Privacy Policy

Purpose

This Privacy Policy sets out how the School manages personal information and individuals’ rights in relation to their personal information, including how to complain and how we deal with complaints. The School is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 (Privacy Act).

Under the Privacy Act the Australian Privacy Principles do not apply to certain treatment of an employee record. As a result, this Privacy Policy does not apply to the School’s treatment of an employee record held by the School, where the treatment is directly related to a current or former employment relationship between the School and the employee.

The School may review and update this Privacy Policy to take account of new laws and technology, changes to the School’s operations and practices and to make sure it remains appropriate to the changing school environment. The current version of this Privacy Policy is published on our website.

Kinds of personal information we collect

The types of information the School collects includes (but is not limited to) personal information, including health and other sensitive information, about:

Students and parents and/or guardians 

(‘Parents’) before, during and after the course of a student’s enrolment at the School, including:

• name, contact details (including next of kin), date of birth, gender, language background, previous school
• parents’ education, occupation, languages spoken at home, nationalities and country of birth
• health information (e.g., details of disability and/or allergies, dietary requirements, absence notes, immunisation details, medical reports and names of doctors)
• previous school reports and references
• results of assignments, tests and examinations
• behaviour notes
• school progress reports
• information about referrals to government welfare agencies
• counselling and other wellbeing notes
• health fund details and Medicare number
• Family Court orders
• photos and videos at School and School events

Job applicants, volunteers and contractors, 

including:

• name, contact details (including next of kin), date of birth, and religion
• Working with Children Check details
• insurance details (contractors)
• information provided on job application
• professional development history
• salary and payment information, including superannuation details
• health information (e.g., details of disability and/or allergies, and medical certificates)
• complaint records and investigation reports
• leave details
• photos and videos at School and School events

Other people who come into contact with the School, 

including name and contact details and any other information necessary for entrance into the School.

How we collect personal information

Personal information provided by an individual: The School generally collects personal information about an individual directly from the individual (or their Parent in the case of students). This includes by way of forms, face-to-face meetings and interviews, emails and telephone calls.

Personal information provided by other people: 

In some circumstances the School may be provided with personal information about an individual from a third party, for example a report provided by a medical professional, a reference from another school or a referee for a job applicant. If a student transfers to a new school, the new school may collect personal information about the student from the student’s previous school to facilitate the transfer of the student.

Personal information from other sources 

We may also collect personal information through social media or internet searches, particularly for Child Protection and employment history verification purposes. Student emails or search history could also be monitored on school devices.

Purposes for which we collect, use and disclose personal information

The purposes for which the School collects, uses and discloses personal information depend on our relationship with interest holders and include the following:

Students and Parents:

• providing schooling and school activities
• satisfying the needs of Parents, the needs of students and the needs of the School throughout the whole period a student is enrolled at the School
• making required reports to government authorities, including census and attendance data
• keeping Parents informed about matters related to their child’s schooling, through correspondence, apps, newsletters etc.
• day-to-day administration of the School
• looking after students’ educational, social and health wellbeing
• to satisfy the School’s legal obligations and allow the School to discharge its duty of care

Volunteers:

• to contact an individual about, and administer, the volunteer position
• for insurance purposes
• satisfying the School’s legal obligations, for example, in relation to child protection legislation

Job applicants and contractors:

• assessing and (if successful) engaging the applicant or contractor
• administering the individual’s employment or contract
• for insurance purposes
• satisfying the School’s legal obligations, for example, in relation to child protection legislation.]

Who we disclose personal information to

The School may disclose personal information, including sensitive information, for educational, care and administrative purposes, and to seek support and advice. This may include to:

• other schools and teachers at those schools, including a new school to which a student transfers to facilitate the transfer of the student
• government departments (including for policy and funding purposes)
• medical practitioners
• people providing educational, support and health services to the School, including specialist visiting teachers, [sports] coaches, volunteers, and counsellors
• providers of specialist advisory services and assistance to the School, including in the area of Human Resources, child protection, students with additional needs and for the purpose of administering school software (such as Compass and Toddle) and ensuring its proper use (see further the section below ‘Sending and storing information overseas)
• providers of learning and assessment tools
• assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN), and the International Baccalaureate Organisation
• agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes
• people providing administrative and financial services to the School
• Compass and Toddle: the providers of our information management and storage system and other information technology services
• recipients of School publications, such as newsletters and the yearbook
• the Parent’s Association for social purposes and voluntary donation invoicing (permission sought at enrolment).
• anyone you authorise the School to disclose information to
• anyone to whom we are required or authorised to disclose the information to by law, including child protection laws.

