Marian College Sunshine West
The School is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988. In relation to health records, the School is also bound by the Health Records Act 2001 (Vic.).
This policy also describes:
- who we collect information from;
- the types of personal information collected and held by us;
- how this information is collected and held;
- the purposes for which your personal information is collected, held, used and disclosed;
- how you can gain access to your personal information and seek its correction;
- how you may complain or inquire about our collection, handling, use or disclosure of your personal information and how that complaint or inquiry will be handled; and whether we are likely to disclose your personal information to any overseas recipients.
Who Do We Collect Personal Information From?
The type of information the School collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:
- pupils and parents and/or guardians ('Parents') before, during and after the course of a pupil's enrolment at the School;
- job applicants, staff members, volunteers and contractors; and
- other people who come into contact with the School.
What kinds of personal information does the School collect and how does the School collect it?
The kinds of personal information we collect is largely dependent upon whose information we are collecting and why we are collecting it, however in general terms the school may collect:
- Personal Information including names, addresses and other contact details; dates of birth; next of kin details; financial information, photographic images and attendance records.
- Sensitive Information (particularly in relation to student and parent records) including religious beliefs, government identifiers, nationality, country of birth, languages spoken at home, professional or union memberships, family court orders and criminal records.
- Health Information (particularly in relation to student and parent records) including medical records, disabilities, immunisation details, individual health care plans, counselling reports, nutrition and dietary requirements.
How do we collect your personal information?
Personal Information you provide: The School will generally collect personal information held about an individual by way of forms filled out by Parents or pupils, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Parents and pupils provide personal information.
Personal Information provided by other people: In some circumstances the School may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
How will the School use the personal information you provide?
The School will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
Pupils and Parents: In relation to personal information of pupils and Parents, the School's primary purpose of collection is to enable the School to provide schooling for the pupil.
This includes satisfying the needs of Parents, the needs of the pupil and the needs of the School throughout the whole period the pupil is enrolled at the School.
The purposes for which the School uses personal information of pupils and Parents include:
- to keep Parents informed about matters related to their child's schooling, through correspondence, newsletters and magazines;
- day-to-day administration of the School;
- looking after pupils' educational, social and medical wellbeing;
- seeking donations and marketing for the School; and
- to satisfy the School's legal obligations and allow the School to discharge its duty of care.
In some cases where the School requests personal information about a pupil or Parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the pupil or permit the pupil to take part in a particular activity.
Job applicants, staff members and contractors: In relation to personal information of job applicants, staff members and contractors, the School's primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the School uses personal information of job applicants, staff members and contractors include:
- in administering the individual's employment or contract, as the case may be;
- for insurance purposes;
- seeking donations and marketing for the School; and
- to satisfy the School's legal obligations, for example, in relation to child protection legislation.
Volunteers: The School also obtains personal information about volunteers who assist the School in its functions or conduct associated activities, such as [alumni associations], to enable the School and the volunteers to work together.
Marketing and fundraising: The School treats marketing and seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to provide a quality learning environment in which both pupils and staff thrive. Personal information held by the School may be disclosed to organisations that assist in the School's fundraising, for example, the School's Foundation or alumni organisation (or, on occasions, external fundraising organisations).
Parents, staff, contractors and other members of the wider School community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
How does the School treat sensitive information?
In referring to 'sensitive information', the School means: information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
We only collect sensitive information reasonably necessary for one or more of the above functions or activities, if we have the consent of the individuals to whom the sensitive information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety, or another permitted general situation (such as locating a missing person) or permitted health situation (such as the collection of health information to provide a health service) exists.
If we do not have the relevant consent and a permitted health situation or permitted general situation does not exist, then we may still collect sensitive information provided it relates solely to individuals who have regular contact with the school in connection with our activities. These individuals may include students, parents, volunteers, former students and other individuals with whom the school has regular contact in relation to our activities.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
We will only use or disclose sensitive information for a secondary purpose if you would reasonably expect us to use or disclose the information and the secondary purpose is directly related to the primary purpose.
When we disclose personal information
We only use personal information for the purposes for which it was given to us, or for purposes which are related (or directly related in the case of sensitive information) to one or more of our functions or activities. We may disclose personal information, including sensitive information, held about an individual to:
- another school;
- government departments;
- medical practitioners;
- • people providing services to the School, including specialist visiting teachers, counsellors and sports coaches, Catholic Education Melbourne (CEM), the Catholic Education Commission and other dioceses;
- recipients of School publications, such as newsletters and magazines;
- anyone you authorise the School to disclose information to; and
- anyone to whom we are required or authorised to disclose the information to by law.
