Privacy Policy

Last Updated: 17-03-2025

1. Introduction

1.1 This Privacy Policy outlines how XMB Technology Pty Ltd (ABN 49 672 748 391) ("RTOPilot", "we", "us", or "our") collects, uses, discloses, and protects personal information through the RTOPilot platform and associated services.
1.2 We are committed to safeguarding your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1.3 This policy applies to:

  • Registered Training Organisations (RTOs) using our services
  • Students enrolled through RTOs using our platform
  • RTO staff and administrators
  • Website visitors and users of our services

2. Types of Information We Collect

2.1 RTO Information

We may collect and store:

  • Business details (ABN, RTO code, contact info)
  • Staff details (names, roles, contact info)
  • Login and access credentials
  • Training and course data
  • Payment and transaction information

2.2 Student Information

On behalf of RTOs, we collect and store:

Personal details:

  • Full name
  • Date of birth
  • Contact information
  • Unique Student Identifier (USI)
  • Emergency contacts

Demographic information (for AVETMISS reporting):

  • Indigenous status
  • Disability status
  • Language and cultural background

Educational information:

  • Enrolment details
  • Course progress and completion
  • Assessment results
  • Attendance records
  • Payment and transactions

2.3 Technical Information

Automatically collected data includes:

  • Device and browser information
  • IP addresses
  • Access timestamps
  • System usage logs
  • Platform interaction data

3. How We Collect Information

We collect information:

  • Directly from RTOs during onboarding and use
  • From students through RTO-managed enrolments
  • Via automated system logs and monitoring
  • Through integrations with approved third-party systems
  • From communications with our support team

4. Purpose of Collection and Use

We use personal information to:

  • Operate and improve the RTOPilot platform
  • Help RTOs meet regulatory obligations
  • Enable AVETMISS reporting
  • Process enrolments and payments
  • Provide student portal access
  • Ensure platform security and detect fraud
  • Offer customer support
  • Access RTO data for support when necessary
  • Comply with legal obligations

5. Storage and Security

5.1 Data Storage

Information is stored:

  • On secure Australian-based servers
  • With encryption in transit and at rest
  • Under strict access control measures
  • In line with our data retention policies

5.2 Data Protection

We protect data through:

  • Regular security reviews
  • Staff access control and training
  • Continuous monitoring
  • Incident response plans
  • Routine security updates

6. Disclosure of Information

6.1 Personal information may be disclosed to:

  • The enrolling RTO
  • Authorised integration partners (e.g., LMS providers)
  • Government bodies (when legally required)
  • Payment processors
  • Service providers operating under agreement
  • Legal and professional advisers

6.2 We do not disclose personal data internationally unless:

  • You give explicit consent; or
  • Required by law

7. Access and Correction

7.1 RTOs can update their information via:

  • The RTOPilot admin dashboard
  • Our support team

7.2 Students can request corrections via:

  • Their student portal
  • Their RTO
  • Our support team

7.3 We aim to respond to all requests within 30 days.

8. Retention and Disposal

8.1 Data is retained:

  • As required by law
  • For a minimum of 7 years for student records
  • For the period of RTO usage plus 6 months
  • As long as necessary for the original purpose

8.2 When no longer needed, personal information will be:

  • Securely destroyed or de-identified; or
  • Archived if needed for legal compliance

9. Cookies and Analytics

9.1 We use cookies to:

  • Maintain security
  • Save user preferences
  • Improve the user experience
  • Analyse usage data
  • Support platform functionality

9.2 Users can manage cookie settings through their browser.

10. Data Breaches

In the event of a breach, we will:

  • Act immediately to contain the issue
  • Assess the scope and impact
  • Notify affected users and the Office of the Australian Information Commissioner (OAIC) if required
  • Take preventive measures against future breaches

11. Complaints

11.1 Privacy complaints can be submitted:

11.2 Our process:

  • Acknowledge the complaint within 7 days
  • Investigate thoroughly
  • Respond within 30 days
  • Take corrective actions as required

12. Changes to This Policy

12.1 This Privacy Policy may be updated occasionally.
12.2 Changes will be:

  • Notified to RTOs via email and platform updates
  • Effective 7 days after notice
  • Binding upon continued use of the platform

13. Contact Us

For privacy enquiries, contact:
Privacy Officer
XMB Technology Pty Ltd
Email: support@xmb.com.au

14. Additional Information

For more on privacy rights in Australia, visit the OAIC website: www.oaic.gov.au

A fresh RTO experience built in Australia

Designed to help you spend less time and save money in running your RTO.

See why others have switched ->