Privacy Policy and Procedure

General Overview

Medilife Pty Ltd is committed to maintaining the confidentiality and privacy of its personnel, student and client records. Medilife Pty Ltd complies with all aspects of the Commonwealth Privacy Act 1988 including the 13 Australian Privacy Principles (APPs) as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

This will cover details and information collected via our website, fax, phone, mail or electronic media. This policy focuses on Medilife’s commitment to protecting the privacy of its personnel, students and clients, and outlines the various ways in which it ensures this protection.

Staff Personal Information

To meet employment, legal and taxation obligations, Medilife Pty Ltd will collect personal information from staff as information is required. Information collected includes general personal details as well as emergency contact details.

Medilife Pty Ltd uses personal information of its staff for the purposes of meeting employment requirements including payroll, superannuation and taxation. Staff may access their personnel file at any time by submitting their written application to the Accounts Department. All records are securely stored and Medilife will make all reasonable efforts to protect confidential information.

Student Personal Information

As a Registered Training Organisation (RTO), Medilife Pty Ltd is regulated by the Australian Skills Quality Authority (ASQA), and is required to collect, hold, use and disclose a wide range of personal and sensitive information on clients and their staff enrolled as students in nationally recognised training courses. The information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 and associated legislative requirements such as:

• Standards for NVR Registered Training Organisations (RTOs) 2015
• Data Provision Requirements 2012
• National VET Data policy
• Student Identifiers Act 2014 (Cth)
• Student Identifiers Regulations
• AVETMISS standards

Medilife Pty Ltd is required to collect authentic personal information from students in order to process enrolments and obtain the information required to provide suitable training and assessment services. Information collected includes general personal details. Further information collected as indicated by the AVETMISS standards include details of any disability or health issue that may affect the student’s ability to undertake training and/or assessment activities, education levels, level of English spoken, are they Aboriginal/Torres Strait Islander, employment status and reason for attending the course. Medilife Pty Ltd collects all personal information in writing or online via secure system, by a personal details form, an enrolment form or an online student enrolment form, directly from the student whom the information is about. (Where applicable, information may be collected from the parent or guardian of a student under the age of 18.) This personal information may be accessed for the purposes of an audit by the ASQA.

Accessing Files

Students may access their files by submitting their written application to Student Administration. If at any stage a student’s personal details change throughout the course of training, or after completion, inform Medilife’s office so that the details can be amended. For certificate reprint requests a fee may apply. For any student request for access or certificate reprint, proof of I.D. will be required such as:

• Full legal name
• Date of Birth
• Serial number on I.D. given at time of enrolment such as driver’s licence, passport or birth certificate

A number of third parties, other than the student, may request access to a student’s personal information. Such third parties may include employers, parents or guardians, schools, Australian Apprenticeships Centres, Governments (Commonwealth, State or Local) and various other stakeholders.

In all cases where access is requested, Medilife Pty Ltd will ensure that:

• Parties requesting access to personal information are correctly vetted and identified
• Where legally possible, the individual to whom the information relates will be contacted to confirm consent (if consent not previously provided for the matter)
• Only appropriately authorised parties, for valid purposes, will be provided access to the information.

Medilife will maintain the privacy and security of personal information by all reasonable ways possible. Information is stored electronically using secure, password protected systems, such as financial system, learning/student management systems which are kept on a secure server. Access is restricted to authorised employees per system. The server is regularly backed up and kept in a secure location.

Paper based documents containing personal information are stored in a locked filing cabinet and held within a secure area within Medilife’s premises up to a period of six months and then safely destroyed by a secured document destruction company.

Student information will be stored electronically for 30 years as required by industry guidelines.

Website

Medilife Pty Ltd has taken strong measures to protect the security of your personal information and to ensure that your choices for its intended use are honored. We take strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

We guarantee your e-commerce transactions to be 100% safe and secure. When you place orders or access your personal account information, you’re utilising secure server software SSL, which encrypts your personal information before it’s sent over the Internet. SSL is one of the safest encryption technologies available.

Medilife Pty Ltd strictly protects the security of your personal information and honors your choices for its intended use. We carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

Application of Australian Privacy Principles

APP 1 — Open and transparent management of personal information

Medilife Pty Ltd manages personal information in an open and transparent way. Refer to document sections:

• Staff Personal Information
• Student Personal Information

APP 2 — Anonymity and pseudonymity

Medilife Pty Ltd allows individuals the option of not identifying themselves, or of using a pseudonym when making enquiries or in dealings that don’t require an individual’s actual details. Limited exceptions apply where Medilife Pty Ltd requires and must confirm identification such as information covered in:

• Staff Personal Information
• Student Personal Information

APP 3 — Collection of solicited personal information

Medilife Pty Ltd collects personal information that is reasonably necessary for our business operations. Sensitive information is collected in cases where the individual consents to the sensitive information being collected, except in cases where Medilife Pty Ltd is required to collect this information by law, such as outlined earlier in:

• Staff Personal Information
• Student Personal Information

All information collected is obtained only through lawful and fair means.

