Privacy Policy

1. About This Policy

This Privacy Policy explains how RPL It Australia Pty Ltd (“RPL It”, “we”, “us”, “our”) collects, uses, stores, discloses, and protects your personal information.

We are committed to handling your personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and any other applicable privacy legislation.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not provide us with your personal information.

2. Who We Are

RPL It Australia is a student support service that helps candidates prepare and submit Recognition of Prior Learning (RPL) applications to Registered Training Organisations (RTOs). We are not an RTO — we do not conduct assessments or issue qualifications. For more detail about our role, see our Terms and Conditions.

3. What Personal Information We Collect

Information you provide to us

When you engage with RPL It — whether through our website, by phone, email, or in person — we may collect the following types of personal information:

Identity and contact information

• Full name, date of birth, gender
• Email address, phone number, residential address
• State or territory of residence

Employment and experience

• Current and previous employment history, including employer names, job titles, duties performed, and dates of employment
• Details of your work experience, skills, and industry knowledge
• Employer or supervisor reference letters and contact details (with their consent)

Qualifications and training

• Prior qualifications, statements of attainment, transcripts, and training records
• Industry licences, tickets, and registrations (e.g., White Card, trade licences)
• Professional development and short course certificates

Evidence documents

• Work samples, project documentation, photos, and other materials you provide to support your RPL application
• Self-assessment responses and skills review information

Financial information

• Payment details for processing your fees (credit card, EFT, or Stripe)
• We do not store your full credit card details — payment processing is handled by our third-party payment providers

Unique Student Identifier (USI)

• Your USI, if you have one, or information needed to help you obtain one
• Your USI is a government-related identifier and is handled in accordance with the Student Identifiers Act 2014

Information collected automatically

When you visit our website, we may automatically collect:

• IP address, browser type, device type, and operating system
• Pages visited, time spent on pages, and referring URLs
• Cookie data and website usage analytics (see Section 10)

Sensitive information

In some cases, depending on the qualification you are seeking, we may collect information that is considered “sensitive information” under the Privacy Act, including:

• Health information (e.g., for qualifications in aged care, disability support, community services, or remedial massage)
• Racial or ethnic origin (e.g., if relevant to diversity or cultural safety requirements of a training product)
• Criminal history information (e.g., for qualifications requiring police checks such as security, childcare, or aged care)

We will only collect sensitive information with your express consent, and only where it is reasonably necessary for your RPL application. You are never required to provide sensitive information — but declining to do so may affect your eligibility for certain qualifications.

4. How We Collect Your Information

We collect personal information:

• Directly from you — when you complete our Free Skills Review form, contact us by phone or email, provide evidence documents, or engage our services
• From third parties — where you have authorised us to do so, for example from your employer or supervisor, from RTOs, or from government registers (e.g., USI verification)
• From our website — through cookies, analytics tools, and form submissions

Where possible, we will collect personal information directly from you. If we receive personal information about you that we did not request (unsolicited information), we will determine whether we could have collected it under the APPs. If not, we will destroy or de-identify the information as soon as practicable.

5. Why We Collect and Use Your Information

Providing our services

• Conducting your initial skills review and consultation
• Assessing whether RPL may be a suitable pathway for you
• Helping you gather, organise, and prepare your evidence portfolio
• Submitting your RPL application to the partner RTO
• Coordinating with the RTO and keeping you informed of progress
• Processing your payment and managing your account

Communicating with you

• Responding to your enquiries and requests
• Providing updates on your application status
• Sending you information relevant to your RPL journey

Business operations

• Improving our services, website, and processes
• Maintaining internal records and reporting
• Managing complaints and feedback
• Complying with our legal, regulatory, and contractual obligations

Marketing (with your consent)

• Sending you information about our services, qualifications, or industry news
• You can opt out of marketing communications at any time by contacting us or using the unsubscribe link in any marketing email

We will not use your personal information for a purpose other than the purpose for which it was collected, unless you have consented, or the secondary use is related to the primary purpose and you would reasonably expect it, or it is required or authorised by law.

6. Who We Share Your Information With

Partner RTOs

Your personal information and evidence portfolio will be shared with the Registered Training Organisation assessing your RPL application. This is a necessary part of the RPL process. We will confirm which RTO your information will be shared with before your application is submitted.

Once your information is provided to the RTO, the RTO's own privacy policy applies to their handling of that information. We encourage you to review the RTO's privacy policy, which will be provided to you before enrolment.

