Your privacy is important
CVGT Australia Limited ACN 006 178 641 (“CVGT”) is a contracted service provider to the Australian and State Governments.
This statement outlines CVGT Australia Limited’s (CVGT) policy on how CVGT uses and manages personal information provided to or collected by it for the purposes of delivering employment, group training and related services to the public.
CVGT, its employees, contractors and agents are subject to the Privacy Act 1988 (Cth) (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act, and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
Information we collect and why we hold, use and disclose it
We collect, hold, use and disclose personal information for a variety of purposes, including:
- performing our management, employment and personnel functions in relation to our staff and contractors;
- performing our activities and administrative functions, including to:
- provide employment and related services;
- determine an individual’s eligibility to participate in an employment related service;
- provide employment and training opportunities;
- market our services to clients, potential employers and training institutions;
- consider making offers of employment or for the purposes of contracting services;
- complaints handling and administering requests received by us under the Freedom of Information Act 1982 (Cth) and the Privacy Act;
- program management;
- contract management;
- maintaining effective working relationships with Commonwealth and state governments, and other relevant stakeholders;
- management of correspondence with the public; and
- to comply with our contractual, legal and regulatory requirements.
- performing our activities and administrative functions, including to:
The type of information we collect and hold includes (but is not limited to) personal information, including sensitive information:
- identifying information (including name, address, telephone number, email address, date of birth, Centrelink customer reference number(s), driver’s licence details and/or tax file information).
- employment and/or employment history;
- education information (such as school results, qualifications or other information generally contained in a resume);
- credit information;
- medical and/or criminal history.
We only collect, hold, use and disclose personal information for a lawful purpose that is reasonably necessary or directly related to one or more of our functions or activities or where otherwise required or authorised by law.
We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act.
For information regarding the types of information collected and how this information may be used or shared in the jobactive program, please see the Privacy statement for jobactive participants [https://www.employment.gov.au/privacy-statement-jobactive-participants].
We may also collect personal information for the purposes of:
- assessing eligibility for credit;
- providing credit.
Credit information includes information:
- that identifies you;
- about the amount you’ve borrowed;
- about repayments;
- about defaults.
Information may be derived from a credit reporting body or another credit provider. A credit reporting body is an organisation whose business involves handling personal information to give another organisation information about the creditworthiness of an individual.
Under the Act, information derived from a credit reporting body or another credit provider means personal information about you that:
- is derived by the body from credit information it holds about you;
- has any bearing on your credit worthiness; and
- is, has, or could be used to establish your eligibility for consumer credit.
Personal Information you provide:
We collect personal information through forms filled out by you, our website, online surveys, face to face meetings, interviews, telephone conversations, video conferences, emails, our visitors’ books, surveys, resumes and employment applications.
We will generally collect personal information held about an individual by way of phone calls, recording on online and/or paper forms, and notes during personal consultations. You have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
If personal information requested by us is not provided:
- we may not be able to effectively provide you with our services; or
- you may not be able to participate in an activity offered by us.
Access to Australian Commonwealth Government financial support and/or other support services may not be practicable without access to such information.
Information collected by our contractors
Under the Privacy Act we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post or telephone (although these also have risks associated with them).
Personal Information provided by third parties:
In some circumstances, we may be provided with personal information about an individual from a third party, for example Commonwealth and State Government agencies, current or past employers (including group training host employers), and other community health and support services.
As a service provider to the Australian and relevant State Governments, we may also collect personal information from various departments and agencies such as:
- Department of Education, Skills and Employment;
- Services Australia;
- Department of Social Services;
and State government departments.
We may also collect personal information through other third parties such as:
- educational institutions;
- other education and training providers;
- medical practitioners;
- previous or current employers;
- nominated referees for employment purposes;
- criminal records check provider;
- credit reporting bodies or another credit provider.
Your information – including personal information – is collected by a variety of software applications, services and platforms used by your device and by CVGT to support it to deliver services.
This type of information collection is ‘passive’ as we do not collect this information directly and it does not directly relate to the provision of services. Your consent for your information to be collected and shared in this way is typically obtained at the time you first use an application or service on your device.
You can opt out of some of these passive data collections, including by:
- Disabling / refusing cookies;
- Opting-out of Google Analytics; and
- Disabling location services on your device.
Additional advice regarding how to protect yourself online can be found at Stay Smart Online [http://www.staysmartonline.gov.au/].
CVGT directly collects some of your information—including personal information—via its website. Generally, this information is collected to enable CVGT to properly and efficiently carry out its functions and deliver services to you.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
Links to External Websites and Social Networking Services
We also use social networking services such as Facebook, Twitter, Google+, YouTube, Instagram and Yammer to talk with the public and our staff.
