You have a right to have your personal information kept private.
The Office of the Student Identifiers Registrar (OSIR) is committed to promoting and upholding your right to privacy. We are committed to ensuring the proper handling of your personal information in accordance with the Privacy Act 1988 (Cth).
The OSIR is an ‘APP entity’ that must comply with the Australian Privacy Principles (APPs) that are found in the Privacy Act. The Privacy Act explains how entities must collect, use, disclose and keep personal information, including sensitive information. It also explains how people may access and correct records which include their personal information.
We respect your rights to privacy under the Privacy Act and we comply with all the Privacy Act’s requirements when we collect and manage your personal information.
- how we collect, use, store and disclose your personal information; and
- how you can access and correct your personal information.
Table of Contents
- What personal information we collect
- Information we do not collect
- How we collect your personal information
- Why we collect, keep, use and disclose your personal information
- Who we may give your personal information to
- Cloud Computing
- How you can access and correct your personal information
- What to do if you think your privacy was breached
- Privacy Impact Assessment
- Freedom of Information
We collect personal information that is reasonably necessary for, or directly related to, our roles and activities under the Student Identifiers Act 2014 (Cth) (SI Act 2014). We will only use and disclose your personal information for the purposes we collected it for and as allowed under the Privacy Act.
We usually collect the following types of personal information:
- full name
- preferred name
- physical/ street address
- email address
- telephone numbers
- date of birth
- city or town of birth
- sensitive information as defined in the Privacy Act (for example, information about your country of birth)
- what services you have obtained or which you have asked about
- any information we need to deliver services and to respond to your questions
- cookie and clickstream data (in simple terms, this is information about the websites a person visits) – we only collect some personal information from cookies and clickstream data and people who do not wish to receive cookies can turn this function off on their web browser
- any other information about you that you provide to us directly through our website, or indirectly when you use our website, or contact people who work on our behalf
- information you give us through our contact centre or customer surveys.
The list above provides examples only and there may be additional types of information that we collect from you.
We know that sometimes you might not want to give your personal information to us. That’s fine, however, it might mean that we cannot give you the services you want, or that we cannot give you a high level of service. We normally ask for your identity so that we can reply to your request and carry out our roles and activities.
We do not hold your training information. The National Centre for Vocational Education and Research holds this information, which it provides to us to create an authenticated vocational education and training (VET) transcript. We do not hold or store the information received from the National Centre for Vocational Education and Research.
Business information given to us will not normally be considered personal information under the Privacy Act. However, it might be when the business information relates to sole traders and partnerships.
We collect your personal information in a few different ways, for example:
- directly from you, when you access and use our website and online systems
- when we or someone on our behalf talks to you on the telephone and in person
- in writing, for example, by letter or via email
- when you apply, or someone on your behalf applies, for a Unique Student Identifier.
We may also collect your personal information from other people (third parties), including, for example:
- other government agencies
- law enforcement agencies
- education or training providers
- entities that provide services to us
- individuals who assist you in creating a USI.
We will only collect your personal information from a third party if:
- you give us permission (including under Section 9 of the SI Act 2014)
- we are required or allowed to collect the information under an Australian law
- we are required or allowed to collect the information by a court/tribunal order
- it is reasonable or practical for us to collect personal information in this way.
Sometimes, documents that people give us contain personal information about other people. This is called ‘unsolicited personal information.’ In these cases, we will consider if we could have collected the information if we asked for it and if so, we will follow the Privacy Act in handling that information.
We collect personal information about you so that we can perform our roles and activities and to provide the best possible quality of customer service.
We collect, hold, use and disclose your personal information to:
- identify you
- process your application for a Unique Student Identifier (USI)
- verify and or give a USI
- resolve problems with a USI
- create an authenticated VET transcript
- provide services to you and to send system generated notifications to you
- answer questions, and provide information or advice about existing and new services
- give you access to protected areas of our website
- assess how our website is working and to make it work better
- conduct business processing functions
- update our records and keep your contact details up-to-date
- process and respond to any complaint you make
- conduct planning, service development; program evaluation; quality control and research for our purposes
- give information to our contractors or service providers to allow them to give our services to you
- comply with any Australian law, orders of courts or tribunals, or in co-operation with any government authority of any country.
We may give your personal information to third parties. For example, we may give your personal information to:
- Commonwealth and State government departments and agencies, Boards of Studies, VET-related bodies and the National Centre for Vocational Education Research:
- to administer and audit VET, VET providers and VET programs
- for education related policy and research purposes
- to assist in determining eligibility for training subsidies
- VET Regulators so they can perform their job
- VET admission bodies to facilitate entry to VET and VET programs
- registered training organisations so that they can deliver VET courses to you, to meet their reporting obligations under the VET standards and government contracts and to assist in determining eligibility for training subsidies
- schools, so that they can deliver VET courses to you and report on these courses
- the National Centre for Vocational Education Research to allow the Registrar to create authenticated VET transcripts, resolve problems with USIs and to collect, prepare and audit national VET statistics
- researchers for education and training related research purposes
- any other person or agency that might be allowed or required by law to access the information
- any entity that we enter into a contract with to assist us with our job and to administer the USI Registry System
- any organisation for any reason that you agree to.
