HMC Group Solutions Pty Ltd - Privacy Policy

ABN 20 624 155 086

Version 3.0 - prepared 17 July 2026 (supersedes V2.32, 06/2020)

Related RTO: NNZMC Pty Ltd t/a Industry Skills Solutions (RTO 45974)

1. Introduction

HMC Group Solutions Pty Ltd ("HMC", "we", "us", "our") is committed to protecting the privacy of the personal information we collect and hold. This policy explains how we collect, use, disclose, store and protect your personal information, and how you can access, correct or complain about the handling of that information.


We handle personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) contained in that Act.

Where you engage with us in relation to nationally recognised training, that training is delivered by our associated Registered Training Organisation, Industry Skills Solutions (RTO 45974). In those cases your personal information is also handled in accordance with the ISS RTO Privacy Policy and the additional obligations that apply to Registered Training Organisations, described in Section 7 below.


2. What personal information we collect

Depending on how you interact with us, we may collect:

  • Contact and identity details — name, address, email, phone number, date of birth.
  • Enrolment and training information — Unique Student Identifier (USI), qualifications and units of competency undertaken, assessment records, results, certificates and statements of attainment, and any language, literacy, numeracy or reasonable-adjustment needs.
  • Government-required statistical data — information required for the Australian Vocational Education and Training Management Information Statistical Standard (AVETMISS).
  • Payment information — billing details necessary to process a purchase (we do not store full card numbers).
  • Website and technical data — IP address, browser type, pages visited and similar analytics data collected via cookies (see Section 10).


We only collect sensitive information (such as health information relevant to reasonable adjustment, or details relevant to occupational screening services) where you have consented or where the collection is required or authorised by law.


3. How we collect it

We collect personal information directly from you wherever practicable — through enrolment forms, our website, email, telephone, and in the course of delivering training and services. In some cases we may collect information from third parties such as your employer (where they arrange your training), or from government systems such as the USI Registry.


4. Why we collect it and how we use it

We collect and use personal information to:

  • process enquiries, bookings, enrolments and payments;
  • deliver training and assessment services and issue certification;
  • meet our obligations as, or on behalf of, a Registered Training Organisation;
  • comply with legal and regulatory reporting requirements;
  • respond to your requests and provide customer support; and
  • (where you have opted in) send you information about our courses and services. You may opt out of marketing communications at any time.


We will not use your personal information for a purpose other than the one for which it was collected unless you would reasonably expect it, you have consented, or the use is required or authorised by law (APP 6).


5. Disclosure of your personal information

We may disclose personal information to:

  • the associated RTO (Industry Skills Solutions, RTO 45974) and its authorised trainers and assessors, where you are undertaking nationally recognised training;
  • government and regulatory bodies where required by law (see Section 7);
  • third-party service providers who assist us to operate (for example IT and payment providers), under confidentiality arrangements; and
  • your employer or funding body, where they have arranged and are paying for your training, and only to the extent relevant.


We do not sell your personal information.


6. Overseas disclosure

We do not disclose your personal information to overseas recipients. If this position changes, we will update this policy and comply with APP 8, including taking reasonable steps to ensure the overseas recipient handles your information consistently with the APPs.


7. Training records and VET regulatory disclosure

Where you undertake nationally recognised training delivered through Industry Skills Solutions (RTO 45974), we are required by law to collect, hold and disclose certain personal information. In particular:

  • We collect your Unique Student Identifier (USI) and cannot issue nationally recognised certification without it.
  • We are required to disclose personal and training-activity information to the National Centre for Vocational Education Research (NCVER) and to Commonwealth and State/Territory regulatory and funding authorities, in accordance with the National VET Data Policy and the Student Identifiers Act 2014 (Cth).
  • Information disclosed to NCVER may be used for statistical, regulatory, research and evaluation purposes and may be disclosed to third parties as permitted under the National VET Data Policy.


Full details of how your training data is used are set out in the Privacy Notice provided at enrolment and in the ISS RTO Privacy Policy.


