Privacy Policy


Policy and Procedure Name Privacy Policy
Version 2.4
Approved By Compliance Manager
Date Approved 28/09/2021
Review Date 1/12/2022


  1. Purpose and Scope

Gradability Pty Ltd., in accordance with the Australian Privacy Principles has a commitment to ensuring that all reasonable steps are taken to protect the privacy of its consumers and staff team. The following policy and procedure outlines how personal information is collected, used, disclosed, stored, destroyed.

The Privacy policy and procedure applies to staff, students, employers, clients, and potential consumers and is used throughout all aspects of business operations.

The following policy and procedure should be read in conjunction with the Record Retention Policy and Procedure, Engagement and Monitoring of Third Party Providers Policy and Procedure” and the organisation’s Complaints and Appeals Policy and Procedure


  1. Abbreviations/Definitions

AVETMISS – The agreed national data standard for the collection, analysis and reporting of vocational education and training information.1

Data breach – Where personal information is held by an organisation and is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse. 2

Governing Bodies –

For Professional Year Program– this relates to Department of Home Affairs (DHA), Australian Computer Society (ACS) and Accounting PYP (APYP).

For RTO Registration– this refers to Australian Skills Quality Authority (ASQA).

OAIC – Office of the Australian Information Commissioner

Personal information – Types of information that are specific to an individual for example name, address, contact or bank account details.3

Sensitive information – A type of personal information that is sensitive in its nature – for example race or ethnic origin, political opinion, religious belief or affiliation, medical history, or criminal record.4


1 NCVER (2014) Glossary of VET 

2 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines

3 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines

4 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines


3. Policy

In order to deliver a high quality education service Gradability Pty Ltd. is required to collect a variety of personal information from both consumers and staff members. Where personal and sensitive information is collected, it is stored, disclosed, and destroyed in accordance with the Australian Privacy Principles. Personal data is any data about an identified or identifiable natural person, or any information that in combination with other non-personal information can reasonably be used to identify a natural person.

Gradability Pty Ltd.’s website may contain links to other websites and applications over which Gradability Pty Ltd. does not have control. Such links do not constitute an endorsement by Gradability Pty Ltd. and Gradability does not control the content or privacy policies or practices of such sites. Any access to and use of such linked websites is governed by the privacy policies of those third parties’ websites.


3.1 Data Control

3.1.1 The data controller of and any subpages thereto (e.g., is Gradability Pty Ltd., Level 6 11-17 York St Sydney, NSW Australia. If you have any questions on this Policy or any of our data processing practices, please contact

3.1.2 The following principles underpin the organisations privacy policy and procedure:

  • Gradability Pty Ltd. takes all reasonable steps required to protect and maintain personal and sensitive information.
  • A governance framework is used to assess, plan, implement and review the protection of personal information against misuse, loss, inappropriate access, and inappropriate
  • Prior to the collection of personal and sensitive information the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may See Terms and Conditions final page for further information.
  • Pre-enrolment interviews are conducted and recorded for the collection of The applicant is asked to agree to such recording at the beginning of the interview. Should the applicant not agree, the recorded and pre-enrolment interview is ceased.
  • Personal and sensitive information is used only for the purpose of its collection and by team members who require the information in order to complete their
  • Individuals have access to their information when required and without
  • Personal information is stored in either an electronic or hardcopy
  • Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee’s
  • Gradability Pty Ltd. will only disclose personal information to a third party where written consent has been obtained from the
  • Where Gradability Pty Ltd. receives unsolicited information it is either destroyed or de-identified
  • The Privacy policy and procedure is publicly available on the Learning Management System.
  • Compliance to Privacy


3.2 Types of information collected and held

The type of information we collect from depends upon the type of interactions individuals have with our websites and services, including the context of their interactions with Gradability Pty Ltd., the choices they make as well as the services they use.

3.2.1 Individuals may choose to give us personal information directly in a variety of situations, such as if a request to receive information or a service from Gradability Pty Ltd., if an application for enrolment through our portal is made, or if a supplier or partner does business with us.

3.2.2 Gradability Pty Ltd. may also collect information relating to the use of our websites and our services through the use of various technologies. For example, when an individual visits our websites, we may log certain information that their browser sends, such as your IP address, browser type and language, access time, and referring web site addresses. We may collect information about the pages that are viewed within our websites and other actions taken while visiting the site.

