This Policy applies to our staff, volunteers, contractors and suppliers handling personal and sensitive information, which is collected during the course of business, on behalf of MTC, including all our related entities. Currently, our related entities are MTC Recruitment Limited (ACN 145 727 859) and Warakirri College Limited (ACN 610 098 541). In this Policy, references to ‘MTC’ include our related entities.
- Privacy Act 1988 (Cth)
- Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
- Freedom of Information Act 1982 (Cth)
- Privacy and Personal Information Protection Act 1998 (NSW)
- Office of the Australian Information Commissioner- APP Guidelines
1.1 This Policy is MTC’s statement of intent to operate within the following Australian privacy laws:
- the Privacy Act 1988 (Cth) (Privacy Act), and
- the Australian Privacy Principles, contained in the Privacy Act (APPs), and
- the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), incorporated into the Privacy Act (Notifiable Data Breach Scheme), and
- other applicable laws that impose specific obligations relating to the handling of personal and sensitive information, including: the Freedom of Information Act 1982 (Cth), and applicable NSW State–based laws such as the Privacy and Personal Information Protection Act 1998 (NSW).
2. Purposes for which MTC collects, holds, uses and discloses personal and/or sensitive information
(a) MTC’s main function and activities involve the provision of services to clients by assisting them in securing employment, providing training and support to improve their employability skills or to provide a pathway to further education. The clients we assist include a diverse range of people from various age groups, including young school age students, and working age people from many different backgrounds, experiences and circumstances.
(b) Where you are a client, as a result of our provision of services, we hold a wide range of information relating to you. We come into contact with you in carrying out our activities, and we cannot function without obtaining and retaining information with regard to you. It is essential that we collect, hold and use the information in the ongoing conduct of our activities.
(c) MTC uses the information which it collects from you for the following purposes:
- Developing marketing activities, to provide information about MTC’s services,
- Providing appropriate individual service and achieving outcomes, and
- Monitoring the quality of service and identifying improvements to our delivery of services.
(d) MTC collects, holds, uses and discloses your personal and/or sensitive information for a number of purposes associated with the provision of government funded programs and in order to provide appropriate assistance to you. Examples where MTC may share or disclose your appropriate personal and/or sensitive information to third parties when providing services include:
- employment service programs will disclose information with a range of employers offering work experience or job vacancies,
- education service programs will disclose information with other vocational training providers and employers,
- service providers, including professional advisors, consultants and computer maintenance providers, and
- youth service programs will disclose information to volunteers providing mentoring, with employers offering work experience or job vacancies, with schools and other educational institutions.
(e) MTC may be required to disclose your personal and/or sensitive information to other parties where you have agreed or where:
- MTC is permitted by the Government department administering or regulating the program delivered by MTC, and
- required by laws, including the social security laws, or
- a court or tribunal order, or
- where a duty of care exists.
2.1. How we might contact you
MTC may contact you in a variety of ways, including by post, email, SMS and telephone call. We will not send you any commercial electronic messages such as SMS or emails unless this is permitted by the applicable marketing laws including the Spam Act 2003 (Cth).
Any commercial electronic message that we send will identify the sender (by the specific entity) and will include our contact details. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please let us know. Our contact details are provided at the end of this Policy.
MTC may also record telephone conversations for quality, compliance and training purposes. MTC will seek your express consent prior to any recording.
2.2. Information used for Marketing Purposes
(a) MTC may use your personal information to send you communications and information about our services for direct marketing purposes, if either we have obtained your consent, or you could reasonably expect us to use the information for that purpose. We will use your preferred method of communication where known. MTC will provide an ‘opt-out’ option in relation to receiving marketing communications.
(b) MTC will only use your sensitive information to send you communications and information about our services for direct marketing purposes, if we have obtained your consent.
(c) MTC may also contact you to request your participation in providing content for marketing and promotional materials associated with MTC programs and services. MTC will obtain your written consent, including an option to remain anonymous or to use a pseudonym to protect your identity.
2.3. Website and online presence privacy
(a) MTC’s website (www.mtcaustralia.com.au) uses ‘cookies’ (small summary files with unique identification numbers) which are sent to your computer in order to assist the browsing session, and saves your ‘cookie’ identification and preferences for future sessions. You may have the option to configure your web browser to opt out of receiving ‘cookies’ or to reject at each session.
(b) MTC utilises a number of social media platforms such as: Facebook, LinkedIn and YouTube to publish content and as a communication channel for use in marketing and promotion of MTC’s programs and services. Each of these platforms provide options regarding user privacy settings, which you may customise to restrict access to any content or information which may be viewed, collected and used by other people using the platform.
(c) MTC is not responsible for the privacy practices, data collection methods and security used by these sites. We encourage you to read the privacy policies of any website you link to from our website or emails.
3. Kinds of personal and sensitive information collected and held
(a) The personal information MTC collects is information which, on its own or collectively, could be used to identify you. Typically the types of information would include:
- Contact details: Name, email address, telephone number, mailing or residential address
- Personal details: Date of birth, occupation and work and education history
- Online information: Information provided directly by you using MTC’s website or other online platforms and may include photographs
(b) The sensitive information MTC collects, is only collected for a particular purpose which is reasonably necessary in order for MTC to provide the most appropriate service and assistance. Examples of the types of sensitive information, and the circumstances in which we will collect it, include:
- Background checks: As required by a particular situation, such as those needed for pre-employment checks including; police checks or working with children or vulnerable people checks. In this instance, we may collect sensitive information such as your criminal record
- Cultural background: Where particular assistance, such as interpreter services, may be needed in order to provide appropriate services. In this instance, we may collect sensitive information such as your racial or ethnic origin
- Medical information: Where a medical condition, injury or disability may need to be considered in order to ensure suitable employment opportunities or activities are identified. In this instance, we may collect sensitive information such as your medical conditions, injuries, disabilities or medications, as well as medication preferences
- Membership information: Where information about membership of a professional or trade may provide accreditation necessary for particular employment or education opportunities. In this instance, we may collect sensitive information such as your membership of trade unions, or of your membership of professional or trade associations
4. How personal information is collected and held
(a) MTC will collect your personal and sometimes sensitive information, only as necessary and in order to provide the range of services to you as part of the particular program provided.
