1. Introduction

    The Department of Education and Training (‘the department’) is responsible for national policies and programmes that help Australians access quality and affordable childcare; early childhood education; school education; post-school, higher education; international education and academic research.

    More information is available on the Department of Education and Training website.

    1. Who should read this privacy policy?

      You should read this privacy policy if you are:

      • a student;
      • a parent or guardian;
      • a child care provider;
      • a principal or teacher;
      • an academic or researcher;
      • a participant in a programme or service delivered by us;
      • a contractor, consultant, or supplier of goods or services to us;
      • an applicant for a grant or a tenderer for a contract provided by us;
      • a policy stakeholder who works with us;
      • a person whose information may be given to us by a third party, including other Australian Government agencies
      • an entrant in a competition conducted by us;
      • a current or past employee;
      • a person seeking employment with us;
      • any other individual whose personal information we may collect or hold from time to time.
    2. Purpose of this privacy policy

      The purpose of this privacy policy is to:

      • describe the types of personal information that we collect, hold, use and disclose;
      • outline our personal information handling systems and practices;
      • enhance the transparency of our management of personal information;
      • explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected;
      • notify whether we are likely to disclose personal information to overseas recipients and, if possible, to whom;
      • provide information on how you can access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.

      This privacy policy has been developed to follow the ‘layered policy’ format, which means that it offers layers of greater or lesser detail so people can read as much as they wish and find what they need fast.

      For a snapshot of our personal information handling practices, please go to the Condensed Privacy Policy. This offers an easy to understand summary of:

      • how we collect, use, disclose and store your personal information; and
      • how you can contact us if you want to access or correct personal information we hold about you.

      Full details of these practices are contained in this document.

    3. Privacy Act 1988

      The department, including its employees, contractors and agents, is subject to the Privacy Act 1988 (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.

      The APPs regulate how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information and how you can access and correct that information.

      Personal information’ means information (or an opinion), whether true or not, in any form that can identify a living person1.

      The APPs only apply to information about individuals, not information about corporate entities such as businesses, firms or trusts. Detailed information and guidance about the APPs can be found on the website of the Office of the Australian Information Commissioner (OAIC) – http://www.oaic.gov.au/.

    4. Information covered under this privacy policy

      This privacy policy has been developed in accordance with Australian Privacy Principle 1 and embodies our commitment to protecting the privacy of personal information.

      It covers how we collect and handle personal information, including sensitive information.

      ‘Sensitive information’ means personal information about you that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record2. Special requirements apply to the collection and handling of sensitive information.

      This privacy policy is not intended to cover our handling of commercially sensitive information or other information that is not defined in the Privacy Act as personal information.

  2. Our Personal Information Handling Practices

    1. Collection of personal information

      Personal information may be collected directly by us, or by people or organisations acting on our behalf (e.g. contracted service providers). It may be collected directly from you, or on your behalf from a representative you have authorised.

      We may also obtain personal information collected by other Australian Government agencies, state or territory governments, other third parties, or from publicly available sources. This will only occur where you consent, where it is unreasonable or impractical to collect the information only from you or where we are required or authorised to do so by law.

      We are also authorised to collect personal information (which may also be defined as ‘protected information’ where relevant) under a range of Acts that we administer. These include:

      Under the APPs, we will only collect information for a lawful purpose that is reasonably necessary or directly related to one or more of our functions and activities under the portfolio legislation listed above, or where otherwise required or authorised by law.

      When we collect personal information, we are required under the APPs to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our paper based forms and online portals.

    2. Types of personal information collected by us

      We collect and hold a broad range of personal information in records relating to:

      • employment and personnel matters for our staff and contractors (including security assessments);
      • the performance of our legislative and administrative functions;
      • individuals participating in our funded programmes and initiatives;
      • the management of contracts and funding agreements;
      • the management of fraud and compliance investigations;
      • the management of audits (both internal and external);
      • correspondence from members of the public to us and our Ministers and Parliamentary Secretaries;
      • complaints (including privacy complaints) made and feedback provided to us;
      • requests made to us under the Freedom of Information Act 1982(Cth); and
      • the provision of legal advice by internal and external lawyers.

