Skip to content




Embark on your educational journey today by starting your application. Our dedicated course advisor will be in touch shortly to guide you through the process and answer any questions you may have.




This policy sets out how CG Spectrum Institute (CGSI) collects, uses and processes personal information, as well as ensuring that information about staff members, students, alumni and/or stakeholders is kept confidential.

Any information collected or provided to CGSI will only be used in the ways described in this policy and in accordance with CGSI’s obligations as a higher education provider.

CGSI acknowledges its obligation with regards to the collection, storage and use of information within the framework of the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Office of the Australian Information Commissioner’s Privacy Management Framework, and all other relevant Commonwealth and State privacy and data protection laws. These Acts, the APPs and the Privacy Management Framework set out the principles and procedures that CGSI must abide by when it collects, stores, uses and discloses personal information.


This policy applies to all members of the CGSI community.


3.1. The CEO is responsible for the implementation of this policy, including monitoring and reporting on CGSI’s privacy management and any breach of policy, and planning for preventive actions.

3.2. Line managers are responsible for training new staff in privacy obligations and management.  

3.3. Any Staff Member whose duties, scholarly work or activities as an employee of CGSI, collects personal information must ensure they meet their obligation to protect such personal information in accordance with the Acts, the APPs and the Privacy Management Framework as set out in section 1. Staff members are responsible for reporting unauthorised access to their computers, email accounts or to other documents, to the CEO.

3.4 Students are responsible for reporting unauthorised access to their Learning Management System accounts to the Academic Director.

3.5. Group IT is responsible for promptly issuing new email passwords to affected users on receiving a report of unauthorised access, assessing whether any other action is required and assisting with all IT matters related to a data breach.





Data Breach

is unauthorised access of disclosure of personal information, or loss of personal information. A data breach may result from malicious action, human error or a data systems failure1.

Personal Information  

means any information or opinions that would allow an individual to be identified, including name, phone number, email address, address, bank details, nationality, date of birth, education history, enrolment history, physical characteristics, license, passport number, medical information, staff or student identification numbers, tax file number, or any other information that can identify an individual.

Sensitive          Personal


is personal information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical benefits, trade union memberships or association, criminal record, sexual orientation or practices, health or genetic information and some aspects of biometric information.  



4.1. Collection of Personal Information

CGSI collects personal information from a variety of sources from staff, prospective and enrolled students, alumni, committee members and stakeholders. Information may be collected by:

  • industry partner associations and host organisations providing work integrated learning experiences or other body which is a member or affiliated with CGSI;
  • an application form, client consent form, student feedback survey, unit evaluation, assessment extension request, or critical incident report;
  • a prospective student entering personal information into an online system;
  • contact form on CGSI’s website;
  • email, telephone or mail;
  • engagement via social media;
  • interview or meeting with staff;
  • participation in any course, workshop, activity, or event offered by CGSI;
  • applications for employment, contract work or as a supplier to CGSI; or
  • where required to do so by law (for education, child protection, work health and safety or other legislation in Australia).

The information that CGSI may collect includes:

  • names;
  • date of birth;

1 Office of the Australian Information Commissioner (2018). Data Preparation and Response – a guide to managing data breaches in accordance with the Privacy Act 1988 (Cth). Retrieved from

  • position titles;
  • contact information, including email address, address and phone numbers;
  • date of birth;
  • demographic information such as postcode, age, and gender;
  • course of study;
  • unique student identifier;
  • licence number, passport number, and Tax File Number;
  • information about employment background, work experience, business or personal affairs; information about circumstances affecting study such as disability; and financial information and banking details.
4.2. Use of Personal Information

CGSI will collect and use personal information for the following purposes:

  • to provide information, educational products and services to students, and to request information to manage and administer those products and services (including enrolment, assessment, and issuing records of results and testamurs);
  • to respond to queries relating to CGSI courses, subjects, workshops, requests for advice, complaints and services;
  • to better understand student needs, and enable CGSI to improve its courses and services;
  • for internal record keeping;
  • to circulate promotional emails about new courses and services, special offers or other information relevant to studying at CGSI;
  • to report on student outcomes according to requirements by the Tertiary Education Quality

