1. Introduction

RTO Angels Pty Ltd ("RTO Angels", "we", "us", or "our") is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in the course of our business operations, including the provision of vocational education and training (VET) quality assurance services, assessment validation, regulatory compliance services, and related consulting activities.

Our Contact Details:

• Business Name: RTO Angels Pty Ltd
• ABN/ACN: ACN 689 632 059
• Registered Office: 60 Atlantis Drive, Point Cook VIC 3030
• Website: https://rtoangels.com/
• Email: consult@rtoangels.com
• Phone: (03) 7075 1918

2. What Personal Information We Collect

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. The types of personal information we may collect include:

2.1 Client and Business Contact Information

• Names, job titles, and business contact details
• Email addresses and phone numbers
• Company or organization names
• ABN or ACN details
• Payment and invoicing information

2.2 Service Delivery Information

When providing assessment validation and regulatory services, we may collect:

• Student names and identification details
• Assessment evidence and records
• Training records and qualifications
• Employment and workplace information
• Assessor and trainer details
• RTO operational information

2.3 Website and Communication Information

• IP addresses and browser information
• Website usage data and analytics
• Email correspondence and communication records
• Enquiry and quote request information

2.4 Employment and Contractor Information

• Resumes, CVs, and employment applications
• Qualifications and work history
• Professional references and credentials
• Working with Children Check or police check information
• Tax file numbers and superannuation details
• Bank account details for payment purposes

3. How We Collect Personal Information

3.1 Direct Collection

• Through our website contact forms and enquiry submissions
• Via email, phone, or face-to-face communications
• Through service agreements and contracts
• From employment or contractor applications
• During the provision of our services

3.2 Third Party Collection

We may collect personal information from:

• Registered Training Organizations (RTOs) we work with
• Government agencies, including ASQA
• Professional referees and previous employers
• Publicly available sources such as professional directories
• Other third parties authorized to provide information

3.3 From Other Sources

• ASQA briefs and regulatory documents
• Training records and assessment materials provided by RTOs
• Student evidence and assessment submissions

We will only collect personal information by lawful and fair means, and where it is reasonably necessary for, or directly related to, our business functions.

4. Why We Collect Personal Information

4.1 Service Delivery

• Providing assessment validation services
• Conducting regulatory compliance activities
• Delivering VET quality assurance services
• Preparing validation reports and recommendations
• Meeting contractual obligations to clients and ASQA

4.2 Business Operations

• Responding to enquiries and providing quotes
• Managing client relationships and contracts
• Processing payments and invoicing
• Maintaining business records and documentation
• Complying with legal and regulatory obligations

4.3 Employment and Engagement

• Recruiting and assessing employment or contractor applications
• Managing employment relationships
• Meeting workplace health and safety obligations
• Processing payroll and superannuation

4.4 Communication and Marketing

• Responding to website enquiries
• Providing information about our services
• Sending service updates and relevant industry information

5. How We Use and Disclose Personal Information

5.1 Use of Personal Information

We use personal information only for the purposes for which it was collected, or for related purposes where you would reasonably expect us to use the information in that way.

5.2 Disclosure to Third Parties

We may disclose personal information to:

Government Agencies:

• Australian Skills Quality Authority (ASQA)
• Australian Taxation Office (ATO)
• Fair Work Ombudsman
• Other Commonwealth, State, or Territory agencies as required by law

Service Providers:

• IT service providers and cloud storage providers
• Accounting and payroll service providers
• Legal and professional advisors
• Payment processors and banking institutions

Other Third Parties:

• RTOs and training organizations (with appropriate authorization)
• Subject matter experts and validation specialists engaged as contractors
• Professional assessors and industry practitioners
• Auditors and quality assurance reviewers

When Required by Law: We may disclose personal information when required or authorized by Australian law, including:

• Court orders and subpoenas
• Freedom of Information requests
• Regulatory investigations
• Law enforcement requests

5.3 Overseas Disclosure

We do not routinely disclose personal information overseas. If overseas disclosure becomes necessary, we will:

• Only disclose to countries with substantially similar privacy protections
• Obtain your consent where required
• Ensure contractual protections are in place
• Comply with APP 8 requirements

6. Data Quality and Security

6.1 Accuracy of Information

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, complete, up-to-date, and relevant. We encourage you to contact us if your personal information changes or if you believe the information we hold is inaccurate.