      This personal information may include but is not limited to:

      • your name, address and contact details (e.g. phone, email and fax);
      • photographs, video recordings and audio recordings of you;
      • information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children);
      • information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests);
      • information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence);
      • information about your employment (e.g. work history, referee comments, remuneration);
      • information about your background (e.g. educational qualifications, the languages you speak and your English proficiency);
      • government identifiers (e.g. Centrelink Reference Number or Tax File Number);
      • information about assistance provided to you under our funding arrangements; and
      • information about entitlements under Australian Government legislation.

      More detailed information can be found in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.

    3. Collection of sensitive information

      In carrying out our functions and activities we may collect personal information that is sensitive information (see section 1.4). The APPs impose additional obligations on us when collecting, using or disclosing sensitive information. We may only collect sensitive information from you:

      • where you provide your consent; or
      • where required or authorised by law; or
      • where a permitted general situation exists such as to prevent a serious threat to safety.3

      We also collect sensitive information where authorised to do so for the purposes of human resource management, fraud investigations, taking appropriate action against suspected unlawful activity or serious misconduct, and responding to inquiries by courts, tribunals and other external review bodies. More detailed information on our sensitive information holdings is contained in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.

    4. Collecting personal information from children and young people

      In carrying out our functions and activities we may collect personal information about children and young people, either directly from them, through their parents or guardians, or from their education providers. Where children and young people are over the age of 16, our general policy is to collect information directly from them as they are likely to have the capacity to understand any privacy notices provided to them and to give informed consent to collection. For children under the age of 16, or where capacity to provide consent is at issue, our policy is that a parent or guardian will be notified and their consent sought.

    5. Collection of unsolicited information

      Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without prior request.

      Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.

    6. How we collect personal information

      We primarily use forms, online portals and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us.

      We may also collect your personal information if you:

      • communicate with us by telephone, mail, email, fax or SMS;
      • attend a face to face meeting or event conducted by us or our contractors;
      • use our website;
      • interact with us on our social media platforms.

      For further information on what information we collect online see section 2.12 of this privacy policy.

      As noted at section 2.1, in certain circumstances we may collect and receive personal information about you from third parties including other Australian Government agencies and state and territory governments.

    7. Remaining anonymous or using a pseudonym

      We understand that anonymity is an important element of privacy and you may wish to remain anonymous, or use a pseudonym when interacting with us.

      In many cases you will be able to advise us that you wish to remain anonymous or use a pseudonym during your contact with us, however in circumstances where it is likely we would need to collect your personal information, such as to resolve a dispute or provide you with a service, we will notify you accordingly at the time of collection.

    8. Information collected by our contractors

      Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.

    9. Storage and data security

      1. Storage

        We hold personal information in a range of paper-based and electronic records, including cloud computing.

        Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government’s records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities. This ensures your personal information is held securely.

      2. Data security

        We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.

        Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.

        Electronic and paper records containing personal information are protected in accordance with Australian Government security policies including the Attorney General’s Department’s Protective Security Policy Framework and the Australian Signals Directorate’s Information Security Manual.

        We conduct regular audits to ensure we adhere to these policies.

    10. Data quality

      We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.

      These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. For further information on correcting personal information see section 3 of this privacy policy.

      Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.

    11. Purposes for which information is collected, held, used and disclosed

      We collect personal information for a variety of different purposes relating to our functions and activities including:

      • performing our employment and personnel functions in relation to our staff and contractors;
      • performing our legislative and administrative functions;
      • policy development, research and evaluation;
      • complaints handling;
      • programme management;
      • contract management; and
      • management of correspondence with the public.

      We use and disclose personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.

      More detailed information about the primary purposes for which we collect, hold, use and disclose personal information is in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.

      We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.

      Likely secondary purposes for which we may use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.

    12. Our website

      1. Log information (browsing)

        When you use our online services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name (for example, .com, .gov, .au, .uk, etc), the date and time of visit to the site, the pages accessed and documents viewed, the previous sites visited, the browser type, the browser language, and one or more cookies that may uniquely identify your browser.

        No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.

      2. Cookies

        A cookie is a small file containing a string of characters to your computer that uniquely identifies your browser. It is information that your web browser sends back to our website server whenever you visit it again.

        We use cookies to ‘remember’ your browser between page visits. In this situation, the cookie identifies your browser, not you personally. No personal information is stored within our cookies.

      3. Google Analytics

        We use Google Analytics to collect information about visitors to our website. Google Analytics uses first-party cookies and JavaScript code to help analyse how users use the site. It anonymously tracks how visitors interact with this website, including how they have accessed the site (for example from a search engine, a link, an advertisement) and what they did on the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser.