3.2.3 We may also collect information that pertains to an individual indirectly through other sources, such as vendors or agents. When we do so, we ask the vendors or agents to confirm that the information was legally acquired and that we have the right to obtain it from them and use it.

3.2.4 Personal and sensitive information is routinely collected from staff and consumers for the purpose of either employment or enrolment.

3.2.5 Pertaining to clause 3.2.4, information collected for the purpose of employment may include

  • Name
  • Address
  • Contact details
  • Recent professional development activities
  • Superannuation details
  • Tax File Number
  • Emergency contact
  • Employment history
  • Verification documentation and evidence
  • Bank details
  • Reference checks
  • Vulnerable person checks – National Police Clearance Checks, Working with Children Checks
  • Registration/ Licensing documentation
  • Qualifications
  • Insurance documentation


3.2.6 Pertaining to clause 3.2.4, information collected for the purpose of enrolment into a program may include

  • Name
  • Indigenous status
  • Address
  • Unique Student Identifier (USI) where applicable
  • Contact details
  • Disability/additional needs requirements
  • Emergency contact information
  • Third party permissions details
  • Schooling/Qualifications completed
  • Employment history/status
  • Verification documentation, proof of identity evidence
  • Fee payment information- e.g., credit card and bank account information
  • Language, Literacy and Numeracy assessments
  • Visa information and Visa checks via DHA Vevo online


3.3 How personal information is collected and stored

In general, the provision of any personal data or granting of consent to a processing activity is entirely voluntary. However, there are certain circumstances in which Gradability Pty Ltd. cannot act without processing certain personal data, for example to process applicant enrolments, or to assist with use of our services, or to provide access to content, log in to the online Learning Management System or to contact the service for further information. In these cases, it will not be possible for Gradability Pty Ltd.  to provide the requested service or product without the relevant personal information.

3.3.1 In some circumstances, Gradability Pty Ltd. may need to terminate an individual’s ability to use the services without access to personal data. Gradability Pty Ltd. intends to notify the individual of whether such communication or data sharing is deemed mandatory and the impact of not sharing.

3.3.2 Individuals may disclose information through the website, over the telephone, via email, in person and by the completion of relevant forms. Written and/or verbal consent is obtained prior to collection of personal information obtained outside of the website personal data and stored appropriately (e.g., in the students/employee file or on the student management system, the CRM). In this instance, only information disclosed by the individual is used in the collection of information. Relating to this instance, prior to the collection of this personal information the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur.

3.3.3 The types of information collected or disclosed by the individual will vary depending on the method of collection, the purpose of that collection and the individual disclosing the information.

3.3.4 Forms used by Gradability Pty Ltd. to collect personal information from students include but are not limited to

  • Enquiry Forms
  • Application forms/online enrolment
  • Terms and Conditions
  • Letter of Offer/ Direct Debit Authority Form (DDA)
  • Assessment task submission forms and declarations
  • Individual Training Plans
  • Training Agreements
  • Assessment plans

3.3.5 Documentation used by Gradability Pty Ltd. to collect personal information from staff team members include but are not limited to

  • Application documentation
  • Trainer/ Assessor Professional Development Portfolio
  • Team Member details form
  • Trainer/ Assessor Matrix
  • Superannuation documentation
  • Tax File declaration


3.3.6 For students: Information is held in either a locked filing cabinet or electronically on the organisations hard drive and/or student management system. Access to information is limited to personnel with the correct authorisation and is only available to staff for the purpose of collection or management of student progression.

3.3.7 Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee’s privacy. Where staff team members leave the organisation their access to data is removed/deleted.

3.3.8 Where a prospective student completes an online enquiry or payment, the student’s privacy is protected by:

  • Security certificate attached to our URL (https://).
  • Unique Application Reference ID for students to track their applications. Using the Reference ID, students are able to return and complete the full application/enquiry at a later date.
  • Different levels of system access for staff depending on role and permissions given based on their responsibilities.
  • Australian Privacy Laws (GDPR compliance laws are adhered to where required)


3.3.9 Student payments are processed by Ezypay Pty Ltd, an external provider. Details of Ezypay’s privacy & security policies are located

3.3.10 Students are provided unique password access to their student portal. More than five incorrect attempts will lock the account. Students must make enquiries with  Gradability Pty Ltd. to unlock the portal. In this instance verification of identity is required to authenticate the person making the request.


