Purpose
The purpose of the CIT Solutions Privacy Policy is to:
- promote the protection of individual’s personal information
- inform stakeholders about who we collect information from and the types of personal information we collect and hold
- ensure responsible and transparent handling and storage of personal information
- detail the purposes for which personal information is collected, held, used and disclosed
- describe how individuals can access their personal information and seek any corrections, if required
- describe the process for individuals to lodge a complaint about our handling, use or disclosure of personal information
- protect personal information against unauthorised disclosure to overseas recipients.
Scope
This policy affects all employees, contractors and clients of CIT Solutions. Employees and contractors will use this Policy to inform their actions when dealing with personal information. Clients will access this Policy to understand how CIT Solutions collects and manages their personal information, how they can request access and correct personal information and how they can lodge a complaint regarding our handling of their personal information.
Examples of personal information includes name, address, date of birth, gender, contact details, schooling, employment status, background, identification, CV, qualifications, tax file number, bank account details and superannuation details.
Principles
- As an Australian Privacy Principles (APP) Entity, CIT Solutions is committed to dealing with personal information collected and held in our organisation in a manner consistent with the Privacy Amendment (Enhancing Privacy Protection) Act 2012; and in line with other relevant legislation that may require us to collect, hold or disclose personal information. CIT Solutions only collects personal information where that information is reasonably necessary for, or directly related to one or more of our functions or activities.
- We collect personal information from a range of stakeholders including but not limited to;
- Potential, current and past learners
- Job applicants
- Current and past Staff – employees and contractors
- Suppliers
- The types of personal information that CIT Solutions collects will depend on the nature of the stakeholders dealings with us. For example, we will collect personal information directly from people when they;
- Enrol in a course of study
- Apply for a position within the Company
- Subscribe to an online information service, eg. Blogs, newsletters, marketing subscriptions etc
- Are contracted to perform duties for us
- Provide goods or services to us
- Provide testimonials
3a. CIT Solutions collects and holds personal information under the APP Principles to enable processing of client enrolment, provision of CIT Card and associated services, communication with learners in relation to their studies, national reporting and planning and coordination of CIT support services. Information provided by learners may be disclosed to Centrelink, NCVER, Department of Education and Training, sponsor/ employers or where required by law.
3b. We also collect personal information about our employees and contractors (personnel records) and prospective employees.
3c. The types of information we collect and hold may include;
- Information about identity (name, date of birth, gender, verification documents eg drivers licence, photographic work pass, Medicare card, passport details)
- Contact details (address, phone and email)
- Payment details for invoicing purposes
- Information regarding education and employment.
3d. CIT Solutions will not collect sensitive information about an individual; unless the individual consents to the collection of the information and the information is reasonably necessary for one or more of the entity’s functions or activities.
3e. Information about our visitor’s browser (type, version, screen size, etc.), basic information about the user (IP address, language, time zone), and data containing mouse movements, clicks, scroll events and keystrokes are recorded for marketing purposes. This is achieved using external scripts via Mouseflow. The script does not use third-party cookies and none of the data is shared with third parties except for highly summarized data (i.e. Usage share of browsers, average screen size, etc.) Keystrokes from password fields and fields marked as “sensitive” are never recorded or sent over the network. By default, website browsers allow this information to be gathered. Visitors who don’t want this information recorded can opt out by clicking here.
- Personal information is solicited directly from individuals for necessary business functions and activities. Examples include completing a web form to enrol in a training program, emails sent to us, forms submitted, contracts signed, or by individuals visiting our website.
- Learner information is retained in accordance with the Territory Records Management Act Records Disposal Schedule – Tertiary Student Management Records September 2007. Individual personal information is held in secure filing areas and/or on the secure data network and/or the secure CIT Student Management system “Banner”.
- CIT Solutions takes all reasonable steps to protect the personal information that we hold against loss, unauthorised access or interference, modification or disclosure or other misuse.
- CIT Solutions will protect any personal information through log information (browsing) or information contained in Cookies against misuse.
- CIT Solutions takes reasonable steps to make sure that individual personal information we collect and store is accurate, relevant, up-to-date, complete and not misleading.
- CIT Solutions, on request, will provide access for an individual to review and if necessary correct their personal information. Except when;
- Giving access would impact on the privacy of other individuals
- The request is frivolous or vexatious, or
- Giving access would reveal commercially sensitive information or the information relates to existing or anticipates legal proceedings.
- CIT Solutions will not disclose personal information to any overseas recipients without authorisation.
Definitions
- Australian Privacy Principles (APPs)
- The 13 Australian Privacy Principles (APPs) replace the National Privacy Principles (NPPs) for organisations from 12 March 2014. The APPs are found in the Privacy Amendment
(Enhancing Privacy Protection) Act 2012 (Cth).
The APPs are a single set of principles that apply to both agencies and organisations, which are together defined as APP entities. While the APPs apply to all APP entities, in some cases, they impose specific obligations that apply only to organisations or only to agencies. - Personal Information
- Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
- Sensitive Information
- Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual's:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual preferences or practices; or
- criminal record.
- Clients (including learners)
- A person or organisation using the services of CIT Solutions.
- Employees
- Any person employed by CIT Solutions (full and part time core staff, contractors, facilitators, tutors, casuals)