Avrior

Privacy Policy

We aim to provide professional, affordable and friendly services to our clients.

Privacy Policy

In Australia, privacy law generally relates to the protection of an individual’s personal information. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. The Privacy Act includes thirteen (13) Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, accessing and correction of personal information (including sensitive information).

As a small business and consistent with its operations and responsibilities, under the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy protection) Act 2012, Avrior is not required to have in place a Privacy Policy that meets the APP’s however, we choose to do so.
This policy is based on the thirteen (13) APP’s that came into force on 12 March 2014 through the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and details how Avrior complies with each of these APP’s.
The Directors of Avrior should ensure that all staff of AVRIOR undertake awareness training in this policy and its underpinning legislative requirements, and comply with this policy at all times. The Directors should also ensure that all clients of Avrior have an awareness of this policy.

Consideration of Personal Information Privacy


Open and Transparent Management of Personal Information


The Directors of AVRIOR must:
  • Ensure that personal information that Avrior collects is managed in an open and transparent way;
  • Take reasonable steps to implement practices, procedures and systems relating to Avrior functions or activities that will enable them to deal with enquiries or complaints from individuals about Avrior’s compliance with the Australian Privacy Principles;
  • Ensure that Avrior has a clearly expressed and up to date policy about the management of personal information by Avrior;
  • Ensure that the Avrior Privacy Policy contains the following information
  • The kinds of information that Avrior collects and holds;
  • How Avrior collects and holds personal information;
  • The purposes for which Avrior collects, holds, uses and discloses personal information;
  • How an individual may access personal information about the individual that is held by Avrior and seek correction of such information;
  • How the individual may make a complaint about a breach of the APP’s and how Avrior will deal with such a complaint;
  • Whether Avrior is likely to disclose information to overseas recipients;
  • If Avrior is likely to disclose information to overseas recipients – the countries in which such recipients are likely to be located (if it is practicable to specify those countries in the policy);
  • The Privacy Policy must be available free of charge and in such form as appropriate;
  • If a person or body requests a copy of the Avrior r Privacy Policy in a particular form, Avrior should take reasonable steps to make the Avrior Privacy Policy available in that form.

Avrior advises that it collects, holds and uses the following personal information: Information required for registering or submitting applications to regulatory authorities on behalf of clients including:

• Australian Business Number • Australian Company Number; • Fit and Proper Person Declarations; • Banking Details; • Name, Contact Details, Date of Birth, etc. • Photographic Identification if required; • Licenses and / or permits, accreditation, etc. where required; • Copies of Curriculum Vitae, qualifications, etc. • Financial Details including evidence to demonstrate financial viability to regulatory authorities where required; • For the purposes of the Avrior Online Store, we collect, hold and use the following information to facilitate your purchase (some information is collected, used and held by our hosted payment gateways provider Card Access Services. Where this is the case, this information is represented by ‘*’; o Name; o Email Address; o Phone Numbers o Physical Address; o IP Address o Host Name; o Browser Information o Credit card details * (for further information, see the Card Access Services Privacy Policy http://www.cardaccess.com.au/ and Bankwest Merchant Services http://www.bankwest.com.au/business/business-accounts/business-account-services/merchant-services Privacy Policy)

Disclosure of User Information.

For our Online Training Portal, we collect, use and hold information in relation to: • Name; • Email Address; • Phone Numbers • Physical Address; • IP Address; • Host Name; • Browser Information; • During exhibitions, Avrior may collect information, use and hold personal information including: • Name; • Contact Details; • Products and Services interested in; • Any information required for any competition we may be running at the time for which you will have provided consent. • For the purpose of subscribing to the Avrior Newsletter or Social Media sites, we collect, use and hold the following information: • Name; • Email Address. • When visiting the Avrior website, if an individual is logged in to the website under their user registration, Avrior collects and holds: • The individual’s access time; • IP Address; • Visitor behaviour (e.g. what pages you may have visited to enhance the customer’s visit and preferences). • For employees or sub-contractor’s of Avrior, Avrior collects, uses and holds the following private information: • Employment Contract or Sub-Contracting Agreement; • Banking Details; • Next of Kin and Emergency Contact Information (where relevant); • Curriculum Vitae; • Qualifications, Permits, Licenses, etc. • Third Party Reference Checks; • Contact Details; • Any relevant sensitive information such as health and / or medical; • Tax File Number; • Superannuation Details; • Australian Business Number or Australian Company Number; • Eligibility Testing; • Application for Employment or Sub-Contracting; • All communications that are hard copy or electronic; • Medical Certificates, etc. where relevant; • Supervisory and/or performance management reports; • Attendance records; • Complaints and Appeals lodged and received against the individual where relevant; • All work related login and password details. • Any information that is collected, held and used by Avrior is subject to this policy and where required, this policy will be updated to include any changes to the types of information that are collected, held or used by Avrior.