Standards Agency (TEQSA);

  • to report to TEQSA and the Department of Education and Training on CGSI’s key personnel and fit and proper persons responsible for management of CGSI;
  • to promote relevant study and work integrated learning opportunities;   to review and revise courses according to student and staff feedback; and            to employ staff in CGSI.
4.3.   Modes of Communication

CGSI may communicate with staff, prospective students, current course, non-award and CPD students, alumni, committee members and stakeholders by a variety of measures, including by telephone, email, SMS, social media, the CGSI website, or mail. Staff members, enrolled students and committee members are expected to maintain up to date contact details at all times.

4.4. Disclosure of Stored Personal Information

CGSI will provide access to personal information it holds:

  • if CGSI obtains written permission from the relevant party to provide access to the information; under relevant legislation, and depending on circumstances, including:
    • The Department of Education and Training; o The Department of Home Affairs;
    • TEQSA;
    • Australian Tax Office; o Superannuation funds; and o        

CGSI may disclose personal information in order to:

  • assist with core functions such as the recruitment of students;
  • verify educational information details upon request from third parties, such as verifying completion of courses, requests from potential employers to verify qualifications ,and further enrolment into other higher education institutions;
  • comply with CGSI’s legal and regulatory obligations, including disclosure and reporting to Commonwealth, State and Territory government agencies for planning, evaluative, administrative and funding purposes. This may include:
    • disclosure and reporting to Commonwealth and State government agencies for the purpose of administrating entitlements to financial assistance under Commonwealth and State government programs for supporting students, such as FEE-HELP;
    • disclosure to government agencies responsible for administrating and regulating education and training providers in Australia, such as Tertiary Education Quality and Standards Agency (TEQSA), Australian Skills Quality Authority (ASQA), and Tuition Protection Service

(TPS); o management of international students’ enrolment in CGSI courses;

  • notify credit reporting agencies and courts, tribunals, and regulatory authorities where students fail to pay for goods or services provided by CGSI to them, when internal avenues for remedy have been exhausted;
  • respond to courts, tribunals, regulatory authorities, and law enforcement officers as required by law in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend CGSI’s legal rights;
  • communicate with relevant third party or parties, with relevant consent, if a matter involves third parties. When CGSI discloses personal information to third parties, it will request or otherwise seek confirmation that the third party follows relevant privacy laws, including the APPs regarding management of personal information;
  • pay wages, superannuation and other relevant employment benefits; and protect the safety of students and/or staff in the case of risk of safety.  

CGSI does not typically or routinely disclose personal information to overseas recipients, unless consent has been given, or an exception under the APPs applies, and will only disclose personal information to overseas recipients where reasonable steps have been taken to ensure the overseas recipient does not breach the APPs in relation to personal information. In circumstances where information is disclosed to overseas recipients, those recipients are likely to be located in countries within regions in which we operate.

4.5. Change of Management of CGSI

If there is a change of management of CGSI, or a sale or transfer of business assets, CGSI reserves the right to transfer to the extent permissible at law its user databases, together with any personal information and non-personal information contained in those databases.

CGSI will only disclose information in good faith and will maintain the confidentiality of staff, student, alumni and stakeholders at all times.

4.6. Data Security

CGSI is committed to ensuring that the information provided by staff, students, alumni, committee members and stakeholders is stored securely. In order to prevent unauthorised access or disclosure,     CGSI has in place suitable physical, electronic and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

CGSI takes seriously the risk of a breach of data security and takes reasonable steps to reduce the risk of a breach. Data security is included in CGSI ’s Risk Management Framework.

The CEO will immediately report a notified breach of data security to the Board of Directors, including a plan for how to reduce risk of harm to affected individuals (for example, change of password if an email or Learning Management System account has been subject to unauthorised access).

The Board of Directors will report notifiable data breaches to affected individuals and the Privacy Commissioner when serious harm is likely and remedial action taken by CGSI has not reduced the risk of harm.

