your personal information in our possession is protected from:
-
misuse, interference and loss
-
unauthorised access, modification or disclosure.
We may keep your information in either electronic or hard copy form, including cloud storage. Storage of personal information (and the disposal of information when no longer required for business purposes) is managed in accordance with the Archives Act 1983.
Electronic and paper records containing personal information are protected in accordance with the Australian Government security policies including the Attorney-General’s Department Protective Security Policy Framework.
Our website might link to websites that belong to third parties. We do not know about the privacy practices of any third-party websites and we are not responsible for the privacy policies or the information on any third-party websites. Third party websites should tell you about their own privacy practices. We encourage you to look at each third-party website’s privacy policy.
If you are worried about the security of your personal information, please contact us at BusinessStrategy@usi.gov.au.
How you can access and correct your personal information
Subject to certain exceptions, you have a right under the Privacy Act to access personal information we hold about you and to request corrections of any of your personal information if you think the information is inaccurate, out of date, incomplete, irrelevant or misleading (for example, updating your contact details).
We recommend that you keep your details up to date.
You can ask to see any personal information we have about you at any time. If you can see the information, we will tell you how to do this. You do not have to pay to get your personal information or for any changes you ask us to make to your information.
Sometimes we cannot give you access to the personal information we hold. If that happens, within 30 days after we receive your request, we will write and tell you why we cannot give you access. We will also tell you how you can complain if you are not happy with our decision.
You can ask us to correct the personal information we have about you if you think that personal information is inaccurate, out of date, incomplete, irrelevant or misleading. We will investigate your request and take any reasonable steps in the circumstances to correct the information, having regard to the purpose for which it is held.
We will also write to you and let you know the outcome of your request, and where your request for correction has been refused, we will also tell you how we made the decision and how to ask for our decision to be reconsidered if you do not agree with us.
What to do if you think your privacy was breached
If you think your privacy has been breached please complete a privacy incident form. Privacy complaints are dealt with under our Privacy Policy.
We will be in contact with you to discuss your privacy concerns once we receive your enquiry.
If you are not happy with the outcome of the investigation into your privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC website tells you how to make a complaint to the OAIC.
Privacy Impact Assessment
The Privacy (Australian Government Agencies – Governance) APP Code 2017 commenced on 1 July 2018 and requires agencies to conduct privacy impact assessments (PIAs) for all ‘high privacy risk’ projects.
A PIA is a systematic assessment of an activity or function that identifies the impact that the activity of function might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
A high-risk privacy project is one that involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
Privacy Impact Assessment Register
Our Privacy Impact Assessment (PIA) register has been prepared in accordance with section 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017.
Completed PIAs
Title
|
Completed
|
Unique Student Identifier I
|
June 2012
|
Unique Student Identifier II
|
November 2012
|
Unique Student Identifier III
|
August 2013
|
Authenticated VET transcripts
|
March 2018
|
Third party access to authenticated VET transcripts
|
October 2019
|
Freedom of Information
The Freedom of Information Act 1982 (FOI Act) gives you the right to request access to government-held information. This includes information we hold about you.
What you can access under FOI
You can request access to a document held by an Australia Government agency or minister, such as:
You can also ask an agency or minister to amend or annotate the personal information they hold about you.
What you can’t access under FOI
You can’t access a document an Australian Government agency or minister holds that is:
You can’t access a document held by an agency exempt from the FOI Act.
For further information regarding the FOI process, refer to the Office of the Australian Information Commissioner website.
If you would like to access documents under the FOI, your application must:
-
be in writing
-
state that you’re requesting access to information under the FOI Act
-
state the document(s) you want, giving enough information as it reasonably necessary for us to identify the document(s)
-
give an address or email address where we can send you the document/s.
You don’t need to give any reasons why you want the information.
Email your request to: businessstrategy@usi.gov.au or via post to:
Attention: Business Strategy
Office of the Student Identifiers Registrar
GPO Box 9880
Adelaide SA 5001
Australia
Changes to our privacy policy
We might sometimes change this privacy policy. If we do, we will share the new version on our website.
This privacy policy was last reviewed on 28 September 2020