Service providers

We may share your information with third-party service providers who assist us in delivering our services, including:

• Payment processors — to process your fees securely
• CRM and business software providers — to manage your application and communications
• IT and hosting providers — to maintain our website and systems
• Professional advisers — accountants, lawyers, or auditors, where necessary

These providers are bound by confidentiality obligations and are only permitted to use your information for the specific purpose for which it was shared.

Regulatory and legal disclosure

We may disclose your personal information where required or authorised by law, including to:

• The Australian Skills Quality Authority (ASQA)
• State or territory VET regulators
• The Unique Student Identifier (USI) Registrar
• Law enforcement agencies
• Courts or tribunals

7. Cross-Border Disclosure

RPL It primarily operates in Australia, and your personal information is stored and processed in Australia.

If you are located outside Australia (for example, if you are an overseas candidate seeking recognition of Australian qualifications), your information will be transferred to and stored in Australia.

We do not routinely disclose personal information to recipients outside Australia. If this changes, we will take reasonable steps to ensure they comply with the APPs, or we will obtain your consent before disclosing.

8. How We Store and Protect Your Information

Security measures

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Secure, access-controlled digital systems for storing your information
• Encryption of data in transit (e.g., when you submit forms on our website)
• Restricting access to personal information to staff who need it to perform their duties
• Regular review of our security practices

While we take reasonable precautions, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, but we are committed to maintaining appropriate protections.

Data retention

We retain your personal information for as long as reasonably necessary. As a guide:

• Application and evidence records — retained for a minimum of two (2) years after the completion of your training product, consistent with the record-keeping requirements under the 2025 Standards for RTOs
• Financial records — retained for seven (7) years in accordance with Australian tax law
• Website analytics data — retained in aggregated, de-identified form
• Marketing consent records — retained for as long as you remain subscribed, or as required to demonstrate compliance

When your personal information is no longer needed, we will take reasonable steps to securely destroy or de-identify it.

9. Government-Related Identifiers

Your Unique Student Identifier (USI) is a government-related identifier under the Student Identifiers Act 2014. We will:

• Only collect your USI where necessary for your RPL application
• Only use and disclose your USI for purposes related to your VET enrolment and the delivery of VET services
• Not adopt your USI as our own identifier for you
• Take reasonable steps to protect your USI from misuse

10. Cookies and Website Analytics

What cookies we use

• Essential cookies — required for website functionality (e.g., session management, security)
• Analytics cookies — help us understand how visitors use our website. This data is collected in aggregated, de-identified form.
• Third-party cookies — some features on our site may set cookies from third-party providers

Managing cookies

You can manage or disable cookies through your browser settings. Disabling cookies may affect some features of our website. For more information, visit allaboutcookies.org.

Do Not Track

Our website does not currently respond to “Do Not Track” browser signals.

11. Your Rights

Access your information

You can request access to the personal information we hold about you. We will respond within thirty (30) days. In most cases, access is provided free of charge. If your request requires significant effort, we may charge a reasonable fee, discussed with you in advance.

Correct your information

If you believe the personal information we hold is inaccurate, incomplete, out of date, or misleading, you can request correction. We will respond within thirty (30) days.

Withdraw consent

Where we rely on your consent to collect, use, or disclose your personal information, you may withdraw your consent at any time by contacting us. Withdrawing consent may affect our ability to provide certain services.

Request deletion

You can request that we delete your personal information where it is no longer needed for the purpose for which it was collected. We will comply unless we are required to retain the information by law.

Opt out of marketing

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting us at [email protected]. We will action your request within five (5) business days.

12. Data Breaches

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take reasonable steps to contain the breach and reduce any potential harm
• Assess whether the breach is likely to result in serious harm
• If so, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988

13. Complaints

How to complain

Contact us at [email protected], call 1300 93 60 93, or write to Level 35, International Towers Sydney, 100 Barangaroo Ave, Barangaroo NSW 2000.

Please include your name, contact details, and a clear description of your concern. We will:

• Acknowledge your complaint within five (5) business days
• Investigate the matter and respond within thirty (30) days

If you're not satisfied

If you are not satisfied with our response, or if we do not respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

Material changes will be noted on this page with an updated “Last updated” date. If you are an active client at the time of a material change, we will notify you directly.

15. Contact Us