Privacy Policy and Procedure
Last updated: 23rd / Oct / 2025
RTO: 41552
1. Objective
This policy outlines TacMed Training’s commitment to protecting personal and sensitive information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the National VET Data Policy, and the Student Identifiers Act 2014. This policy also ensures TacMed Training's compliance with the Standards for RTOs 2025, particularly Outcome Standards 6 and 8.
The purpose is to:
-
Ensure personal information collected is handled transparently and lawfully
-
Enable learners and staff to access and amend their personal information
-
Maintain the security and integrity of data
-
Support compliance with mandatory data collection and reporting
2. Scope
This policy applies to all personal and sensitive information collected, stored, used or disclosed by TacMed Training relating to:
-
Students (current, former, or prospective)
-
Employees
-
Trainers and assessors
-
Contractors and third-party partners
-
Employers and job service providers interacting with TacMed Training
It also applies to all platforms and methods used to collect information including paper forms, electronic systems, enrolment portals, websites, email correspondence, and phone communications.
3. Regulatory Environment
TacMed Training is obligated to collect and report data as a condition of registration with ASQA and to comply with the following:
-
Total VET Activity (TVA) requirements
-
AVETMISS reporting
-
National VET Data Policy (current version)
-
Student Identifiers Act 2014
Data collected is used for planning, auditing, funding, and statistical reporting and may be shared with:
-
National Centre for Vocational Education Research (NCVER)
-
State and territory training authorities
-
Department of Education
-
Commonwealth and state regulators
4. Australian Privacy Principles (APPs)
TacMed Training complies with the 13 APPs, including:
-
Open and transparent management of personal information
-
Anonymity and pseudonymity where legally permitted
-
Collection of solicited information only when necessary
-
Unsolicited personal information managed appropriately
-
Notification of the collection of personal information
-
Use or disclosure of personal information only for its intended purpose
-
Direct marketing opt-in practices
-
Cross-border disclosure of personal information (e.g., third-party systems)
-
Adoption of government-related identifiers limited to legal obligations
-
Quality of personal information ensured through validation
-
Security of personal information (technical and physical safeguards)
-
Access to personal information by the individual
-
Correction of personal information upon request
5. Unique Student Identifier (USI)
Under the Student Identifiers Act 2014, TacMed Training must collect, verify, and report a USI for all students enrolling in nationally recognised training. Key principles:
-
USIs are verified through the official registry
-
Learners must provide consent
-
Certification cannot be issued without a verified USI (unless exempt)
-
The USI is stored securely and not printed on certificates
6. Use and Disclosure
TacMed Training uses personal information to:
-
Deliver and assess training
-
Maintain enrolment and academic records
-
Communicate results and progress
-
Support learners and address concerns
-
Fulfil regulatory obligations
We may disclose information to:
-
ASQA
-
NCVER
-
State Training Authorities
-
The USI Registry System
-
Government bodies upon request
-
Employers, where written consent is obtained
We will not:
-
Sell information to marketing agencies
-
Disclose information outside legal and consent-based requirements
7. Website and Marketing Use
TacMed Training may use personal information for:
-
Sending training updates and course invitations to subscribed recipients
-
Analysing website usage data anonymously
-
Improving online services
Consent will be sought for direct marketing, and individuals may opt out at any time. No personal data is sold or disclosed to third-party marketing platforms.
8. Security and Retention
We ensure data is kept secure and retained as required by law:
-
Digital records are stored on secure platforms with access controls and encryption
-
Physical records are kept in locked cabinets within restricted-access locations
-
Learner records are retained for 30 years to comply with Outcome Standard 8.3
-
Backup systems are maintained and tested regularly
-
Data no longer required is destroyed securely and permanently
9. Access and Correction
Individuals have the right to request:
-
A copy of their personal information held by TacMed Training
-
Corrections to any inaccurate or incomplete data
Requests must be made in writing and may require ID verification. Responses are typically provided within 30 calendar days. Access is free unless administrative or postage costs apply.
10. Complaints Process
Complaints relating to privacy or misuse of information should be submitted to the Privacy Officer via:
-
Email or written form
-
Through a supervisor or trainer
Complaints will be:
-
Acknowledged within 5 business days
-
Investigated within 7–10 business days
-
Responded to in writing with outcomes or next steps
Unresolved matters may be escalated to:
-
ASQA (for RTO regulatory concerns)
-
The Office of the Australian Information Commissioner (OAIC)
Related Standards – Standards for RTOs 2025
-
Outcome Standard 6.1 – The RTO complies with all relevant legislation and regulatory requirements.
-
Compliance Standard 6.3 – The RTO maintains records and evidence of compliance with privacy and data legislation.
-
Outcome Standard 8.2 – The RTO issues and maintains accurate learner records and ensures secure data retention.
-
Compliance Standard 8.3 – RTOs must retain certification records securely for at least 30 years.
-
Compliance Standard 6.6 – The RTO ensures learners are informed about how their personal information is used and stored.