Privacy Policy

1. About This Privacy Policy

This Privacy Policy explains how Blue Training ("Blue Training", "we", "us" and "our") collects, holds, uses and discloses personal information through the Blue Training website, learner login, digital course access tools, practice quizzes, certificate tools, payment flow, API endpoints, support channels and related services (together, the "Website").

This Policy is intended to operate as a general privacy policy and as a collection notice for the main categories of personal information collected through the Website. It should be read together with our Terms & Conditions and Refund Policy. Where the Privacy Act 1988 (Cth), the Australian Privacy Principles or any other privacy law applies to us, we will handle personal information consistently with those requirements.

If you do not want us to collect the information described in this Policy, you should not create a learner profile, purchase paid digital access, submit a certificate request, use the course tools, or otherwise provide personal information through the Website. Some information, such as IP address, browser user agent and security logs, is collected automatically when you access an online service and is necessary for the Website to function securely.

2. Meaning of Personal Information

In this Policy, "personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not. Depending on context, this may include technical identifiers such as an IP address, session identifier, payment transaction reference or browser user agent when those items are linked, or reasonably linkable, to a particular learner, account, purchase or certificate record.

3. Kinds of Information We Collect

The information we collect depends on how you use the Website. It may include the following categories.

3.1 Account and contact details

• full name, preferred name, email address, login status and learner profile details;
• account identifiers, authentication status, access entitlement status and course-selection records; and
• communications you send to us, including support requests, complaint details, attachments and contact preferences.

3.2 Learner and certificate details

• course selected, industry pathway, module progress, quiz attempts, quiz answers, score, pass status and completion timestamps;
• certificate name, certificate number, certificate issue date, certificate download events and email delivery events;
• learner declarations, declaration timestamps, optional signature image and other profile fields you choose to submit; and
• optional Unique Student Identifier (USI), date of birth, gender or similar fields where those fields are included in a learner form. Blue Training is not an RTO and does not use these fields to issue nationally recognised training credentials.

3.3 Payment and transaction details

• product purchased, price, currency, tax treatment where applicable, payment provider, checkout metadata, order reference and payment transaction ID;
• payment status, access-unlock status, refund status, dispute status, chargeback status and payment-provider notices;
• customer email, customer name and limited billing or checkout information returned by a payment provider; and
• records that link a payment transaction to a Blue Training course, account, session and evidence-log history.

We do not intentionally store full payment card numbers, card security codes or complete bank-account credentials on our own systems. Those details are handled by the relevant payment provider or its payment-processing partners.

3.4 Technical and network information

• IP address, including IPv4 or IPv6 address where available;
• browser user agent, browser type and version, device type, operating system, screen or viewport information, language, timezone and referrer;
• page URL, pages viewed, click or interaction events, course section visibility events and timestamps;
• session identifiers, local storage values, cookies and other online identifiers used for login, course continuity, access verification, fraud prevention and security; and
• approximate geo-location information derived from hosting, content-delivery, request or network headers where available, such as country, region, city or timezone. We do not request GPS location permission from your device for ordinary Website use.

3.5 Evidence-log records

For paid digital access, we maintain evidence-log records designed to help verify that a particular customer was shown the relevant terms, accepted the relevant terms, initiated checkout, obtained access, logged in, opened or consumed course material, attempted or completed quizzes, downloaded PDFs, and received or requested certificates. Evidence-log records may include:

• event name, event ID, event timestamp and server-created record timestamp;
• session ID, account identifier, full name, email address and payment transaction ID;
• course ID, course title, course price, currency and content-consumption percentage;
• lesson, module or video start and completion events, quiz events, PDF download events and certificate events;
• IP address, IP version, browser user agent, page URL, referrer and request-derived geo-location metadata where available;
• client context such as viewport, timezone and screen-size metadata; and
• cryptographic or tamper-evident metadata, including row-hash values or similar integrity markers where implemented.

4. How and When We Collect Information

We collect information directly from you when you enter it into the Website, create or update a learner profile, accept declarations, complete a checkout, contact support, request a certificate, download a PDF, complete a quiz or otherwise interact with a course tool.

We collect some information automatically when you use the Website. For example, our server, hosting provider, database provider, payment integration and security tools may record IP address, browser user agent, request headers, timestamps, session identifiers, page URL, referrer, access status and event data.

We may also receive information from third parties that help us provide the Website, including payment providers, hosting providers, authentication providers, analytics tools, email-delivery providers, security systems, dispute-management platforms, banks, card networks and support tools. Where a payment dispute or chargeback is opened, we may receive notices, reason codes, evidence requests, outcome records and related information from the payment provider or financial institution involved.