3.4 Personal data usage and processing

If an individual  uses our website, we may use various website navigation information including tracking technologies such as cookies and web beacons to collect and store information. Website navigation information includes standard information from the individual’s Web browser (such as browser type and browser language), language choices, time zone, your Internet Protocol (IP) address, actions you take on our websites, URL and page metadata, installation data (such as the operating system type and application version), system crash information, system activity and hardware settings. We may also automatically collect and store certain information in activity logs such as: details of how the individual uses our websites, their search queries, and their IP address.


Providing the requested information or services.

3.4.1 If an individual requests information on our Services, order our services or become our business partner, we typically ask for personal contact information such as name, business email address, business telephone number, company name and address, job title, role and, if payment is to be made to Gradability Pty Ltd., financial and billing information, such as billing name and address, credit card information, bank details or other payment information. We use the personal data only to process the order or to provide the requested Service. Specifically, this includes, taking the necessary steps prior to entering into a contract, responding to applicant’s enquiries, processing, or providing customer feedback and support, information about changes to our services and other related notices or disclosures as required by law. We collect, share, and use data collected from our websites principally for the following purposes:

  • To provide individuals with the information have requested about our products and services.
  • To process, fulfil and follow up on enrolments, transactions and requests for products, services, support, and  information.
  • To contact applicants or enrolled students with information about Gradability Pty Ltd. and affiliated third-parties.
  • To communicate, interact, and build our relationship with stakeholders for purposes such as marketing and product support and course enrolment.
  • To verify an individual’s authority to enter and use our services.
  • To engage in market research and analysis.
  • To measure, analyse and improve our products and services, the effectiveness and user experience of our websites, and our advertising and marketing.
  • To comply with legal and reporting requirements to ASQA, government departments and the Department of Education and Training, where required.
  • To provide targeting advertising, including the use of re-targeting technology.
  • To deter, detect, and prevent fraud and other prohibited or illegal activities.
  • To link or combine information that we collect from multiple sources to provide students with a service that they require or to improve our services to students.
  • To complete data sharing between our CRM (Customer Relationship Management system), SMS (Student Management System) and our LMS ( Learning Management System).


3.4.2 When an individual chooses to provide us with information, including personal data, they understand that we are storing this and/or transferring it to Gradability Pty Ltd. locations, internally between management systems and to affiliates or service providers and government departments.

3.4.3 Gradability Pty Ltd. complies with applicable law when transferring your personal information outside of the country where the information has been collected. For data originating from a European Union member state, Gradability Pty Ltd. uses a variety of data transfer mechanisms (including standard contractual clauses) for this purpose.

3.4.4 Gradability Pty Ltd. may invite students, team members, alumni to participate in questionnaires and surveys designed to improve its services. Personal information in these surveys is only used for the purpose of its collection outlined in the survey invitation. Participation is voluntary. Individuals provide Gradability Pty Ltd. with permission to use information captured through these documents by participating in and completing these documents in full or part thereof.

3.4.5 Personal information is only for the purpose of its collection and by staff who require the information in order to complete the tasks associated with their role and function or to ensure that the services offered meet your needs.

Student personal information is used to.

  • Identify individuals enrolled programs under Gradability Pty Ltd. or our trading name “Performance Education” .
  • Process application and enrolment requests including credit transfer applications.
  • Process payments for service delivered.
  • Monitor student progression and provide individualised support.
  • Enter student assessment results.
  • Identify students enrolled in a training product that is superseded.
  • Report data required by government (data provision and contractual data requirements).
  • Monitor and evaluate organisational performance.
  • Ensure certification documentation is awarded to the correct graduate
  • Collection and reporting of AVETMISS data as required for all
  • Marketing, market research, testimonials, and analysis.
  • Provide feedback on quality and inform improvements and change.


3.4.6 Team Members’ personal information is used to

  • Ensure they have the correct qualifications, registration/licensing requirements to deliver and assess nationally recognised
    • To mitigate risk and ensure student safety
    • To support human resources processes and systems
    • Manage logistical requirements associated with training and assessment
    • Meet superannuation and taxation legislative requirements


Usage Data details.