Purpose of Collecting Personal Information

Avrior collects, holds and uses the previously mentioned personal information and records for the purposes outlined above but specifically to support the work that it is engaged by the client to undertake (submit applications to regulatory authorities on their behalf), keep Avrior clients and VIP clients up to date with changes to the industry and to facilitate the transmission of quotes, project requirements, contractual arrangements and payment processing. Avrior only collects information as and when required by requesting it to be submitted by the individual with their consent in writing (this consent may be in the form of an application for enrolment or employment). Information can be collected by Avrior through:

  • Physical hard copy;
  • Electronic submission via:
  • Email
  • Facsimile
  • Avrior website including social media sites
  • Promotions, Open Days and exhibitions.


Dealing with Personal Information Use and Disclosure of Personal Information

Avrior will not use or disclose personal or sensitive information for any purpose other than what it was collected for unless the relevant person has provided written consent to use or disclose the information in circumstances that are different to those for which it was collected. The circumstances where there may be an exception to this are: • Where the use or disclosure of this information is required or authorised by or under an Australian law or a court/tribunal order; • The individual would reasonably expect Avrior to use or disclose the information for the secondary purpose; • A permitted general situation exists in relation to the use or disclosure of the information by Avrior Doctor; • A permitted health situation exists in relation to the use or disclosure of the information by Avrior; • Avrior reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by or on behalf of, an enforcement body. Where Avrior uses an individual’s personal information under this clause, Avrior must obtain consent in writing to release, use or disclose the personal information. • Where the individual chooses to maintain anonymity or use a pseudonym and this is not detrimental to their engagement with Avrior and it does not inhibit Avrior’s adherence to legislative compliance, Avrior will act upon the individual’s request as is reasonable in relation to the requested and particular matter.

Direct Marketing

Where Avrior holds personal information and excluding any sensitive information about an individual, Avrior will not use or disclose this information for the purpose of direct marketing unless the following circumstances apply: • Written consent has been collected by the individual; • The individual would reasonably expect Avrior to use or disclose the information for that purpose; • Avrior provides an opt-out method that is easily accessible for individuals to request not to receive direct marketing communications from Avrior; • The individual has not made such a request to Avrior.

Where Avrior does have written consent for the collection, holding and use of their personal details (excluding sensitive information), Avrior must provide a simple means by which the individual can easily request not to receive direct marketing communications from Avrior. Avrior provides this through an unsubscribe function on it’s newsletter and social media sites or by contacting Avrior directly and requesting that direct marketing that the individual believes it has not consented to or no longer wishes to receive to cease. This policy is also supported by and does not replace or supersede the following legislation: • Do Not Call Register Act 2006; • Spam Act 2003; or • Any other legislative document of the Commonwealth government.

Cross-Border Disclosure of Personal Information

Before Avrior discloses personal information about an individual to a person who is an overseas recipient and who is not the individual or Avrior, Avrior must take such steps to ensure that the overseas recipient does not breach the Australian Privacy principles (other than Australian Privacy Principle 1) in relation to the information. This does not apply if the recipient of the information is: • Subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APP’s protect the information; and • There are mechanisms that the individual can access to take action to enforce the protection of the law or binding scheme; or • Both of the following apply: • Avrior expressly informs the individual that if they consent to the disclosure of the information, the above clauses will not apply, and • After being so informed, the individual consents to the disclosure. • Any of the reasons that apply for exemption under ‘Dealing with Personal Information’ previously. It should be noted that Avrior does have clients and followers of its website and social media sites in overseas locations (overseas recipients) and all information that is communicated between these parties is subject to this Privacy Policy and any other legal instrument that Avrior is required to abide by including, but not limited to the Corporations Act 2001.

Adoption, Use or Disclosure of Government Related Identifiers

Avrior must not adopt a government related identifier of an individual as its own identifier of the individual unless: • The adoption of the government related identifier is required or authorised by or under Australian law or a court/tribunal order; or • The identifier is prescribed by the regulations and the adoption, use or disclosure occurs in the circumstances prescribed by the regulations. At Avrior such government identifiers would include (but are not limited to): • RTO Identification Numbers; • Application Numbers; • Legal Records and Case numbers.

Avrior must not use or disclose a government related identifier of an individual unless it is in the circumstances described under the exceptions to ‘Dealing with Personal Information’ previously.

Integrity of Personal Information Quality of Personal Information

Avrior must take steps to ensure that the personal information that it collects is accurate, up to date and complete. Avrior must take steps (as are reasonable in the circumstances) to ensure that the personal information that Avrior uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant. In all cases at Avrior, this includes all physical hard copy and electronic records. In relation to its Newsletters, Avrior’s Newsletter distribution software Mailchimp removes any email addresses from our distribution lists that are no longer active. For the Privacy Policy of Mailchimp, please refer to http://mailchimp.com/

