Privacy Policy - Rail Industry Worker

The protection of personal information in the private sector is required by the Privacy Act 1988 (Cth) and, where applicable, State and Territory privacy laws (collectively the “Privacy Laws“) and we are bound to comply with these Privacy Laws as they apply to our business. All of our employees and officers are expected to comply with the Privacy Laws and our policies and procedures concerning the protection of personal information.

As used in this policy, the following definitions apply:

“Personal Information” means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or who is reasonably identifiable; and
“RIW Participant” means rail operators and other organisations that are authorised participants in the RIW Program.

This policy deals with our management of personal information for the purposes of the Rail Industry Worker Program (RIW Program). The RIW Program provides an online competency and safety management system for Australian rail workers. It is owned and endorsed by the Australasian Railway Association (ARA) and operated by MTA.

For details of how we manage personal information for other aspects of our business, please see our general Privacy Policy on the MTA website.

This policy is based on the following principles:

Privacy of Personal Information is of paramount importance to us;
We will only use your Personal Information for purposes for which it was collected as set out in this policy; and
Your Personal Information will not be disclosed, other than in accordance with this policy without your permission or in accordance with the Privacy Laws.

What Personal Information do we collect?

For the RIW Program we may collect your name, gender, photo, date of birth, address, contact details, identification information (e.g. signatures, driver’s licence), health information (e.g. fitness for work assessments, medical records, and results of drug and alcohol tests), competency information (e.g. skills, credentials, registrations and qualifications), right to work details (e.g. visas and passports), work roles, site attendance timestamps, employment history, emergency contact and other personal information as required for the RIW Program.

How do we collect Personal Information?

MTA will collect information for the RIW Program when it is entered onto the RIW System by an authorised user. This may include information entered by you, your employer, an authorised health professional, registered training organisation, by one of our service team members on the instructions of an authorised user, by an authorised user where you are visiting that authorised user’s site, or by an automated Blood Alcohol Concentration Testing Unit integrated with the RIW System. We have also collected relevant personal information that was originally held by the previous operator of the RIW System, where that information is required for operation of the RIW Program. If you used the RIW System before 28 June 2019, then your information may be stored in the RIW System and will continue to be treated in accordance with the Permission Access Agreement (PAA), this policy and the Privacy Laws until it is deleted under our data retention policies.

If you provide us with the Personal Information of another person, including a visitor you have registered on the RIW System, we rely on you to inform that person and obtain their consent for the disclosure by you to us of their Personal Information.

Before creating an account for a new Rail Industry Worker (RIW) on the RIW System, each authorised user of the RIW System must ensure that the RIW has accepted the terms of a PAA prescribed by MTA. The PAA sets out further detail about the operation of the RIW Program.

The terms of the Permission Access Agreement can be viewed here: https://www.riw.net.au/permission-access-agreement/. Each authorised user of the RIW System must maintain a separate policy that sets out their approach to the management of Personal Information that they collect and enter into the RIW System. If you have any queries about the management of your Personal Information by an authorised user of the RIW System, please consult their relevant privacy policy.

We may, on behalf of RIW Participants, also conduct surveys through the RIW System and on the RIW website and associated mobile applications to collect certain social and diversity data (e.g. data about your gender, age, date of birth, whether you are currently completing an apprenticeship or traineeship, whether or not you identify as Aboriginal or Torres Strait Islander or were born overseas) as required for those RIW Participants to comply with workforce participation and diversity reporting requirements imposed by various government agencies.

Why do we collect and how do we use Personal Information

We collect and use Personal Information in order to manage and provide services in relation to the RIW Program. These purposes are set out in more detail in the PAA.

We will only disclose Personal Information that we collect for the RIW Program to:

The Australasian Railway Association;
RIW Participants may access the RIW System to search for RIWs, check and update RIWs details, and access additional details about RIWs who they employ or are otherwise associated with. Where you are employed or associated with an RIW Participant on the RIW System, you will be notified and provided with an opportunity to opt out of sharing of this information with the RIW Participant. The opt out notice will be sent to your email address registered in the RIW System. The principal contractor who is responsible for a worksite that you attend will also have access to your information stored on the RIW System;
Our contractors, agents and advisors helping us to manage and provide services in relation to the Rail Industry Worker Program;
Authorised health professionals;
Other entities as required or permitted by law, including rail safety, work/occupational health and safety and other relevant laws and to comply with workforce participation and diversity reporting requirements;
Other entities that are used by RIW Participants to verify competencies for pre-qualification of suppliers and workforce management;
Network operators for the purpose of reviewing RIWs who hold a rail corridor access job role for the network operator.

