This policy affects all employees, contractors, and clients of Small Candle Consulting. Employees and contractors will use this policy to inform their actions when dealing with the personal information of others. Clients will access this policy to understand how Small Candle Consulting will collect and manage their personal information, how they can request access and correct personal information and how they can lodge a complaint regarding our handling of their personal information.
Examples of personal information includes name, address, date of birth, gender, contact details, schooling, employment status, background, identification, CV, qualifications, tax file number, bank account details and superannuation details.
As an Australian Privacy Principles (APP) Entity, Small Candle Consulting is committed to dealing with personal information collected and held in our organisation in a manner consistent with the Privacy Amendment (Enhancing Privacy Protection) Act 2012; and in line with other relevant legislation that may require us to collect, hold or disclose personal information. Small Candle Consulting collects personal information where that information is reasonably necessary for, or directly related to one or more of our functions or activities.
We collect personal information from a range of stakeholders including but not limited to:
The types of personal information that Small Candle Consulting will collect depends on the nature of the stakeholder’s dealings with us. For example, we will collect personal information directly when people:
Small Candle Consulting collects and holds personal information under the APP Principles to: enable processing of client enrolment; provide services; communicate with learners in relation to their studies; and national reporting and planning and coordination of support services. Information provided by learners may be disclosed to Centrelink, NCVER, Department of Education and Training, sponsor/ employers or where required by law.
We also collect personal information about our employees and contractors (personnel records) and prospective employees.
The types of information we collect, and hold may include:
Small Candle Consulting will not collect sensitive information about an individual, unless the individual consents to the collection of the information and the information is reasonably necessary for one or more of the entity’s functions or activities.
Personal information is solicited directly from individuals for necessary business functions and activities. Examples include completing a web form to enrol in a training program, emails sent to us, forms submitted, contracts signed, or by individuals visiting our website.
Learner information is retained in accordance with the Territory Records Management Act Records Disposal Schedule – Tertiary Student Management Records September 2007. Individual personal information is held in secure filing areas and/or on our secure data network.
Small Candle Consulting takes all reasonable steps to protect the personal information that we hold against loss, unauthorised access or interference, modification or disclosure or other misuse.
Small Candle Consulting will protect any personal information through log information (browsing) or information contained in Cookies against misuse.
Small Candle Consulting takes reasonable steps to make sure that individual personal information we collect and store is accurate, relevant, up-to-date, complete and not misleading.
On request, Small Candle Consulting will provide access for an individual to review and if necessary, correct their personal information. Exceptions to this include when:
A request for access should be addressed to the Managing Director and a decision will be provided within a reasonable period (2 weeks). If access is refused, Small Candle Consulting will provide written notice stating the reasons for the refusal and the complaint mechanism available.
Small Candle Consulting will not disclose personal information to overseas recipients without authorisation.
Australian Privacy Principles (APPs)
The 13 Australian Privacy Principles (APPs) replace the National Privacy Principles (NPPs) for organisations from 12 March 2014. The APPs are found in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
The APPs are a single set of principles that apply to both agencies and organisations, which are together defined as APP entities. While the APPs apply to all APP entities, in some cases, they impose specific obligations that apply only to organisations or only to agencies.
Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information is defined in the Privacy Act to mean information or an opinion about a person’s:
Clients (including learners)
A person or organisation using the services of Small Candle Consulting.
Any person employed by Small Candle Consulting (full and part time core staff, contractors, facilitators, tutors, casuals).