Go to top of page

Complete APP Privacy Policy

24 June 2014

About this privacy policy

TEQSA uses a layered approach to presenting its privacy policy. This policy provides you with complete information on how TEQSA handles personal information, separated into the following different categories of records:

  • Part A: Personnel
  • Part B: Financial management system
  • Part C: Consultancy services
  • Part D: Higher education provider case management
  • Part E: Legal services
  • Part F: Enquiries mailbox
  • Part G: Complaints 4 Part H: Freedom of Information
  • Part I: Provider Information Request (PIR)
  • Part J: Data collected from TEQSA website

Below is some general information on TEQSA’s privacy obligations, how to access and correct your personal information, disclosure of information and how to make complaints about the way TEQSA handles personal information.

TEQSA also has a Condensed APP Privacy Policy which summarises TEQSA’s approach to handling personal information.

Obligations

All personal information collected by TEQSA is protected by the Privacy Act 1988. Information on the Commonwealth Privacy Act 1988 can be found on the website of the Office of the Australian Information Commissioner. The Tertiary Education Quality and Standards Agency (TEQSA) is committed to protecting personal information. This Privacy Policy embodies this commitment and applies to personal information collected by TEQSA and its contractors and agents (collectively, TEQSA). TEQSA adheres to the requirements of the Australian Privacy Principles (APPs) contained within the Privacy Act 1988 and the Guidelines for Federal and ACT Government World Wide Websites, issued by the Privacy Commissioner.

Access and Correction

TEQSA will allow individuals to have access to their personal information that we hold and we will correct an individual’s personal information if it is inaccurate (subject to restrictions on such access/alteration of records under the applicable provisions of any law of the Commonwealth). The Freedom of Information Act 1982 also provides an opportunity to request access to documents in the possession of TEQSA. An individual who wishes to access the personal information TEQSA holds about them and to seek correction of that information should see TEQSA’s Freedom of Information page and request access to their personal information via a freedom of information request.

Disclosure

It is unlikely the records TEQSA holds that contain personal information will be disclosed to any overseas recipients.

Complaints

To make a complaint about TEQSA’s handling of personal information or compliance with the APPs please write to the address below:

  • Privacy Contact Officer

Tertiary Education Quality and Standards Agency

GPO Box 1672

Melbourne VIC 3001

  • Email: privacy [at] teqsa.gov.au

If we receive a complaint TEQSA’s handling of personal information or compliance with the APPs we will determine what (if any) action we should take to resolve the complaint. If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.

We will tell you promptly that we have received your complaint and will endeavour to respond to the complaint within 30 days.

If you are not satisfied with TEQSA’s response you can complain to the Commonwealth Ombudsman. You may also make a complaint to the Office of the Australian Information Commissioner.

PART A: Personnel Records

Collection

The personal information contained in TEQSA’s personnel records is generally collected from the individual but may be obtained from former employers of individuals on engagement, with the consent of the individual.

Content

The content of personnel records may include: name, address, date of birth, occupation, AGS number, gender, qualifications, equal employment opportunity group designation, next of kin, details of pay and allowances, leave details, work reports, security clearance details and employment history. Personnel records include records about current and former employees as well as records about applicants for positions at TEQSA.

Personnel records may include information which employees may consider sensitive such as: physical and mental health, disabilities, racial or ethnic origin, disciplinary investigation and action, criminal convictions, adverse performance and security assessments, tax file numbers, relationship details and personal financial information.

Use

Personnel records are used by TEQSA for the management of Human Resources. The following agency staff have access to personnel records: executive and senior staff with personnel management responsibility, supervisors and members of selection committees (as appropriate), the individual to whom the record relates and, as is relevant to completing their duties, Human Resources staff.