APP 4 — Dealing with unsolicited personal information

Medilife Pty Ltd may occasionally receive unsolicited personal information. Medilife Pty Ltd must, within a reasonable period after receiving the information, determine whether or not that it could have collected the information under Australian Privacy Principle 3 as if Medilife Pty Ltd had solicited the information.

Where Medilife Pty Ltd could not have collected this information (by law or for a valid business purpose) Medilife Pty Ltd will immediately destroy or de-identify the information (unless it would be unlawful to do so).

APP 5 — Notification of the collection of personal information

Every time Medilife Pty Ltd collects personal information about an individual or student, we take every care to inform the individual/student of the details of the information collected or otherwise ensure the individual is aware of those matters at the point of collection. Notifications to individuals/students on personal data collection include:

• Medilife Pty Ltd’s identity and contact details, including the position title, telephone number and email address of a contact who handles enquiries and requests relating to privacy matters
  Medilife Pty Ltd
  Privacy Officer
  Ph – 1300 130 385
  contact@medilife.edu.au
• The facts and circumstances of collection such as the date, time, place and method of collection, and whether the information was collected from a third party, including the name of that party
• If the data is required or authorised by law, including the name of the Australian law or other legal agreement requiring the collection, e.g. AVETMISS, ASQA, ATO, NCVER
• The purpose of collection of data
• The main consequences (if any) for the individual if all or some of the personal information is not collected by Medilife Pty Ltd
• A link to this Privacy Policy and Procedure on our website (“Privacy” button on site map) which can be downloaded
• A student may access and seek correction of their personal information held by Medilife Pty Ltd, refer to Accessing Files
• If an individual/student has a reason to complain about a breach of the APPs, or any registered APP code, they can submit a formal complaint to the Privacy Officer. Internal procedures for dealing with complaints will be initiated and a reply will be provided within 7 working days
• Medilife Pty Ltd is not likely to disclose the personal information to overseas recipients

Where possible, Medilife Pty Ltd will make sure that the individual/student confirms their understanding of these details, via signed declarations, website form acceptance of details or in person through questioning.

Where Medilife Pty Ltd collects personal information from another organisation, we:

• Confirm whether the other organisation has provided the relevant notice above to the individual
• Whether the individual was otherwise aware of these details at the time of collection
• If this has not occurred, we will undertake this notice to ensure the individual is fully informed of the information collection

APP 6 — Use or disclosure of personal information

Medilife Pty Ltd only uses or discloses personal information it holds about an individual for the particular primary purposes for which the information was collected, or secondary purposes in cases where:

An individual consented to a secondary use or disclosure
An individual would reasonably expect the secondary use or disclosure, and that is directly related to the primary purpose of collection
Using or disclosing the information is required or authorised by law
Requirement to make a written note of use or disclosure for this secondary purpose

If Medilife Pty Ltd uses or discloses personal information in accordance with an ‘enforcement related activity’ we will make a written note of the use or disclosure, including the following details:

• The date of the use or disclosure
• Details of the personal information that was used or disclosed
• The enforcement body conducting the enforcement related activity
• If the organisation used the information, how the information was used by the organisation
• The basis for our reasonable belief that we were required to disclose the information

APP 7 — Direct marketing

Medilife Pty Ltd does not use or disclose the personal information that it holds about an individual/student for the purpose of direct marketing, unless:

• The personal information has been collected directly from an individual, and the individual would reasonably expect their personal information to be used for the purpose of direct marketing
• The personal information has been collected from a third party, or from the individual directly, but the individual does not have a reasonable expectation that their personal information will be used for the purpose of direct marketing; and
• We provide a simple method for the individual to request not to receive direct marketing communications (also known as ‘opting out’)

On each of our direct marketing communications, Medilife Pty Ltd provides a prominent statement that the individual may request to opt out of future communications, and how to do so. An individual may also request us at any stage not to use or disclose their personal information for the purpose of direct marketing, or to facilitate direct marketing by other organisations. We comply with any request by an individual promptly and undertake any required actions for free.

We also, on request, notify an individual of our source of their personal information used or disclosed for the purpose of direct marketing unless it is unreasonable or impracticable to do so.

APP 8 — Cross-border disclosure of personal information

Medilife Pty Ltd does not disclose personal information about an individual to any overseas recipient

APP 9 — Adoption, use or disclosure of government related identifiers

Medilife Pty Ltd does not adopt, use or disclose a government related identifier related to an individual except:

• In situations required by Australian law or other legal requirements
• Where reasonably necessary to verify the identity of the individual
• Where reasonably necessary to fulfil obligations to an agency or a State or Territory authority
• As prescribed by regulations

APP 10 — Quality of personal information

Medilife Pty Ltd takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete. We also take reasonable steps to ensure that the personal information we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant. This is particularly important where:

• When we initially collect the personal information
• When we use or disclose personal information

We take steps to ensure personal information is factually correct. In cases of an opinion, we ensure information takes into account competing facts and views and makes an informed assessment, providing it is clear this is an opinion. Information is confirmed up-to-date at the point in time to which the personal information relates.