(b) Where practical and reasonable, MTC will obtain your consent and agreement to collect, use and disclose personal information directly from you at the commencement of MTC providing our services. This information is usually collected during group and individual meetings and classroom and other activities. This collection will generally outline:
- the types of personal information being collected, and
- the reasons for collection and the situations where the information may be shared or disclosed to other parties outside MTC’s operation.
(c) MTC will not collect your sensitive information without your consent, except where the collection is required or authorised by law.
(d) Where impractical and/or unreasonable to collect personal and/or sensitive information from you directly, MTC may also collect personal and/or sensitive information indirectly from other parties, such as from:
- referring Government agencies and departments such as Centrelink, and
- secure Government department databases, and
- referring service providers.
(e) MTC provides secure storage of the records held which contain your personal and sometimes sensitive information, as follows:
- Hard-copy paper records are stored in lockable filing cabinets which are only accessible to authorised MTC personnel, and
- Soft-copy electronic records are stored within the following secure systems:
- password controlled Government department databases, and
- approved third party data storage services, and
- password controlled networked files, which are protected from unauthorised access and are regularly backed-up to prevent loss.
(f) MTC regularly monitors both its hard-copy and soft-copy files containing personal and sometimes sensitive information to ensure the appropriate level of security is maintained. This occurs through both physical and automated auditing and monitoring activities.
(g) It is your right to be dealt with by us anonymously, provided that it is lawful and practicable. We will try to accommodate a request for anonymity wherever possible. However, we note that in some circumstances, this may prevent us from practically and effectively communicating with you, as well as providing our services to you. If this is the case, we will notify you.
(h) MTC has an obligation as part of the Notifiable Data Breach Scheme to notify the Privacy Commissioner and the affected individuals, should a data breach occur under the following circumstances:
- where there is a loss or potential loss of personal and/or sensitive information, and
- where there is a risk of unauthorised access to or disclosure of data containing personal and/or sensitive information, and
- there is likely to be serious harm caused in relation to an individual or group of individuals.
5. Likely overseas disclosures
(a) Occasionally, MTC may use overseas facilities or contractors to process personal and/or sensitive information which is collected and used as part of the delivery of our services. As a result, your information may be stored on overseas servers when we use these facilities or contractors. However, any storage of your personal and/or sensitive information overseas does not change our commitment to safeguarding your privacy.
(b) MTC occasionally uses website analytics platforms to:
- track website traffic information, including IP addresses, to improve website design for marketing purposes, and
- collect responses to client surveys, to improve the delivery of MTC services.
These platforms utilise overseas servers located in Singapore, the United States and other overseas locations.
(c) We take reasonable steps to:
- ensure that overseas service providers are subject to privacy laws which impose obligations which are substantially similar to those contained in the Privacy Act, and
- ensure the security of personal and/or sensitive information that is disclosed overseas, and to protect it against loss, misuse or unauthorised access, destruction, use, modification or disclosure.
6. Accessing and seeking correction of personal and/or sensitive information
(a) MTC will take reasonable steps to ensure that your personal and/or sensitive information is accurate, complete, up-to-date and relevant to the purpose of the use or disclosure. You are encouraged to help us keep your personal and/or sensitive information accurate, complete and up-to-date by contacting your consultant at the local office where you are registered or through MTC’s contact details listed in this Policy.
(b) MTC reserves the right to take reasonable steps to ensure, when requests for correction to personal and/or sensitive information are made, that:
- the requests relate to the purpose for which the information is held, and
- the corrected information is accurate, up to date, complete, relevant and not misleading, and
- that the person seeking access to and correction is in fact the individual to whom the data relates, or is otherwise entitled to access the data
7. Complaints about a privacy breach
(a) MTC has established processes for handling feedback, questions or complaints about MTC’s privacy practices. MTC should be contacted in the first instance as follows:
(b) MTC will acknowledge the receipt of any feedback, questions or complaints received within 24 hours and provide a formal response after investigation within 5 business days (being days which are not Saturdays, Sundays or public holiday in New South Wales).
(c) All other concerns relating to the Privacy Act and APP’s, may be referred for resolution to:
8. Amending this Policy
(a) We have the right to amend this Policy at any time by posting a revised version on our website.
(b) If we have your email address on our mailing list, then we will email that address with notice of any changes to this Policy. If we use your information in a method substantially different from that communicated when it was collected, we will endeavour to seek your consent, and give you the option to cease using our services.
9. Policy administration
(a) The General Manager Risk is responsible for reviewing and updating this Policy, and is responsible for seeking legal advice as needed when maintaining this Policy.
(b) The executive leadership team of MTC (ELT) has responsibility for the management of legal compliance obligations within its area of control including promoting, monitoring and upholding a positive legal compliance culture and identifying the need to engage the General Manager Risk for support and/or training.
(c) The chief executive officer of MTC (CEO) has overall responsibility for ensuring MTC fulfils its legal obligations and effectively manages any risk exposure that may result from compliance failures and providing formal assurance to MTC’s board as to the state of compliance at MTC.
10. Consultation and approval
The CEO, the ELT and MTC’s legal counsel were consulted in the development of this Policy.
The Policy has been approved by the CEO.
Version 5.1. Updated 06/072022.