Security and Disposal

Personnel records are kept according to the applicable provisions of the records authorities in relation to personnel functions issued by Australian Archives. Access to these records is restricted. They are kept in locked cabinets and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

Information held in personnel records may be disclosed, as appropriate, to: Comcare in relation to claims and workplace health issues, Commonwealth Medical Officers for the purposes of conducting fitness for duty assessments, Attorney-General's Department, Australian Public Service Commission for the purposes of obtaining policy advice, ComSuper and other superannuation administrators, the Productivity Commission for the purposes of calculating and paying employee entitlements, and the Australian Taxation Office, Centrelink, and the Child Support Agency in relation to payments required to be made. Information held on personnel records is moved to other APS agencies on movement or reengagement of an employee to that agency.

PART B: Financial Management System Records

Collection

The personal information contained in TEQSA’s financial management system records is generally collected from the individual or the employer of an individual.

Content

Contents may include: name, address, contact information and transaction history with TEQSA over previous and current financial years. Details of vendors and employee bank accounts are also kept in the financial system.

Use

Information is collected to maintain complete information relating to all financial transactions of the agency. The purpose of these records is to maintain payment details to allow for payment of invoices and claims from staff members and service providers.

Within TEQSA this information is only available to relevant staff members of Finance Section and authorised users of interfacing systems responsible for payments by direct credit (ie. staff salary payments via Aurion).

Security and Disposal

The information in the Financial Management Information System is stored indefinitely. Paper records are destroyed seven years after last action. Access to these records is restricted. They are kept in locked cabinets and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

Information may be disclosed to the Reserve Bank of Australia and the Productivity Commission for the purpose of processing agency payments.

PART C: Consultancy services records

Collection

The personal information contained in TEQSA’s consultancy service records is generally collected from the individual or the employer of an individual.

Content

The consultancy services records may include name, address, qualifications, details of rate, work reports, security clearance details and information on their employment information and any employees and subcontractors. Sensitive contents of a consultant’s information may include security assessment details.

Use

The purpose of these records is to assist with the evaluation and engagement of consultancy services. The personal information in these records relates to the employees or subcontractors of the consultancy firm responding to the request. TESQA staff in the business area from which the original request for consultancy services originated have access to these records as well as senior managers on a need to know basis.

Security and Disposal

Consultancy service records are kept according to the applicable provisions of the General Records Authority and establishment records issued by Australian Archives. Access to these records is restricted. They are kept in locked cabinets and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

The name of a consultant and the content of their report may be disclosed to higher education providers for the purposes of performing TEQSA’s regulatory functions.

PART D: Higher education provider case management records

Collection

The personal information contained in TEQSA’s provider case management records is generally collected from the individual or the employer of an individual.

Content

The content includes: name, title, address, phone, email, date of birth, position title, position responsibilities, term of appointment, professional and educational history. Sensitive information may include acts of professional or academic misconduct, financial history, qualifications, gender and criminal convictions.

Use

The purpose of these records is to record details relating to higher education provider registration and course accreditation applications and assessments, notifications and general communications relating to providers, to enable TEQSA to carry out its regulatory functions.

Security and Disposal

Provider case management records are kept according to TEQSA’s Records Authority. Access to these records is restricted. They are kept on premises only accessible via a security pass and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

Personal information in these records may be disclosed to Commonwealth, state or territory bodies responsible for regulating the provision of education, to consultants engaged by TEQSA and to bodies responsible for regulating occupations associated with courses regulated by TEQSA. These disclosures would be made for the purposes of assisting TEQSA to assess applications made to TEQSA, and to otherwise assist TEQSA to perform its regulatory responsibilities.

PART E: Legal services records

Collection

The Legal Group does not usually collect personal information but relies on existing records held by TEQSA.

Content

The personal information in the legal services records include but is not limited to: name, address, date of birth, gender, marital status, and occupation. Sensitive content may include financial information, employee records, criminal convictions, physical or mental health details, relationship details and racial or ethnic origin.

Use

These records are used to enable the Legal Group to perform its functions in relation to the delivery of legal services to TEQSA. Only officers of the Legal Group involved in the provision of legal services for which the information is relevant have access to these records, and on a need-to-know basis, senior managers.

Security and Disposal

The records are kept in accordance with the Administrative Functions Disposal Authority issued by the National Archives of Australia. The records are kept for specified periods that relate to the contents and have a wide range, e.g. breaches of mandatory standards are destroyed seven years after action completed, claims are destroyed seven years after settlement or withdrawal.

