Scope and Application: This policy applies to all employees of Providence Christian College. This policy will be reviewed and amended as required.
Related Legislation/Guidelines: Australian Privacy Principles contained in the Privacy Act (1988), the Privacy Amendment (Enhancing Privacy Protection) Act (2012), and the Privacy Amendment (Notifiable Data Breaches) Act 2017.
- Providence Christian College respects the right to privacy of individuals and the need to protect their confidential information.
- The College is committed to acting in accordance with the Australian Privacy Principles (APP) contained in the Privacy Act 1988 (Commonwealth) and with this policy.
- The College respects each parent/guardian’s right to make decisions concerning their child’s education.
- This policy sets out the terms on which the College will collect, store, use and release personal information regarding its students, parents, guardians and third parties.
- This policy will apply to all information collected by the College about students or their parents and guardians before, during and after their enrolment at the College unless otherwise stated.
- The College reserves its right to review and update this policy as required to take into account new laws, technologies and the College’s operations and activities.
Types of Personal Information Collected
The College collects personal information (including health information and sensitive information) as defined in the Privacy Act 1988 about –
- Students, parents and guardians, before and during the course of a student’s enrolment at the College, which includes but is not limited to:
- i) Name, contact details (including next of kin), date of birth, gender, language background, previous school and religion;
- ii) Parents’ education, occupation and language background;
iii) Medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors);
- iv) Results of assignments, tests and examinations;
- v) Conduct and complaint records, or other behaviour notes, and school reports;
- vi) Information about referrals to government welfare agencies;
vii) Counselling reports;
viii) Health fund details and Medicare number (including reference number);
- ix) Any court orders;
- x) Volunteering information; and
- xi) Photos and videos at School events.
- Job applicants, staff members, volunteers and contractors, including but not limited to:
- Name, contact details (including next of kin), date of birth and religion;
- Information on job application;
- Professional development history;
- Salary and payment information, including superannuation details;
- Medical information;
- Complaint records and investigation reports;
- Leave details;
- Photos and videos at College events;
- Workplace surveillance information;
- Use of work email address information and browsing history.
- Other people who come into contact with the College, including name and contact details and any other information necessary for the particular contact with the College.
Collection and Use of Personal Information
- The primary purpose of collecting this information is to enable the College to provide for the students’ educational, social, spiritual, mental and physical well-being and development, and perform necessary associated administrative activities which will enable students to take part in all activities of the College.
The College may also collect, use, disclose and retain personal information about students and their parents and guardians for the following purposes:
1.1 Keeping parents and guardians informed about their child’s education and educational activities through correspondence, newsletters, and on the College’s website;
1.2 Day to day administration of the College;
1.3 Marketing and promotion of the College to prospective students and their parents and guardians;
1.4 Fundraising for the College;
1.5 Developing and maintaining a student alumni.
- Some of the information collected is to satisfy the College’s legal obligations, particularly to enable the College to discharge its duty of care to students and staff. The Education Act and other Commonwealth and State Government statutory authorities governing or relating to the operation of schools require that certain information is collected. Some information is required to be passed on to these authorities.
- Sensitive Information within the terms of the Privacy Act is a type of personal information that is given extra protection and must be treated with additional care. It includes any information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record. It also includes health information and biometric information.
Sensitive information will be used and disclosed only for the purposes for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
- In relation to personal information of job applicants and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant or contractor, as the case may be. The purposes for which the College uses personal information of job applicants and contractors include:
- Administering the individual’s employment or contract, as the case may be;
- For insurance purposes;
- Seeking donations and marketing for the College; and
- Satisfying the College’s legal obligations, for example, in relation to child protection legislation.
The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as the canteen, excursions, specialist coaching etc.
- The College treats marketing and fundraising for the current development and future growth of the College as an important aspect of College life in which both students and staff thrive. Personal information held by the College may be disclosed to organisations that assist in the College’s fundraising. Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications which include personal information may be used for marketing purposes.
