PRIVACY AND CONFIDENTIALITY POLICY

Last updated: June 2026

1. Purpose

FAPSTC and the Security Competency Test respects your privacy and is committed to protecting the personal information you provide to us.

This Privacy and Confidentiality Policy explains how we collect, use, store, disclose and protect personal information in connection with our website, bookings, enquiries, training-related services, testing services and general business operations.

We also recognise the importance of maintaining confidentiality in relation to commercially sensitive information, test-related information, participant records and any other information provided to us in confidence.

2. Scope

This policy applies to:

– visitors to our website;
– people who make enquiries with us;
– people who book or attend a Security Competency Test;
– clients, contractors, suppliers and service providers;
– staff, assessors, supervisors and authorised representatives;
– any other person who provides personal or confidential information to us.

3. Definitions

Personal information means information or an opinion about an identified person, or a person who is reasonably identifiable. This may include your name, phone number, email address, date of birth, address, identification details, booking details and test-related information.

Confidential information means information that is not publicly available and is provided to us in confidence. This may include personal information, business information, participant records, test information, internal processes, documents, communications and commercially sensitive information.

Sensitive information means information that requires a higher level of protection, such as identity documents, health information, criminal record information, or other information protected by law.

4. Policy statement

[Business Name] may collect personal and confidential information where it is reasonably necessary for our services and business activities.

We are committed to:

– treating personal and confidential information with care and respect;
– taking reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification or disclosure;
– collecting only the information needed for our services and legal obligations;
– using information only for the purpose for which it was collected, or for a related purpose where permitted by law;
– ensuring staff and authorised representatives understand their privacy and confidentiality obligations.

5. Why we collect information

We may collect personal and confidential information to:

– respond to enquiries;
– process bookings;
– confirm identity;
– administer Security Competency Tests;
– communicate with participants before and after a test;
– issue confirmations, receipts and test-related information;
– manage participant records;
– process payments;
– comply with legal, regulatory or administrative requirements;
– manage our website, systems and business operations;
– improve our services;
– deal with complaints, disputes or incidents;
– communicate important updates about our services.

6. Types of information we may collect

The information we collect may include:

– full name;
– phone number;
– email address;
– residential or postal address;
– date of birth;
– booking details;
– payment confirmation details;
– identification details;
– training provider details, where relevant;
– test attendance details;
– test results or outcome information;
– communications between you and us;
– information provided through website forms;
– information needed to verify eligibility or administer a test;
– any other information you choose to provide to us.

We do not intentionally collect sensitive information unless it is reasonably necessary for our services, required by law, or provided with your consent.

7. How information is collected

We may collect information when you:

– use our website;
– submit an online form;
– make a booking;
– contact us by phone, email or message;
– attend a test session;
– provide documents or identification;
– communicate with staff, assessors or authorised representatives;
– make a payment;
– request support or assistance.

Where possible, we collect personal information directly from the individual concerned.

We may also collect information from third parties where necessary and permitted, such as training providers, payment processors, booking systems, licensing bodies, or authorised representatives.

8. Website and cookies

Our website may collect limited technical information, such as browser type, device information, IP address, pages visited and general usage data.

This information may be used to help operate, secure and improve the website.

Our website may use cookies or similar technologies to improve functionality, analyse traffic and support online services.

You can disable cookies in your browser settings, but some website features may not work correctly.

9. Payment information

Payments may be processed through third-party payment providers.

We do not store full credit card details on our website unless expressly stated. Payment information is handled by the relevant payment provider in accordance with its own privacy and security practices.

10. Use and disclosure of information

We may use or disclose personal information:

– for the purpose for which it was collected;
– to provide and administer our services;
– to confirm bookings and attendance;
– to process payments;
– to communicate with you;
– to maintain records;
– to comply with legal obligations;
– where required by a licensing authority, regulator, court, tribunal or government agency;
– where necessary to protect our rights, property, safety, participants, staff or the public;
– with your consent;
– where otherwise permitted by law.

We do not sell personal information.

11. Confidentiality of test-related information

Test materials, questions, answers, assessment processes, participant records and related information are confidential.

Participants must not copy, photograph, record, share, publish, distribute or disclose test-related materials or information unless authorised in writing.

Staff, assessors, supervisors and authorised representatives are required to maintain confidentiality in relation to participant information, test materials, internal processes and business information.

12. Disclosure to third parties

We may disclose information to third parties where reasonably necessary, including:

– booking system providers;
– payment processors;
– IT and website service providers;
– email and communication providers;
– professional advisers;
– insurers;
– regulators, licensing bodies or government agencies;
– contractors or authorised representatives assisting with our services.

Where practical, we take reasonable steps to ensure third parties handle personal information securely and only for authorised purposes.

13. Storage and security

We take reasonable steps to protect personal and confidential information from misuse, interference, loss, unauthorised access, modification or disclosure.

Security measures may include:

– password-protected systems;
– restricted access to records;
– secure storage of documents;
– staff confidentiality obligations;
– use of trusted service providers;
– regular review of records and systems;
– secure disposal or deletion of information when no longer required.

No method of electronic storage or transmission is completely secure. While we take reasonable steps to protect information, we cannot guarantee absolute security.

14. Accuracy of information

We aim to keep personal information accurate, complete and up to date.

You should contact us if your details change or if you believe information we hold about you is incorrect.

15. Accessing or correcting your information

You may request access to personal information we hold about you.

You may also request that we correct personal information if it is inaccurate, incomplete or out of date.

Before providing access or making corrections, we may ask you to verify your identity.

We may refuse access or correction in certain circumstances permitted by law, such as where access would affect another person’s privacy, breach confidentiality, prejudice an investigation, or where we are legally required to withhold the information.

16. Retention of information

We retain personal and confidential information for as long as reasonably necessary for the purpose it was collected, to provide our services, to maintain business records, or to comply with legal, regulatory, insurance or administrative requirements.

When information is no longer required, we will take reasonable steps to securely destroy, delete or de-identify it.

17. Breaches

Any actual or suspected privacy breach should be reported to us as soon as possible.

We will assess privacy breaches and take appropriate action, which may include containment, investigation, notification and steps to reduce the risk of future breaches.

Staff, contractors or authorised representatives who fail to comply with this policy may be subject to disciplinary or contractual action.

18. Changes to this policy

We may update this Privacy and Confidentiality Policy from time to time.

The updated version will be published on our website with the revised date.

You should review this policy periodically to ensure you are aware of the current version.

19. Contact

If you have any questions about this Privacy and Confidentiality Policy, or if you wish to access or correct your personal information, please contact us:

Business name: FAPSTC
Email: ctp@fapstc.org.au
Phone: (08) 9328 6372
Address: U3/1 Sangiorgio Court, Osborne Park, WA 6017