3.4.7 In the course of providing our services to stakeholders, we may collect, use, process and store usage data such as number of sessions, users, number of users, page views, number of page views per sessions, average session duration, bounce rate, percentage of new sessions, language of user, country, city, new versus returning users, browser type, operating system, internet service provider, IP address, screen resolution size, service used, service version number and mobile device brand. The usage data is collected and processed in order to create, and compile anonymised, aggregated datasets and/or statistics about the services for the following purposes:

  • to maintain and improve the performance and integrity of our Gradability Pty Ltd. services,
  • to understand which services are most commonly preferred by customers and how customers interact with our services,
  • to identify the types of services that may require additional maintenance or support,
  • to comply with regulatory, legislative and/or contractual requirements,
  • to inform quality improvement and assurance


Please note that such aggregated datasets and statistics will not enable any living individual to be identified.


Relationship Intelligence Products.

3.4.8 Gradability Pty Ltd. employs the use of legitimate relationship intelligence products that may collect supplemental usage data including without limitation IP address, company identifier, browser type, browser language and locale, operating system, device type, date and time of request, user id, and the person or company name being looked up. The supplemental usage data may be used for the following purposes:

  • to provide a better service, more detailed and higher quality returned data, support service troubleshooting and performance improvement, and
  • understand usage patterns and frequency.


Supplemental usage data will not be shared with third parties except for lookup parameters which may be provided to third party content providers in order to provide enriched data response.


3.5 Sharing your personal data

We may share data about stakeholders with other entities where the express purpose is business related in connection with the uses identified in this Privacy Policy. Our procedures are designed to provide a globally consistent level of protection for personal information. In some cases, we may use suppliers located in other countries outside of Australia to collect, use, analyse, and otherwise process information on our behalf. We may also use subcontractors or employees located offshore to provide services for us in connection with our service or program offerings. We put in place written contractual safeguards for the protection of all personal data with such identified suppliers, including obligations for processing in line with applicable legal requirements.


3.6 Direct Marketing

3.6.1 Gradability Pty Ltd. only uses or discloses personal information for direct marketing purposes unless otherwise specified in this Privacy Policy if consent has been gained directly from the individual. Gradability Pty Ltd.  may use your data after you have granted your consent in the following cases:

  • We may use your name, email address, telephone number, job title and basic information about you or your employer to keep you up to date with the latest products and services on offer from Gradability Pty Ltd. .
  • To provide additional training services, webinars, seminar or register for these events. If you do register for these events your personal information may be shared with other participants of the same event. We may also ask you to consent to sharing your participant information with sponsors of these events.


3.6.2 Individuals have the opportunity to be removed from circulation or subscription lists if they choose not to receive organisation related materials. We do not, in any event, sell or lease any personal information to any party.

3.6.3 Where individual’s post information to our Blogs, Facebook, Social Media Environments, or websites this information will been seen and shared with those audiences within those platforms. Individuals may be required to create a user profile which may provide them with the option to display personal information to others. This includes, but is not limited to their name, photo, social media accounts, postal address, email address, telephone number, personal interests, skills, and basic information about themselves or their company. All of the information that individuals  post will be available to all visitors to our site.

3.6.4 Gradability Pty Ltd. is not responsible for the personal information that individuals choose to submit in these forums. This is the sole responsibility of the individual and Gradability Pty Ltd. will not be liable for this information in any way. Individuals are not permitted to provide any personal information about other data subjects in those forums and blogs, and we also encourage limiting any personal information to a minimum.

3.6.5 We may share personal data based on good faith that disclosure of this information is necessary to investigate, prevent, or act regarding legal activities, suspected fraud, or potential threats to the safety of any person or peoples. We may also use personal data in litigation in which we are involved, to protect the safety of any person or entity, to protect the rights of any person or entity, to respond to judicial or government enquiry or as required by law.


3.7 Disclosure of personal  information to a Third Party

3.7.1 Gradability Pty Ltd. only discloses information to a third party where written consent has been provided from the individual. Where possible, data is encrypted so that the individual has a level of pseudonymity. Gradability Pty Ltd. does not disclose any individual’s personal information to overseas recipients.

