Privacy Policy

1. Introduction

RTO Manager ("we", "our", or "us") provides a platform for Registered Training Organisations (RTOs) to manage student data and generate compliance reporting files. This Privacy Policy explains how we handle information within our platform.

2. Platform Services

Our platform provides tools for:

• Student profile management
• Attendance tracking
• Certificate management
• AVETMISS compliant file generation
• Compliance reporting

3. Information Collected

The platform may store the following types of information as entered by RTOs:

Student Information:

• Personal details (name, date of birth, gender, contact information)
• Unique Student Identifier (USI)
• Enrolment and course information
• Attendance records
• Assessment results and competency outcomes
• Certificate and qualification details
• Visa and citizenship status (for compliance purposes)

RTO Staff Information:

• User account details (name, email, role)
• Login and access logs

4. Data Responsibility

While we provide the platform for generation of reporting files and compliance documentation, it is the sole responsibility of our clients (RTOs) to ensure that all data collected, stored, and processed through our platform complies with all applicable state, territory, and federal privacy laws, regulations, and standards.

5. Client Obligations

As a client using our platform, you are responsible for:

• Obtaining appropriate consent from individuals before collecting their personal information
• Ensuring the accuracy and completeness of data entered into the platform
• Maintaining appropriate privacy policies and procedures for your organisation
• Notifying individuals about how their data will be used and disclosed
• Complying with data retention and destruction requirements
• Responding to access and correction requests from individuals
• Reporting any data breaches in accordance with applicable laws

6. Our Security Measures

We implement industry-standard security measures to protect data stored on our platform, including:

• Encryption of data in transit and at rest
• Secure authentication mechanisms
• Regular security audits and updates
• Access controls and user permission management
• Secure data backup procedures

7. Data Storage and Retention

Data processed through our platform is stored on secure servers located in Australia. We take reasonable steps to protect information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Data is retained on the platform for as long as the client maintains an active account. Upon account termination, clients may request data export. Data deletion will occur in accordance with applicable regulatory requirements and upon client request, subject to any legal retention obligations.

8. AVETMISS and Government Disclosure

As part of compliance requirements, RTOs are required to submit student data to government bodies including the National Centre for Vocational Education Research (NCVER). Our platform facilitates the generation of AVETMISS compliant files for this purpose.

It is the RTO's responsibility to ensure that students are informed about the collection of their information and its disclosure to NCVER and other relevant government bodies as required by the National VET Data Policy.

9. Student Rights

Students whose data is stored on the platform have rights under the Privacy Act 1988, including:

• The right to access their personal information
• The right to request correction of inaccurate information
• The right to know how their information is being used
• The right to make a complaint about privacy breaches

Students should contact their RTO directly to exercise these rights. RTOs are responsible for responding to such requests in accordance with applicable privacy laws.

10. Cookies and Analytics

Our platform may use cookies and similar technologies to maintain user sessions, remember preferences, and improve the user experience. We may also collect usage analytics to improve our services. This data is used solely for platform improvement and is not shared with third parties for marketing purposes.

11. Data Breach Response

In the event of a data breach that is likely to result in serious harm, we will:

• Take immediate steps to contain the breach
• Assess the breach and potential impact
• Notify affected clients promptly
• Notify the Office of the Australian Information Commissioner (OAIC) if required
• Take steps to prevent future breaches

Clients are responsible for notifying affected individuals and relevant authorities as required under the Notifiable Data Breaches scheme.

12. Third-Party Services

Our platform may integrate with third-party services for functionality purposes. Clients should review the privacy policies of any third-party services they choose to integrate with our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify clients of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at: