Efficacy Date: December 2018
Craig Sandwell, Deputy Headmaster – Policy and Strategy
This Policy sets out how Trinity Grammar School (the School) uses and manages Personal Information provided to or collected by it.
This Policy applies to all Staff, Student(s), Parent(s) and/or Volunteer(s) who use and/or access any part of the School’s information and/or records in either digital or hard copy format. This policy should be read in conjunction with the School’s Standard Collection Notice.
The School’s use and management of Personal Information practices comply with State and Federal legislation including, but not limited to, the Privacy Act 1988 (Cth) (and Australian Privacy Principles), Privacy Amendment (Notifiable Data Breaches) Act 2017, Privacy Amendment (Enhancing Privacy Protection) Act 2012 and, Health Records Information Privacy Act 2002 (and Health Privacy Principles). Where applicable, the School will also comply with the European General Data Protection Regulation (GDPR).
DEFINITIONS (for the purpose of this Policy)
|APP(s)||Australian Privacy Principles|
|Includes information about an individual’s or entity’s account
balance(s), credit card number, tax file number, ABN, ACN,
superannuation, bank details, remuneration, and any other related
financial information and/or transactions as required by the School
for business purposes including, but not limited to, information
obtained for employment or enrolment purposes.
|GDPR||European General Data Protection Regulation|
|Health information||Includes information about an individual’s health or disability, and any information collected in relation to any health service provided, including but not limited to, notes of treatment or diagnosis and treatment, dental records, specialist reports, diagnostic reports and test results, appointment and billing details and details of race, sexuality or religion when collected by a health service provider.|
|Health Records Act||Health Records and Information Privacy Act 2002|
|HPP(s)||Health Privacy Principles|
|Parent||Primary caretaker of the Student as identified on the Student’s Birth Certificate or as Ordered by a Court of Law. Eg; Adoption Orders made by the Supreme Court.|
|Personal Information||Encompasses a broad range of information but is defined by the Privacy Act as ‘information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.’|
A sub-set of personal, health and biometric information subject to a higher level of privacy information protection and defined by the Privacy Act as information or an opinion about an individual’s racial
Person engaged by the School as an employee or contractor (including sub-contractors).
Person identified in either an Enrolment Application Form (future student) or Enrolment Acceptance Form (current or former student).
Person(s) assisting School activities on an unpaid basis (not a Staff member).
For the purposes of this Policy ‘Personal Information’ refers to an individual’s personal and/or health and/or sensitive and/or financial information.
1. What kinds of Personal Information does the School collect and how does the School collect it?
1.1 The School collects and holds Personal Information which includes, but is not limited to:
1.1.1 Students and Parents before, during and after the course of a Student’s enrolment at the School:
a. name, contact details (including next of kin), date of birth, gender, language background, previous school and religion;
b. parents’ education, occupation and language background;
c. medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors);
d. bank account and credit card details;
e. conduct and complaint records, or other behaviour notes, and school reports;
f. information about referrals to government welfare agencies;
g. counselling reports;
h. health fund details and Medicare number;
i. any court orders;
j. volunteering information; and
k. photos and videos at School events.
1.1.2 Employment Applicants, Staff and Volunteers:
a. name, contact details (including next of kin), date of birth, and religion;
b. professional development history;
c. salary and payment information, including TFN, superannuation and bank account details;
d. medical information (e.g. details of disability and/or allergies, and medical certificates);
e. complaint records and investigation reports;
f. leave details;
g. photos and videos at School events;
h. workplace surveillance information;
i. work/private emails (when using the School’s ICT Infrastructure and Equipment); and
j. internet browsing history.
1.1.3 any other person who comes into contact with the School, including name and contact details and any other information necessary for the particular contact with the School.
1.1.4 The School will generally (not limited to) collect information held about an individual by way of forms filled out by Students or Parents, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Students and Parents may provide information to the School.
1.1.5 In some circumstances the School may be provided with information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
2. How will the School use the Personal Information you provide?
2.1 The School will use Personal Information it collects for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose, which are reasonably expected and consented to, by the individual providing the Personal Information.