The list above provides examples only and there might be other reasons we disclose your personal information and other entities that we give that information to.
Sometimes, we may give personal information to third parties who are overseas for the reasons we told you above. We try to make sure that these third parties do not breach the privacy obligations relating to your personal information. However, the third parties might have to comply with the laws of their own country when dealing with personal information.
We comply with our cloud computing obligations which are set out in the guidance issued by the Attorney-General’s Department. In short this means that we will take appropriate measures to protect the security of people, information and assets. For more information, please look at the Protective Security Policy Framework.
After we receive your information, we keep it safely. We won’t give your information to other people unless you give us permission or the law allows us to.
We make sure your personal information is protected from:
- misuse and loss
- access without permission
- being changed or given to others without permission.
We may keep your information in either electronic or hard copy form. The Archives Act 1983 (Cth) requires us to destroy or de-identify personal information when we no longer need it. De-identify means to take out the part of the information which makes it possible to recognise the person whose information it is.
We have very good protections in place to look after your information. However, we cannot guarantee that the information is absolutely safe because our website is on the internet. The connected way of doing business on the internet makes it possible for people to access information illegally. This means we cannot guarantee that other people will not access the information you give us while you give us the information over the internet. Any personal information or other information which you send over the internet is at your own risk.
If you are worried about the safety of your personal information, we have other ways to obtain and give information. For example, we can do this by physical mail, telephone and facsimile facilities.
You can correct your information at any time, for example, updating your contact details. We recommend that you keep these details up to date.
You can ask to see any personal information we have about you at any time. If you are allowed to see the information, we will tell you how to do this. For example, we might give you access to your information online. You do not have to pay to get your personal information or for any changes you ask us to make to your information.
You can ask us to change the personal information we have about you if you think that personal information is wrong, incomplete or incorrect. We will investigate your request and write to you within 30 days of your request if we do not think the information needs to be changed. We will also tell you how we made the decision and how to ask for our decision to be reconsidered if you don’t agree with us.
Sometimes we cannot give you access to the personal information we hold. For example, if we have to refuse access or refuse access under a law of Australia. If that happens, within 30 days after we receive your request, we will write and tell you why we can’t give you access. We will also tell you how you can complain if you are not happy with our decision.
If you think your privacy has been breached by us or by a third party, please tell us about your concerns so that we can investigate. You can do this by:
- phoning the OSIR and speaking with a Contact Centre representative within the Customer Experience team;
- completing the form on our ‘Contact’ page;
- Outlining your concerns in an email to: email@example.com;
- Writing to us at the following postal address:
Office of the Student Identifiers Registrar
GPO Box 9880
Adelaide SA 5001
We will be in further contact with you to discuss your privacy concerns once we receive your enquiry.
If you are not happy with the outcome of the investigation into your privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC website tells you how to make a complaint to the OAIC.
The Australian Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act. There are 13 APPs which govern the standards, rights and obligations around:
- the collection, use and disclosure of personal information
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information
APP1 requires the OSIR to take reasonable steps to implement practices, procedures and systems that will ensure compliance with the APPS. The Registrar has committed to undertaking a Privacy Impact Assessment for ‘projects’ that may have privacy implications, including:
- policy proposals
- new or amended legislation
- new or amended programs, activities, systems or databases
- new methods or procedures for service delivery or information handling
- changes to how information is stored
The Freedom of Information Act 1982 (Cth) (FOI) gives you the right to request access to government-held information. This includes information we hold about you.
What you can access under FOI
You can request access to a document held by an Australia Government agency or minister, such as:
- a document that contains your personal information
- a policy-making document
- an administrative decision-making document
You can also ask an agency or minister to amend or annotate the personal information they hold about you.
What you can’t access under FOI
You can’t access a document an Australian Government agency or minister holds that is:
- exempt under the FOI Act
- conditionally exempt under the FOI Act
- accessible to the public under other arrangements for a fee
You can’t access a document held by an agency exempt from the FOI Act.
For further information regarding the FOI process, please refer to the Office of the Australian Information Commissioner website at: https://www.oaic.gov.au/freedom-of-information/
If you would like to make a FOI request, please put your request in writing and ensure the following is included in your request:
- state that you’re requesting access to information under the FOI Act
- state the document(s) you want, giving enough detail to help us to identify the document(s)
- give an address or email address where we can send you the document/s
You don’t need to give any reasons why you want the information.
Please email your request to: firstname.lastname@example.org or via post to:
Attention: Business Strategy, Policy and Legislation
Office of the Student Identifiers Registrar
GPO Box 9880
Adelaide SA 5001