4.7. Use of Cookies

CGSI may use cookies on the website from time to time for statistical purposes only. A cookie is a small file which asks permission to be placed on the user’s computer’s hard drive. Once the user agrees, the file is added and the cookie helps analyse web traffic. Cookies allow web applications to respond to the user as an individual. The web application can tailor its operations to user needs and preferences by collecting and remembering information, following which the data is removed from the system. Cookies do not give CGSI access to users’ computers or any information, other than data provided by users. Users can choose to accept or decline cookies.

CGSI may also use web beacons on the website from time to time. Web beacons or clear. gifs are small pieces of code placed on a web page to monitor the behaviour and collect data about visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

4.8 Links to Other Websites

The CGSI website may provide links to other websites of interest. CGSI does not have any control over other websites. Students should exercise caution when accessing such websites and look at the Privacy Policy applicable to the website in question.

4.9 Controlling Personal Information

4.9.1 Choice and Consent: In order for CGSI to fulfil its duty in providing accredited higher education courses and services, staff and students will be required to disclose certain personal information. Personal information is covered within the framework of this Privacy Policy. CGSI will not sell, distribute or release personal information to third parties unless it has permission or is legally required to do so.

4.9.2 Anonymity: CGSI will provide prospective students with the option of remaining anonymous or using a pseudonym where it is lawful and practicable (for example, when making an enquiry). Generally is it not practicable or lawful for CGSI to deal with students anonymously or pseudonymously on an ongoing basis (for example, if the individual wishes to enrol in a course of study).

4.9.3 Restrict Access: Staff, students, alumni and stakeholders may choose to restrict the collection or use of personal information. Students who have previously agreed to CGSI using their personal information for marketing purposes may change their mind at any time by notifying the CGSI CEO.  

4.9.4 Access: Staff, students, alumni and stakeholders may request access to personal information held by CGSI in accordance with the provisions of the Privacy Act. CGSI will require evidence of identification prior to releasing information and reserves the right to refuse to provide individuals with such information in certain circumstances as set out in the Act.

4.9.5 Correction: If a staff member, student, alumnus or stakeholder believes that personal information stored by CGSI is inaccurate, out of date, incomplete, irrelevant or misleading, a request for the information to be rectified or updated is to be submitted to the CEO. CGSI relies in part upon individuals advising us of any changes in their personal information. CGSI will respond to a request for correction of personal information within a reasonable timeframe of five working days, and will promptly correct such information within this timeframe.

4.9.6 Unsubscribe: Students, alumni and stakeholders may unsubscribe from the e-mail database, or opt out of communications by emailing

4.10. Complaints

In the case that a staff member, student, alumnus or stakeholder believes that CGSI has breached its privacy obligations or this policy, the relevant policy is to be followed in raising a grievance or making a complaint: Staff Grievance and Complaint Policy; or Student Grievance, Complaints and Appeals Policy and Procedure (for prospective and enrolled students). Complaints will be responded to within the framework of the relevant policy.

4.11.   Request for access and correction

Each person has a right to request access to, and correction of, personal information held by CGSI.   To request access to or correction of personal information held by CGSI, a staff member, student, alumnus or stakeholder may send a written request to

The written request should include:

  • if it is a request for access to personal information, details regarding which information is requested to be produced; or
  • if it is a request to correct personal information, details of the misrepresented information and the corrections to be made.

If CGSI does not agree to provide access or to correct the information requested, it must give written reasons why. For example, a request to access personal information may be rejected if:

  • the request is frivolous or vexatious;
  • providing access would have an unreasonable impact on the privacy of another person;
  • providing access would pose a serious and imminent threat to the life or health of any person; (d) providing access would prejudice our legal rights; or (e) there are other legal grounds to deny the request.

4.12. To contact CGSI about privacy concerns, please email



Student Grievance Complaints and Appeals Policy

Student Grievance Complaints and Appeals Procedure

Media and Communication Policy

Staff Grievance and Complaints Policy

Student Information and Representation Policy

Student Selection and Admission Policy

Student Selection and Admission Procedure

Risk Management Framework

Formal Complaints and Appeals Lodgement Form


A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at