• Quality measures in place supporting these requirements include:
• Internal practices, procedures and systems to audit, monitor, identify and correct poor quality personal information (including training staff in these practices, procedures and systems)
• Protocols that ensure personal information is collected and recorded in a consistent format, from a primary information source when possible
• Ensuring updated or new personal information is promptly added to relevant existing records
  Providing individuals with a simple means to review and update their information on an on-going basis through our online portal
• Reminding individuals to update their personal information at critical service delivery points (such as completion) when we engage with the individual
• Contacting individuals to verify the quality of personal information where appropriate when it is about to used or disclosed, particularly if there has been a lengthy period since collection
• Checking that a third party, from whom personal information is collected, has implemented appropriate data quality practices, procedures and systems

APP 11 — Security of personal information

Medilife Pty Ltd takes active measures to consider whether we are able to retain personal information we hold, and also to ensure the security of personal information we hold. This includes reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

We destroy or de-identify personal information held once the information is no longer needed for any purpose for which the information may be legally used or disclosed.

Access to Medilife Pty Ltd offices and work areas is limited to our personnel only – visitors to our premises must be authorised by relevant personnel and are accompanied at all times. With regard to any information in a paper based form, we maintain storage of records in an appropriately secure place to which only authorised individuals have access.

Regular staff training and information bulletins are conducted with Medilife Pty Ltd personnel on privacy issues, and how the APPs apply to our practices, procedures and systems. Training is also included in our personnel induction practices.

We conduct ongoing internal audits (at least annually and as needed) of the adequacy and currency of security and access practices, procedures and systems implemented

APP 12 — Access to personal information

Where Medilife Pty Ltd holds personal information about an individual, we provide that individual access to the information on their request. In processing requests, we:

• Ensure through confirmation of identity that the request is made by the individual concerned, or by another person who is authorised to make a request on their behalf (refer to Accessing Files)
• Respond to a request for access:
  • Within 14 calendar days, when notifying our refusal to give access, including providing reasons for refusal in writing, and the complaint mechanisms available to the individual; or
  • Within 30 calendar days, by giving access to the personal information that is requested in the manner in which it was requested.
  • Provide information access free of charge

APP 13 — Correction of personal information

Medilife Pty Ltd takes reasonable steps to correct personal information we hold, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held. On an individual’s request, we:

• Correct personal information held; and (refer to Accessing Files)
• Notify any third parties of corrections made to personal information, if this information was previously provided to these parties.

In cases where we refuse to update personal information, we:

• Give a written notice to the individual, including the reasons for the refusal and the complaint mechanisms available to the individual
• Upon request by the individual whose correction request has been refused, take reasonable steps to associate a statement with the personal information that the individual believes it to be inaccurate, out-of-date, incomplete, irrelevant or misleading
• Respond within 14 calendar days to these requests; and
• Complete all actions free of charge

Information Collection

Our primary objective in collecting information is to provide you with a personalized and efficient service. We will use reasonable, fair and lawful means in collecting information, and will mostly come directly from you. Generally we collect information when customers register details, place an order, seek a refund, or provide feedback to us. Some information provided by our clients, customers, contractors and other third parties may be considered private.
We use information provided to us for different reasons including the following;

• Finalize transactions on your behalf or with you.
• Send order confirmations, invoices, receipts, and deliver products and services
• Provide you with special offers that may be of benefit or interest to you
• Collect feedback and to better understand your requirements and preferences
• Protect against fraud or theft.

You may choose not to provide personal information to us if you do not wish to disclose, however that may prevent us or hamper our ability to provide you with goods and services that require such information.

Use of Cookies

A cookie is a small file containing a piece of text that identifies your browser to our website. We may use cookies to provide you with a customized or personalized shopping experience. For example by recording information about your experiences, or by telling us that a previous visitor to www.www.medilife.edu.au is back, we may be able to customise our service to give you a better and more efficient shopping experience.
Medilife takes measures to ensure your personal information is protected from unauthorized access, loss, misuse, disclosure, or alteration. We ensure personal information no longer required is permanently de-identified or destroyed. Information stored on our computer systems can only be accessed by those entrusted with authority and passwords.
If you feel uncomfortable providing personal information over our website to buy any of our products we would be delighted to have your order via:

Phone: 1300 130 385
Fax: 1300 980 385
Email: contact@medilife.com.au

Links to Other Websites

This privacy policy applies to information collected via this website and may differ from the policies of other sites that you may link to from this website. It is our recommendation that you read the privacy policies of any website you visit, including those linked by this website, prior to providing personal information.

Changes and Policy Updates

Our website is regularly reviewed and new features are likely to be added for a better shopping experience. If we decide to change our privacy policy to allow for this development we will post these changes on this page so you are always aware of what information we gather and how we use it.