Interested in studying? Let's talk

Ask a Question
Student sign in

Privacy Policy


Central College Online will follow the Australian Privacy Principles in the management of all student and staff information, however allowing access as to all information as required by relevant National and State Training Authorities for the purpose of monitoring and/or auditing Central College Online’s operations as a RTO.

 The purpose of this privacy policy is to:

  • describe the types of personal information that we collect, hold, use and disclose;
  • outline our personal information handling systems and practices;
  • enhance the transparency of our management of personal information;
  • explain our authority to collect personal information, why it may be held by us, how it is used and how it is protected;
  • notify whether we are likely to disclose personal information and, if so, to whom;
  • provide information on how personal information can be accessed, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.


All Central College Online personnel, regardless of their role.


 1.1 The Privacy Act

Central College Online, including its employees, contractors and agents, is subject to the Privacy Act 1988 (http://www.comlaw.gov.au/Series/C2004A03712) (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.

 The APPs regulate how we as an organisation can collect, hold, use and disclose personal information and how you can access and correct that information.

 Detailed information and guidance about the APPs can be found on the website of the Office of the Australian Information Commissioner (OAIC) (http://www.oaic.gov.au/).

 1.2 Information covered under this policy

This Privacy Policy embodies Central College Online’s commitment to protecting the privacy of personal information. It applies to personal information collected by the College and all Central College Online’s personnel regardless of their role.

 It covers how we collect and handle personal information, including sensitive information.

‘Sensitive information’ means personal information about staff and students that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record. Special requirements apply to the collection and handling of sensitive information.

This privacy policy is not intended to cover our handling of commercially sensitive information or other information that is not personal information as defined in the Privacy Act.


 2.1 Collection of personal information

 Personal information collected by the college from staff or students may be collected directly from them, or on their behalf from a representative they have authorised.

Under the APPs, we will only collect information for a lawful purpose that is reasonably necessary for, or directly related to, one or more of our functions and activities relevant to your relationship with the college, or where otherwise required or authorised by law.

When we collect personal information, we are required under the APPs to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.

 Privacy notices and declarations are included on all relevant documentation (e.g. Declaration on enrolment form, information in Student Training Manual, and induction declaration).

 2.2 Types of personal information collected by us

 We collect and hold a broad range of personal information in records for our functions and activities as a Registered Training Organisation relating to:

  •  employment and personnel matters for our staff and contractors (including Working With Children check and Criminal History Record checks);
  • the performance of our legislative and administrative functions (e.g. enrolment information, AVETMISS data);
  • individuals participating in our courses;
  • the management of contracts and funding agreements; and
  • Complaints (including privacy complaints) made and feedback provided to us.

 This personal information may include but is not limited to:

  • staff or students name, address and contact details (e.g. phone, email and fax);
  • photographs, video recordings and audio recordings of you;
  • information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children);
  • information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests);
  • information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence);
  • information about your employment (e.g. work history, referee comments, remuneration);
  • information about your background (e.g. educational qualifications, the languages you speak and your English proficiency);
  • government identifiers (e.g. Tax File Number); and
  • information about assistance provided to you under our funding arrangements

 2.3 Collection of sensitive information

 In carrying out our functions and activities we may collect personal information that is sensitive information (see section 1.2). The APPs impose additional obligations on us when collecting, using or disclosing sensitive information.

 We may only collect sensitive information:

  • where consent is provided; or
  • where required or authorised by law; or
  • where a permitted general situation exists such as to prevent a serious threat to safety.

 We also collect sensitive information where authorised to do so for the purposes of human resource management, fraud investigations, taking appropriate action against suspected unlawful activity or serious misconduct, and responding to inquiries by courts, tribunals and other external review bodies.

 2.4 Collection of unsolicited information

 Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without prior request.

 Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.

 2.5 How we collect personal information

We primarily use forms and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us.

 We may also collect personal information if you:

  • communicate with us by telephone, mail, email, fax or SMS;
  • attend a face to face meeting or event conducted by us;
  • use our websites; and
  • interact with us on our social media platforms (e.g. Twitter and Facebook)

 2.6 Remaining anonymous or using a pseudonym

We understand that anonymity is an important element of privacy and you may wish to remain anonymous, or use a pseudonym when interacting with us.

 In some cases staff or students will be able to advise us that they wish to remain anonymous or use a pseudonym during your contact with us. However, there will be occasions where it will not be practicable for them to remain anonymous or use a pseudonym and we will notify them accordingly at the time of collection. For example, it may be impracticable for the college to investigate and resolve a particular complaint unless the staff or student provides t name or similar information.

