Privacy Policy
How we collect, use, disclose and protect your personal information.
Last updated: June 2026
About this policy
CBD College Pty Ltd(“CBD College”, “we”, “us”) is a Registered Training Organisation (RTO 91399). We respect your privacy and are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy explains what personal information we collect, how we use and disclose it, how we keep it secure and how you can access or correct it. It applies to our website, our enrolment and booking systems and our training and assessment services.
What information we collect
The personal information we collect may include:
- Your name, contact details (email, phone, address) and date of birth;
- Your Unique Student Identifier (USI);
- Enrolment, course, attendance, assessment and certification records;
- Information needed for nationally recognised reporting (e.g. citizenship/residency status, prior education, employment and demographic details collected under the AVETMISS standard);
- Payment information you provide to complete a booking (processed by our payment providers — we do not store full card numbers);
- Any information you choose to give us through enquiry forms, live chat, email or phone;
- Reasonable-adjustment or support needs you disclose so we can assist you;
- Website usage data such as IP address, device and browser information and pages visited (see Cookies below).
How we collect it
We collect personal information directly from you when you make an enquiry, enrol, book a course, purchase a gift certificate, sit an assessment, log in to the Student Portal, or contact us. We may also collect it from your employer where they arrange or pay for your training and from third parties such as the USI Registry where you authorise us to do so.
Why we collect and use it
We use your personal information to:
- Process your enrolment, deliver training and assessment and issue certificates and Statements of Attainment;
- Verify your identity and apply for or verify your USI;
- Administer bookings, payments, rescheduling and refunds;
- Respond to your enquiries and provide student support;
- Meet our legal and regulatory obligations as an RTO;
- Improve our courses, services and website;
- Send you information about your course and, where permitted, relevant offers (you can opt out at any time).
Unique Student Identifier (USI)
As a nationally recognised training provider, we are required to collect and verify your USI before we can issue a nationally recognised qualification or Statement of Attainment. We handle your USI in accordance with the Student Identifiers Act 2014 (Cth) and only use and disclose it for purposes permitted by that Act. More information is at usi.gov.au.
Disclosure to government and regulators
As an RTO we are required by law to provide some of your personal information to government bodies. Under the National VET Data Policy, the information you provide may be used and disclosed for statistical, regulatory and research purposes, including being:
- provided to the National Centre for Vocational Education Research (NCVER) and to Commonwealth and State/Territory government departments and authorities;
- used by our regulator, the Australian Skills Quality Authority (ASQA), for audit and compliance;
- used for the issuance, verification and reporting of your qualifications.
You may receive a student survey, which you can opt out of when contacted. Full details are in the National VET Data Policy at dewr.gov.au.
Service providers
We use trusted third-party providers to operate our business, and we share personal information with them only as needed to provide their services to us. These include:
- our student management, learning and Student Portal platforms;
- our enquiry-form, live-chat and customer-relationship platform (HubSpot);
- our course booking and timetabling provider;
- our gift-certificate and payment processors;
- website hosting and analytics providers.
These providers are required to protect your information and use it only for the purposes we engage them for. We do not sell your personal information.
Storage and security
We take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure — including access controls, secure systems and staff confidentiality obligations. We retain student records for as long as required to meet our obligations as an RTO and under applicable law, after which we securely destroy or de-identify them.
Overseas disclosure
Some of our service providers may store or process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles.
Accessing and correcting your information
You can request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date or incomplete. Many of your records are available directly in the Student Portal. To make a request, contact us using the details below. We may need to verify your identity before acting on a request.
Marketing and opt-out
Where we send you marketing communications, every message includes a way to unsubscribe, and you can opt out at any time by contacting us. Opting out of marketing will not affect essential communications about a course you are enrolled in.
Complaints
If you believe we have mishandled your personal information, please contact us first so we can investigate and respond. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to this policy
We may update this policy from time to time. The current version will always be available on this page, with the “last updated” date shown above.
Contact us
For any privacy question or request, contact our Privacy Officer:
- Email: info@cbdcollege.edu.au
- Phone: 1300 616 218
- Post: CBD College Pty Ltd, Level 5, 8 Quay Street, Haymarket NSW 2000
See also our student policies (cancellation, complaints, code of practice and more).