7A. Occupational health screening services

Where we provide occupational health screening services - including drug and alcohol screening, audiometric (hearing) testing, respirator fit testing and spirometry (lung function) testing - we collect health information about you, which is "sensitive information" under the Privacy Act 1988 (Cth) and is subject to stronger protections.


Consent - We only collect this information with your express, informed consent, obtained before testing. Before you are tested we will tell you what is being tested, why, and who will receive the result.


Who receives your results - Occupational screening is usually arranged and paid for by an employer or prospective employer. Where that is the case, we will disclose your result to the authorised representative of that organisation for the purpose for which the screening was commissioned (for example, fitness-for-work or health-monitoring purposes), and to you. We will tell you, before testing, the form in which your result will be provided to the employer.


Confidentiality - We treat screening results as strictly confidential. We do not disclose them to any person other than you and the authorised representative of the commissioning organisation, unless you consent or the disclosure is required or authorised by law.


Handling and interpretation - Screening is conducted, and results interpreted, by appropriately qualified personnel using recognised procedures, including confirmatory testing and chain-of-custody handling for drug and alcohol screening where applicable.


Access to your own results - You may request access to your own health screening results at any time, at no charge (see Section 12).


7B. Equipment and plant inspection services


When we provide equipment, plant and safety inspection services (including test-and-tag and plant inspections), the information we record is principally about assets and equipment rather than individuals. We may, however, collect limited personal information such as the name and signature of an inspector, a site contact, or the person responsible for the item inspected, and inspection photographs may incidentally capture individuals present at the site. We use this information only for the purpose of carrying out and documenting the inspection and issuing the associated report, and we do not use incidentally captured images for any other purpose.



8. How long we keep your information

We retain personal information only for as long as it is needed for the purposes described in this policy or as required by law. Training and assessment records for nationally recognised training are retained in accordance with our regulatory obligations, including retention of student results and Australian Qualifications Framework certification records for 30 years as required of Registered Training Organisations. When personal information is no longer required and we are not legally obliged to keep it, we take reasonable steps to destroy it or de-identify it (APP 11).


Where we conduct health monitoring in connection with hazardous exposures (for example silica, asbestos or lead), we retain the relevant health monitoring records, and make them available to you, for the period required under applicable Work Health and Safety laws (up to 30 years).


9. Security of your information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, using physical, technical and administrative safeguards.


If we experience a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.


10. Website, cookies and analytics

Our website uses cookies and similar technologies to help it function and to collect anonymous analytics data (for example via Google Analytics) about how visitors use the site. This helps us improve our services. You can disable cookies in your browser settings, although some parts of the site may not function properly as a result. Where our site links to third-party websites, we are not responsible for their privacy practices and encourage you to review their policies.


11. Website content you submit

Where you submit content to us through our website (for example a review, comment or enquiry), you grant us permission to store and use that content for the purpose for which it was submitted and to operate and improve our services. We will not publish content that identifies you, or use it for marketing or promotional purposes, without your consent. You may ask us to remove content you have submitted at any time.


12. Accessing and correcting your information

You have the right to request access to the personal information we hold about you and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading (APP 12 and APP 13).


There is no charge to make a request. To make a request, contact us using the details in Section 14. We will respond within a reasonable period (ordinarily within 30 days) and will verify your identity before releasing information. If we are unable to provide access or make a correction, we will tell you why in writing and explain how you can complain.


13. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact our Privacy Officer using the details in Section 14. We will acknowledge your complaint promptly (ordinarily within 5 business days) and aim to resolve it within 30 days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au · Phone: 1300 363 992


14. Contact us

General Manager

HMC Group Solutions Pty Ltd

Email: hello@hmcgroupsolutions.com.au

Phone: 02 6884 4624

Post: PO Box 4409, Dubbo East NSW 2830


15. Changes to this policy

We may update this policy from time to time. The current version is always available on our website, and the effective date is shown at the top of this document.


Authorised by: 


Harrison McMahon 

Managing Director 

HMC Group Solutions Pty Ltd.


Version 3.0 · 17 July 2026