Privacy Policy

Contents

Data Collection

Data Security

Data Use

Data Disclosure

Data Retention and Destruction

Access by You to Your Personal Data

Information about Data-Handling Practices

Handling of Enquiries, General Concerns and Complaints

Enforcement

Photography Privacy

MSIA takes the privacy of participants, and the general public, very seriously complying with all legislative requirements. These include the Privacy Act 1988 and National Privacy Principles (2008).  Information is shared only with external agencies such as the National Vocational Education Training (VET) Regulator to meet our compliance requirements with a Registered Training Organisation (RTO) and as required by law. In every other case, MSIA seeks the written permission of the individual, or company, for such disclosure. Where written permission is required, this will be gained by using our Information Release Form.

 

DATA COLLECTION


 

MSIA undertakes to collect Your Data by means that are:

  • fair;
  • legal; and
  • transparent.

If you visit MSIA's website, your web-browser automatically discloses, and MSIA's web-server automatically logs, the following information:

  • the date and time,
  • the IP address from which you issued the request,
  • the type of browser and operating system you are using, the URL of any page that referred you to the page,
  • the URL you requested, and
  • whether your request was successful.

This data may or may not be sufficient to identify you.

Any additional data that you provide, for example in a web-form, may be logged. This data may or may not be sufficient to identify you.

Any additional data that your web-browser automatically provides may be logged. This will be the case, for example: if your browser has previously been requested to store data on your computer in 'cookies' and submits them each time you request a web-page within a particular domain. This data may or may not be sufficient to identify you.

 

MSIA uses cookies when a visitor arrives on the web-site. Most of the cookie-data is encrypted, and contains no sensitive data such as passwords. All cookies are set for session-only, and hence browsers should delete them at the next opportunity, such as the next quit and re-start.

If you disclose personal data to MSIA, in conjunction with an identifier such as your name or your credit-card details, MSIA will collect Your Data. Moreover, any data that becomes available to MSIA through any of the means described in the preceding paragraphs may be able to be associated with that identifier, and hence become Your Data.

MSIA undertakes to collect Your Data from you and not from other parties.

Where MSIA collects Your Data from sources other than you, it undertakes:

  • to do so only by legal means;
  • to do so only with your consent; and
  • to declare to you what sources it uses, and under what circumstances.

MSIA undertakes to declare the purpose of collection of Your Data in a manner that is clear and meaningful. These declarations are to be found in the relevant data collection forms.

For the purposes of fulfilling the Registered Training Organisation (RTO) –related services of MSIA, data is collected and used to:

  • complete day-to-day administration associated with the RTO and training courses;
  • comply with RTO legal obligations, and ensure adherence to the necessary quality standards and criteria.  This means providing relevant information to government departments, to maintain registration status.

 

DATA SECURITY


 

MSIA undertakes to store Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

 

MSIA undertakes to transmit Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

 

MSIA undertakes to implement appropriate measures to ensure security of Your Data against inappropriate behaviour by MSIA's staff-members, contractors and officers. These include:

 

  • training for staff in relation to privacy;
  • access control, to limit access to Your Data to those staff, contractors and officers who have legitimate reasons to access it;
  • logs of changes to data;
  • reminders to staff and contractors from time to time about the importance of data privacy, and the consequences of inappropriate behaviour;
  • declaration of appropriately strong sanctions that are to be applied in the event of inappropriate behaviour;
  • clear communication of policies and sanctions to staff; and
  • processes to investigate and to impose sanctions.

 

MSIA utilises a secure server for processing credit card information, and a warranty is provided in the extremely unlikely event that your details be misused or stolen.  When providing secure details, you should notice the browser address begins with https:// and a padlock icon on the right of your browser status bar.  This signifies that the page is secure to provide personal data.

 

 

 

DATA USE


 

Use refers to the application of Your Data by any part of MSIA, or any MSIA staff-member, contractor or officer, in the course of their work.

