The School is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 (Privacy Act). In relation to health records, the School is also bound by the New South Wales Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (Health Records Act).
Laws governing or relating to the operation of schools require that certain information is to be collected or disclosed. These include relevant Education Acts and Public Health and Child Protection laws.
What kinds of personal information does the School collect and how does the School collect it?
Information, including health and other sensitive information, about:
students and parents and/or guardians (‘parents’) before, during and after the course of a student’s enrolment at the School, including:
- name, contact details (including next of kin), date of birth, gender, language, background, previous school and religion
- parents’ education, occupation and language background
- medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors)
- conduct and complaint records, or other behaviour notes, and school reports
- information about referrals to government welfare agencies
- counselling reports
- health fund details and Medicare number
- any court orders
- volunteering information; and
- photos and videos at School events
job applicants, staff members, volunteers and contractors, including:
- name, contact details (including next of kin), date of birth, and religion
- information on job application
- professional development history
- salary and payment information, including superannuation details
- medical information (e.g. details of disability and/or allergies, and medical certificates)
- complaint records and investigation reports
- leave details
- photos and videos at School events
- workplace surveillance information
- work emails and private emails (when using work email address) and Internet browsing history
- other people who come into contact with the School, including name and contact details and any other information necessary for the particular contact with the School.
Personal information you provide
The School will generally collect personal information held about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and students provide personal information.
Personal information provided by other people
In some circumstances the School may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school. The School may request medical reports about students from time to time.
Exception in relation to employee records
How will the School use the personal information you provide?
The School will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
Students and parents: In relation to personal information of students and parents, the School’s primary purpose of collection is to enable the School to provide schooling to the students enrolled at the School, exercise its duty of care, and perform necessary associated administrative activities, which will enable students to take part in all the activities of the School. This includes satisfying the needs of parents, the needs of the student and the needs of the School throughout the whole period the student is enrolled at the School. Some of the information the School collects is to satisfy the School’s legal obligations, particularly to enable the School to discharge its duty of care.
The purposes for which the School uses personal information of students and parents include:
- to keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines
- day-to-day administration of the School
- looking after students’ educational, social and medical wellbeing
- seeking donations and marketing for the School; and
- to satisfy the School’s legal obligations and allow the School to discharge its duty of care.
In some cases where the School requests personal information about a student or parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
Job applicants, staff members and contractors
In relation to personal information of job applicants, staff members and contractors, the School’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the School uses personal information of job applicants, staff members and contractors include:
- in administering the individual’s employment or contract, as the case may be
- for insurance purposes
- seeking donations and marketing for the School
- to satisfy the School’s legal obligations, for example, in relation to child protection legislation.
The School also obtains personal information about volunteers who assist the School in its functions or conduct associated activities, such as the Ex-Students’ Union, to enable the School and the volunteers to work together.
Marketing and fundraising
The School treats marketing and seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to provide a quality learning environment in which both students and staff thrive. Personal information held by the School may be disclosed to organisations that assist in the School’s marketing and fundraising, for example, the Parents & Friends Committee or Ex-students’ Union or, on occasions, external fundraising organisations.
Parents, staff, contractors and other members of the wider School community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
Parents/guardians give permission for photographs and videos of the student to be placed in the School’s records; displayed from time to time around the School; and published in School publications, on its website, on its social media feeds, and in other marketing and promotional material, unless the Principal has been advised or is advised in writing that the parents/guardians do not give this permission.
Who might the School disclose personal information to and store your information with?
The School may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes (or may permit the information to be directly collected by third parties). This may include to:
- other schools and teachers at those schools
- government departments
- medical practitioners
- people providing educational, support and health services to the School, including specialist visiting teachers, sports coaches, volunteers, and providers of learning and assessment tools
- assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN)
- people providing administrative and financial services to the School, including fundraising and marketing services
- recipients of School publications, such as newsletters and magazines
- students’ parents or guardians
- anyone you authorise the School to disclose information to; and
- anyone to whom we are required to disclose the information to by law.
Sending and storing information overseas
The School may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the School will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual (in some cases this consent will be implied); or
• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The School may use online or ‘cloud’ service providers to store personal information (and sensitive information) and to provide services to the School that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s servers which may be situated outside Australia.**
An example of such a cloud service provider is Google. Google provides the ‘Google Apps for Education’ (GAFE) including Gmail, and stores and processes limited personal information for this purpose. School personnel and Loreto and its service providers may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering GAFE and ensuring its proper use.
The School, as part of its Disaster Recovery system, synchronises its data, including personal information, to a Disaster Recovery site with strict conditions that the data remains in Australia.
The School has made reasonable efforts to be satisfied about the protection of any personal information that may be collected, stored or processed outside Australia.
How does the School treat sensitive information?
In referring to ‘sensitive information’, the School means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The School’s staff are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.
The School has in place steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
Access and correction of personal information
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which the School holds about them and to advise the School of any perceived inaccuracy. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.
There are some exceptions to these rights set out in the applicable legislation.
To make a request to access or update any personal information the School holds about you or your child, please contact the Principal in writing. The School may require you to verify your identity and specify what information you require. The School may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested.
If the information sought is extensive, the School will advise the likely cost in advance.
There will be occasions when access is denied. Such occasions would include where access would have an unreasonable impact on the privacy of others, where access may result in a breach of the School’s duty of care to the student, or where students have provided information in confidence. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
Consent and rights of access to the personal information of students
The School respects every parent’s right to make decisions concerning their child’s education.
Generally, the School will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. The School will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.
As mentioned above, parents may seek access to personal information held by the School about them or their child by contacting by telephone or in writing the Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the student.
The School may, at its discretion, on the request of a student grant that student access to information held by the School about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.
Enquiries and complaints
If you would like further information about the way the School manages the personal information it holds, or wish to complain that you believe that the School has breached the Australian Privacy Principles please contact the Principal by telephone or in writing. The School will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.
Anna Dickinson (Mrs)
Updated: May 2018