Access to these records is restricted. They are kept in locked cabinets and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

This information may be disclosed to Commonwealth departments and agencies for the purposes of seeking legal advice or consulting on such requests, external legal advisers, and Courts and Tribunals.

PART F: Enquiries mailbox

Collection

The personal information contained in these records is usually sent by the individual.

Content

The personal information contained in these records may include: name, address, occupation and phone number.

TEQSA staff who manage the mailbox have access to this information. In addition, personal information contained in the enquiries are sometimes forwarded to Provider Case Managers or other staff in order to respond to the enquiries. Some of the enquiries are treated as complaints. See the complaints section of this Privacy Policy for information on who has access to personal information contained in complaints.

Use

These records contain details of email enquiries received by the TEQSA enquiries mailbox. TEQSA uses the personal information in these records to respond to the enquiry. These emails are kept by TEQSA as a record of TEQSA having responded to the query.

Security and disposal

The records will be kept for five years. Access to these records is restricted. They are kept on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

The personal information in these records is not usually disclosed to other persons or organisations.

PART G: Complaints

Collection

The personal information contained in these records is usually sent by the individual.

Content

The records may contain personal information of a complainants name, address, occupation and phone number.

Use

These records contain details of complaints received by TEQSA about higher education providers. The complaints are kept for consideration when TEQSA performs its regulatory functions in determining if a provider is meeting its obligations under the Tertiary Education Quality and Standards Agency Act 2011.

TEQSA staff who manage the complaints mailbox and provider case managers have access to this information.

Security and disposal

Complaints records are kept according to TEQSA’s Records Authority.

Access to these records is restricted. They are kept on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

The personal information in these records is not usually disclosed to other persons or organisations.

PART H: Freedom of Information records

Collection

The personal information contained in these records is usually sent by the individual.

Content

The records may include a freedom of information applicant’s name, address, phone number, date of birth, gender and occupation.

Use

The purpose of these records is to process and maintain a record of requests for access to documents under the Freedom of Information Act 1982. The following TEQSA staff have access to these records: the freedom of information coordinator and freedom of information officer, the Legal Group and senior managers on a need-to-know basis

Security and disposal

The records are kept for seven years.

Access to these records is restricted. They are kept in locked cabinets and on a restricted drive on TEQSA’s IT network, which is only accessible by authorised staff.

Disclosure

Some of this information may be disclosed to Commonwealth agencies or departments concerned with the particular application, or to other entities required to be consulted under the Freedom of Information Act 1982.

PART I: Provider Information Request (PIR) Data

Collection

PIR data is collected from higher education providers and from the Commonwealth Department of Education.

Content

The personal information contained in the PIR data includes student and staff numerical identifiers, courses studied by students and students’ outcomes, as well as students’ residency status, and in some cases the salaries of staff.

Use

This data allows TEQSA to regulate the higher education sector in line with its regulatory principles (relating to regulatory necessity, risk and proportionality). Through access to a core data set across all providers, TEQSA is able to employ a risk-based approach to regulation and thus can reduce regulatory burden on the sector and focus regulatory effort on potential risks to students. The data is used to calculate risk indicators which inform TEQSA’s assessments of providers and allow relevant application processes to be tailored. TEQSA may also use the data to prepare high level analysis across the higher education sector, though any such analysis would only be published or disclosed in a de-identified form.

Security and disposal

PIR data records are kept according to TEQSA’s Records Authority. Records are held in an isolated electronic data vault, with access limited to a small number of specially authorised personnel from the Regulatory Risk and Information Group in TEQSA, which responsible for managing these records.

Disclosure

TEQSA may disclose this information to Information Technology contractors and to the Productivity Commission for the purposes of maintaining Information Technology systems (including databases) associated with this information.

PART J: Data collected from TEQSA website

When you use TEQSA’s online services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name, the date and time of the visit to the site, the pages accessed and documents viewed, the previous sites visited, and the browser type, browser language, and one or more cookies that may uniquely identify your browser.