Privacy policy

Didasko International Pty Ltd ACN 146241223 T/A Didasko Learning Resources (DLR) provides digital training and assessment resources via our online portal Didasko Online and other channels.

Protecting your privacy is very important to DLR and we are committed to maintaining the security of all personal information provided to us by our clients, staff, visitors to and users of our website, Didasko Online or via other channels. This Privacy Policy details how we collect, use and manage this personal information.

DLR at all times remains committed to observing its obligations and requirements under the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs) contained in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which took effect on 12 March 2014. This Privacy Policy is provided in response to these recent changes.

We reserve the right to amend this Privacy Policy from time-to-time and the revised policy will take effect from the time it is posted on our website.

What is personal information

Let’s start with some definitions. Personal information under the Privacy Act means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether:

  • the information or opinion is true or not; and
  • the information or opinion is recorded in a material form or not
  • the information or opinion as published or broadcasted or not.

    Sensitive information under the Privacy Act means:

    1. information or an opinion about an individual’s:
      1. racial or ethnic origin;
      2. political opinions;
      3. membership of a political association;
      4. religious beliefs or affiliations;
      5. philosophical beliefs;
      6. membership of a professional or trade association;
      7. membership of a trade union;
      8. sexual orientation or practices;
      9. criminal record;
    2. that is also personal information;
    3. health information about an individual;
    4. genetic information about an individual that is not otherwise health information;
    5. biometric information that is to be used for the purpose of automated biometric verification or biometric identification;
    6. biometric templates.

    DLR does not generally make it a practice to collect sensitive information; however, we may collect information about clients and their students, in the form of names, email addresses and student numbers in the administration of Didasko Online.

    Management of personal information

    DLR is committed to the open and transparent management of personal information. This policy is made available on DLR’s website and will be made available free-of-charge upon an individual request.

    Under APP 1.4 there is an obligation on us to provide the following information in our privacy policy:

    What personal information do we collect and hold?

    Depending on your particular circumstances, we may collect and hold a range of different information about you. This may include: your name, date of birth, contact details (including address, email address, phone number or mobile telephone number), employee records, next of kin contact details, nationality, passport visa information (if required) and information about how you use our products and services. This is not an exhaustive list and we may need to collect additional personal information from you as part of our service provision from time-to-time in which event we will notify you.

    How we collect Personal Information?

    DLR collects personal information in a number of ways, including:

    • directly from you, for example, when you provide information by phone, in registration forms or any other agreements, or when you submit your personal details through our website or contact email addresses
    • from publicly available sources of information;
    • from our own records of how you use our services;
    • when legally required to do so - for example under the Privacy Act.

    How we hold personal information - Storing and security of personal information

    All personal information is stored securely at DLR offices in paper and electronic form. Digital information is stored in the Learning Management System (Didasko Online)

    The security of personal information is important to us and we take reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure. This includes:

    • Requiring our staff to maintain privacy and confidentiality;
    • Document storage security measures;
    • Imposing computer access security measures including password protection.

    The purposes for which we hold, collect and use personal information

    DLR maintains personal information on clients, students, employees and other stakeholders, firstly in order to provide information relating to the operation, of resource development and LMS services, and secondly to provide information that may assist the business operations of DLR.

    In exceptional (and very rare) circumstances this information may be provided to another organisation for purposes of providing information on matters which may assist the business operations of DLR subject at all times to the application of the APPs.

    Accessing your own personal information & seeking correction

    At all times you are entitled to access your own personal information held by DLR and to seek to have it corrected. Please contact the Privacy Officer below should you wish to do this.

    Complaint process for a breach of the Australian Privacy Principles

    If you have a complaint about how we collect, hold, use or disclose your personal information or a privacy related issue such as a refusal to provide access or correction, or any breach or perceived breach of the APPs by DLR then please use our complaints process so that we can deal with your complaint effectively and efficiently.

