Privacy policy

Privacy policy scope

ASQA is committed to protecting the privacy of your personal information. An overview of how ASQA handles your personal information, under the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs), is provided below.

Personal information handling practices

Collection

ASQA collects personal information to be able to carry out its functions and activities under:

• the National Vocational Education and Training Regulator Act 2011 (NVR Act)
• the Education Services for Overseas Students Act 2000 (ESOS Act), or
• the Freedom of Information Act 1982 (FOI Act).

ASQA may also collect personal information concerning employment services, human resource management and other corporate service functions.

Personal information is generally collected directly from you or an authorised representative.

Occasionally we collect information from a third party. This data collection would only occur where you have agreed, or would reasonably expect us to collect your personal information in this way. For more information, see section 4.1.2 of the ASQA Privacy Policy (PDF).

Notification

ASQA will take reasonable steps to notify you of:

• why we are collecting your personal information
• what other parties will receive your information
• how to access and seek correction of your personal information.

We will also take reasonable steps to ensure you are aware of how to lodge a complaint if you feel there has been a breach of the Privacy Act.

Use and disclosure

In most cases, we only use collected personal information for the primary purpose it was collected. Exceptions to this rule include:

• when we have informed you of this alternative use
• where the use of this information in a secondary way could be reasonably expected.

For example, some personal information provided to ASQA through application forms appears on the National Register to under section 216 of the NVR Act.

Under sharing provisions contained in the NVR Act, the ESOS Act and provisions of the Privacy Act, ASQA may provide personal information to:

• state and territory governments and other Australian Government authorities
• ministers
• occupational licensing bodies
• overseas authorities
• other relevant parties.

Data quality

ASQA will take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete.

Data security

ASQA takes all reasonable steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure, and against other misuses.

When no longer required, personal information is destroyed and deleted securely, following ASQA’s Records Management Policy and the Privacy Act.

Access and correction

You can request access to your personal information under the Privacy Act or the FOI Act. You can also request that ASQA corrects your personal information.

ASQA will not charge you for these requests and will respond within 30 days.

ASQA can refuse both access and correction requests in particular situations; however, a statement of reasons will be provided to you if this occurs.

For more information, see section 10 of the ASQA Privacy Policy (PDF).

Complaints

You can lodge a complaint in writing with ASQA about how ASQA has handled your personal information, or if you feel ASQA has breached the Privacy Act. ASQA will respond to privacy complaints within 30 days.

For more information, see section 11 of the ASQA Privacy Policy (PDF).

Privacy Contact Officer

If you have any questions or complaints about privacy, confidentiality, or access to or correction of your personal information, please write to ASQA's Privacy Contact Officer at the following address:

Privacy Impact Assessment Register

ASQA will conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. A high privacy risk project is a project that involves or proposes new or changed ways of handling personal information that is likely to have a significant impact on the privacy of individuals. A PIA identifies the potential impact that project might have on privacy and sets out recommendations for managing, minimising or eliminating that impact.

From 1 July 2018, ASQA is required by the APP Code to maintain and publish a register of all PIAs it has conducted. This register is posted below and is reviewed and updated twice yearly. This register was last reviewed, with no updates required, on 1 January 2022.

ASQA’s PIA register lists all PIAs conducted by ASQA from 1 July 2018.