BowerNest
Home

Data Handling and Data Sharing Policy

Last updated: 15 March 2026Version 1.0

Plain-English Summary

We handle your data carefully and only share it when necessary. Your information is encrypted and stored securely, with Australian data centres as the priority. We only share your data with your consent, with service providers who help run the platform (under strict agreements), or when the law requires it. We may share de-identified data for research purposes, but this will never identify you personally.

1. Data Collection Principles

BowerNest adheres to the following principles when collecting data:

  • Minimisation: We collect only the data that is reasonably necessary for our stated purposes. We do not collect data speculatively or in excess of what is required.
  • Transparency: We inform users about what data we collect, why we collect it, and how it will be used, at or before the time of collection.
  • Consent: We obtain appropriate consent before collecting personal information, except where collection is authorised or required by law.
  • Lawful basis: All data collection is conducted in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. Data Processing

Personal information collected by BowerNest is processed for the purposes described in our Privacy Policy. Data processing activities include:

  • storing and managing user account information;
  • facilitating the matching of apprentices with employers;
  • tracking apprenticeship progress, training hours, and qualifications;
  • generating reports and analytics (using de-identified or aggregated data where possible);
  • communicating with users about the Service; and
  • maintaining the security and integrity of the platform.

3. Data Storage

BowerNest stores data using cloud-based infrastructure provided by reputable service providers. Our data storage practices include:

  • Encryption: All data is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256 or equivalent encryption standards).
  • Access controls: Access to data is restricted to authorised personnel on a need-to-know basis, with role-based access controls and multi-factor authentication.
  • Data sovereignty: BowerNest prioritises the use of Australian-based data centres for the storage of personal information. Where data is stored or processed outside Australia, we ensure appropriate contractual and technical safeguards are in place, consistent with APP 8.
  • Backup and recovery: Regular data backups are maintained to ensure data availability and integrity in the event of a system failure or incident.

4. Data Sharing

BowerNest may share data with third parties in the following circumstances:

  • With your consent: We may share your personal information with third parties where you have provided express consent, such as when an apprentice consents to share their profile with a prospective employer.
  • Service providers: We engage third-party service providers to assist in operating the platform. These providers are bound by contractual obligations to protect your data and to use it only for the purposes for which it was disclosed.
  • Training organisations: With your consent, we may share relevant training and progress data with registered training organisations (RTOs) and TAFEs to facilitate apprenticeship tracking and verification.
  • Government agencies: We may disclose data to government agencies where required or authorised by law.
  • De-identified and aggregated data: We may share de-identified or aggregated data with research institutions, industry bodies, or government agencies for the purposes of workforce planning, policy development, or industry research. This data will not identify any individual.
  • Legal obligations: We may disclose data where required to do so by law, regulation, legal process, or enforceable government request.

5. Data Sharing Agreements

Where BowerNest shares personal information with third parties, we will ensure that appropriate data sharing agreements are in place. These agreements will require the recipient to:

  • use the data only for the specified purpose;
  • protect the data with appropriate security measures;
  • comply with the APPs and any other applicable privacy legislation;
  • notify BowerNest of any data breach or security incident; and
  • return or destroy the data upon completion of the specified purpose.

6. International Data Transfers

Where personal information is transferred outside Australia, BowerNest will ensure compliance with APP 8 by:

  • conducting due diligence on the recipient's data protection practices;
  • entering into contractual arrangements that require the recipient to handle the information in accordance with the APPs; and
  • informing affected individuals of the countries to which their information may be transferred.
PreviousCookie PolicyNextAcceptable Use

This policy is part of the BowerNest Legal Policy Framework (Version 1.0). If you have questions about this policy, please contact us at [email protected]. This document should be reviewed by qualified legal counsel before reliance.