This policy must be read in conjunction with: 

  • the Privacy Statement on the Connection Group Australia enrolment form 
  • the Privacy Act 1988 
  • the Privacy and Personal Information Act 1998 (NSW only) 


Personal and sensitive information includes name, date of birth, address and other contact details, employment details, medical or disability information, bank account details, work address and contact details, salary, job title and work practices, training and assessment records. 

Protecting personal and sensitive information 

  • Connection Group Australia, as a leading provider, understands the importance persons place on maintaining the privacy of personal information and sensitive information.  Subsequently, we are committed to managing and protecting the personal and sensitive information provided by students.   
  • Through this policy Connection Group Australia seeks to ensure students that any personal and sensitive information obtained by Connection Group Australia will be held in confidence and only used by Connection Group Australiain the course of its business as a registered training organisation. 
  • All student records are maintained securely in key locked filing cabinetry and password protected computers.  Connection Group Australia will ensure that the computer systems of the organisation are changed every 30 calendar days. 

The collection, use, and disclosure of personal and sensitive information 

  • Personal and sensitive information held by Connection Group Australia (i.e. enrolment information and personal details) is collected and used for the purposes of enrolling students into courses and maintaining clear and accurate records of its training and assessment activities. 
  • Connection Group Australia acknowledges that individuals provide personal and sensitive information on a voluntary basis, to assist Connection Group Australia to provide high quality products and services to students at their request.  Connection Group Australia will use individuals’ contact details to assist in the administering of its products and/or services.  
  • Connection Group Australia will not disclose personal and sensitive information to an external company or third party without the express written permission of the student.   
  • Personal and sensitive information shall not be sold to anyone and shall not be used for promotions independent of Connection Group Australia.  
  • Connection Group Australia shall destroy personal and sensitive information, if there is no longer any legitimate purpose in retaining such information except where required by regulatory authorities such as the Australian Skills Quality Authority and other State and/or Territory Regulatory bodies (as applicable). 
  • Notwithstanding the above, Connection Group Australia, as registered training organisation, is required to participate in external audit by the Australian Skills Quality Authority and other regulatory authorities in the conduct of its business.  Subsequently, these authorities will have access to your personal and sensitive information for the purposes of audit only.  None of the information disclosed to these authorities will be used for purposes other than that of the audit. 

Examples of personal and sensitive information Connection Group Australia may hold: 

  • Name 
  • Address 
  • Telephone Number 
  • Fax Numbers 
  • Date of birth/age 
  • Place of birth 
  • Race or ethnic origin 
  • Language spoken at home 
  • Email address 
  • Photograph 
  • Educational Qualifications 
  • Information on disabilities and language, literacy and numeracy details 
  • Training information 
  • Assessment results 
  • Ethnicity 
  • Religious or cultural information 

Changes to our privacy statement 

  • Connection Group Australia may vary its privacy standards from time to time.  Where changes are made these will be communicated to all students.  

Collection of personal and sensitive information 

  • Connection Group Australia shall only collect personal and sensitive information that is necessary to carry out its business activities. Information shall be collected in a legal and just method and shall not, where reasonably possible, be intrusive.  If practical, personal and sensitive information shall be collected from individuals through enrolment into courses/qualifications.  When collecting personal and sensitive information, Connection Group Australia shall take reasonable steps to inform students about our identity, the purpose of collection and their rights to access personal and sensitive information held by this organisation. 

Use and disclosure of personal and sensitive information 

  • Connection Group Australia shall only use or disclose information for the primary purpose it was collected. Connection Group Australia shall not use or disclose information for a secondary purpose unless the individual has consented in writing to the use or disclosure. 

Data quality 

  • Connection Group Australia shall take all reasonable steps to make sure that personal and sensitive information is accurate, complete and up-to-date at the time of collection and use. 

Data security 

  • Connection Group Australia shall take reasonable steps to ensure personal and sensitive information is safe from misuse, loss, and unauthorized access, alteration or disclosure. Information shall be destroyed, or identifiers removed when it is no longer needed for either the primary or approved secondary purpose and in accordance with the Standards for Registered Training Organisations 2015 and retention of records requirements of the State Regulatory Bodies (as applicable). 
  • Connection Group Australia shall take reasonable steps to ensure the security of physical files, computers, networks and communications are maintained at all times. 


  • Connection Group Australia shall make available, on request, our Privacy Statement and Policy. 
  • We shall also, on request and within reason, inform an individual: 
  • What type of personal and sensitive information we collect and hold? 
  • For what purpose 
  • How it is collected 
  • How it is used and disclosed. 