3.7.2 In accordance with legislative and regulatory requirements Gradability Pty Ltd. is required to provide information to State and Commonwealth government departments and other government de[artments for the purpose of administration, research, and quality assurance. Gradability Pty Ltd. does not use or disclose government related identifiers.


3.8 Accessing and seeking correction of personal information

3.8.1 Gradability Pty Ltd. acknowledges the rights of individuals to have access to their personal information under the Freedom of Information Act and provides opportunities to review this information on request.

3.8.2 Students and team members are encouraged to update their personal information as it changes to maintain the currency and accuracy of records/data. Where Gradability Pty Ltd. members identify/suspect that personal information is inaccurate, out of date, incomplete or misleading they will contact the individual for further clarification and action any rectifications as required. There is no charge to an individual who wishes to correct personal information or an associating statement.

3.8.3 If Gradability Pty Ltd. uses an individual’s personal data based on their consent or to perform a contract with the individual, Gradability Pty Ltd. may request a copy of the personal data in a portable format for verification purposes.


3.9 Retention, restriction, and destruction of personal information

Gradability Pty Ltd.’s policy is to retain personal data no longer than

(a) is necessary to fulfil the purposes for which the personal data is processed,

(b) if processing is based on consent, until consent is withdrawn or

(c) if processing is based on a legitimate interest of Gradability Pty Ltd., until objection is made by the individual  to such processing.


3.9.1 Personal information is securely destroyed in accordance with the organisations Records Retention and Management Policy and Procedure. See this policy and procedure for more information. The duration of processing and storage of personal data depends on the legal basis and reporting requirements according to Australian legislation. Gradability Pty Ltd. may need to retain data and personal information in accordance with National Vocational Education and Training Regulator Act 2011 and the Standards for RTOs 2015. However, if required by law Gradability Pty Ltd. will retain personal data for a longer period of time.

3.9.2 Gradability Pty Ltd. will also store data for a longer period of time if such data is required to assert, support, or defend against legal claims. If this is the case, we will retain such data until the relevant retention period or until the claims related to the data have been settled. Gradability Pty Ltd.  can only delete personal data if there is no statutory obligation or prevailing right of Gradability Pty Ltd. to retain it. Deletion of any individual’s personal data will result in an inability to continue with any Gradability Pty Ltd. services to said individual that require the use the data, including, but not limited to, enrolment and completion of a Gradability Pty Ltd. course.

3.9.3 Individuals can request that Gradability Pty Ltd. restrict further processing of their personal data without deleting said personal data for the following reasons

  • if the personal data is incorrect, for the duration of the time Gradability Pty Ltd. need to verify the accuracy of the personal data
  • if there is no legal basis for Gradability Pty Ltd. to process said personal data
  • if Gradability Pty Ltd. no longer needs said personal data however the individual as the data subject claim that it is required to be retained retain in order to establish, exercise, or defend a legal claim
  • where Gradability Pty Ltd. processes personal data on the basis of its legitimate interest and the individual objects to the processing of said personal data for as long as it is required to review whether Gradability Pty Ltd. has a prevailing interest or legal obligation to process said personal data.


3.9.4 Should an individual request Gradability Pty Ltd. to withdraw a consent to use their personal data any withdrawal has no effect on past processing of personal data up to the point in time of the withdrawal.

3.9.5 If the use of services requires consent and the consent is withdrawn, Gradability Pty Ltd. will no longer be able to provide these services.


3.10 Complaints and appeals

Feedback on the organisations compliance with the privacy policy and procedure is encouraged by contacting the Compliance Manager or by making a complaint. Where an individual wishes to make a complaint they are required to lodge the complaint in writing by letter or email to Compliance Manager, Level 6 11-31 York St, Sydney 2000, or email: The Compliance Manager will acknowledge the complaint within three business days of receipt of the complaint. A comprehensive investigation will follow, corrective actions, if any, will be identified and the complainant will be informed of the outcome within ten business days following acknowledgement of the complaint.

If the complainant is dissatisfied with the outcome of their complaint they can approach their relevant ASQA for further resolution. Further action may be taken by approaching the state-based Training Ombudsman, or the OAIC.

See Complaints and Appeals policy and procedure for more information.


