Overview
NAATI is committed to protecting the privacy of the personal information we collect. Personal information collected by us is governed by the Privacy Act 1988 (Cth) (“the Act”) and associated legislation.
We adhere to the Australian Privacy Principles (“APPs”) contained within the Act which regulate how organisations may collect, use, disclose and store personal information and how individuals may access, and correct personal information held about them.
Where applicable, we also adhere to the Privacy Act 2020 (New Zealand) (“NZ Act”) and the information privacy principles contained within (“NZ IPPs”).
By using our products or services, visiting our website or giving us your personal information, you agree to your information being collected, stored, used and disclosed as set out in our Privacy Policy.
To ensure that data we collect is kept secure, NAATI is a partner of the Australian Cyber Security Centre (ACSC) and adheres to their Essentials Eight Maturity Level 3 framework for cyber security. This protects the integrity and confidentiality of NAATI’s digital assets using security frameworks and threat mitigation strategies at the highest level developed and recommended by the ACSC.
Definitions
- ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
- ‘sensitive information’ (a type of personal information), means information or an opinion about an individual’s racial or ethnic origins, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.
Personal information
We only collect information that is reasonably necessary for our functions or activities which are listed under Use and Disclosure of Personal Information below. This may include:
- biodata and contact information including names, addresses, email addresses, phone numbers, photographs, date and country of birth, residency/citizenship status, education and work experience, and other contact details;
- copies of correspondence (emails, meeting minutes, file notes of discussions, Microsoft Teams chat and call logs, NAATI chatbot, other electronic communications) between individuals and us;
- payment details (including purchase and payment history);
- copies of documents to assist with proof of identification or travel arrangements (photographs, ID documents);
- test materials, including video and audio recordings, test results, location and records of attendance at test sessions, and test review results;
- records of attendance at workshops or seminars;
- information about employees and directors as required in the normal course of human resource management and business operations; or
- supplier details including goods and services provided to NAATI by individuals.
Collection of personal information
We may also collect personal information through:
- video surveillance in public areas of our buildings for safety and security purposes; and
- recording telephone conversations with individuals for training and monitoring purposes, with prior consent from the individual at the time of the call.
Sometimes we collect personal information about an individual from a third party or a publicly available source, but only if it would be unreasonable or impracticable to collect the personal information from the individual.
If you provide personal information about someone other than yourself, you are agreeing that you have that person’s consent to provide the information for the purpose for which you provide it to us. You also agree that you have told the person about this policy and where to find it.
Use & disclosure of personal information
We collect personal information for the following purposes:
- to provide products and services, such as testing, recertification, delivery of products such as ID cards, registration of New Zealand interpreters, NAATI News or other newsletters, access to the myNAATI portal or Learning Management System, verification of practitioner details, or maintaining the NAATI online directory establish applicants eligibility to sit a test;
- to provide customer service functions, including establishing an applicant’s eligibility to sit a test, responding to queries and feedback, and investigating complaints made to us;
- for marketing purposes, including to provide information about our services or on behalf of third parties which may be of interest to the recipient or of benefit to the profession;
- for research purposes, including to support third parties to conduct research about the industry or where we believe it is of benefit to the profession;
- to improve the products and services we provide;
- to support human resources management processes;
- to facilitate proper governance processes such as risk management, incident management, internal and external audits; or
- to enable us to conduct our business, including managing supplier relationships, processing payments and meeting our legal and regulatory obligations.
We will only use an individual’s personal information for the purpose for which it was collected, with the individual’s consent, or if required or permitted by law.
Any direct marketing communications will advise recipients how they can opt out of receiving such marketing-related communications.
