Privacy Policy

Metro Trains Australia Pty Ltd trading as More Than Assurance (MTA, “we”, “our” or “us”) ACN 614 061 960, is committed to protecting the privacy of individuals.

The protection of personal information in the private sector is required by the Privacy Act 1988 (Cth) and, where applicable, State and Territory privacy laws (collectively the “Privacy Laws“) and we are bound to comply with these Privacy Laws as they apply to our business. All of our employees and officers are expected to comply with the Privacy Laws and our policies and procedures concerning the protection of personal information.

As used in this policy, the following definitions apply:

  • “GCH Participant” means TfNSW, including government transport agencies and their contractors;
  • “Grey Card Training Partner” means a training partner delivering the TfNSW Concrete Grey Card training;
  • “GCH” means a TfNSW Concrete Grey Card Holder;
  • “Personal Information” means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or who is reasonably identifiable;
  • “Permission Access Agreement” means the Concrete Grey Card Permission Access Agreement, the terms of which can be viewed here:; and
  • TfNSW” means Transport for New South Wales.

This policy deals with our management of personal information for the purposes of the TfNSW Concrete Grey Card Training Program.  The TfNSW Concrete Grey Card Training Program provides digital training records  for workers in NSW performing works and services in relation to bridges and structures and rigid pavements. It is operated by MTA.

This policy is based on the following principles:

  • Privacy of Personal Information is of paramount importance to us;
  • We will only use your Personal Information for purposes for which it was collected as set out in this policy; and
  • Your Personal Information will not be disclosed, other than in accordance with this policy without your permission or in accordance with the Privacy Laws.

What Personal Information do we collect?

For the TfNSW Concrete Grey Card Training Program we may collect your name, gender, date of birth, address, contact details, training information (including your universal student identifier) and other personal information as required for the TfNSW Concrete Grey Card Training Program.

How do we collect Personal Information?

MTA will collect information for the TfNSW Concrete Grey Card Training Program when it is entered onto the Grey Card System by a Grey Card Training Partner or by one of MTA’s Concrete Grey Card Service Desk team members. 

If you provide us with the Personal Information of another person, including a worker or contractor you have registered on the Grey Card System, we rely on you to inform that person and obtain their consent for the disclosure by you to us of their Personal Information.

Before creating an account for a new GCH on the Grey Card System, each authorised user of the Grey Card System must ensure that the GCH has accepted the terms of a Permission Access Agreement  prescribed by MTA.  The Permission Access Agreement sets out further detail about the operation of the TfNSW Concrete Grey Card Training Program. 

Why do we collect and how do we use Personal Information

We collect and use Personal Information in order to manage and provide services in relation to the TfNSW Concrete Grey Card Training Program. These purposes are set out in more detail in the Permission Access Agreement.

We will only disclose Personal Information that we collect for the TfNSW Concrete Grey Card Training Program to:

  • GCH Participants may access the Grey Card System to check and update GCHs details;
  • Our contractors, agents and advisors helping us to manage and provide services in relation to the TfNSW Concrete Grey Card Training Program;
  • Other entities as required or permitted by law, including rail safety, work/occupational health and safety and other relevant laws and to comply with workforce participation and diversity reporting requirements;
  • Other entities that are used by GCH Participants to verify competencies for pre-qualification of suppliers and workforce management.

If you have a Rail Industry Worker (RIW) Card and you elect to do so, your information stored on the Grey Card System may also be uploaded and stored on the RIW System.  The RIW System is governed by MTA’s Privacy Policy for the RIW Program (a copy of which is available

Personal Information will only be disclosed to these entities to the extent that those entities are entitled to access that information under the TfNSW Concrete Grey Card Training Program.  Such Personal Information may be shared directly through the Grey Card System or by another technical method, such as via a Secure File Transfer Protocol or via an API link that integrates with the Grey Card System or the RIW System.

Retention and Disposal of Information

We only keep Personal Information in accordance with this Privacy Policy. We will destroy such information or de-identify that information once sufficient time has elapsed to be certain that the information will no longer be required for those purposes for which it may be used under this Policy.  We have in place data retention policies that govern the period of time we will retain personal information, and when that information may be destroyed or de-identified.

