Privacy Policy

Last updated: 3 May 2026

1. About this Policy

Australian Information Security Academy Pty Ltd (AusISA, we, us) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, hold, use, and disclose personal information in connection with our training courses and website.

2. Information We Collect

We collect personal information that you provide directly when registering for a course or signing up for notifications:

• Identity: first name, last name
• Contact: email address, phone number
• Professional: organisation, role/title, IRAP assessor status and assessor number (if applicable)
• Eligibility: Australian citizenship status, existing security clearance status
• Accessibility: dietary requirements and accessibility needs (for in-person courses)
• Other: any additional notes you provide in the registration or notification forms

We do not collect financial information directly. Payment processing is handled by our third-party payment provider, Airwallex Pty Ltd, which operates under its own privacy policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Processing and managing your course registration and enrolment
• Issuing invoices and confirming payment
• Providing access to course materials via our learning management system
• Arranging catering and accessibility accommodations for in-person courses
• Verifying IRAP assessor status with the Australian Signals Directorate where applicable
• Sending course-related communications (confirmations, reminders, pre-reading materials)
• Notifying you of new course dates if you have opted in
• Responding to your enquiries

4. Where Your Information Is Stored

Your personal information is stored in Australia using Amazon Web Services (AWS) infrastructure in the Asia Pacific (Sydney) region (ap-southeast-2). This includes:

• Registration and enrolment records in encrypted databases
• Course progress and assessment data in our learning management system
• Email notification preferences

All data is encrypted at rest and in transit. We do not transfer personal information outside of Australia except as required for payment processing through Airwallex (which may process transactions through its global infrastructure) and for email delivery through AWS Simple Email Service.

5. Who Has Access

Access to your personal information is restricted to:

• AusISA administrative staff: for course administration, enrolment management, and support
• Course facilitators: limited to information necessary for delivering training (name, organisation, assessor status)
• Airwallex Pty Ltd: for payment processing only, governed by their privacy policy

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may disclose information where required or authorised by Australian law.

6. How Long We Retain Your Information

• Course registrations and enrolment records: retained for 7 years from the date of course completion, consistent with Australian tax record-keeping requirements
• Learning management system accounts: retained for the duration of your enrolment plus 2 years to support ongoing professional development records
• Notification subscriptions: retained until you unsubscribe, at which point your record is deleted
• Payment records: retained by Airwallex in accordance with their retention policy

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of any inaccurate, incomplete, or out-of-date information
• Unsubscribe from marketing communications at any time using the link in any notification email
• Request deletion of your personal information (subject to our legal record-keeping obligations)
• Complain if you believe we have breached the APPs

8. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our security measures include:

• Encryption of data at rest and in transit (TLS 1.2+)
• Access controls and multi-factor authentication for administrative systems
• Regular database backups with tamper-proof retention policies
• Infrastructure hosted in Australian data centres (AWS Sydney)

9. Cookies and Analytics

Our website does not use tracking cookies or third-party analytics services. We may use essential cookies for session management on our learning management system.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be noted on this page with an updated revision date.

11. Contact Us

If you have questions about this privacy policy, wish to access or correct your information, or wish to make a complaint, please contact us:

Email: privacy@australianinformationsecurity.academy
Post: Australian Information Security Academy Pty Ltd, Level 4, 1 Moore Street, Canberra ACT 2601

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).