6.2 Security Measures

We implement appropriate physical, technical, and administrative safeguards to protect personal information from:

• Unauthorized access or disclosure
• Misuse, interference, and loss
• Modification or destruction

Our security measures include:

Physical Security:

• Secure office premises with controlled access
• Locked storage for physical documents
• Secure destruction of documents no longer required

Digital Security:

• Encrypted data storage and transmission
• Secure cloud storage with Australian data sovereignty
• Multi-factor authentication for systems access
• Regular security audits and updates
• Anti-virus and anti-malware protection
• Secure backup systems
• Access controls and authentication systems

Access Controls:

• Role-based access to personal information
• Regular access reviews and audits
• Immediate access revocation when staff or contractors cease engagement
• Confidentiality agreements with all personnel

6.3 Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods include:

• Client and service records: 7 years from completion of services
• Financial and tax records: 7 years as required by law
• Employment records: 7 years after employment ceases
• Validation reports and evidence: As required by ASQA and contractual obligations

When personal information is no longer needed, we take reasonable steps to destroy or de-identify it in a secure manner.

7. Access and Correction

7.1 Access to Your Personal Information

You have the right to request access to the personal information we hold about you. To request access:

• Contact us using the details provided in this policy
• Provide sufficient information to verify your identity
• Specify the information you wish to access

We will respond to your request within a reasonable timeframe, generally within 30 days. There is no charge for making a request, however, we may charge a reasonable fee for providing access if significant time or resources are required.

7.2 When Access May Be Denied

We may deny or restrict access where:

• Providing access would pose a serious threat to the life, health, or safety of any individual
• Providing access would have an unreasonable impact on the privacy of others
• The request is frivolous or vexatious
• The information relates to legal proceedings
• Providing access would be unlawful
• Denying access is required or authorized by law

If we deny your request, we will provide written reasons for the denial.

7.3 Correction of Personal Information

You have the right to request correction of personal information we hold about you if you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To request correction:

• Contact us using the details provided
• Specify the information you believe is incorrect
• Provide evidence supporting the correction

If we agree that the information requires correction, we will take reasonable steps to correct it and notify any third parties to whom we have disclosed the information (where appropriate).

If we do not agree to make the requested correction, we will:

• Provide you with written reasons for our decision
• Take reasonable steps to associate a statement with the information noting your requested correction

8. Data Breach Notification

8.1 Eligible Data Breaches

In the event of an eligible data breach (as defined under the Privacy Act), we will:

• Immediately take steps to contain the breach and mitigate harm
• Conduct a thorough investigation within 30 days
• Assess whether the breach is likely to result in serious harm
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if required

8.2 Notification Process

If notification is required, we will provide:

• A description of the data breach
• The kinds of information involved
• Recommendations on steps individuals should take
• Contact details for further information

9. Complaints and Disputes

9.1 Making a Complaint

If you believe we have breached your privacy or handled your personal information inappropriately, you have the right to lodge a complaint.

To lodge a complaint:

1. Contact our Privacy Officer using the details provided in this policy
2. Provide details of your complaint in writing
3. Include any relevant supporting documentation

Our Complaints Process:

• We will acknowledge your complaint within 5 business days
• We will investigate your complaint thoroughly
• We will provide a written response within 30 days
• If more time is needed, we will notify you and provide reasons

9.2 Resolution

We are committed to resolving complaints fairly and efficiently. If you are not satisfied with our response, you have the right to:

• Request an internal review
• Seek external dispute resolution
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

OAIC Contact Details:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Mail: GPO Box 5218, Sydney NSW 2001

10. Contracted Service Provider Status

When providing services to Commonwealth Government agencies (including ASQA), RTO Angels operates as a "contracted service provider" as defined in the Privacy Act 1988 (Cth).

In this capacity, we:

• Comply with all Australian Privacy Principles as if we were an agency
• Use and disclose personal information only for the purposes of our contractual obligations
• Do not disclose personal information outside Australia without prior written consent
• Implement appropriate safeguards against unauthorized access, modification, or disclosure
• Cooperate with agencies to respond to access and correction requests
• Immediately notify agencies of any privacy breaches or complaints

11. Website Privacy

11.1 Cookies and Analytics

Our website may use cookies and similar technologies to:

• Improve website functionality and user experience
• Analyse website traffic and usage patterns
• Remember user preferences

You can control cookie settings through your browser, however, disabling cookies may affect website functionality.

11.2 Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

11.3 Website Security

We implement appropriate security measures to protect information transmitted through our website, including SSL encryption for data transmission.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Last Updated" date at the top of this policy
• Significant changes will be prominently displayed on our website
• We will notify clients and contacts if changes materially affect how we handle personal information

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of personal information, please contact us:

We are committed to protecting your privacy and will respond to your enquiries as promptly as possible.