Privacy Policy
FIT College Pty Ltd Privacy Policy
Introduction
This Privacy Policy outlines how FIT College Pty Ltd (“we,” “us,” or “our”), as both a data controller and data processor, collects, uses, and protects the personal information of its data subjects (“you” or “your”) in accordance with the General Data Protection Regulation (GDPR) and relevant Australian privacy laws, including the Privacy Act 1988 and Australian Privacy Principles (APPs). Our commitment to your privacy is paramount, and this policy is designed to inform you about your rights and our obligations when processing your personal data.
In addition to our commitment to the GDPR, FIT College also complies with the Privacy Act 1988 and the associated APPs, as well as the Education Services for Overseas Students Act 2000. This ensures the protection of personal information for our employees, learners, and contractors within Australia, including international students.
Scope and Purpose
This GDPR Privacy Policy applies to the processing of personal data by FIT College Pty Ltd (“the Data Controller”) in the context of its activities within Australia. The purpose of this policy is to ensure that the Data Controller processes personal data in compliance with the GDPR and other relevant data protection laws applicable within Australia, to safeguard the privacy and protection of personal data of data subjects.
Definitions
GDPR means General Data Protection Regulation.
Data Controller means FIT College Pty Ltd, which determines the purposes and means of processing personal data.
Data Subject means an identified or identifiable individual to whom personal data relates.
Personal Information has the meaning defined by the Privacy Act 1988 and includes information or opinions about an identified individual, whether true or not, and recorded in any form.
Sensitive Personal Information includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, and more, as outlined in the Privacy Act 1988.
Principles of Data Processing
In compliance with the GDPR, FIT College commits to the following principles when processing personal data of Data Subjects:
Lawfulness, Fairness, and Transparency
Data processing shall be lawful, fair, and transparent to the Data Subject.
Purpose Limitation
Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimisation
The collection of personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy
Personal data shall be accurate and, where necessary, kept up to date.
Storage Limitation
Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary.
Integrity and Confidentiality
Personal data shall be processed in a manner that ensures appropriate security.
Accountability
The Data Controller shall be responsible for, and be able to demonstrate compliance with, the GDPR.
Data Subject Rights
In accordance with the GDPR, Data Subjects have the following rights regarding their personal data processed by the Data Controller:
Right of Access
Obtain confirmation of whether personal data is being processed and access to that data.
Right to Rectification
Correct inaccurate personal data.
Right to Erasure
Erase personal data under certain conditions.
Right to Restriction of Processing
Restrict processing under certain conditions.
Right to Data Portability
Receive personal data in a structured, commonly used, and machine-readable format.
Right to Object
Object to processing of personal data on grounds relating to their particular situation.
Right to Not be Subject to Automated Decision-making
Not to be subject to decisions based solely on automated processing.
FIT College ensures that individuals can access and correct their personal information. Access may be denied in specific situations, such as when it would pose a serious threat to health or safety or is otherwise unlawful.
Data Collected
FIT College collects various types of personal data from Data Subjects, which is essential for providing our services, complying with legal obligations, and enhancing our service offerings. The types of personal data collected include:
Personal identification information (e.g., names, email addresses, phone numbers).
Demographic information (e.g., age, education, gender).
Health and fitness information relevant to the provision of fitness and education services.
Payment information (e.g., credit card details, bank account information) for processing transactions.
Technical data (e.g., IP addresses, browser types) for improving website functionality and security.
In accordance with the National VET Provider Collection Data Provision Requirements, FIT College collects and maintains personal information necessary for training and assessment activities, including Unique Student Identifier (USI) numbers as required by the Student Identifier Act.
FIT College is required to securely retain completed VET student assessment items for at least two years following the student’s completion of the training product. This retention is necessary for audit, verification, and compliance with legal obligations.
Use of Data
This GDPR Privacy Policy outlines the use of personal data collected or received by the Data Controller. The Data Controller will process personal data of the Data Subject in accordance with the GDPR and applicable Australian data protection laws.