      4. Links to External Websites

        Our website includes links to other websites. We are not responsible for the content and privacy practices of other websites. We recommend that you examine each website’s privacy policy separately.

      5. Electronic communication

        There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post, fax or telephone (although these also have risks associated with them).

        We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.

    13. Disclosure of personal information overseas

      We will, on occasion, disclose personal information to overseas recipients. The situations in which we may disclose personal information overseas include:

      • the publication on the internet of material which may contain personal information, such as departmental reports and other documents; photographs, video recordings and audio recordings; and posts and comments on our social media platforms;
      • the provision of personal information to overseas researchers or consultants (where consent has been given for this or we are otherwise legally able to provide this information);
      • the provision of personal information to recipients using a web-based email account where data is stored on an overseas server; and
      • the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).

      We will not disclose your personal information to an overseas recipient unless one of the following applies:

      • the recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles, including mechanisms for enforcement;
      • you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
      • disclosure is required or authorised by law;
      • disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.

      It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.

      However, you may contact us (see 5.1 of this privacy policy) to find out which countries, if any, your information has been given to.

    14. Accidental or unauthorised disclosure of personal informationWe will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. The department follows the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.

  3. Accessing and Correcting Your Personal Information

    1. How to seek access to and correction of personal information

      You have a right under the Privacy Act to access personal information we hold about you.

      You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

      To access or seek correction of personal information we hold about you, please contact us using the contact details set out at section 5.1 of this privacy policy.

    2. Our access and correction process

      If you request access to or correction of your personal information, we must respond to you within 30 calendar days.

      While the Privacy Act requires that we give you access to or correct your personal information on request, it does set out circumstances in which we may refuse you access or decline to correct your personal information.

      If we refuse to give you access or decline to correct your personal information we will provide you with a written notice which, among other things, gives our reasons for refusing your request.

      It is also possible to access and correct documents held by us under the Freedom of Information Act 1982. For information on this, please contact our FOI Coordinator (contact details are available on the Freedom of Information page of our website).

      For further information on requesting access to or correction of your personal information please read our Guide to Accessing and Correcting Your Personal Information document on our website.

    3. If you are unsatisfied with our response

      If you are unsatisfied with our response, you may make a complaint, either directly to us (see section 5.1 below), or you may wish to contact:

    4. Complaints

      1. How to make a complaint

        If you think we may have breached your privacy you may contact us to make a complaint using the contact details set out at section 5.1 of this privacy policy. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.

        Please be aware that it may be difficult to properly investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint, however if you do it may not be possible for us to provide a response to you.

      2. Our complaint handling process

        We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately. You will not be victimised or suffer negative treatment if you make a complaint.

        For further information about our complaint handling process please read our Privacy Complaint Handling Policy document on our website.

      3. If you are unsatisfied with our response

        If you are not satisfied with the way we have handled your complaint in the first instance, you may contact the Office of the Australian Information Commissioner to refer your complaint for further investigation. Please note that the Information Commissioner may not investigate if you have not first brought your complaint to our attention.

        Office of the Australian Information Commissioner
        Telephone: 1300 363 992
        Email: enquiries@oaic.gov.au
        Post:  GPO Box 5218
        Sydney NSW 2001

  4. Contact Us

    1. General enquiries, complaints, requests for access or correction

      If you wish to:

      • query how your personal information is collected, held, used or disclosed by us;
      • ask us questions about this privacy policy;
      • request access to or seek correction of your personal information; or
      • make a privacy complaint;

      please contact us:

      By mail:
      Privacy Contact Officer
      People, Communication and Legal Group
      Department of Education and Training
      GPO Box 9880
      Canberra ACT 2601

      By email:

      By telephone:
      13 33 97 (please note this our main number)

    2. Availability of this privacy policy

      If you wish to access this privacy policy in an alternative format (e.g. hard copy) please contact us using the contact details set out at section 5.1 above. This privacy policy will be made available free of charge.

  5. Privacy Policy Updates

    This privacy policy will be reviewed frequently and updated as required.



Date policy last updated: 13 March 2014

1 See section 6 of the Privacy Act 1988 and the APP Guidelines issued by the Office of the Australian Information Commissioner.

2 As above.

3 For further information on the range of ‘permitted general situations’ see APP Guidelines – Chapter C