Access and correction 

  • If requested, Connection Group Australia shall give individuals access to and correction of their personal and sensitive information held by this organisation. A copy of the policy and accompanying information will be available for perusal.  When requesting access to personal and sensitive information, individuals shall: 
  • Complete a Client Records Request to access their personal and sensitive information 
  • Provide two (2) acceptable forms to prove their identity or provide identification over the phone by responding to a series of questions by Connection Group Australia Administration 
  • Advise in what format they require the information 
  • Provide data storage, if necessary 
  • Pay any reasonable associated fees in accordance with the Fees and Charges Schedule 
  • Allow 72 hours for processing 
  • Charges associated with copying of documents is included in the Fees and Charges Schedule. 
  • Should fees apply, they shall not be excessive, nor shall they apply to lodging a request and students are to be advised of the costs prior to arrangements for access being commenced. 


Connection Group Australia shall not assume, as its own identifier of a person, an identifier that has been assigned by a Government agency or agent or a contracted service provider for a Commonwealth Contract. Note: A person’s name or ABN number is not considered to be an identifier. 


Persons will be given the option to interact anonymously with Connection Group Australiawhenever it is lawful and practicable to do so.  

Sensitive and health information 

Connection Group Australia shall not collect information that is of a sensitive nature unless prior permission has been sought from the individual. 

A person has the right to inquire about their personal and sensitive information being held by Connection Group Australia. In the event that a person is not satisfied with Connection Group Australia response in revealing/ disclosing this information, the person has the following recourse:  

  • The person has the right to request, and Connection Group Australia’s required to provide, information on the grounds for partial or non-disclosure.  
  • If unsatisfied with the grounds for partial or non-disclosure, the person has 60 days to write to Connection Group Australia explaining why the person is disputing the partial or non-disclosure;  
  • If, on receiving this correspondence, Connection Group Australia’s position remains, the person can request that the matter be referred to the Office of the Federal Privacy Commissioner for review.     

This policy applies to all individuals who provide personal and sensitive information to Connection Group Australia for the primary purpose of education delivery and associated government requirements and is interpreted to conform to the requirements of the Privacy Amendments Act 2012 and the Privacy Regulations 2013.     

  1. Collection and use of information 

The information that an individual provides to Connection Group Australia may be shared with the Commonwealth, State Governments and designated bodies only as required by legislation, including the Data Provision Requirements of the VET Quality Framework. 

Some sensitive information (i.e. health, LL&N levels) is required to help our duty of care to learners and staff with all information being solicited for the intended purpose. We do not receive unsolicited information. Anonymity of, and use of pseudonymity by, the individual is not permitted as it is impracticable for Connection Group Australia to deal with individuals who have not identified themselves or who have used a pseudonym. 

Connection Group Australia will not disclose an individual’s personal and sensitive information to an individual or an organisation other than: 

  • as required by legislation 
  • where written consent has been provided by the individual to disclose personal and sensitive information to another person 
  • Connection Group Australia believes there are reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual or of another person 
  • the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty 
  • for the purpose of the protection of the public revenue.  
  • Australian Privacy Principles 

Connection Group Australia adheres to the requirements of the 13 Australian Privacy Principles from Schedule 1 of the Privacy Amendment Act 2012, a copy of this can be downloaded from being the site of the Office of the Australian Information Commissioner.   

All information is held in individual learner files as hard copies and electronic files. Staff information is held by the CEO. All information is disposed of when no longer required – Refer to the Records Management Procedure.  

  • Student access to records 

Students are entitled to have access to their records on request and there is no charge for this access. To facilitate this, students who request to access their records are to be provided with this access at the earliest opportunity. Student records may not be removed from GATs premises.  Students are entitled to copies of their records at a nominal charge as specified in the Student Information Handbook.  

  • USI 

USI legislation requires that we keep all records concerning a USI protected from misuse, interference and loss, unauthorised access, modification and disclose. It also provides for the Australian Information Commissioner to investigate any breach of the USI confidentially initiate as if it is an interference with the privacy of an individual for the purpose of the Commonwealth Privacy Act.  

A USI must not be used for any purpose other than those specifically allowed under than the legislation. Refer to the Unique Student Identifier Policy and Procedure for more information.  

  • Data provision requirements 

We collect information that is needed under the VET Quality Framework. This data includes but is not limited to Total VET activity data (AVETMISS), reported to NCVER and the Quality Indicator data (report to ASQA).  

For more information visit the  

Privacy and Confidentiality Policy