Personal Information will only be disclosed to these entities to the extent that those entities are entitled to access that information under the RIW Program. Such Personal Information may be shared directly through the RIW System or by another technical method, such as via a Secure File Transfer Protocol or via an API link that integrates with the RIW System.

Retention and Disposal of Information

We only keep Personal Information in accordance with this Privacy Policy. We will destroy such information or de-identify that information once sufficient time has elapsed to be certain that the information will no longer be required for those purposes for which it may be used under this Policy. We have in place data retention policies that govern the period of time we will retain personal information, and when that information may be destroyed or de-identified.

Sending Personal Information Overseas

We may disclose your Personal Information to third party service providers overseas, including in the UK and some other countries (for overseas identification verification services and limited support purposes) where they are not subject to similar laws to the Privacy Laws that apply in Australia. However, where your Personal Information is disclosed to our third party service providers who are located overseas, we will also take reasonable steps to ensure that the Personal Information is handled by the overseas recipient in accordance with the Privacy Laws and our instructions for the purposes described above. By providing MTA with your Personal Information or by being a user of or applicant for the RIW Program you consent to this disclosure of your Personal Information.

Email Security

Any email you send to us and information you submit through our websites may be scanned for IT security purposes.

RIW Website

When visiting the web site for the RIW Program, the site server makes a record of the visit and logs the following information for statistical and administrative purposes:

The user’s I.P. address – to consider the users who use the site regularly and tailor the site to their interests and requirements;
The date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;
Pages accessed and documents downloaded – this indicates to MTA which pages or documents are most important to users and also helps identify important information that may be difficult to find;
Duration of the visit – this indicates to us how interesting and informative the site is to our customers;
The type of browser used – this is important for browser specific coding;
In order to optimize the web site and better understand it’s usage, we collect the visiting domain name or IP address, Computer Operating System, Browser Type and Screen Resolution;
For authorised users of the RIW System accessing and using the RIW System by means of a login and password, all data access and data update activities are logged for audit purposes.

A cookie is a piece of information that an Internet web site sends to your browser when you access information at that site. Cookies are either session cookies or persistent cookies. Upon closing your browser the session cookie set by this web site is destroyed and no Personal Information is maintained which might identify you should you visit our web site at a later date. Persistent cookies may be retained across different browser sessions for this web site.

Security of Information

You should be aware that the internet is not a secure environment and information sent via the internet (including via email) may be intercepted by a third party. We use reasonable efforts to ensure that any Personal Information collected by us is held securely.

We strive to ensure the security, integrity and privacy of information we collect. MTA has established reasonable security measures to protect your Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure in contravention of this Policy. Our employees, contractors, agents and service providers who provide services related to our information systems, are obliged to respect the confidentiality of any Personal Information held by us. We review and update our security measures in light of current technologies.

You can access and update your Personal Information

Subject to certain exemptions provided for under the Privacy Laws, you have a right to access Personal Information we hold about you. We will also take reasonable steps to keep accurate and up to date any Personal Information which we hold about you. If you believe that the Personal Information we hold about you is inaccurate, incomplete, out of date or no longer relevant please notify us via the contact details set out below.

If you would like to seek access to Personal Information that MTA may have about you or update that information then please contact the MTA Service Desk in the first instance or write to MTA’s Privacy Officer via the details set out below.

Questions and complaints

MTA is committed to providing its customers with a fair and responsible system for the handling and resolution of privacy related complaints. If you have any questions about this Policy or believe that we have at any time failed to keep one of our commitments to you to handle your Personal Information in the manner required by the Privacy Laws, then we ask that you contact us immediately in writing using the contact details provided below.

We will respond and advise whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner by:

Phone: 1300 363 992 (local call cost, but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749

TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls)

TIS: Translating and Interpreting Service: 1 31 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner)

Post: GPO Box 2999 Canberra ACT 2601

Fax: +61 2 9284 9666

Email: enquiries@oaic.gov.au

Changes to this Privacy Policy

This statement sets out our current Privacy Policy for the RIW Program. This policy may change from time to time. The current version of the policy is available from https://www.riw.net.au/privacy-policy . The current version of our Privacy Policy replaces all previous versions of the policy.

Contact us for further information regarding our Privacy Policy

If you require further information about how we handle Personal Information or any privacy issues please contact our office on (03) 9610 2400 or write to our Privacy Officer at the address below.