    1. Contact us – please contact us on the email below with your complaint so that we have an opportunity to address the problem and rectify it. We will endeavour to provide you with a response within 5 business days or as soon as reasonably practicable.
    2. Internal Review – If you are not satisfied with the outcome of your complaint, then you can request a review by the CEO of DLR. The review process will usually provide you with a decision within 25 business days of receiving your complaint or as soon as reasonably practicable.
    3. External Review – If you remain dissatisfied then you are entitled under law to take your complaint to the Office of the Australian Information Commissioner (AOIC) by visiting www.oaic.gov.au

    Disclosing Personal Information & overseas recipients

    DLR has recently commenced using a cloud computing service as set out under its Data Security Statement (including use of Didasko Cloud Service – click to follow link to this document). It is unlikely that the use of such a service by DLR will result in the 'disclosure' of any personal information to an overseas recipient or a 'use' of personal information by an overseas recipient. However, if it is determined that the use of such a service constitutes a 'disclosure' of personal information then DLR will take such reasonable steps as are required to ensure that any overseas recipient does not breach the APPs. Where it is determined that the provision of such a service to DLR represents a 'use' of personal information by an overseas recipient, DLR accepts that any handling personal information, including any acts or practices of the service provider, will be treated as been having done by DLR for the purposes of the APPs. including APP 8.

    Countries in which it is likely that there will be a disclosure of personal information through the use of a cloud computing service

    DLR uses a cloud computing service provider with infrastructure that includes providing Platform Services from 25 data centers located within the USA and in locations outside of the USA including Sydney, Melbourne, Hong Kong, Singapore and Tokyo. For further information please refer to the Didasko Security Statement.

    Management of personal information

    Under APP 2, you have at all times the option of not identifying yourself or using a pseudonym when dealing with DLR.

    This right is subject at all times to whether it is impracticable for DLR to deal with you anonymously or by using a pseudonym and we are happy to discuss any concerns you may have in this area by contacting us using the link below.

    Collection of personal information

    DLR will only collect personal information that is necessary to its business functions and activities.

    At all times DLR will only collect personal information by lawful and fair means and at all times subject to the requirements of APP 3.

    Dealing with unsolicited personal information

    Where DLR receives unsolicited personal information it will within a reasonable time of receipt determine whether or not it would have collected the information under APP 3 if DLR had solicited the information. If DLR determines that it would not have collected the unsolicited personal information, it will as soon as practicable either de-identify or destroy the information, if lawful to do so, unless the information can be managed otherwise in accordance with APP 3.

    Notification of collection of personal information

    DLR will ensure that an individual is notified as soon as practicable about:

    • the types of personal information that is being collected
    • the purpose for which information is being collected
    • which information is likely to be disclosed to other parties, and for what purpose, including any overseas recipients if relevant
    • how an individual can access and/or seek to amend the personal information held by DLR
    • how to lodge a complaint about a potential/actual breach of the APPs
    • whether DLR is likely to disclose the personal information to any overseas recipients (as referred to above and in the Didasko Security Statement) and the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them
    • and otherwise comply with the notice obligations under APP 5

    Where DLR has collected personal information from someone other than the individual, DLR will take reasonable steps to notify the individual that information was collected.

    Dealing with personal information

    DLR will only use and disclose personal information for the particular purpose (primary purpose) for which it was collected or a related purpose where you would reasonably expect the use or disclosure of personal information.

    DLR will not use or disclose personal information for another purpose (secondary purpose) unless you consent.

    We may use or disclose personal information without your consent in exceptional circumstances, as defined set out under APP 6 including where:

    • you would reasonably expect use/disclosure of the information for the secondary purpose and the secondary purpose is:
      1. if the information is sensitive information – directly related to the primary purpose; or
      2. if the information is not sensitive information – related to the primary purpose (APP 6.2(a))
    • use/disclosure is required by Australian law or a court/tribunal order (APP 6.2 (b))
    • it is necessary to prevent a threat to a person’s health or safety (APP 6.2(c))
    • use/disclosure is required by Australian law or a court/tribunal order (APP 6.2 (b))
    • use/disclosure is necessary to prevent a threat to a person’s health or safety (APP 6.2(c))
    • use/disclosure is reasonably necessary in relation to a legal claim (APP 6.2 (c))
    • use/disclosure is required during dealings with law enforcement agencies or government bodies
    Direct marketing

    DLR will not use personal information that it holds for the purpose of direct marketing in accordance with APP 7.1.

    Despite APP 7.1, we may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:

    1. DLR collected the information from you; and
    2. you would reasonably expect us to use or disclose the information for that purpose; and
    3. we provide a simple means by which you may easily request not to receive direct marketing communications by means of a simple ‘opt out’ facility (which is always provided); and
    4. you have not made such a request to DLR.

    Despite APP 7.1, DLR may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:

    1. DLR collected the information from:
      1. you would not reasonably expect DLR to use or disclose the information for that purpose; or
      2. someone other than you; and
    2. either:
      1. you have consented to the use or disclosure of the information for that purpose; or
      2. it is impracticable to obtain that consent; and
    3. we provide a simple means by which you may easily request not to receive direct marketing communications; and
    4. in each direct marketing communication with you:
      1. we include a prominent statement that you may make such a request; or
      2. we otherwise draw your attention to the fact that you may make such a request; and
    5. you have not made such a request to DLR.

    Despite APP 7.1 DLR may use or disclose sensitive information about you for the purpose of direct marketing if you consented to the use or disclosure of the information for that purpose.

    Other marketing activities

    1. For the purposes of marketing planning, DLR uses Google Analytics. This information is of a general nature and not specific by individual.
    2. DLR’s Google Analytics account is password protected and access is only given to relevant parties involved in the marketing/media planning process.
    Adoption of government related identifiers

    DLR at all times will not adopt a government related identifier of an individual as its own identifier and at all times will abide by its obligations under APP 9.

    Integrity of personal information

    DLR will take reasonable steps to ensure the personal information it collects, uses and discloses is accurate, up to date and complete.

    DLR will take reasonable steps to ensure that the personal information that it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up‑to‑date, complete and relevant.

    Security of personal information

    DLR will take all reasonable steps to ensure that the personal information it holds is protected from misuse, loss, interference and unauthorised access, modification or disclosure.

    DLR will destroy or permanently de-identify personal information when it is no longer required for use or disclosure, and where DLR is not required to retain the information in accordance with an Australian law.

    Access to personal information

    DLR will allow you access to your personal information at your request, unless we deem that a valid exception to access applies (as per APP 12.3), this includes:

    • giving access poses a serious threat to the life, health or safety of any person
    • the information relates to existing or anticipated legal proceedings between DLR and the individual, and would not be accessible by the process of discovery in those proceedings
    • giving access is unlawful, or denying access is required by Australia law or a court/tribunal order
    • giving access would have an unreasonable impact on the privacy of other individuals

    All requests for access to personal information must be referred to the Privacy Officer using the link below. All requests will be responded to in a reasonable time and where possible, access will be given in the manner requested by the individual. DLR may charge the individual for giving access to the information (eg printing costs) however this charge will not be excessive nor will it apply to the making of the request.

    Where requests for access are refused, DLR will provide written notification of the reasons for refusal and refer the applicant to the DLR Complaints Policy

    Correction of personal information

    DLR will take reasonable steps to correct personal information where an individual requests DLR to correct the information or DLR identifies that the information held is inaccurate, out of date, incomplete, irrelevant or misleading or irrelevant.

    DLR will receive accept requests from individuals to correct that individual’s personal information in accordance with its obligations under APP 13. All requests for correction of personal information must be referred to the Privacy Officer.

    No charges will be incurred by the individual for the correction of personal information. Where requests for correction of personal information are refused, DLR will provide written notification of the reasons for refusal and refer the applicant to the DLR Complaints Policy

    If you have any enquiries or concerns about this policy or your personal information, please contact the General Manager or email: adam.cossar@didasko.com.