The St Michael’s Grammar School Privacy Policy (‘Privacy Policy’) sets out the handling practices of your personal information by St Michael’s Grammar School (‘the School’).

The School is required to have a Privacy Policy under Australian Privacy Principle 1. The 13 Australian Privacy Principles are contained in the Privacy Act 1988.

The Privacy Policy may be reviewed and updated from time to time to ensure it remains appropriate to the changes in the School’s environment and in line with legislation.

The School collects personal information about students and parents/guardians before, during and after the course of a student’s enrolment at the School, other members of the School Community, including staff members, contractors, and volunteers and other persons such as job applicants and visitors to the School where it is reasonably necessary for the School’s functions and activities.

Exception in relation to employee records

Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the School’s treatment of an employee record, where the record is directly related to a current or former employee of the School.

The kinds of information the School collect and hold include, but is not limited to, personal information, including sensitive and health information.

Personal information you provide

The School will generally collect and personal information held about a individual from that individual by way of forms, emails and letters submitted by parents/guardians or students, in face to face meetings and interviews, via ‘My Family’ the School’s secure portal, or over the telephone.

Personal information provided by other people

The School may also collect personal information about an individual from other individuals if it is unreasonable or impracticable for the School to collect personal information only from the individual (e.g. a personal reference).

Security of personal information

At all times the School aims to ensure that the personal information provided is kept secure and in the strictest confidence. The School takes reasonable steps to protect the information it holds from misuse, interference, loss, and unauthorised access, modification or disclosure. These including locked storage of paper records, security certificates and extended validation procedures for electronic records.

The School will also take reasonable steps to destroy personal information or ensure it is de-identified if it is no longer needs the information for any purpose for which it may be used or disclosed.

The School may only solicit and collect personal information that is reasonably necessary for one or more of its functions or activities (known as the ‘primary purpose’) or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.

The School may use and/or disclose personal information for the purpose of providing quality educational services. This will include, but is not limited, to the following:

In using or disclosing personal information the School can only do so for:

The School may disclose personal information, including sensitive information and health information held about a person to:

Where possible, the School seeks to be satisfied that these other organisations and people are also privacy compliant.

The School takes reasonable steps to ensure the personal information it collects and discloses is accurate, up to date, complete, relevant and not misleading.

If you know that information held by the School has changed please contact the School.

For current students and their parents/guardians, important personal and confidential information can be accessed and corrected through the secure online portal ‘My Family’. Otherwise you can contact the School to inform the School of any corrections that may be required.

The School, on written request by an individual, will provide access to that person any personal information held about them, except in limited circumstances where applicable grounds exist.

The School can refuse to give access to information where, but not limited to, the following:

Where such grounds or other applicable grounds exist, the School will notify the individual and provide the reasons for the decision.

The School may require an individual to verify their identity before providing the information.

The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.

As such, the School takes the view that notifications provided to parents/guardians will act as notifications to the students and consents received from parents/guardians will act as consents given by students.

However, children do have rights under the Privacy Act, and in certain circumstances it will be appropriate to obtain consent directly from the student or to deny access to parents/guardians, information relating to their children as it may breach the School’s duty of care to the student.

The School may disclose personal information about a person to an overseas recipient, for example to facilitate a student exchange or when organising an overseas excursion.

The School will not send personal information about a person outside Australia without:

Should you have any questions in relation to the St Michael’s Grammar School Privacy Policy or wish to make a complaint if you believe the School has breached an Australian Privacy Principle, please contact the Risk and Compliance Manager.

The School will investigate all complaints received in writing and provide a response within 30 days of receiving the complaint.

If you are not satisfied with the outcome offered by the School, you may make a complaint to the Office of the Australian Information Officer.