Privacy policy

Privacy Policy

Effective 1/9/2025

The Learning Resources Group (TLRG) is committed to safeguarding your privacy online. This Privacy Policy outlines how we collect, hold, use, disclose, and manage your personal information when you interact with our website (http://www.tlrg.com.au) and our internally developed SAAS systems.

Personal Information We Collect and Hold

The Learning Resources Group does not collect personally identifiable information about individuals except when such individuals specifically provide such information on a voluntary basis. For example, such personally identifiable information may be gathered from the registration process for subscription or services and in connection with content submissions, community postings (e.g., forums), suggestions and transactional areas.

TLRG collects limited personal information necessary for our business operations:

SAAS Platforms: First name, surname, email address, and scoring data from online assessments related to Language, Literacy and Numeracy, and Digital Capability.
Website Accounts: Contact name, phone number, business name, business address, and nominated email address.

Financial payment information collected through our Shopify E-Commerce site is managed directly by Shopify and PayPal and governed by their respective privacy policies.

How We Collect Personal Information

We collect personal information through:

Directly from you when you create accounts, complete forms, or contact us.
Through our SAAS platforms when you or your learners or candidates complete assessments.
Via email during sales and support interactions.

We do not collect personal information from social media or third-party marketing lists.

How We Hold and Protect Personal Information

All personal data is stored on secure Australian cloud infrastructure (AWS Sydney, Google Cloud Sydney).
- Encryption: All data is encrypted in transit and at rest using industry-standard encryption.
- Access controls: Access is restricted to authorised TLRG staff and contractors who need it to provide services.
- Backups: Data is backed up securely in line with provider standards.

Detailed technical information is available in the Cyber Security section of our Help Documentation.

Sales-related personal information provided via emails is securely stored within Shopify and the HelpScout email support platform.

Purposes for Collection and Use of Personal Information

We collect, hold, and use personal information strictly for:

Account management, customer support, and service delivery.
Compliance with applicable laws.
De-identified internal analytics to enhance our services and products.

Sub-processors

We use a small number of specialised service providers to help us deliver secure, reliable products. These providers supply infrastructure, hosting, and customer-support systems. All sub-processors are bound by data-processing agreements and must meet strict privacy, security, and confidentiality obligations.

These providers only process personal information as instructed by us, and only for the purposes described. We select Australian hosting regions wherever technically possible and, where stated, our environments are region-locked to Australia to prevent international transfer. For providers operating internationally (such as Help Scout), we ensure appropriate contractual and security safeguards are in place.

We update this list whenever a new sub-processor is added or an existing one is changed. .

Current sub-processors

Sub-processor (organisation)	Contact info (privacy / DPO)	Data types & purpose	Lawful basis*	Primary processing locations
Amazon Web Services, Inc. (AWS)	Privacy Notice: https://aws.amazon.com/privacy	Data types: learner identifiers, quiz/assessment responses, progress data. Purpose: Managed database hosting (MongoDB Atlas) and secure storage.	Contract performance; legitimate interests—secure delivery of services.	Australia only (Sydney region). Our AWS workloads and backups are region-locked and do not leave Australia.
Google Cloud Platform (Google LLC)	Privacy Centre: https://cloud.google.com/security/privacy	Data types: learner identifiers, quiz/assessment responses, platform logs. Purpose: Application hosting and Kubernetes orchestration.	Contract performance; legitimate interests—reliable platform operations.	Australia only (Sydney region). Our GCP environment is region-locked and data is not transferred internationally.
Shopify Inc.	Privacy Policy: https://www.shopify.com/legal/privacy Contact: privacy@shopify.com	• Customer contact details (name, email, phone, address) • Order details Purpose: E-commerce store management and order processing	Performance of a contract (Art 6 (1)(b))	Data processed primarily in Canada, with infrastructure in US/EU
PayPal (PayPal Holdings, Inc.)	Privacy Policy: https://www.paypal.com/au/webapps/mpp/ua/privacy-full Contact: DPO@paypal.com	• Customer payment details (name, email, card/payment identifiers) • Transaction metadata Purpose: Payment processing for subscriptions and purchases	Performance of a contract (Art 6 (1)(b))	Data processed globally across PayPal’s secure infrastructure (US/EU/Asia-Pacific)
Help Scout, PBC	Privacy: https://www.helpscout.com/company/legal/privacy	Data types: names, emails, support and sales message content. Purpose: Customer support ticketing, inbound sales enquiries, and communication management.	Contract performance; legitimate interests—supporting users and responding to enquiries.	Primary processing in the United States; storage in regions specified in Help Scout’s privacy documentation.

