Privacy Policy

Effective Date: 18/02/2026 Last Updated: 18/02/2026 Version: 1.0

1. Introduction

1.1 About This Policy

This Privacy Policy explains how RTO MATE PTY LTD (ABN 41 684 275 401) ("QUALTICKS", "we", "us", or "our") collects, uses, discloses, and protects your personal information.

1.2 Our Commitment

QUALTICKS is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are an Australian-owned and operated company.

1.3 Scope

This policy applies to:

Visitors to our website (qualticks.com.au);
Users of our Platform;
Subscribers to our newsletter;
Anyone who contacts us.

2. Australian Privacy Principles Compliance

We comply with all 13 Australian Privacy Principles. This policy addresses each principle as follows:

APP	Principle	Section
APP 1	Open and transparent management	Section 2
APP 2	Anonymity and pseudonymity	Section 6
APP 3	Collection of solicited information	Section 3-4
APP 4	Unsolicited personal information	Section 5
APP 5	Notification of collection	Section 4
APP 6	Use or disclosure	Section 7-8
APP 7	Direct marketing	Section 9
APP 8	Cross-border disclosure	Section 10
APP 9	Government identifiers	Section 11
APP 10	Quality of information	Section 12
APP 11	Security	Section 13
APP 12	Access	Section 14
APP 13	Correction	Section 15

3. Information We Collect (APP 3)

3.1 Information You Provide

We collect personal information that you provide directly, including:

Account Information:

Full name
Email address
Phone number (optional)
Job title/role
Organisation name
RTO registration number (if applicable)

Payment Information:

Billing address
Payment method details (processed by our third-party payment provider)

Communications:

Contact form submissions
Support requests
Newsletter subscriptions
Demo requests

3.2 Information Collected Automatically

When you use our Platform, we automatically collect:

Technical Information:

IP address
Browser type and version
Operating system
Device information
Access times and dates

Usage Information:

Pages viewed
Features used
Clickstream data
Session duration

3.3 Information from Third Parties

We may receive information from:

Training.gov.au (public RTO and qualification data)
Third-party analytics providers
Our CRM provider (HubSpot)

Training.gov.au Data Synchronisation: We periodically synchronise data from Training.gov.au including RTO information, qualification specifications, and VET product details. This synchronisation:

Occurs at scheduled intervals (not in real-time)
May result in temporary discrepancies with current Training.gov.au data
Does not guarantee accuracy or currency of information
Is subject to Training.gov.au system availability

We cannot guarantee that Training.gov.au data displayed in the Platform is current, accurate, or complete. See Section 9.2 of our Terms of Service for detailed information about Training.gov.au integration and its limitations.

3.4 Sensitive Information

We do not intentionally collect sensitive information (such as health information, racial or ethnic origin, political opinions, or religious beliefs). If you provide sensitive information to us, you consent to its collection and use for the disclosed purposes.

4. How We Collect Information (APP 3 & 5)

4.1 Direct Collection

We collect information directly when you:

Register for an account
Subscribe to our newsletter
Submit a contact or demo request form
Communicate with us via email or phone
Use our Platform

4.2 Cookies and Tracking

We use cookies and similar technologies to:

Maintain your session and preferences
Analyse Platform usage
Improve our services

Types of Cookies:

Type	Purpose	Duration
Essential	Platform functionality	Session
Authentication	Keep you logged in	30 days
Analytics	Usage statistics	12 months
Preferences	Remember your settings	12 months

You can manage cookies through your browser settings. Disabling cookies may affect Platform functionality.

4.3 Collection Notice

At the time of collection, we will notify you of:

The information being collected;
The purposes of collection;
Who we may disclose it to;
How you can access and correct it;
The consequences of not providing the information.

5. Unsolicited Personal Information (APP 4)

If we receive personal information that we did not solicit, we will:

Determine whether we could have collected it under APP 3;
If not, destroy or de-identify the information as soon as practicable (unless required by law to retain it).

6. Anonymity and Pseudonymity (APP 2)

6.1 When You Can Remain Anonymous

You may browse our public website without identifying yourself. However, certain activities require identification:

Creating an account
Subscribing to the Platform
Contacting us for support
Subscribing to our newsletter

6.2 Pseudonyms

You may use a pseudonym when contacting us for general enquiries. However, you must use your real name when registering for an account to ensure accurate compliance records.

7. Use of Personal Information (APP 6)

7.1 Primary Purposes

We use your personal information to:

Provide access to the Platform and Services;
Process payments and manage subscriptions;
Respond to your enquiries and support requests;
Send service-related communications (e.g., account updates, maintenance notices);
Verify your identity;
Maintain security and prevent fraud.

7.2 Secondary Purposes

With your consent or where permitted by law, we may also use your information to:

Send marketing communications about our products and services;
Conduct research and analytics to improve our services;
Personalise your experience;
Comply with legal obligations.

