This document sets out how Didasko Institute Pty Ltd and Didasko International Pty Ltd (trading as Didasko Learning Resources (DLR) - providing digital training and assessment resources via our online portal Didasko Online and other channels) together known as the Didasko Group deals with privacy and the protection of your personal information.
Protecting your privacy is very important to the Didasko Group and we are committed to maintaining the security of all personal information provided to us by our clients, staff, visitors to and users of our website, Didasko Online or via other channels. This policy details how we collect, use and manage this personal information.
We reserve the right to amend this policy from time-to-time and the revised policy will take effect from the time it is posted on our website.
Let’s start with some definitions. Personal information under the Privacy Act means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether: the information or opinion is true or not; and the information or opinion is recorded in a material form or not the information or opinion as published or broadcasted or not.
Sensitive information under the Privacy Act means:
The Didasko Group does not generally make it a practice to collect sensitive information; however, we may collect information about clients and their students, in the form of names, email addresses and student numbers in the administration of Didasko Online.
What personal information do we collect and hold?
Depending on your particular circumstances, we may collect and hold a range of different information about you. This may include: your name, date of birth, contact details (including address, email address, phone number or mobile telephone number), employee records, next of kin contact details, nationality, passport visa information (if required) and information about how you use our products and services. This is not an exhaustive list and we may need to collect additional personal information from you as part of our service provision from time-to-time in which event we will notify you.
How we collect personal information
The Didasko Group collects personal information in a number of ways, including:
How we hold personal information - Storing and security of personal information
All personal information is stored securely at the Didasko Group offices in paper and electronic form. Digital information is stored in the Learning Management System (LMS) (Didasko Online) and connected Learning Portal environments.
The security of personal information is important to us and we take reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure. This includes:
The purposes for which we hold, collect and use personal information
The Didasko Group maintains personal information on clients, students, employees and other stakeholders, firstly in order to provide information relating to the operation, of resource development and LMS services, and secondly to provide information that may assist the business operations of the Didasko Group.
In exceptional (and very rare) circumstances this information may be provided to another organisation for purposes of providing information on matters which may assist the business operations of the Didasko Group subject at all times to the application of the APPs.
Accessing your own personal information & seeking correction
At all times you are entitled to access your own personal information held by the Didasko Group and to seek to have it corrected. Please contact the Privacy Officer below should you wish to do this.
Complaint process for a breach of the Australian Privacy Principles
If you have a complaint about how we collect, hold, use or disclose your personal information or a privacy related issue such as a refusal to provide access or correction, or any breach or perceived breach of the APPs by the Didasko Group then please use our complaints process so that we can deal with your complaint effectively and efficiently.
Disclosing personal information & overseas recipients
The Didasko Group has recently commenced using a cloud computing service as set out under its Data Security Statement (including use of Didasko Cloud Service ). It is unlikely that the use of such a service by the Didasko Group will result in the 'disclosure' of any personal information to an overseas recipient or a 'use' of personal information by an overseas recipient. However, if it is determined that the use of such a service constitutes a 'disclosure' of personal information then the Didasko Group will take such reasonable steps as are required to ensure that any overseas recipient does not breach the APPs. Where it is determined that the provision of such a service to the Didasko Group represents a 'use' of personal information by an overseas recipient, the Didasko Group accepts that any handling personal information, including any acts or practices of the service provider, will be treated as been having done by the Didasko Group for the purposes of the APPs, including APP 8.
Countries in which it is likely that there will be a disclosure of personal information through the use of a cloud computing service
The Didasko Group uses a cloud computing service provider with infrastructure that includes providing Platform Services from 25 data centers located within the USA and in locations outside of the USA including Sydney, Melbourne, Hong Kong, Singapore and Tokyo. For further information please refer to the Didasko Security Statement.
Under APP 2, you have at all times the option of not identifying yourself or using a pseudonym when dealing with the Didasko Group.
This right is subject at all times to whether it is impracticable for the Didasko Group to deal with you anonymously or by using a pseudonym and we are happy to discuss any concerns you may have in this area by contacting us using the link below.
