- 1. Who do we collect personal information from
The School collects personal information about students and parents/guardians before, during and after the course of a student’s enrolment at the School, other members of the School Community, including staff members, contractors, and volunteers and other persons such as job applicants and visitors to the School where it is reasonably necessary for the School’s functions and activities.
Exception in relation to employee records
- 2. Kinds of personal information collected and held
The kinds of information the School collect and hold include, but is not limited to, personal information, including sensitive and health information.
- Personal information includes names, address and contact details, date of birth, emergency contacts, photographic images, attendance records and financial information.
- Sensitive information includes nationality, citizenship/visa status, religion, languages spoken at home, government identifiers, court orders, employment details and school reports.
- Health information includes medical conditions and records, and special needs or learning requirements.
- 3. How personal information is collected and held
Personal information you provide
The School will generally collect and personal information held about a individual from that individual by way of forms, emails and letters submitted by parents/guardians or students, in face to face meetings and interviews, via ‘My Family’ the School’s secure portal, or over the telephone.
Personal information provided by other people
The School may also collect personal information about an individual from other individuals if it is unreasonable or impracticable for the School to collect personal information only from the individual (e.g. a personal reference).
Security of personal information
At all times the School aims to ensure that the personal information provided is kept secure and in the strictest confidence. The School takes reasonable steps to protect the information it holds from misuse, interference, loss, and unauthorised access, modification or disclosure. These including locked storage of paper records, security certificates and extended validation procedures for electronic records.
The School will also take reasonable steps to destroy personal information or ensure it is de-identified if it is no longer needs the information for any purpose for which it may be used or disclosed.
- 4. Purposes for which the School collects, holds, uses and discloses personal information
The School may only solicit and collect personal information that is reasonably necessary for one or more of its functions or activities (known as the ‘primary purpose’) or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.
The School may use and/or disclose personal information for the purpose of providing quality educational services. This will include, but is not limited, to the following:
- in order to deliver and manage the students’ education at the School and satisfy the needs of parents, guardians and students;
- to satisfy the Schools legal obligations, particularly to enable it to effectively discharge duty of care and to comply with other laws relating to the operation of schools;
- to organise parent activities or assist the School societies in contacting you and in organising parent, student and School activities;
- in School reports and other School correspondence such as newsletters and magazines; and/or
- in other School-related activities reasonable for the continued performance of the School’s functions and activities, including the employment of staff, the engagement of volunteers, marketing and fundraising.
In using or disclosing personal information the School can only do so for:
- the primary purpose for which it was collected; or
- a secondary purpose where:
- the person has consented;
- it is reasonably expected by the person and related to the primary purpose of the collection;
- a use or disclosure is required or authorised by or under an Australian law or a court/tribunal order;
- a permitted general situation exists including lessening or preventing a serious threat to life, health or safety;
- a permitted health situation exists; and
- it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The School may disclose personal information, including sensitive information and health information held about a person to:
- parents/guardians and/or School community members;
- Class Representatives and School Associations (such as Parents and Friends, Old Michaelians and Friends of the Arts;
- third parties such as other schools, government departments, medical practitioners, publishers and people providing services to the School, including specialist visiting teachers, sports coaches, the Outdoor Education Group (OEG), volunteers and legal advisors, insurers and auditors in the course of the commercial operations of the School; and
- anyone to whom a person has provided consent for the disclosure of information.
Where possible, the School seeks to be satisfied that these other organisations and people are also privacy compliant.
- 5. Accessing and seeking correction of personal information
The School takes reasonable steps to ensure the personal information it collects and discloses is accurate, up to date, complete, relevant and not misleading.
If you know that information held by the School has changed please contact the School.
For current students and their parents/guardians, important personal and confidential information can be accessed and corrected through the secure online portal ‘My Family’. Otherwise you can contact the School to inform the School of any corrections that may be required.
The School, on written request by an individual, will provide access to that person any personal information held about them, except in limited circumstances where applicable grounds exist.
The School can refuse to give access to information where, but not limited to, the following:
- where giving access would pose a serious threat to the life, health or safety of any individual or to public health or safety;
- where giving access would have an unreasonable impact on the privacy of other individuals;
- where denying access is required or authorised by or under Australian law or a court/tribunal order; or
- a request for access that is frivolous or vexatious.
Where such grounds or other applicable grounds exist, the School will notify the individual and provide the reasons for the decision.
The School may require an individual to verify their identity before providing the information.
- 6. Student information and parent access
The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.
As such, the School takes the view that notifications provided to parents/guardians will act as notifications to the students and consents received from parents/guardians will act as consents given by students.
However, children do have rights under the Privacy Act, and in certain circumstances it will be appropriate to obtain consent directly from the student or to deny access to parents/guardians, information relating to their children as it may breach the School’s duty of care to the student.
- 7. Disclosing personal information to overseas recipients
The School may disclose personal information about a person to an overseas recipient, for example to facilitate a student exchange or when organising an overseas excursion.
The School will not send personal information about a person outside Australia without:
- Obtaining the consent of the person for the disclosure; or
- The School being satisfied the overseas recipient does not breach the Australian Privacy Principles or is subject to a substantially similar law or binding scheme in relation to the information; or
- The School being of the reasonable belief the disclosure will lessen or prevent a serious threat to life, health or safety of any individual.
- 8. Enquiries or Privacy Complaints
The School will investigate all complaints received in writing and provide a response within 30 days of receiving the complaint.
If you are not satisfied with the outcome offered by the School, you may make a complaint to the Office of the Australian Information Officer.