8. Disclosure of Personal Information (APP 6)

8.1 Who We Disclose To

We may disclose your personal information to:

Service Providers:

Hosting providers (Australian-based)
Payment processors
Customer support tools
Analytics services

Our CRM Provider:

HubSpot Inc. (United States) - see Section 10 for cross-border disclosure details

Professional Advisors:

Lawyers, accountants, and auditors as necessary

Regulatory Authorities:

ASQA, OAIC, or other authorities when required by law

8.2 When We Disclose

We will only disclose your personal information:

For the purposes for which it was collected;
Where you have consented;
Where required or authorised by law;
To protect our legitimate interests (e.g., legal proceedings).

8.3 No Sale of Personal Information

We do not sell your personal information to third parties.

9. Direct Marketing (APP 7)

9.1 When We May Market

We may use your personal information to send you marketing communications about our products and services if:

You have consented to receive marketing; OR
You would reasonably expect us to use your information for marketing; AND
We provide a simple opt-out mechanism.

9.2 What We Send

Marketing communications may include:

Product updates and new features;
Industry news and compliance updates;
Webinar and event invitations;
Special offers and promotions.

9.3 Opt-Out

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email;
Updating your preferences in your account settings;
Contacting us at support@qualticks.com.au.

We will process your opt-out request within 5 business days. Note that opting out of marketing does not affect service-related communications.

10. Cross-Border Disclosure (APP 8)

10.1 International Transfers

We disclose personal information to HubSpot Inc., located in the United States, for customer relationship management purposes.

10.2 Safeguards

Before disclosing personal information overseas, we take reasonable steps to ensure the recipient:

Is bound by a law or contract that provides comparable protection to the APPs;
Maintains appropriate security measures;
Will only use the information for the disclosed purposes.

10.3 HubSpot

HubSpot Inc. is:

Certified under the EU-US Data Privacy Framework;
Bound by a data processing agreement with us;
Required to protect personal information in accordance with the APPs.

10.4 Your Consent

By providing your personal information, you consent to its transfer to the United States via HubSpot. You acknowledge that US laws may differ from Australian privacy laws, but we have taken reasonable steps to ensure your information is protected.

10.5 Countries

Personal information may be disclosed to recipients in:

United States (HubSpot CRM)

We do not currently disclose personal information to recipients in any other countries.

11. Government Identifiers (APP 9)

11.1 Collection

We may collect government identifiers such as:

ABN (Australian Business Number)
ACN (Australian Company Number)
RTO registration numbers

11.2 Use and Disclosure

We will only use or disclose government identifiers:

For the purposes for which they were collected (e.g., verifying RTO registration);
As required or authorised by law;
To verify identity.

We will not adopt government identifiers as our own identifiers for you.

12. Data Quality (APP 10)

12.1 Our Commitment

We take reasonable steps to ensure personal information is accurate, up-to-date, complete, and relevant for the purposes for which it is used.

12.2 Your Responsibility

You are responsible for:

Providing accurate information at collection;
Updating your information if it changes;
Ensuring the accuracy of compliance-related data you enter into the Platform.

12.3 Verification

We may verify information you provide against:

Training.gov.au (for RTO data);
ABN Lookup (for business details).

13. Data Security (APP 11)

13.1 Security Measures

We implement robust security measures to protect your personal information, including:

Technical Measures:

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Multi-factor authentication for administrative access
Regular security assessments and penetration testing
Automated vulnerability scanning

Physical Measures:

Australian-based data centres with ISO 27001 certification
24/7 physical security and access controls
Redundant power and network infrastructure

Organisational Measures:

Role-based access controls
Staff privacy and security training
Incident response procedures
Regular policy reviews

13.2 Data Hosting

All customer data is stored in Australian data centres, except for contact information shared with HubSpot (United States) as disclosed in Section 10.

13.3 Data Breach Response

In the event of a data breach, we will:

Contain the breach immediately;
Assess whether it is an "eligible data breach" under the Privacy Act;
Notify the OAIC and affected individuals if required;
Take steps to prevent future breaches.

See our Security Policy for more details.

14. Access to Personal Information (APP 12)

14.1 Your Right

You have the right to request access to the personal information we hold about you.

14.2 How to Request Access

To request access, contact our Privacy Officer:

Email: support@qualticks.com.au
Subject line: "Personal Information Access Request"

14.3 What We Need

To process your request, we may need to:

Verify your identity;
Understand what information you are seeking;
Determine the format you prefer.

14.4 Timeframe

We will respond to your request within 30 days. If we need more time, we will notify you of the reason for the delay.

14.5 Exceptions

We may refuse access if:

Providing access would pose a serious threat to health or safety;
Access would have an unreasonable impact on others' privacy;
The request is frivolous or vexatious;
Access would prejudice legal proceedings;
Access would be unlawful;
Denying access is required or authorised by law.

If we refuse access, we will provide written reasons (unless doing so would be unreasonable).