NAATI may disclose personal information in the following ways:
- Applicants’ personal information including name and contact details to test supervisors in Australia or overseas to administer NAATI testing;
- Applicants’ personal information including name, contact details and test session details to organisations or individuals who are listed on the application as a sponsor, if applicable;
- Certified practitioner’s personal details, including name, NAATI credentials, contact details and address as agreed by the individual practitioner, to people searching via NAATI’s Online Directory;
- Certified practitioner’s personal details, including name, NAATI credentials, location, photograph and past credentials, to people who use NAATI’s online verification tool or who make a direct enquiry about the validity of a Practitioner ID or practitioner’s credentials;
- Personal banking details (credit card, bank details, etc.) to a bank or other financial institution to process a transaction, ensuring appropriate security to safeguard the information;
- Details of prizes or scholarships awarded to applicants such as under NAATI’s Research Fund or Translating and Interpreting Industry Development Fund, including the individual’s name and prize/scholarship details, to the public;
- Necessary personal information to third parties engaged to provide products or services to us, or on our behalf, such as conference facilities, suppliers of practitioner products or workshop facilitators;
- Personal information to external advisers including Board advisory committees, Member Governments/representatives, or legal advisors where such a disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity or serious misconduct; and/or
- As required or permitted by law.
Except as outlined above, we won’t disclose personal information without the individual’s consent.
Storage and Disposal of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification and disclosure. Such steps include:
- Physical security over paper-based and electronic data storage and premises;
- Computer and network security measures, including use of firewalls, password access and two‑step authentication, secure servers, encryption for online financial transactions and employee policies about IT security;
- Restricting access to personal information to NAATI’s directors and employees and those acting on our behalf who are authorised and on a ‘need to know’ basis;
- Secure destruction of physical copies of personal information;
- Retaining personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer; and
- Entering into confidentiality agreements with employees and third parties.
NAATI stores personal information of applicants and certified practitioners in secure encrypted digital storage and databases.
NAATI keeps personal information for as long as the information is required for the purpose for which it was collected and in line with any relevant legislation.
Where NAATI no longer requires your personal information, including where we are no longer required by law to keep records relating to you, we will take reasonable steps to ensure that it is destroyed or de‑identified.
If we receive personal information that we have not requested, and we determine that we could not have lawfully collected that information under the APPs or NZ IPPs had we asked for it, we will destroy or de‑identify the information if it is lawful and reasonable to do so.
Privacy or Data Breaches
Individuals who consider that a breach of privacy in relation to personal information held by NAATI has occurred should advise NAATI in writing by email to info@naati.com.au in accordance with our Complaints Policy.
If you require further information about privacy protection, or if you are not satisfied with our response to your concerns, you can contact the Office of the Australian Information Commissioner or New Zealand Office of the Privacy Commissioner, depending on where the privacy concern has taken place.
Accessing and Correcting Your Personal Information
Under the Act (or where relevant, the NZ Act), individuals may generally have access to personal information held about them.
NAATI does not provide applicants access to test materials at any time.
NAATI test candidates and practitioners can view and update their personal information at any time using the myNAATI portal.
For individuals who cannot view or update their personal information using the myNAATI portal, alternative arrangements can be made upon request by writing to info@naati.com.au. Requests may take up to ten business days to process and proof of identification will be required.
If an individual requests access to the personal information we hold about them, or requests that we amend that personal information, we will provide the individual access unless we consider that there is a sound reason under the Act, or other relevant law to withhold the information. If we deny you access to the information, we will notify you of the basis for this decision.
NAATI test candidates and practitioners can view and update their personal information at any time using the myNAATI portal.
An individual who believes that personal information held by NAATI is incorrect must notify NAATI in writing of the relevant corrections. Requests for changes to such details as personal identity, name or qualifications must be made in writing to info@naati.com.au and accompanied by documentary evidence in support of the request.
If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up‑to‑date, complete, relevant and not misleading), we are not required to make the corrections and we will advise you in writing of this decision.
Policy Review
This policy will be reviewed for effectiveness and update by management and the Audit and Risk Management Committee in line with NAATI’s Schedule of Policies.
An individual’s continued use of our website, products or services, or the provision of further personal information to us after this Privacy Policy has been revised, constitutes the individual’s acceptance of the revised policy.
Policy Approval
This policy was approved by the Board on 27 August 2021.