Security of Personal Information

Avrior must take steps that are reasonable in the circumstances to protect the information from misuse, interference and loss as well as unauthorised access, modification or disclosure. Avrior achieves this by: • Ensuring any hard copy files containing physical, hard copy personal information is held in a secure home office with lockable doors and windows and security alarms at all times, including where this information is archived. This would include records such as old training and assessment documentation, archived application documents in draft format, etc. Under no circumstances does Avrior store financial information in this manner. • All electronic payment transactions are conducted on a securely hosted website with appropriate intrusion protection and logical system access requiring each user to enter a user name and password for access. • The Avrior Online Store through its hosted payment gateway provides real time credit card processing, 256 bit SSL certificate with all data encrypted over 3DES & PCI standard. • All physical, hard copy sensitive personal information is to be stored in a lockable filing cabinet in the Director’s secure home offices (as described previously). • All archived documentation and back ups that Avrior maintains on behalf of clients is stored in Google Drive in the Avrior secure account or, alternatively on the Avrior external independent Server which only has secure access by the Directors and resides at the Founding Director’s secure home office. • Where the user is physically absent from the personal information or sensitive personal information for any period of time (for example when Avrior or its representatives are on site with a client and must leave their computer momentarily), that individual must return the personal information or the sensitive personal information to its secure storage area in accordance with these instructions. • Avrior will conduct regular audits, either combined with or separate to its internal audits for registration purposes to confirm compliance with this policy and the Australian Privacy Principles.

If Avrior holds personal information and an individual and: • Avrior no longer needs the information for any purpose for which the information may be used or disclosed by Avrior; and • The information is not contained in a Commonwealth record; and • Avrior is not required by or under an Australian law, or court/tribunal order, to retain the information; Avrior must take such steps as are reasonable in the circumstances to destroy the information or to ensure the information is de-identified. In relation to Avrior, clients usually request (and expect) Avrior to keep a secure copy of any documentation that it creates on behalf of the client in the event of their data failure. Consistent with the expectations of our clients, Avrior does store all client information for this purpose however, should a client wish for us to not store their personal information in this way, they can advise us in writing and request that it be securely destroyed.

Access to, and Correction of, Personal Information

If Avrior holds personal information about an individual, Avrior must, upon request by the individual, give the individual access to the requested information.

Exception to Access

If despite the above clause Avrior is not required to give the individual access to the personal information to the extent that: • The Avrior reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety; or • Giving access would have an unreasonable impact on the privacy of other individuals; or • The request for access is vexatious or frivolous; • The information relates to existing or anticipated legal proceedings between Avrior and the individual and would not be accessible by the process of discovery in those proceedings; or • Giving access would reveal the intentions of Avrior in relation to negotiations with the individual in such a way as to prejudice those negotiations; or • Giving access would be unlawful; or • Denying access is required or authorised by or under an Australian law or a court/tribunal order; or • Both of the following apply: o Avrior has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Avrior’s functions or activities has been, is being or may be engaged in; o Giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or o Giving access would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or o Giving access would reveal evaluative information generated within Avrior in connection with a commercially sensitive decision-making process.

Dealing with Requests to Access

Avrior must respond to the request within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.

Other Means of Access

If Avrior refuses: • To give access to the personal information for reasons previously outlined; or • To give access in the manner requested by the individual. Access may be given through the use of a mutually agreed intermediary.

Access Charges

As an organisation Avrior may charge for giving access to the personal information however the charge must not be excessive and must not apply to the making of the request. Where Avrior charges a fee to give access to personal information held about the individual, this charge will be provided up front and will only cover the cost of providing the information where this is reasonable for photocopying and printing, as well as postage if required.

Refusal to Give Access

If Avrior refuses to give access to the personal information because of any of the reasons outlined previously under ‘Exception to Access’, or where Avrior refuses to give access in the manner requested by the individual, Avrior must give the individual a written notice that sets out: • The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and • The mechanisms available to complain about the refusal; and • Any other matter prescribed by the regulations.

If Avrior refuses to give access to the personal information because giving access would reveal evaluative information generated within Avrior in connection with a commercially or legally sensitive decision-making process, the reasons for the refusal may include an explanation for the commercially or legally sensitive decision.

Correction of Personal Information

If Avrior holds personal information about an individual, and is either satisfied that having regard to a purpose for which the information is held, the information is inaccurate, incomplete, irrelevant or misleading or the individual requests that Avrior correct the information, Avrior must take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

Refusal to Correct Information

If Avrior refuses to correct the personal information (including a request to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading) as requested by the individual, Avrior must give the individual a written notice that sets out: • The reasons for the refusal except to the extent that it would be unreasonable to do so; and • The mechanisms available to complain about the refusal; and • Any other matter prescribed by the regulations.

Where Avrior is required to provide a statement, Avrior must take steps that are reasonable in the circumstances to associate a statement in such a way that will make the statement apparent to users of that information.

Avrior must issue the statement within a reasonable period after the request is made and must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be). For further questions or clarity regarding this new legislation, please contact: Office of the Australian Information Commissioner Telephone: 1300 363 992 Email: enquiries@oaic.gov.auor visit the website http://ww.oaic.gov.au