3.11 Use of Gradability Pty Ltd. website by children

Gradability Pty Ltd. does not intend for the use of their website by children under 16 years of age and thereby does not target audiences below the age of 16 years old. Gradability Pty Ltd. does not knowingly collect personal data from children under 16 years of age. Gradability Pty Ltd. supports and encourages parents and guardians to take an active role in their children’s online activities and interests.


3.12 Governance mechanisms

Gradability Pty Ltd. has a governance framework in place to ensure its compliance with the Australian Privacy Principles. The following governance framework underpins and supports the operationalisation of this policy through the following actions,

  • Risk assessments including privacy impact assessments are undertaken when required.
  • Team members receive training on the handling of personal and sensitive information on employment commencement and as changes and/ or amendments occur.
  • Team members who regularly manage personal information are provided with supervision and support from their line manager.
  • Performance development and management processes ensure team members have the knowledge and skills required to complete their role requirements.
  • Where an agent or contractor is collecting personal information from a consumer on behalf of Gradability Pty Ltd. , systematic processes are implemented to monitor compliance and maintain the individual’s privacy, including relevant training and support from internal Gradability Team members.
  • The Privacy Policy is publicly available on the website and the Learning Management System.
  • The organisations privacy policy and procedure is reviewed and updated regularly or where required for legislation or governance changes.
  • Gradability Pty Ltd. takes all reasonable steps required to protect and maintain personal and sensitive information in accordance with the Australian Privacy Principles and EU GDPR (if or where required). If a data breach were to occur the organisation has an approach to managing the critical incident in an open and transparent manner that manages risk effectively. The process for managing a data breach includes conducting a preliminary assessment and investigation, undertaking a risk assessment, notifying all relevant parties, and developing an action plan to prevent potential future breaches. Where necessary, Gradability Pty Ltd.’s compliance to trade sanctions with any third parties, including host companies supporting interns, includes
    • automated checks of any user registration data and other information a user provides about his or her identity against applicable sanctioned-party
    • regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information.
    • blocking of access to Gradability Pty Ltd.’s Services


The organisation’s Compliance Manager monitors the effectiveness of the policy/procedure and is actively involved in its review


3.13   General Business communications

Gradability Pty Ltd. communicates with users of the service on a regular basis. Communications can take place via email or phone contact. These such communications are not marketing related but are required to conduct relevant business related services to ensure the delivery of our product and services.

Marketing- related communication may be made by phone or email where an individual may have opted in to receiving these. Gradability Pty Ltd. will always provide the opportunity to opt out of receiving any further marketing information. Individuals can contact the Gradability team to request this action.


3.11   Personal data transference

If in the event that Gradability Pty Ltd. is acquired by or merged with another entity, or part of all of our assets are acquired, or Gradability Pty Ltd. has gone into bankruptcy, individuals’ personal information will be transferred to the acquiring entity for purposes that are similar to those that Gradability Pty Ltd.  has originally used said information for.


3.12   Data received from third parties

Our business partners or agents may register leads with us in which they provide contact details of prospective customers. Collected information may include, name, email address, contact details, phone number and services requested. We also may use such personal data to assist our business partners in responding to requests.

We also may receive personal data from third parties such as marketing or advertising companies, organisers of events that provide us with such information as a part of their relationship with us. Such data could include contact details (such as name, company, title, company address, and email and phone number). This information is used for evaluating a potential business relationship or for combining the information with personal data that we may have already collected.


3.13   Changes to Privacy Policy

Gradability Pty Ltd. reserves the right to change, modify, add, or remove portions of this Privacy Policy from time to time and in our sole discretion. We will also amend this Privacy Policy without notice to support compliance to legislative changes. Our policy is to alert stakeholders to changes that have been made by indicating on the Privacy Policy the date it was last updated and by the version control indicators.


  1. References
  • Australian Skills Quality Authority (2015) “Standards for Registered Training Organisations (RTOs) 2015”.
  • Privacy Act 1988
  • Privacy Amendment Act 2012
  • Office of the Australian Information Commissioner Australian Privacy Principles (APPs)
  • Office of the Australian Information Commissioner (2014) Guide to developing an APP privacy policy
  • EU General Data Protection Regulation (GDPR)