5. Why We Collect, Use and Hold Information

We collect, use and hold personal information for the purposes for which it was collected and for related purposes you would reasonably expect. These purposes include:

• creating and maintaining learner profiles and course-access records;
• providing immediate digital delivery of paid products and confirming access entitlements;
• presenting course materials, practice quizzes, PDF downloads and Blue Training completion certificates;
• calculating course progress, pass status, certificate eligibility and consumed-value percentages for paid digital content;
• processing payments, reconciling transactions, matching payment-provider references to learner accounts and maintaining accounting records;
• recording terms acceptance, checkout events, login events, access events and course-consumption events in an evidence log;
• responding to customer support requests, technical issues, complaints, access-restoration requests and certificate requests;
• detecting, preventing and investigating misuse, unauthorised access, credential sharing, suspicious payment behaviour, automated abuse, duplicate claims, fraud and security incidents;
• preparing merchant-response files, dispute submissions, chargeback evidence packs, processor responses or similar records where a transaction is challenged;
• complying with legal, regulatory, taxation, accounting, audit, record-keeping, dispute-resolution and law-enforcement requirements;
• maintaining, debugging, securing, testing and improving the Website and its supporting systems; and
• protecting our lawful interests, enforcing our Terms & Conditions and preserving evidence necessary to establish, exercise or defend legal or commercial claims.

6. Evidence Logs, Chargebacks and Merchant Responses

Because Blue Training sells immediate-access digital products, evidence that a customer received access and consumed all or part of the product is commercially important. We therefore keep evidence-log records that link each paid transaction, where technically possible, to the relevant customer, session, course and access history.

If a dispute, chargeback, "service not as described" claim, unauthorised-transaction allegation, duplicate-transaction claim, fraud investigation or similar payment review is opened, we may use evidence-log records to prepare a merchant-response file or PDF. That file may show, for the disputed transaction, the purchase amount, course purchased, customer details, transaction identifiers, IP address, browser user agent, approximate request-derived geo-location, terms acceptance, checkout activity, login activity, course starts and completions, quiz activity, PDF downloads, certificate issue events, and the percentage or approximate value of course content consumed before the dispute was opened.

Evidence logs are not designed to be editable by customers, ordinary support users or ordinary admin actions. They are intended to be append-only so that historical events are preserved in the state in which they were recorded. If a record is incomplete or requires explanation, we may add a supplementary event or note rather than silently changing the original event. No technical system can guarantee absolute immutability against all forms of privileged infrastructure access, but we design and operate these records to reduce ordinary alteration risk and to preserve integrity for dispute and audit purposes.

Evidence-log records are used only for legitimate operational, security, payment, dispute, legal and record-keeping purposes. They are not sold, and we do not use them to make unrelated advertising profiles.

7. Payments and Payment Providers

Payments are processed by third-party payment providers such as PaymentCloud, Stripe, Lemon Squeezy or their service partners. Those providers may collect payment details, card details, bank details, billing details, device details, risk signals and identity or fraud-prevention information under their own terms and privacy policies.

We may receive and store limited information from payment providers, including payment provider name, transaction ID, order ID, payment status, dispute status, customer email, customer name, product identifier, price, currency, checkout metadata and links between the payment and the Blue Training account or course. We use this information to unlock paid access, reconcile transactions, respond to support requests, keep accounting records and respond to payment disputes.

If you dispute a payment with your card issuer, bank or payment provider, the dispute process may require us to provide relevant records to that provider or to other participants in the payment chain. Those participants may handle the information under their own legal, contractual and operational requirements.

8. Cookies, Local Storage and Similar Technologies

The Website may use cookies, browser local storage, session storage and similar technologies to keep you logged in, remember course progress, store learner profile details locally on your device, remember terms acceptance, support checkout, maintain course continuity, measure Website use, reduce duplicate events and protect the service.

You may be able to disable cookies or clear local storage in your browser. If you do, some Website features may not operate properly, including login continuity, course progress, evidence logging, checkout continuity, certificate generation, PDF downloads and access restoration.

9. Disclosure of Personal Information

We may disclose personal information where reasonably necessary for the purposes described in this Policy. Recipients may include:

• hosting, database, API, serverless-function, content-delivery, storage and security providers;
• authentication, analytics, logging, email-delivery, file-generation, PDF-generation and customer-support providers;
• payment processors, payment facilitators, acquiring banks, card networks, card issuers, dispute-resolution platforms, financial institutions and fraud-prevention services;
• professional advisers, insurers, auditors, accountants, legal representatives and business-continuity service providers;
• regulators, law-enforcement bodies, courts, tribunals, government agencies or other persons where required or authorised by law;
• successors, assignees or prospective purchasers if we restructure, sell, transfer or assign all or part of the Website or business, subject to appropriate confidentiality or legal protections where practical; and
• other persons with your consent, at your direction, or as otherwise permitted by law.