The Didasko Group will only collect personal information that is necessary to its business functions and activities.
At all times the Didasko Group will only collect personal information by lawful and fair means and at all times subject to the requirements of APP 3.
Where the Didasko Group receives unsolicited personal information it will within a reasonable time of receipt determine whether or not it would have collected the information under APP 3 if the Didasko Group had solicited the information. If the Didasko Group determines that it would not have collected the unsolicited personal information, it will as soon as practicable either de-identify or destroy the information, if lawful to do so, unless the information can be managed otherwise in accordance with APP 3.
The Didasko Group will ensure that an individual is notified as soon as practicable about:
Where the Didasko Group has collected personal information from someone other than the individual, the Didasko Group will take reasonable steps to notify the individual that information was collected.
The Didasko Group will only use and disclose personal information for the particular purpose (primary purpose) for which it was collected or a related purpose where you would reasonably expect the use or disclosure of personal information.
The Didasko Group will not use or disclose personal information for another purpose (secondary purpose) unless you consent.
We may use or disclose personal information without your consent in exceptional circumstances, as defined set out under APP 6 including where:
The Didasko Group will not use personal information that it holds for the purpose of direct marketing in accordance with APP 7.1.
Despite APP 7.1, we may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:
Despite APP 7.1, the Didasko Group may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:
Despite APP 7.1 the Didasko Group may use or disclose sensitive information about you for the purpose of direct marketing if you consented to the use or disclosure of the information for that purpose.
Other marketing activities
The Didasko Group at all times will not adopt a government related identifier of an individual as its own identifier and at all times will abide by its obligations under APP 9.
The Didasko Group will take reasonable steps to ensure the personal information it collects, uses and discloses is accurate, up to date and complete.
The Didasko Group will take reasonable steps to ensure that the personal information that it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.
The Didasko Group will take all reasonable steps to ensure that the personal information it holds is protected from misuse, loss, interference and unauthorised access, modification or disclosure.
The Didasko Group will destroy or permanently de-identify personal information when it is no longer required for use or disclosure, and where the Didasko Group is not required to retain the information in accordance with an Australian law.
The Didasko Group will allow you access to your personal information at your request, unless we deem that a valid exception to access applies (as per APP 12.3), this includes:
All requests for access to personal information must be referred to the Privacy Officer using the link below. All requests will be responded to in a reasonable time and where possible, access will be given in the manner requested by the individual. The Didasko Group may charge the individual for giving access to the information (e.g., printing costs) however this charge will not be excessive, nor will it apply to the making of the request.
Where requests for access are refused, the Didasko Group will provide written notification of the reasons for refusal and refer the applicant to the Didasko Group Complaints Policy.
The Didasko Group will take reasonable steps to correct personal information where an individual requests the Didasko Group to correct the information or the Didasko Group identifies that the information held is inaccurate, out of date, incomplete, irrelevant or misleading or irrelevant.
The Didasko Group will receive accept requests from individuals to correct that individual’s personal information in accordance with its obligations under APP 13. All requests for correction of personal information must be referred to the Privacy Officer.
No charges will be incurred by the individual for the correction of personal information.
Where requests for correction of personal information are refused, the Didasko Group will provide written notification of the reasons for refusal and refer the applicant to the Didasko Group Complaints Policy.
The Didasko Group is fully aware of the Notifiable Data Breaches (NDB) scheme which took effect in Australia from 22 February 2018. This scheme applies to us as an organisation with existing personal information security obligations under the Privacy Act.
The NDB scheme creates an obligation on the Didasko Group under law to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In this unlikely event, we will also notify you of any breach and include recommendations that you should take in response to the breach. We are also obligated to notify the Australian Information Commissioner of any eligible data breaches as part of our internal procedure and NDB response plan.
For further information on the NDB scheme please visit www.oaic.gov.au
If you have any enquiries or concerns about this policy or your personal information, please contact the Chief Operating Officer or email: firstname.lastname@example.org