We may disclose personal information, including sensitive information, held about an individual only if one or more of the following apply:
- you have consented;
- you would reasonably expect us to use or disclose your personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- where another permitted general situation or permitted health situation exception applies;
- disclosure is reasonably necessary for a law enforcement related activity.
Storage, Management and Security of Personal Information
The School's staff are required to respect the confidentiality of pupils' and Parents' personal information and the privacy of individuals.
The security of your personal information is of importance to us and we take all reasonable steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
These steps include:
- Restricting access to information on the school databases on a need to know basis with different levels of security being allocated to staff based on their roles and responsibilities and security profile.
- Ensuring all staff are aware that they are not to reveal or share personal passwords.
- Ensuring where sensitive and health information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
- Implementing physical security measures around the school buildings and grounds to prevent break-ins.
- Implementing ICT security systems, policies and procedures, designed to protect personal information storage on our computer networks.
- Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
- Undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.
Personal information we hold that is no longer needed is destroyed in a secure manner, deleted or de-identified as appropriate.
Our website may contain links to other websites. We do not share your personal information with those websites and we are not responsible for their privacy practices. Please check their privacy policies.
Computers: The School’s computer systems and networks are monitored to ensure integrity of the system and compliance with the Use of Communication Technologies Procedure. Personal information may be collected in this process, and will be treated in accordance with the other components of this Privacy procedure.
CCTV: There are CCTV cameras installed at the gated entrances to the School (signs are present where this is the case), and at other designated positions, for the purpose of monitoring the safety of the property and members of the school community. Personal information may be collected about you via this technology.
How we ensure the quality of your personal information
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up to date. These steps include ensuring that the personal information is accurate, complete and up to date at the time of collection and when using or disclosing the personal information. On an ongoing basis we maintain and update personal information when we are advised by individuals or when we become aware through other means that their personal information has changed.
Please contact us if any of the details you have provided change. You should also contact us if you believe that the information we have about you is not accurate, complete or up to date.
Access and correction of personal information
Under the Commonwealth Privacy Act and Health Records Act 2001 (Vic), an individual has the right to obtain access to any personal information which the School holds about them and to advise the School of any perceived inaccuracy. Pupils will generally be able to access and update their personal information through their Parents, but older pupils may seek access and correction themselves.
There are some exceptions to these rights set out in the applicable legislation.
To make a request to access or update any personal information the School holds about you or your child, please contact the Co-Principals, Rita Grima and Raymond Pisani, in writing. The School may require you to verify your identity and specify what information you require. The School may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the School will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
Consent and rights of access to the personal information of pupils
The School respects every Parent's right to make decisions concerning their child's education.
Generally, the School will refer any requests for consent and notices in relation to the personal information of a pupil to the pupil's Parents. The School will treat consent given by Parents as consent given on behalf of the pupil, and notice to Parents will act as notice given to the pupil.
As mentioned above, parents may seek access to personal information held by the School about them or their child by contacting the Co-Principals. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School's duty of care to the pupil.
The School may, at its discretion, on the request of a pupil grant that pupil access to information held by the School about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the pupil and/or the pupil's personal circumstances so warranted.
Disclosure of personal information to overseas recipients
We may disclose personal information about an individual to overseas recipients in certain circumstances, such as when we are organising an overseas excursion, facilitating a student exchange, or storing information with a “cloud service provider” which stores data outside of Australia. We will however take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless:
- We have the individual’s consent (which may be implied); or
- We have satisfied ourselves that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy regime; or
- We form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- We are taking appropriate action in relation to suspected unlawful activity or serious misconduct
Enquiries and complaints
If you wish to make a complaint about a breach by us of the Australian Privacy Principles you may do so by providing your written complaint by email, letter, facsimile or by personal delivery to any one of our contact details as noted below. You may also make a complaint verbally.
We will respond to your complaint within a reasonable time (usually no longer than 30 days) and we may seek further information from you in order to provide a full and complete response.
Your complaint may also be taken to the Office of the Australian Information Commissioner.
How to Contact Us
You can contact us about this Policy or about your personal information by:
- Emailing firstname.lastname@example.org
- Calling 9363 1711
- Writing to our Privacy Officer, Donna Rampova, at email@example.com.
If practical, you can contact us anonymously (i.e. without identifying yourself) or by using a pseudonym. However, if you choose not to identify yourself, we may not be able to give you the information or provide the assistance you might otherwise receive if it is not practical to do so.
Changes to our privacy and information handling practices
Date: July 2017
To be reviewed: July 2018