Personal information will not be disclosed to third parties without prior written consent unless required by Australian law. This includes maintaining confidentiality in training and assessment matters.
FIT College must verify with the Registrar a Student Identifier provided by an individual before using it for any purpose. This ensures the use of accurate and verified data in all operations, maintaining the integrity of student records.
FIT College will not issue AQF certification documentation to an individual without a verified Student Identifier unless an exemption applies under the Student Identifiers Act 2014. This measure is critical to ensure compliance with educational standards and legal requirements.
In cases where an exemption from the Student Identifier requirement applies, FIT College must inform the VET student prior to the completion of enrolment or commencement of training and assessment, whichever occurs first, that the results will not be accessible through the Australian Commonwealth and will not appear on any authenticated VET transcript prepared by the Registrar.
Disclosure under the ESOS Act
FIT College complies with the Education Services for Overseas Students Act 2000 (ESOS), which permits the disclosure of a learner’s personal information under specific circumstances, while adhering to the principles of the Privacy Act and ensuring appropriate safeguards are in place. These circumstances include:
Government Agencies
Personal information may be disclosed to relevant Australian government agencies, such as the Department of Home Affairs for visa compliance, the Department of Education, and the Tuition Protection Service (TPS).
Compliance Purposes
Student details may be shared to ensure adherence to ESOS Act regulations, including monitoring attendance, academic progress, and visa conditions.
Student Welfare Concerns
In cases where a student’s safety or wellbeing is at risk, information may be disclosed to appropriate authorities.
Written Agreements
FIT College ensures that written agreements with students outline the circumstances under which their personal information can be disclosed.
PRISMS System
The Provider Registration and International Students Management System (PRISMS) is used to report student information to the government as required.
Specific Situations
FIT College must share personal information in the following situations:
Reporting to relevant authorities if a student fails to attend classes regularly.
Discussing with the student and potentially reporting to the government if academic standards are not met.
Communicating changes or risks to a student’s visa status to appropriate immigration authorities.
Sharing relevant information to facilitate a student’s transfer to another education provider.
Sharing of Personal Information and Correspondence
FIT College Pty Ltd ("we," "us," or "our") may share your personal information with our related entities for purposes consistent with this Privacy Policy. These purposes include, but are not limited to, improving our service offerings, conducting market research, and providing you with information about products and services that may interest you.
Consent to Receive Correspondence
By accepting this Privacy Policy, you consent to receive correspondence, including newsletters, promotional materials, and other communications, from our related entities. You may opt out of receiving such communications at any time by following the unsubscribe instructions provided in the communication or by contacting us directly.
Data Protection and Compliance
We ensure that our related entities comply with applicable data protection laws, including the GDPR and the Privacy Act 1988, when handling your personal information. Your data will only be shared with entities that provide adequate protection and adhere to our privacy standards.
Consent and Withdrawal
In compliance with the GDPR, the Data Controller requires the consent of the Data Subject for processing personal data where consent is the legal basis for processing. Consent must be freely given, specific, informed, and unambiguous, indicated by a clear affirmative action. Data Subjects have the right to withdraw their consent at any time, and it shall be as easy to withdraw as to give consent. Where we rely on other legal bases for processing (such as contractual necessity, legal obligation, or legitimate interests), we will clearly inform you of the basis and purpose of processing.
For direct marketing purposes, FIT College requires explicit consent and provides an easy opt-out mechanism for individuals who wish not to receive such communications.
Data Security Measures
In compliance with the GDPR and relevant Australian privacy laws, FIT College commits to implementing comprehensive data security measures to protect the personal data of Data Subjects. This includes:
Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems.
Regular testing and evaluation of security measures.
Adopting data encryption and using secure communication protocols.
Limiting access to personal data to those who have a business need to know.
Responding promptly to any data security breaches.