- Personal information collected is stored in and managed by systems provided by third party providers. Information so stored is accessible by these service providers solely for the purpose of providing the necessary services in connection with these systems as required and mandated by the College.
Disclosure and security of collected information
On occasion, personal information (including sensitive information) held by the College may be disclosed for educational, administrative and support purposes. This may include to:
- i) Students’ parents or guardians;
- ii) Recipients of College publications;
iii) Agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes;
- iv) Assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities;
- v) Providers of learning and assessment tools;
- vi) Other schools and teachers at those schools;
vii) Medical practitioners;
viii) People providing educational and/or health services to the College, including specialist visiting teachers, coaches, volunteers and counsellors;
- ix) Government departments (including for funding and policy purposes);
- x) Providers of specialist advisory services and assistance to the College, including in the area of Human Resources, child protection and students with additional needs;
- xi) Anyone you authorise the College to disclose information to; and
xii) Anyone as required by law, especially child protection laws.
Parental contact details are made available to Providence Christian College staff as required, and may be included in class lists and the College’s directory. .
The College will not disclose personal information about current or former students to third parties for marketing purposes of the third party without the person’s consent.
The College has various security measures in place to protect personal information from wrongful disclosure, misuse, loss or unauthorised access, modification and disclosure. These measures include physical security around buildings, locked storage of hard copy files, password access rights to computerised records, as well as rigorous ICT security systems for online security.
Several policies and procedures have been developed to guide our staff, students and other partners in their handling of personal information. These include the Providence Christian College Code of Conduct, online behaviour and communication policies, as well as the acceptable use of information technology systems and devices.
The College will take reasonable steps to destroy personal information when it is no longer required to be held by law or is no longer required by the purposes contemplated by this policy.
The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’, which may reside on a cloud service provider’s servers outside Australia.
Right to Access and to Correct Personal Information
The Privacy Act grants individuals the right to obtain access to personal information held by the College about them, and to advise the College of any perceived inaccuracy. Parents and students who seek access to, or wish to update personal information held by the College, can make the request in writing to the Principal.
The College may require you to verify your identity and to specify what information you require. The College may also charge a fee to cover the cost of verifying your application, and for the locating, retrieving, reviewing and copying of the material requested.
There will be occasions when access may be denied. Such occasions would include where access would have an unreasonable impact on the privacy of others; where access may result in a breach of the College’s duty of care for the student, or where students have provided information in confidence. Reasons for any refusal will be provided in a written format unless the provision of reasons will be unreasonable in light of the grounds for refusal.
The College will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents/guardians. Consent given by a parent/ guardian will be treated as consent given on behalf of the student, and notice to a parent/ guardian will act as notice given to the student. The College may at its discretion, on the request of a student, grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of the parents.
The College will use its reasonable endeavours to ensure that information it collects/or discloses is accurate and up to date. It is the obligation of parents/ guardians of students to provide the College with current and updated information and to notify the College if the personal or contact information of the student, parent, guardian or emergency contact person changes.
Full Fee Paying Overseas Students: Information provided to the College about the student may be made available to State and Commonwealth agencies (Not currently applicable).
A data breach occurs when personal information is lost or subject to unauthorised access, modification, disclosure, or other misuse or interference. For schools, data breaches commonly occur due to internal human errors that result in personal information being inadvertently lost or disclosed to the wrong person.
Notice of a (potential) data breach should immediately be given to the Principal via email to firstname.lastname@example.org. The College will take prompt and appropriate action, including remedial if required. Notification will be provided to any affected individuals as well as the Office of the Australian Information Commissioner (OAIC).
Enquiries and Complaints
Requests for further information about the management of personal information by the College, or complaints about a perceived breach of this policy and/or the Australian Privacy Principles can be made in writing to the Principal via email to email@example.com.
The College will investigate any complaint promptly, according to our Grievances Policies, and notify you of the outcome as soon as practicable.