Purchasing Online (POL) Privacy Statement

Purchasing Online (POL) is the Department of Employment, Small Business and Training's web-based application to receive online submissions from registered training organisations (RTOs) applying for departmental funding to deliver vocational education, training and assessment services.

When you use POL, the department collects information from you about you and the RTO that is applying for funds. The information collected by the department is predominantly about the business of the RTO and is collected and used for the general purposes of:

• assessing the RTO's application for Queensland Government public funding programs for the delivery of vocational education, training and assessment services
• and
• administering any subsequent contract or arrangement awarded out of that application process.

The information collected may contain some forms of 'Personal Information' (as opposed to business information) where information about individual persons is collected. The use, disclosure and transfer of personal information by Queensland Government are regulated under the Information Privacy Act 2009 (Qld). If the RTO provides personal information to the department, it must ensure it is authorised to do so.

'Personal Information' is 'information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion'.

Personal information such as the names and contact details (e.g. phone numbers, email addresses, street and postal addresses) of the POL user and representatives of the RTO will be collected for the purpose of communicating with the user and the RTO and for the general purposes listed above of assessing applications and administering contracts.

Information about the user's usage of POL will also be collected in accordance in Information Standard - Information Security (IS18) for the purposes of retaining audit trails relating to who has accessed or modified information, and when it occurred.

The information submitted into POL (including personal information) will be primarily used and accessed by the department or persons acting on behalf of the department (e.g. contractors).

Generally, personal information is not disclosed to any third party outside the department. However personal information may be disclosed where:

• The department is authorised or required by law to make the disclosure.
• You have consented to the disclosure.
• The department's procurement/funding processes require the participation of other government or non government agency representatives on evaluation panels to review submissions for publicly funded programs. In this case, information submitted may be disclosed to and used by such people and organisations.
• The department is authorised or required to transmit the information to the Queensland Training and Information Service (QTIS) and/or Queensland Skills Gateway public websites.
• The department seeks to verify the identity of the applicant and obtain authorisation from the applicant's RTO for the applicant to be granted a POL Account.
• The information is being disclosed to the minister of the department and his/her staff in relation to the funding program.

Email

The department's servers will record your email address as part of the POL user account creation process, as well as various POL application processes. Your email address will not be added to a mailing list, but will be used to communicate with you in relation to the POL Account creation process, or the application and procurement process submission for publicly funded programs. Your email address will not be added to a marketing list.

Information security

The department takes all reasonable steps to protect the information that we hold against loss, unauthorised access, use, modification, disclosure or other misuse.

POL has in place extensive procedures and features to safeguard information, including:

• firewalls secure connection across the internet
• encryption secure site through usage of HTTPS and SSL 128 bit SSL (Secure Sockets Layer) data encryption technology
• user authentication via user ID and password during login, and re-validated for every page
• unsuccessful attempt blocking locking out of access after three unsuccessful attempts
• session timeout expiration of sessions after 30 minutes of inactivity
• session cookies only no actual cookie information is stored on the user's computer once the session is finished
• full audit trails allows the department to identify the user and date/time associated with modification of information.

Access and alteration of information

The department will allow you to access and alter personal and business information collected as part of POL user account creation or application processes (subject to restrictions on such access/alteration of records under security or procurement/funding processes, or provisions of any applicable laws or contracts).

Please also note the privacy statement attached to the department's website, which also applies. Contact Right to Information Services if you have a concern or complaint about the way your personal information has been collected, used, stored or disclosed.

Last updated 17 June 2020