FIT College must ensure that VET students’ personal information is securely maintained in accordance with applicable privacy laws. This entails a responsibility to protect personal data from unauthorised access, use, or disclosure, ensuring that all security measures are aligned with both GDPR and Australian privacy standards.
FIT College is committed to the confidentiality and secure storage of all personal information, ensuring that it is protected against unauthorised access, misuse, and disclosure. We maintain a current privacy policy to safeguard all information obtained in the course of our operations.
Data Breach Notification
In compliance with the GDPR and the Notifiable Data Breaches scheme under the Privacy Act 1988, FIT College commits to notify:
The relevant supervisory authorities (including the Office of the Australian Information Commissioner and applicable EU authorities) within 72 hours of becoming aware of any data breach likely to result in a risk to the rights and freedoms of Data Subjects; and
The affected Data Subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
The notification will include the nature of the breach, categories and approximate number of individuals concerned, likely consequences, and measures taken or proposed to address the breach.
International Data Transfers .
FIT College may transfer personal data to countries outside of Australia and the European Economic Area (EEA) only where:
The receiving country has been deemed to provide an adequate level of protection by the European Commission;
Appropriate safeguards are in place, such as binding corporate rules, standard contractual clauses approved by the European Commission, or approved codes of conduct;
Specific derogations apply under the GDPR; or
Explicit informed consent has been obtained from the Data Subject after being informed of the possible risks of such transfers.
We maintain a register of international data transfers and implement appropriate technical and organisational measures to ensure data protection during transfer and processing.
Organisational Responsibilities
FIT College has appointed a Data Protection Officer (DPO), a responsible officer, who is responsible for overseeing compliance with this Privacy Policy, the GDPR, and other data protection laws. The DPO can be contacted at Suite 8, 102 Wises Road, Maroochydore, Queensland, 4558. The DPO’s responsibilities include:
Informing and advising on data protection obligations;
Monitoring compliance with data protection laws;
Providing advice on Data Protection Impact Assessments;
Acting as a contact point for data subjects and supervisory authorities;
Maintaining records of processing activities;
Conducting regular audits and training.
Critical Incident Policy
FIT College is committed to ensuring the safety and well-being of all students, staff, and stakeholders. In accordance with the National Code 2018, we have established a documented critical incident policy, including procedures to be followed in the event of a critical incident. A critical incident is defined as a traumatic event, or the threat of such, which causes extreme stress, fear, or injury.
Procedures for Critical Incidents
The critical incident policy outlines the immediate actions to be taken, the required follow-up, and the process for documenting the incident and actions taken.
Critical incidents may include, but are not limited to:
Missing students
Severe verbal or psychological aggression
Death, serious injury, or any threat thereof
Natural disasters
Issues such as domestic violence, sexual assault, drug or alcohol abuse
Non-life-threatening events may also qualify as critical incidents.
The policy provides contact details for the police and other organisations that can assist in such situations, including community/multi-cultural organisations or phone counselling services.
Any action taken regarding a critical incident will be recorded, including outcomes or evidence if referred to another person or agency. All documentation will adhere to information privacy principles, ensuring compliance with GDPR and applicable privacy laws.
When writing and implementing the critical incident policy and procedures, FIT College considers all relevant information privacy principles to protect individuals’ data and maintain confidentiality.
Policy Updates
This Privacy Policy may be updated from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When changes are made, we will revise the “Last Updated” date and notify you of significant changes through email or our website.
Complaints and Enquiries
If you have any complaints or enquiries about our data practices or this Privacy Policy, please write to us at FIT College Pty Ltd, Suite 8, 102 Wises Road, Maroochydore, Queensland, Australia, 4558.
We take all complaints seriously and will respond within a reasonable timeframe. If unsatisfied, you can lodge a complaint with the Australian Information Commissioner (OAIC).
Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of Australia. Any disputes arising in connection with this Privacy Policy shall be resolved by the competent courts of Australia, unless otherwise required by the laws of the jurisdiction where the Data Subject resides.