Sending Personal Information Overseas

We may disclose your Personal Information to third party service providers overseas, including in the UK and some other countries (for limited support purposes) where they are not subject to similar laws to the Privacy Laws that apply in Australia. However, where your Personal Information is disclosed to our third party service providers who are located overseas, we will also take reasonable steps to ensure that the Personal Information is handled by the overseas recipient in accordance with the Privacy Laws and our instructions for the purposes described above. By providing MTA with your Personal Information or by being a user of or applicant for the TfNSW Concrete Grey Card Training Program you consent to this disclosure of your Personal Information.

Email Security

Any email you send to us and information you submit through our websites may be scanned for IT security purposes.

Grey Card Website

When visiting the web site for the TfNSW Concrete Grey Card Training Program, the site server makes a record of the visit and logs the following information for statistical and administrative purposes:

  • The user’s I.P. address – to consider the users who use the site regularly and tailor the site to their interests and requirements;
  • The date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;
  • Pages accessed and documents downloaded – this indicates to MTA which pages or documents are most important to users and also helps identify important information that may be difficult to find;
  • Duration of the visit – this indicates to us how interesting and informative the site is to our customers;
  • The type of browser used – this is important for browser specific coding;
  • In order to optimize the web site and better understand it’s usage, we collect the visiting domain name or IP address, Computer Operating System, Browser Type and Screen Resolution;
  • For authorised users of the Grey Card System accessing and using the Grey Card System by means of a login and password, all data access and data update activities are logged for audit purposes.

A cookie is a piece of information that an internet web site sends to your browser when you access information at that site. Cookies are either session cookies or persistent cookies. Upon closing your browser the session cookie set by this web site is destroyed and no Personal Information is maintained which might identify you should you visit our web site at a later date.  Persistent cookies may be retained across different browser sessions for this web site.

Security of Information

You should be aware that the internet is not a secure environment and information sent via the internet (including via email) may be intercepted by a third party. We use reasonable efforts to ensure that any Personal Information collected by us is held securely.

We strive to ensure the security, integrity and privacy of information we collect. MTA has established reasonable security measures to protect your Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure in contravention of this Policy. Our employees, contractors, agents and service providers who provide services related to our information systems, are obliged to respect the confidentiality of any Personal Information held by us. We review and update our security measures in light of current technologies.

You can access and update your Personal Information

Subject to certain exemptions provided for under the Privacy Laws, you have a right to access Personal Information we hold about you. We will also take reasonable steps to keep accurate and up to date Personal Information which we hold about you. If you believe that the Personal Information we hold about you is inaccurate, incomplete, out of date or no longer relevant please notify us via the contact details set out below.

If you would like to seek access to Personal Information that MTA may have about you or update that information then please contact the MTA Concrete Grey Card Service Desk in the first instance or write to MTA’s Privacy Officer via the details set out below.

Questions and complaints

MTA is committed to providing its customers with a fair and responsible system for the handling and resolution of privacy related complaints. If you have any questions about this Policy or believe that we have at any time failed to keep one of our commitments to you to handle your Personal Information in the manner required by the Privacy Laws, then we ask that you contact us immediately in writing using the contact details provided below.

We will respond and advise whether we agree with your complaint or not.  If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner by:

Phone: 1300 363 992 (local call cost, but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749

TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls)

TIS: Translating and Interpreting Service: 1 31 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner)

Post: GPO Box 2999 Canberra ACT 2601

Fax: +61 2 9284 9666


Changes to this Privacy Policy

This statement sets out our current Privacy Policy for the TfNSW Concrete Grey Card Training Program. This policy may change from time to time. The current version of the policy is available from The current version of our Privacy Policy replaces all previous versions of the policy.


Contact Us for Further Information regarding our Privacy Policy

If you require further information about how we handle Personal Information or any privacy issues please contact our office on (03) 9610 2400 or write to our Privacy Officer at the address below.

Our Contact Details:

Catherine Speers
Privacy Officer
Metro Trains Australia Pty Ltd
GPO Box 1880
Melbourne VIC 3001

Raymond O’Flaherty
Chief Executive Officer


Version 1 – March 2024