Privacy Policy - Rail Industry Worker

The protection of personal information in the private sector is required by the Privacy Act 1988 (Cth) and, where applicable, State and Territory privacy laws (collectively the “Privacy Laws“) and we are bound to comply with these Privacy Laws as they apply to our business. All of our employees and officers are expected to comply with the Privacy Laws and our policies and procedures concerning the protection of personal information.

As used in this policy, “Personal Information” means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or who is reasonably identifiable.

This policy deals with our management of personal information for the purposes of the Rail Industry Worker Program (RIW Program). The RIW Program provides an online competency and safety management system for Australian rail workers. It is owned and endorsed by the Australasian Railway Association (ARA) and operated by MTA.

For details of how we manage personal information for other aspects of our business, please see our general Privacy Policy on the MTA website.

This policy is based on the following principles:

Privacy of Personal Information is of paramount importance to us;
We will only use your Personal Information for purposes for which it was collected as set out in this policy; and
Your Personal Information will not be disclosed, other than in accordance with this policy without your permission or in accordance with the Privacy Laws.

What Personal Information do we collect?

For the RIW Program we may collect your name, gender, photo, date of birth, address, contact details, identification information (e.g. signatures, driver’s licence), health information (e.g. fitness for work assessments, medical records, and results of drug and alcohol tests), competency information (e.g. skills, credentials, registrations and qualifications), right to work details (e.g. visas and passports), work roles, site attendance timestamps, employment history, emergency contact and other personal information as required for the RIW Program.

How do we collect Personal Information?

MTA will collect information for the RIW Program when it is entered onto the RIW System by an authorised user. This may include information entered by you, your employer, an Authorised Health Professional, Registered Training Organisation, or by one of our RIW Service Desk team members on the instructions of an authorised user or by an automated Blood Alcohol Concentration Testing Unit integrated with the RIW System.

If you provide us with the Personal Information of another person, we rely on you to inform that person and obtain their consent for the disclosure by you to us of their Personal Information.

Before creating an account for a new Rail Industry Worker (RIW) on the RIW System, each authorised user of the RIW System must ensure that the RIW has accepted the terms of a Permission Access Agreement (PAA) prescribed by MTA. The PAA sets out further detail about the operation of the RIW Program.

The terms of the Permission Access Agreement can be viewed here: https://www.riw.net.au/permission-access-agreement/. Each authorised user of the RIW System must maintain a separate policy that sets out their approach to the management of Personal Information that they collect and enter into the RIW System. If you have any queries about the management of your Personal Information by an authorised user of the RIW System, please consult their relevant privacy policy.

Why do we collect and how do we use Personal Information

We collect and use Personal Information in order to manage and provide services in relation to the RIW Program.

We will only disclose Personal Information that we collect for the RIW Program to:

The Australasian Railway Association;
Rail Transport Operators and other organisations that wish to access and use the RIW Program;
Our contractors, agents and advisors helping us to manage and provide services in relation to the Rail Industry Worker Program;
Authorised Health Professionals;
Other entities as required or permitted by law.
Other entities that are used by RIW Participants to verify competencies for pre-qualification of suppliers and workforce management.
Network Operators for the purpose of reviewing RIWs who hold a rail corridor access job role for the Network Operator

Personal Information will only be disclosed to these entities to the extent that those entities are entitled to access that information under the RIW Program

Retention and Disposal of Information

We only keep Personal Information in accordance with this Privacy Policy. We will destroy such information or de-identify that information once sufficient time has elapsed to be certain that the information will no longer be required for those purposes for which it may be used under this Policy.

Sending Personal Information Overseas

We may disclose your Personal Information to third party service providers overseas, including in the UK and countries where they are not subject to similar laws to the Privacy Laws. However, where your Personal Information is disclosed to our third party service providers who are located overseas, we will also take adequate measures to ensure that the Personal Information is handled by the overseas recipient in accordance with the Privacy Laws and our instructions for the purposes described above. By providing MTA with your Personal Information or by being a user of or applicant for the RIW Program you consent to this disclosure of your Personal Information.

Email Security

Any email you send to us and information you submit through our websites may be scanned for IT security purposes.

RIW Website

When visiting the web site for the RIW Program, the site server makes a record of the visit and logs the following information for statistical and administrative purposes:

The user’s I.P. address – to consider the users who use the site regularly and tailor the site to their interests and requirements;
The date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;
Pages accessed and documents downloaded – this indicates to MTA which pages or documents are most important to users and also helps identify important information that may be difficult to find;
Duration of the visit – this indicates to us how interesting and informative the site is to our customers;
The type of browser used – this is important for browser specific coding;
In order to optimize the web site and better understand it’s usage, we collect the visiting domain name or IP address, Computer Operating System, Browser Type and Screen Resolution;
For authorised users of the RIW System accessing and using the RIW System by means of a login and password, all data access and data update activities are logged for audit purposes.

A cookie is a piece of information that an Internet web site sends to your browser when you access information at that site. Cookies are either session cookies or persistent cookies. The RIW Web site does not use persistent cookies. Upon closing your browser the session cookie set by this web site is destroyed and no Personal Information is maintained which might identify you should you visit our web site at a later date.

Security of Information

You should be aware that the internet is not a secure environment and information sent via the internet (including via email) may be intercepted by a third party. We use reasonable efforts to ensure that any Personal Information collected by us is held securely.

We strive to ensure the security, integrity and privacy of information we collect. MTA has established reasonable security measures to protect your Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure in contravention of this Policy. Our employees, contractors, agents and service providers who provide services related to our information systems, are obliged to respect the confidentiality of any Personal Information held by us. We review and update our security measures in light of current technologies.

You can access and update your Personal Information

Subject to certain exemptions provided for under the Privacy Laws, you have a right to access Personal Information we hold about you. We will also take reasonable steps to keep accurate and up to date any Personal Information which we hold about you. If you believe that the Personal Information we hold about you is inaccurate, incomplete, out of date or no longer relevant please notify us via the contact details set out below.

If you would like to seek access to Personal Information that MTA may have about you or update that information then please contact the MTA Service Desk in the first instance or write to MTA’s Privacy Officer via the details set out below.

Questions and complaints

MTA is committed to providing its customers with a fair and responsible system for the handling and resolution of privacy related complaints. If you have any questions about this Policy or believe that we have at any time failed to keep one of our commitments to you to handle your Personal Information in the manner required by the Privacy Laws, then we ask that you contact us immediately in writing using the contact details provided below.

We will respond and advise whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner by:

Phone: 1300 363 992 (local call cost, but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749

TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls)

TIS: Translating and Interpreting Service: 1 31 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner)

Post: GPO Box 2999 Canberra ACT 2601

Fax: +61 2 9284 9666

Email: enquiries@oaic.gov.au

Changes to this Privacy Policy

This statement sets out our current Privacy Policy for the RIW Program. This policy may change from time to time. The current version of the policy is available from https://www.riw.net.au/privacy-policy . The current version of our Privacy Policy replaces all previous versions of the policy.

Contact us for further information regarding our Privacy Policy

If you require further information about how we handle Personal Information or any privacy issues please contact our office on (03) 9610 2400 or write to our Privacy Officer at the address below.