1. Privacy

ACTA Group is committed to maintaining the privacy and confidentiality of its personnel and student records.


ACTA Group complies with the Privacy Act 1988 (Cth) including the 13 Australian Privacy Principles (APPs) as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). Providing an overall framework for our privacy practices, ACTA Group has developed and implemented this APP Privacy Policy.


This policy is designed to maintain requirements with additional state jurisdictional requirements including:

  • Education Services for Overseas Students Act 2000 (Cth);
  • Information Privacy Act 2014 (ACT);
  • Privacy and Personal Information Protection Act 1998 (NSW);
  • Information Act 2003 (NT);
  • Information Privacy Act 2009(QLD);
  • Information Privacy Act 2000 (VIC); and
  • Personal Information Protection Act 2004 (TAS).

ACTA Group manages personal information in an open and transparent way. This is evident in the implementation of practices, procedures and systems we outline in this policy, that ensure our compliance with the APPs and any binding registered APP code, and provide suitable procedures for ACTA Group personnel to be able to deal with related inquiries and complaints that may be received from time to time.


1.1. Australian Privacy Principles

The following sections of this policy outline how we manage personal information.


1.1.1. Australian Privacy Principle 1 – Open and transparent management of personal information

Purposes for information collection, retention, use and disclosure 

ACTA Group retains a record of personal information about all individuals with whom we undertake any form of business activity. ACTA Group must collect, hold, use and disclose information from our clients and stakeholders for a range of purposes, including but not limited to:

  • Providing services to clients;
  • Managing employee and contractor teams;
  • Promoting products and services;
  • Conducting internal business functions and activities; and  Requirements of stakeholders.


As a government registered training organisation, regulated by the Australian Skills Quality Authority, ACTA Group is required to collect, hold, use and disclose a wide range of personal and sensitive information on students in nationally recognised training programs. This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative instruments. In particular, the legislative instruments:

  • Student Identifiers Act 2014 (Cth);
  • Standards for Registered Training Organisations 2015 (Cth);Higher Education Support Act 2003 (Cth); and     Data Provision Requirements 2012 (Cth).


It is noted that ACTA Group is also bound by various State Government Acts requiring similar information collection, use and disclosure (particularly Education Act(s), Vocational Education & Training Act(s) and Traineeship & Apprenticeships Act(s) relevant to state jurisdictions of ACTA Group operations).


It is further noted that, aligned with these legislative requirements, ACTA Group delivers services through a range of Commonwealth and State Government funding contract agreement arrangements, which also include various information collection and disclosure requirements.


Individuals are advised that due to these legal requirements, ACTA Group discloses information held on individuals for valid purposes to a range of entities including:

  • Governments (Commonwealth, State or Local);
  • Australian Apprenticeships Centres;
  • Employers (and their representatives), Job Network Providers, Schools, Guardians; and
  • RTOs such as RTO Management Services for data management, credit agencies and background check providers.


Kinds of personal information collected and held

The following types of personal information are generally collected, depending on the need for services delivery:

  • Contact details;
  • Employment details;
  • Educational background;
  • Demographic Information;
  • Course progress and achievement information; and  Financial billing information.


The following types of sensitive information may also be collected and held:

  • Identity details;
  • Employee details & HR information;
  • Complaint or issue information;
  • Disability status & other individual needs;
  • Indigenous status; and
  • Background checks (such as National Criminal Checks or Working with Children checks).


Where ACTA Group collects personal information of more vulnerable segment of the community (such as children), additional practices and procedures are also followed. Please refer to ACTA Group’s Working with Children Policy and Procedures for further information.


How personal information is collected 

ACTA Group’s usual approach to collecting personal information is to collect any required information directly from the individuals concerned. This may include the use of forms (such as registration forms, enrolment forms or services delivery records) and the use of web based systems (such as online enquiry forms, web portals or internal operating systems).


ACTA Group does receive solicited and unsolicited information from third party sources in undertaking services delivery activities. This may include information from such entities as:

  • Governments (Commonwealth, State or Local);
  • Australian Apprenticeships Centres;
  • Employers (and their representatives), Job Network Providers, Schools, Guardians; and  RTOs such as credit agencies and background check providers.


How personal information is held 

ACTA Group’s usual approach to holding personal information includes robust storage and security measures at all times. Information on collection is:

  • As soon as practical converted to electronic means;
  • Stored in secure, password protected systems, such as financial system, learning management system and student management system; and
  • Monitored for appropriate authorised use at all times.


Only authorised personnel are provided with login information to each system, with system access limited to only those relevant to their specific role. ACTA Group ICT systems are hosted internally with robust internal security to physical server locations and server systems access. Virus protection, backup procedures and ongoing access monitoring procedures are in place.


Destruction of paper based records occurs as soon as practicable in every matter, through the use of secure shredding and destruction services at all ACTA Group sites. Individual information held across systems is linked through an ACTA Group allocated identification number for each individual.


Retention and Destruction of Information

ACTA Group maintains a Retention and Disposal Schedule documenting the periods for which personal information records are kept. Specifically for our RTO records, in the event of our organisation ceasing to operate the required personal information on record for individuals undertaking nationally recognised training with us would be transferred to the Australian Skills Quality Authority, as required by law.


Accessing and seeking correction of personal information 

ACTA Group confirms all individuals have a right to request access to their personal information held and to request its correction at any time. In order to request access to personal records, individuals are to make contact with:

ACTA Group Privacy Officer Ash


07 5593 8268


A number of third parties, other than the individual, may