* For GDPR-style alignment. Under the Australian Privacy Act, processing is authorised as “reasonably necessary for our functions or activities,” and where relevant, by consent.

Data Retention and Deletion

Customer and learner/candiate data will be retained for up to 60 days after service termination. After that period, it will be permanently deleted, with limited residual traces in secure backups. You may also request deletion or correction of data during an active subscription, and we will action this unless restricted by law or security considerations.

Disclosure of Personal Information

TLRG will not sell or transfer your personal information to third parties. Disclosure to third parties occurs solely:

When legally required by appropriate authorities.

Overseas Disclosure

TLRG does not transfer or store personal information outside Australia. All sub-processors we engage are contracted to use Australian data centres only.

Complaints Handling Process

If you wish to make a complaint regarding your privacy, you can contact our Privacy Officer:

Email: privacy@tlrg.com.au

Our Client Relations Manager currently acts as our Privacy Officer and will:

Acknowledge your complaint within two (2) business days.
Investigate and respond substantively within ten (10) business days. Should the complaint require additional investigation time, we will clearly communicate this and provide regular updates.

Updating or Correcting Personal Information

Upon request, we will allow you to update or correct personal information previously submitted. You may also request to have your personal information deleted. We will endeavour to comply with your request promptly, subject to legal and practical limitations related to backups and data retention policies.

Policy Updates

TLRG reserves the right to update this Privacy Policy as necessary.

If we make a material change (e.g. how we handle or disclose data), we will provide at least 14 days’ prior notice via email and/or in-product notice.
Non-material updates (clarifications, formatting changes) will be published on our website with an updated 'Last updated' date.

Opt-Out of Communications

Personally identifiable information on individual users will not be sold or otherwise transferred to unaffiliated third parties without the approval of the user at the time of collection. At such points of collection, the user will have the opportunity to indicate whether he or she would like to "opt out" of receiving promotional and/or marketing information about other products, services and offerings and/or any third parties.

If you wish to opt out of receiving promotional or marketing communications:

Email: support@tlrg.com.au
Call: 1300 221 729

Complaints and Contact

If you have concerns about privacy, contact our Privacy Officer:

Email: privacy@tlrg.com.au
Phone: 1300 221 729

This Privacy Policy is effective from the date of publication and supersedes all prior versions.

News

view all news

Transitioning to the Standards for RTOs 2025: From Prescriptive Compliance to Outcome-Based Quality

When updating any policy or procedure, a useful approach is to explicitly connect it to the relevant outcome it supports. This not only helps staff understand why they must follow it, but it also makes it easier to demonstrate compliance during audits. You can show the auditor, “Here’s our process, and here’s the outcome it achieves, which aligns with the Outcome Standards.” Flexibility is fine – but you must be able to explain and evidence how your way meets the required outcome.

8 Best Ways to Use Generative AI in Vocational Training

Generative AI is transforming vocational training in Australia. Here are 8 practical ways to enhance training delivery, save time, and boost learner outcomes ethically.

Australia Shifts from ADCF to DigComp 2.2 for Digital Skills

Australia is upgrading its approach to digital skills, moving from the Australian Digital Capability Framework (ADCF) to the internationally recognised DigComp 2.2. Discover the benefits, implications for education, policy, and business, and how this shift sets Australia up for a digitally competent future.