When you talk with us using these services we may collect your personal information to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
How will CVGT use the personal information you provide?
CVGT will use personal information it collects from you for the primary purpose for its collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented. Where appropriate, your consent will be confirmed in writing.
We may use video surveillance for security purposes and the footage will be used only by CVGT and by the providers of our security services for the purpose of maintaining physical and or personnel security over our business premises. Surveillance videos are not used by CVGT for other purposes and the footage is not publicly available. Surveillance cameras are not located in any bathrooms at CVGT offices.
From time to time we may promote our functions and activities. In relation to direct marketing, CVGT will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere we will still send you direct marketing information where you have consented and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, employees and contractors, CVGT’s primary purpose of collection is to assess and (if successful) to engage the applicant, employee or contractor, as the case may be.
The purposes for which CVGT uses personal information of job applicants, employees and contractors include:
- for insurance purposes;
- to record and maintain information on CVGT’s staffing complement;
- to appropriately protect employees from harm and/or the risk of harm; and
- to satisfy CVGT’s legal obligations.
Where CVGT receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
Unsolicited personal information
Where we receive unsolicited personal information, we will assess whether or not the information is reasonably necessary for our functions and activities within a reasonable period.
If we assess that the information is reasonably necessary for our functions and activities, we will treat it in the same way as any other personal information which we collect.
If we assess that the information is not reasonably necessary for our functions and activities, we will either destroy or de-identify the information.
Disclosure of personal information
To fulfil our functions and activities, we may disclose personal information, including sensitive information, held about an individual to:
- employers – previous, current and/or potential;
- educational institutions;
- other education and training providers;
- credit agencies;
- criminal history information providers;
- Australian and relevant State government departments and agencies;
- potential business partners;
- other parties that provide support services to our services where reasonably required; and
- anyone you authorise us to disclose information to.
Disclosure of personal information overseas
We will on occasion disclose personal information to overseas recipients, but only where certain conditions are met, for example, you give your consent or the disclosure is otherwise authorised by law.
CVGT will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The situations in which we may disclose personal information overseas include:
- the publication on the internet of material which may contain personal information, such as annual reports and other documents; photographs, video recordings and audio recordings;
- the provision of personal information to overseas researchers or consultants;
- the provision of personal information to recipients using a web-based service where data is stored on an overseas server, for example, CVGT may use Mailchimp for email subscriptions and SurveyMonkey for online surveys;
- where recipients of CVGT communications use an email account that stores data on an overseas server; and
- where people post and comment on our social media platforms.
Before CVGT discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, CVGT will establish that they are privacy compliant and will have systems which provide sufficient security.
How do we treat sensitive information?
In referring to ‘sensitive information’, CVGT means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Access to and alteration of records containing personal information
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which we hold about them and to advise us of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information CVGT holds about you, please contact the Privacy Officer in writing.
CVGT may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, CVGT may charge a fee to retrieve and copy any material. If the information sought is extensive, CVGT will advise the likely cost in advance.
We may direct your request to the relevant Australian Government Department for consideration under the provisions of the Freedom of Information Act 1982.
CVGT endeavours to ensure that the personal information it holds is accurate, complete and up-to-date and we will take all reasonable steps to make sure that the personal information we collect and store is accurate, up-to-date, complete, relevant and not misleading.
A person may seek to update their personal information held by us by contacting the Privacy Officer.
Storage and Data Security
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
CVGT employees are required to respect the confidentiality of personal information and the privacy of individuals.
CVGT has in place steps to protect the personal information we hold from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and password-protected access rights to computerised records.
The Australian Privacy Principles and the Health Privacy Principles require us not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored.
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In some circumstances, it may be kept for marketing purposes, where you have consented to the use of that information such a purpose in writing with us.
We are required to retain certain records for different periods of time in accordance with our contractual obligations to various Australian Government Departments and related State Governments. Depending on the relevant record, it could be a minimum of 5 to 7 years. Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government’s records management regime.
If you have any enquiries or complaints about privacy, or if you wish to access or correct your personal information, please email us at firstname.lastname@example.org or write to:
PO Box 473
Bendigo VIC 3552
If you think we may have breached your privacy you may contact us to make a complaint using the contact details above.
In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.
We will generally respond to your enquiry or complaint within 30 days. We may also refer it to the relevant Australian or State government department.
If you are not satisfied by our response, complaints can be made directly to the relevant Australian or State Government Department or to the Office of the Australian Information Commissioner via:
- email: email@example.com
- Tel: 1300 363 992
- Fax: +61 (02) 9284 9666