 2.7 Information collected by our contractors

Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.

 2.8 Storage and data security

 2.8.1 Storage

We hold personal information in a range of paper-based and electronic records.

Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the requirements set out by the National VET Regulator (NVR). This ensures your personal information is held securely.

 2.8.2 Data Security

We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.

Access to your personal information held by us is restricted to authorised persons who are Central College Online employees or contractors, on a need to know basis.

Regular audits are conducted to ensure we adhere to these policies.

 2.9 Data Quality

We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.

These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. For further information on correcting personal information see section 3 of this privacy policy.

Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.

 2.10 Purposes for which information is collect, held, used and disclosed

We collect personal information for a variety of different purposes relating to our functions and activities including:

  • performing our employment and personnel functions in relation to our staff and contractors;
  • performing our legislative and administrative functions;
  • policy development, research and evaluation;
  • complaints handling;
  • program management;
  • contract management; and
  • management of correspondence.

 Personal information collected during the enrolment process is used by the college to meet its compliance obligations under the Australian VET framework.

 We use and disclose personal information for the primary purpose for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.

 We will only use personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.

Likely secondary purposes for which we many use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.

Under its obligations with the Standards for NVR Registered Training Organizations 2012, the college may provide personal information collected during the enrolment process to Commonwealth and State.

Personal information may be shared with other sections of Australian Institute of Workplace Learning (AIWL) and for placement purposes with other educational institutions.

 2.11 Electronic communication

There are inherent risks associated with the transmission of information over the internet, including via email. Staff and students should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communicating with us, such as post, fax or telephone (although these also have risks associated with them).

 2.12 Disclosure of personal information overseas

We will, on occasion, disclose personal information to overseas recipients. The situations in which we may disclose personal information overseas include:

  • the publication on the internet of material which may contain personal information, such as photographs, video recordings and audio recordings; and posts and comments on our social media platforms;
  • the provision of personal information to recipients using a web-based email account where data is stored on an overseas server; and

We will not disclose your personal information to an overseas recipient unless at least one of the following applies:

  • the recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles, including mechanisms for enforcement;
  • you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
  • disclosure is required or authorised by law;
  • disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body.

 It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.

 2.13 Accidental or unauthorised disclosure of personal information

We will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.


3.1 How to seek access to and correction of personal information

You have a right under the Privacy Act to access personal information we hold about you. You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

To access or seek correction of personal information we hold about you, please contact us using the contact details set out at section 5.1 of this privacy policy.

 3.2 Our access and correction process

If you request access to or correction of your personal information, we will respond to you within 30 calendar days.

 While the Privacy Act requires that we give you access to your personal information upon request or an opportunity to request the correction of your personal information, it does set out circumstances in which we may refuse to give you access or decline to correct your personal information.

If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request.

 3.3 If you are unsatisfied with our response

If you are unsatisfied with our response, you may make a complaint, either directly to us (see section 5.1 below), or you may wish to contact:

  • Australian      Skills Quality Authority www.asqa.gov.au      and complete the online complaints form

 PART 4 COMPLAINTS                                                                                                          

4.1 How to make a complaint

If you think we may have breached your privacy you may contact us to make a complaint using the contact details set out at section 5.1 of this privacy policy. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.

 Please be aware that it may be difficult to properly investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint, however if you do it may not be possible for us to provide a response to you.

 4.2 Our complaint handling process

We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately. Please be assured that you will not be victimised or suffer negative treatment if you make a complaint.

4.3 If you are unsatisfied with our response

If you are unsatisfied with our response, you may make a complaint, either directly to us (see section 5.1 below), or you may wish to contact:

  • Australian      Skills Quality Authority www.asqa.gov.au      and complete the online complaints form


5.1 General enquiries, complaints, requests for access or correction

If you wish to:

  • query how your personal information is collected, held, used or disclosed by us;
  • ask us questions about this privacy policy;
  • request access to or seek correction of your personal information; or
  • make a privacy complaint;

 Please contact us:

 Post:           Locked Bag 7

                    Redfern Sydney 2016

                    NSW Australia

Phone:        (02) 8228 6796

 5.2 Availability of this privacy policy

If you wish to access this privacy policy in an alternative format (e.g. hard copy) please contact us using the contact details set out at section 5.1 above. This privacy policy will be made available free of charge.


This privacy policy will be reviewed frequently and updated as required