14.6 Fees

We may charge a reasonable fee for providing access (e.g., administrative costs). We will inform you of any fees before processing your request.

15. Correction of Personal Information (APP 13)

15.1 Your Right

You have the right to request correction of personal information we hold about you if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

15.2 How to Request Correction

To request a correction:

Update your information directly in your account settings; OR
Contact our Privacy Officer at support@qualticks.com.au.

15.3 Our Obligations

If we are satisfied that information needs correction, we will:

Correct the information within a reasonable time;
Not charge a fee for correction;
Notify third parties to whom we disclosed the information (if you request and it is practicable).

15.4 Refusal to Correct

If we refuse to correct information, we will:

Provide written reasons;
Inform you of your right to complain;
At your request, attach a statement to the information noting that you believe it is inaccurate.

16. Data Retention

16.1 Retention Periods

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including:

Information Type	Retention Period
Account data	Duration of account + 7 years
Transaction records	7 years (legal requirement)
Marketing data	Until consent withdrawn
Support communications	3 years
Usage logs	12 months
Cookie data	As per cookie settings

16.2 Extended Retention for RTO Compliance

For Registered Training Organisations (RTOs), we maintain extended retention periods for compliance-critical data in accordance with Standards for RTOs 2025 and the VET Quality Framework:

RTO-Specific Information	Retention Period	Legal Basis
User qualifications and credentials	10 years from account deactivation	Standards for RTOs 2025
Resumes and employment records	10 years from account deactivation	ASQA audit requirements
Professional development records	10 years from account deactivation	VET Quality Framework
Competency mapping records	10 years from account deactivation	Trainer/assessor currency requirements
Trainer/assessor competency evidence	10 years from employment end date	Standards for RTOs 2025 § 2.1-2.2
Assessment outcome records	10 years from record creation	National VR Outcome Standards
Validation evidence documentation	10 years from validation date	ASQA audit trail requirements
Complaints and resolution records	10 years from complaint closure	Continuous improvement requirements

Rationale: RTOs must produce evidence of compliance in regulatory audits. These extended retention periods enable QUALTICKS to support RTOs in meeting their obligations under:

Standards for Registered Training Organisations 2015 (and subsequent updates)
VET Quality Framework
State training authority requirements (including VRQA, TAC, and others)
ASQA audit requirements

16.3 Security During Extended Retention

Data retained for extended periods under Section 16.2 remains subject to the encryption and security measures outlined in our Security Policy.

16.4 Access to Retained Data After Account Closure

Upon account deactivation or termination:

Account holders may request copies of retained data within 30 days of account closure
After 30 days, access to retained RTO compliance data is limited to:
- The former account holder (upon verification for audit purposes)
- Regulatory authorities when legally required
- Law enforcement or courts with appropriate legal orders

16.5 Deletion After Extended Retention

Extended retention data will be securely deleted after the retention periods specified in Section 16.2 have elapsed, unless:

The data is subject to legal hold for litigation or investigation
Regulatory authorities require continued retention
The account holder requests continued retention in writing

16.6 Deletion

When personal information is no longer needed (and is not subject to extended retention under Section 16.2), we will:

Securely destroy the information; OR
De-identify it so it is no longer personal information.

16.7 Data Export

If you close your account, you may request a copy of your data. We will make data available for export for 30 days after account closure.

17. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

18. Notifiable Data Breaches Scheme

18.1 Our Obligations

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).

18.2 What is an Eligible Data Breach?

An eligible data breach occurs when:

There is unauthorised access, disclosure, or loss of personal information;
A reasonable person would conclude that serious harm is likely to result; and
We have not been able to prevent the likely risk of serious harm through remedial action.

18.3 Notification

If an eligible data breach occurs, we will:

Notify the OAIC as soon as practicable;
Notify affected individuals as soon as practicable;
Include a description of the breach, types of information involved, and recommended steps.

19. Complaints

19.1 How to Complain

If you believe we have breached the APPs or this policy, you may complain to our Privacy Officer:

Email: support@qualticks.com.au Subject: Privacy Complaint

19.2 What to Include

Please include:

Your name and contact details;
A description of your complaint;
Any relevant documents;
What outcome you are seeking.

19.3 Our Response

We will:

Acknowledge your complaint within 7 days;
Investigate and respond within 30 days;
Keep you informed of progress.

19.4 OAIC

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au Phone: 1300 363 992 Email: enquiries@oaic.gov.au Address: GPO Box 5218, Sydney NSW 2001

20. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by:

Posting the revised policy on our website;
Updating the "Last Updated" date;
Sending an email notification for significant changes.

Your continued use of our services after changes take effect constitutes acceptance of the revised policy.

21. Contact Us

Privacy Officer RTO MATE PTY LTD

Email: support@qualticks.com.au Address: PO BOX 101 Craigieburn VIC 3064 Phone: support@qualticks.com.au

We aim to respond to all enquiries within 7 business days.