How we store personal information

The school stores your personal information electronically and some in hard copy. We use information management and storage systems provided by third party service providers. Personal information is stored with and accessible by the third party service providers for the purpose of providing services to the School in connection with the systems. The School may use online or ‘cloud’ service providers to store personal information and to provide services to the School that involve the use of personal information.

Personal information may be printed for purposes such as taking students on excursions and trips, including such details as medical and dietary requirements and parent contact details. These details will remain in the care of the relevant teacher(s) at all times and will be securely disposed of in the lockable bin in the reception photocopy room upon return to school.

Potentially life-saving information, such as medical details for students with epilepsy or anaphylaxis, will be printed and accessible to all staff. These details will be kept at various points around the school, including the staff lounge, library, primary office and the staff office at the gymnasium. These details will not be kept locked, in case of emergency.

Sending and storing information overseas

The School may disclose personal information about an individual to overseas recipients in certain circumstances, for instance, to facilitate a school exchange. The School may use online or ‘cloud’ service providers to store personal information and to provide services to the School that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services and provide technical support. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s server which may be situated outside Australia. These services have high security ratings and are necessary for the daily work of the school.

An example of such a cloud service provider is Microsoft 365. Microsoft provides email, One Note and other programs, and stores and processes limited personal information for this purpose. School personnel and its service providers may have the ability to access, monitor, use or disclose emails, communications (e.g., instant messaging), documents and associated administrative data for the purposes of administering Microsoft software and ensuring its proper use. Where possible, access to these systems by staff is based on single sign on, through Microsoft. This adds security as we have two step verification on our Microsoft accounts.

Security of personal information

The School has in place steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records, password access rights and two-step verification for computerised records.

These steps include:

• Restricting access to information on the School databases on a need to know basis with different levels of security being allocated to staff based on their roles and responsibilities.
• Ensuring all staff are aware that they are not to reveal or share personal passwords.
• Implementing ICT security systems, policies and procedures designed to protect

personal information storage on our computer networks.

• Implementing human resources policies and procedures, such data handling and conduct policies, designed to ensure that staff follow correct protocols when handling personal information.
• Undertaking due diligence with respect to third party service providers who may have

access to personal information, including cloud service providers, to ensure as far as

practicable that they are compliant with the Australian Privacy Principles or a similar

privacy regime.

Access and correction of personal information

Under the Commonwealth Privacy Act an individual has the right to seek access to, and/or correction of, any personal information which the School holds about them. Students will generally be able to access and update their personal information through their Parents, but older students may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.

Parents have access to family information on Compass and can update their own and their child’s demographical information there.

To make a request to access, update or correct any other personal information the School holds about you, please contact the relevant Head of School or Principal. The School may require you to verify your identity and specify what information you require. The School may charge a reasonable fee for giving access to your personal information (but will not charge for the making of the request or to correct your personal information). If the information sought is extensive, the School will advise the likely cost in advance.

If we decide to refuse your request, we will provide you with written notice explaining the reasons for refusal (unless, in light of the grounds for refusing, it would be unreasonable to provide reasons) and how to complain.

Consent and rights of access to the personal information of students

The School respects every Parent/Guardian’s right to make decisions concerning their child’s education.

Generally, the School will refer any requests for consent and notices in relation to the personal information of a student to the student’s Parent/Guardian. Generally, the School will treat consent given by Parent/Guardian as consent given on behalf of the student and notice to Parent/Guardian will act as notice given to the student.

Parents/Guardians may seek access to personal information held by the School about them or their child by contacting the Head of School or Principal by telephone or in writing (details in the section above ‘Access and correction of personal information’). However, there may be occasions when access is denied. Such occasions may include (but are not limited to) where the School believes the student has capacity to consent and the School is not permitted to disclose the information to the Parent/Guardian without the student’s consent, where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the student.

The School may, at its discretion, on the request of a student grant that student access to information held by the School about them, or allow a student to give or withhold consent to the use of their personal information, independently of their Parent/Guardian. This would normally be done only when the maturity of the student and/or the student’s personal circumstances warrant it.

Enquiries and complaints

If you would like further information about the way the School manages the personal information it holds, or wish to complain that you believe that the School has breached the Australian Privacy Principles please contact the Principal by email, post or telephone. The School will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.

If you are not satisfied with our response, you may complain to the Office of the Australian

Information Commissioner (OAIC) via the OAIC website, www.oaic.gov.au.