Where a payment dispute, chargeback, suspected unauthorised transaction or fraud investigation is opened, we may disclose relevant evidence-log records to the payment processor, acquiring bank, card network, card issuer, financial institution, dispute-resolution platform, adviser, regulator, law-enforcement body or other party reasonably involved in assessing, defending, investigating or resolving the transaction.

10. Overseas Disclosure and Cloud Providers

Some of our providers may store, process, support or access information from locations outside Australia. This may occur because modern hosting, database, payment, security, email, analytics and support services operate across multiple jurisdictions. The countries involved may change over time depending on provider infrastructure, routing, support and security requirements.

Where practical, we take reasonable steps to use reputable providers, configure access controls, limit information shared to what is needed for the service, and rely on contractual, technical or organisational safeguards offered by those providers. By using the Website, you acknowledge that your information may be processed by such providers for the purposes described in this Policy.

11. Security Measures

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure. Measures may include access controls, service-role separation, row-level security, restricted API endpoints, HTTPS, provider-level authentication, environment-variable controls, logging, evidence row hashing, append-only database rules for evidence records, and limiting administrative access to those who need it.

No online service can guarantee perfect security. You are responsible for using a secure device, keeping your email account secure, maintaining the confidentiality of your login links or credentials, and promptly telling us if you believe your account, payment or certificate information has been misused.

12. Retention of Information

We keep personal information only for as long as reasonably needed for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention periods may differ depending on the type of information and the reason it is held.

Account, course, certificate and evidence-log records may be retained for as long as reasonably required for access restoration, certificate verification, payment reconciliation, tax and accounting records, fraud prevention, security review, dispute resolution, chargeback response, legal claims, audit purposes and business-continuity purposes. Evidence-log records connected with a paid transaction may need to be kept beyond the ordinary support period because card-network, payment-provider, accounting, tax, limitation-period or legal requirements can continue after access is first supplied.

When information is no longer reasonably needed for any permitted purpose, we will take reasonable steps to destroy it, de-identify it or place it beyond ordinary use, subject to backup, archive, audit, legal-hold and technical constraints.

13. Access, Correction and Deletion Requests

You may ask us to provide access to personal information we hold about you, or to correct information you believe is inaccurate, out of date, incomplete, irrelevant or misleading. We may need to verify your identity before responding, and we may refuse or limit access where permitted by law, including where giving access would unreasonably affect another person, reveal commercially sensitive security information, prejudice an investigation, or interfere with a dispute or legal process.

You may ask us to delete information we hold about you. We will assess deletion requests in light of our legal, accounting, payment, dispute-resolution, fraud-prevention, certificate-verification and security obligations. Some records, including append-only evidence-log records, may need to be retained where required or reasonably needed for those purposes. Where deletion or alteration is not appropriate, we may add a correction note, supplementary event or contextual explanation where reasonable.

14. Direct Marketing

We may use your contact details to send service messages, transaction notices, certificate emails, support replies, access-restoration messages and important Website notices. We may also send marketing or course-related communications where permitted by law. You can unsubscribe from marketing messages where an unsubscribe mechanism is provided, but we may still send non-marketing messages necessary for your account, purchase, certificate, security or legal relationship with us.

15. Automated Processing and Fraud Controls

We may use automated or semi-automated tools to record access events, calculate progress, detect suspicious patterns, rate-limit requests, identify duplicate or conflicting transaction records, and support payment-dispute evidence preparation. These tools help secure the Website and maintain reliable records. They do not replace your ability to contact us about an account, access or payment issue.

16. Children and Young Users

Blue Training is intended for workers and learners preparing for industry study pathways. If you are under 18, you should use the Website only with permission from a parent or guardian. If we become aware that we have collected personal information from a child in a manner that is not appropriate for the Website, we may take reasonable steps to delete, de-identify or restrict that information, subject to any legal, safety, payment, dispute or security need to retain it.

17. Data Incidents

If we become aware of a data incident involving personal information, we will assess the incident and take steps we consider reasonable in the circumstances. Where applicable law requires notification to affected individuals, regulators or other parties, we will make such notifications in accordance with those requirements.

18. Complaints and Contact

If you have a privacy question, access request, correction request, deletion request or complaint, contact us at support@bluetraining.com.au. Please include enough detail for us to understand your request, identify the relevant account or transaction, and verify that you are authorised to receive the information requested.

We will aim to respond within a reasonable period. If you are not satisfied with our response and the Privacy Act applies, you may contact the Office of the Australian Information Commissioner.

19. Changes to This Policy

We may update this Privacy Policy as the Website, payment flow, evidence-log system, legal requirements, provider arrangements or business practices change. The current version will be published on this page with its effective date. Your continued use of the Website after a revised Policy is published indicates that you have had an opportunity to review the revised Policy.