Student Knowledge Base Library
In this article
PurposeDefinitionsWho This Policy Applies ToOur PolicyWhat Data We CollectPayment platforms:How We Store Your DataHow We Use Your DataWhen We Disclose Your DataHow Long We Keep Your RecordsIf There’s a Data BreachAccessing Your RecordsConcerns or Privacy ComplaintsContactCompliance
Home
Pilates ITC Library
Policies & Procedures
Supporting Policies and Procedures
Compliance and Continuous Improvement

Privacy and Data Management Policy and Procedure

Edited

Purpose

At Pilates ITC, we value your privacy and are committed to protecting your personal information. This policy explains how we collect, store, and use your data while ensuring full compliance with the Standards for RTOs 2025, ASQA guidelines, and the Privacy Act 1988 (Cth). We’re here to safeguard your information—securely, ethically, and transparently.

Definitions

  • Student Data – Any personal, academic, medical, or financial information collected by Pilates ITC in relation to your enrolment and training

  • Student Management System (SMS) – VT Cloud (Ready Student), the platform where your enrolment and training records are stored securely

  • Learning Management System (LMS) – Adobe Learning Manager, the platform that delivers your course content and assessment tasks

  • Third-Party Providers – Trusted services like VT Cloud, Stripe, and Debit Success, used to support course access, training delivery, and payment processing

Who This Policy Applies To

  • All students enrolled in Pilates ITC courses

  • Pilates ITC staff, contractors, and third-party providers involved in managing and protecting your data

Our Policy

What Data We Collect

Your data may be collected when you enrol or engage with our systems, including:

  • Personal details – name, address, date of birth

  • Contact information – email, phone number

  • Unique Student Identifier (USI)

  • Enrolment history and academic records

  • Emergency contact information

  • Medical details (where relevant)

  • Bank details (for processing course fees and related payments)

Payment platforms:

  • Debit Success Australia – For Australian students

  • Stripe – For international students and one-off payments

  • Ezidebit – May apply for students enrolled before January 2023 (not available for new students)

Before collecting sensitive information, we will always ask for your consent.

How We Store Your Data

Your information is stored securely in both digital and physical formats using the following protections:

  • Password-protected access to our SMS and LMS

  • Locked cabinets for any physical records

  • Access limited to authorised staff on a need-to-know basis

  • Regular audits to confirm best practices are being followed

For more details, you can review Ready Tech data protection and privacy policy on their website.

How We Use Your Data

We only use your data to support your training and comply with regulatory requirements. This includes:

  • Managing your enrolment and course progress

  • Verifying your USI with government agencies

  • Delivering your training and assessments

  • Issuing certificates or statements of attainment

  • Reporting to regulatory bodies (e.g., ASQA, NCVER)

  • Registering you with the LMS (Adobe Learning Manager) so you can access course materials

Your information won’t be shared unless we are required to by law or you’ve given your consent.

When We Disclose Your Data

We may disclose information to:

  • Australian government agencies such as the NCVER or ASQA

  • NCVER for compliance and statistics

  • Approved third-party providers like VT Cloud, Adobe LMS, Stripe, or Debit Success—always under strict confidentiality obligations

All disclosures follow the Australian Privacy Principles (APPs).

How Long We Keep Your Records

  • Student records – Retained for 30 years

  • Financial records – Kept for at least 7 years

  • Other records – Held in line with internal compliance policies

After this time, data is securely destroyed or de-identified to protect your privacy.

If There’s a Data Breach

In the unlikely event of a data breach, Pilates ITC will:

  • Immediately investigate the cause and scope

  • Notify affected students and relevant authorities, as required under the Notifiable Data Breaches (NDB) scheme

  • Put safeguards in place to prevent similar breaches in future

Accessing Your Records

You have the right to access the personal information we hold about you. To request this:

  • Please contact our Student Support Team in writing

  • Your request will be processed within 10 business days

  • We’ll conduct a short verification process to confirm your identity

Concerns or Privacy Complaints

If you believe your privacy has been compromised:

  • You can raise a formal concern under our Complaints and Appeals Policy

  • All privacy complaints are handled with care and in accordance with legal requirements

Contact

If you have questions or need support, please don’t hesitate to reach out. Our friendly Student Services Team is here for you. Visit our Contact Us page for details.

Compliance

This policy complies with:

Clause 8.5 of the Standards for RTOs 2025: Ensuring all RTOs meet their legislative and regulatory obligations, including in data privacy.

Australian Privacy Principles (APPs): Governing how your personal data is collected, used, and protected.

Privacy Act 1988 (Cth): The national law that ensures privacy rights are respected across education and business.

 Disclaimer: This Policy / Procedure when printed, this becomes an uncontrolled document. 

Policy# P-COU-027 

Version Control Table  

Version Number  

Date  

Owner  

Change / Update  

  V12.0

07 April 2025

Training Manager

Expanded policy and added procedure  

  

  

  

  

  

  

  

  

Pilates ITC