 

MSIA undertakes to use Your Data only under the following circumstances:

 

  • for purposes for which we have your Consent, including purposes that are initially or subsequently agreed between you and MSIA, purposes directly implied by the agreed purposes, and at your request;
  • for such additional purposes as are required by law in a relevant Jurisdiction. In these circumstances, MSIA will take any reasonable steps available to it to communicate to you that the use has occurred, unless it is precluded from doing so by law; and
  • for such additional purposes as are authorised by law in a relevant Jurisdiction (in particular to protect MSIA's interests, e.g. if it believes on reasonable grounds that you have failed to fulfil your Undertakings to MSIA).

 

MSIA undertakes to use Your Data only if it has demonstrable relevance to the particular use to which it is being put, and to use only such of Your Data as is necessary in the particular circumstances.

 

MSIA undertakes to use Your Data in such a manner as to take into account the possibility that it is not of sufficient quality for the purpose, e.g. because it is inaccurate, out-of-date, incomplete, or out-of-context.

 

DATA DISCLOSURE


Disclosure refers to making Your Data available to any party other than MSIA and you. The term disclosure may include many different conditions of data transfer, including selling, renting, trading, sharing and giving.

MSIA undertakes to disclose Your Data only under the following circumstances:

  • for purposes for which we have your Consent, including purposes that are initially or subsequently agreed between you and MSIA, purposes directly implied by the agreed purposes, and at your request;
  • for such additional purposes as are required by law, such as a provision of a statute, or a court order such as a search warrant or subpoena. In these circumstances, MSIA will take any reasonable steps available to it to communicate to you that the disclosure has occurred, unless it is precluded from doing so by law;
  • for such additional purposes as are permitted by law (e.g. the reporting of suspected breach of the criminal law to a law enforcement agency; and in an emergency, where MSIA believes on reasonable grounds that the disclosure of Your Data will materially assist in the protection of the life or health of some person), provided that MSIA will apply due diligence to ensure that the exercise of the permission is justifiable.

Where Your Data is disclosed to an outsourced service-provider (e.g. to a company that processes credit-card transactions or a sub-contractor), MSIA undertakes to make reasonable endeavours to exercise control over compliance by its service-provider with the terms of this Privacy Policy.

MSIA undertakes to disclose Your Data only if it has demonstrable relevance to the particular use to which it is being put, and to disclose only such of Your Data as is necessary in the particular circumstances.

 

MSIA UNDERTAKES TO DISCLOSE YOUR DATA IN SUCH A MANNER AS TO TAKE INTO ACCOUNT THE POSSIBILITY THAT IT IS NOT OF SUFFICIENT QUALITY FOR THE PURPOSE, E.G. BECAUSE IT IS INACCURATE, OUT-OF-DATE, INCOMPLETE, OR OUT-OF-CONTEXT.

 

 

DATA RETENTION AND DESTRUCTION


Subject to the qualifications immediately below, MSIA undertakes:

  • to retain Your Data only as long as MSIA reasonably believes it is consistent with its purpose; and
  • to destroy Your Data when MSIA reasonably believes its purpose has expired, and to do so in such a manner that Your Data is not subsequently capable of being recovered.

This Undertaking is qualified as follows:

  • when Your Data falls due for destruction, it may be retained for a period beyond its expiry of purpose, until the next regular deletion cycle;
  • Your Data may be retained in MSIA's logs, backups and audit trails within short-term retention cycles that are devised to protect the company's operations. In such cases, Your Data will be destroyed in accordance with those cycles;
  • in some circumstances, Your Data may be retained in an archive. An archive may be internal-only and accessible only by staff, contractors and officers; or it may be publicly available, as is the case with data relating to previous MSIA officers;
  • Your Data may be retained beyond the expiry of its purpose if that is required by law, such as a provision of a statute, or a court order such as a search warrant or subpoena, or a warning by a law enforcement agency that delivery of a court order is imminent. In these circumstances, MSIA:
    • will take any reasonable steps available to it to communicate to you that Your Data is being retained, unless it is precluded from doing so by law; and
    • will only retain Your Data while that provision is current, and will then destroy Your Data;
  • Your Data may be retained beyond the expiry of its purpose if such retention is authorised by law (in particular to protect MSIA's interests, e.g. if it believes on reasonable grounds that you have failed to fulfil your Undertakings to MSIA or may have committed a breach of the criminal law). In these circumstances, MSIA will only retain Your Data while that situation is current, and will then destroy Your Data.

 

ACCESS BY YOU TO YOUR PERSONAL DATA


MSIA undertakes to provide you with access to Your Data, subject to only such conditions and processes as are reasonable in the circumstances. In particular, MSIA undertakes to enable access:

  • conveniently;
  • without unreasonable delay; and
  • without cost to you.

MSIA undertakes to establish and operate identity authentication protections for access to Your Data that are appropriate to its sensitivity, but practical. This may involve some inconvenience; for example, relatively straightforward procedures may be involved in order to provide you with access through a channel that you have previously provided to MSIA (such as a particular email-address), but more onerous procedures may have to be imposed if you wish to use some other channel.

If you request it, MSIA undertakes to take reasonable steps in relation to the amendment, supplementation or deletion of Your Data.

In providing these undertakings, MSIA is working on the assumptions that:

  • you will not request to seek access, amendment, supplementation or deletion for frivolous purposes, or unreasonably frequently;
  • you accept that deletion of some categories of data may result in MSIA no longer being able to provide particular services to you.

 

INFORMATION ABOUT DATA-HANDLING PRACTICES


MSIA undertakes to make information available to you about the manner in which MSIA handles your data:

  • in general terms, in a readily accessible manner, by means of this Privacy Policy published on the MSIA website; and
  • in more specific terms, on request.

Where Your Data is disclosed to an outsourced service-provider, MSIA undertakes to make information available to you, on request, about the manner in which MSIA's outsourced service-provider handles Your Data.

MSIA undertakes to ensure that the information provided about data-handling practices is meaningful, and addresses your concerns.

In providing these undertakings, MSIA is working on the assumptions that:

  • you will not seek such information for frivolous purposes, or unreasonably frequently; and
  • you accept that the disclosure of excessive detail may harm the security of Your Data and MSIA's business processes, and may harm MSIA's operational activities.

 

HANDLING OF ENQUIRIES, GENERAL CONCERNS AND COMPLAINTS


In providing these undertakings, MSIA is working on the assumption that, if you have enquiries, general concerns, or complaints about any aspect of this Privacy Policy, or about MSIA's behaviour in relation to its Undertakings, you will communicate them in the first instance:

  • to MSIA only;
  • in sufficient detail;
  • through a channel made available by MSIA for that purpose;

MSIA undertakes:

  • to provide one or more channels for communications to MSIA, which are convenient to users. To find these channels, please go to the MSIA Contacts Page;
  • to promptly provide acknowledgement of the receipt of communications, including a copy of the communication, the date and time it was registered, and an indication of how to follow up the matter with MSIA if a formal response is slow in arriving;
  • to promptly provide a response to the communication, in an appropriate and meaningful manner.

In providing these undertakings, MSIA is working on the assumption that you will not pursue MSIA through any Regulator or the media:

  • until and unless MSIA has had a reasonable opportunity to respond to the initial communication; and
  • while MSIA and you are conducting a meaningful dialogue about the matter.

 

 

ENFORCEMENT


MSIA declares that the Undertakings expressed in this Privacy Policy are intended to create legal obligations, and that those obligations are intended to be enforceable under appropriate laws in appropriate Jurisdictions. These may include laws relating to data protection, privacy, fair trading, unfair competition, the corporations law, and the criminal law.

In providing these undertakings, MSIA is working on the assumptions that:

  • you will not unreasonably seek enforcement until you have initiated the complaints-handling process and MSIA has had the opportunity to redress the wrong; and
  • you will seek enforcement only in a Jurisdiction that is relevant to the transactions that have taken place between you and MSIA, in particular the Jurisdiction in which you live or in which you performed the relevant acts, and the Jurisdiction in which MSIA is domiciled or performed the relevant acts.

 MSIA endeavours to comply with the relevant State and Commonwealth legislation, particularly Queensland legislation as the state of registration and main address, and any other state legislation in which business (training or other services) is conducted

 

 

PHOTOGRAPHY PRIVACY


At MSIA we recognise that in some circumstances there are sensitivities relating to the taking of photographs. This is particularly relevant to capturing images of children. We may, from time to time, wish to take photos of training activities we are conducting. When these instances arise in an environment external to our own training facilities, we will first obtain permission from the premises owner or manager.