2.1.1 Students and Parents
The School’s primary purpose of collection is to enable the School to provide schooling to each student, exercise its duty of care, and perform necessary associated administrative activities, which will enable the Student to take part in all the activities of the School, for the entirety of their enrolment. This includes satisfying the needs of Students, Parents and the School.
The purposes for which the School uses Student and Parent Personal Information includes:
a. to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
b. day-to-day administration of the School;
c. looking after Students’ educational, social and medical wellbeing;
d. seeking donations and marketing for the School; and
e. to satisfy the School’s legal obligations and allow the School to discharge its duty of care.
In some cases, where the School requests Personal Information about a Student or Parent, if the requested information is not provided, the School may not be able to enrol or continue the enrolment of the Student or permit the Student to take part in a particular activity.
2.1.2 Employment Applicants and Contractors
In relation to any Personal Information provided in Employment Application Forms and Contractor documentation, the School’s primary purpose of collection is to assess and, if successful, engage the Applicant or contractor, as the case may be.
The purposes for which the School uses Employment Application and Contractor Personal Information includes:
a. administering the individual’s employment or contract, as the case may be;
b. for insurance purposes; and
c. satisfying the School’s legal obligations, for example, in relation to child protection legislation.
The School also obtains Personal Information about Volunteers who assist the School in its functions or conduct associated activities, such as School Council members and/or Auxiliary members, to enable the School and the Volunteers to work together.
2.1.4 Marketing and fundraising
The School treats marketing and seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to provide a quality learning environment in which both Students and Staff thrive. Information held by the School may be disclosed to organisations that assist in the School’s fundraising, for example, the School’s Foundation or, on occasions, external fundraising organisations.
Parents, Staff and other members of the wider School community may receive fundraising information. School publications, like newsletters and magazines, which include Personal Information, may be used for marketing purposes.
3. Who might the School disclose Personal Information to and store Personal Information with?
3.1 The School may disclose information for educational, administrative and support purposes. This may include, but is not limited to:
3.1.1 other schools and teachers at those schools;
3.1.2 government departments (including for policy and funding purposes);
3.1.3 medical practitioners
3.1.4 people providing educational, support and health services to the School, including specialist visiting teachers, sports coaches, Volunteers, and counsellors;
3.1.5 providers of specialist advisory services and assistance to the School, including in the area of Human Resources, Child Protection and students with additional needs;
3.1.6 providers of learning and assessment tools;
3.1.7 assessment and educational authorities such as the Australian Curriculum, Assessment and Reporting Authority (ACARA), NSW Education Standards Authority (NESA), and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
3.1.8 people providing administrative and financial services to the School;
3.1.9 recipients of School publications, such as newsletters and magazines;
3.1.10 Students’ Parents;
3.1.11 anyone you authorise the School to disclose information to; and
3.1.12 anyone to whom we are required or authorised to disclose the information to by law, including child protection laws.
3.2 Sending and storing information overseas
3.2.1 The School may disclose Personal Information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the School will not send Personal Information about an individual outside Australia without:
a. obtaining the consent of the individual (in some cases this consent will be implied); or
b. otherwise complying with the APPs, GDPR or other applicable privacy legislation.
3.2.2 The School may use off-site providers to store Personal Information and provide services to the School that involve the use of Personal Information, such as services relating to email, instant messaging and education and assessment applications. Some limited Personal Information may be provided to these service providers to enable them to authenticate users that access their services. Such Personal Information may be stored off-site and situated outside Australia.
3.2.3 Any use of ICT storage by the School, either on premise or cloud-based services, will be in accordance with the School’s ICT Infrastructure & Equipment Usage Policy.
4. How does the School treat sensitive information?
4.1 Sensitive Information, as defined in this Policy, will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless an individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.
5. Management and security of Personal Information
5.1 The School’s Staff are required to respect the confidentiality of Student and Parent Personal Information and the privacy of individuals.
5.2 The School has procedures in place to protect the Personal Information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
6. Access and correction of Personal Information
6.1 An individual has the right to seek and obtain access to any Personal Information which the School holds about them and to advise the School of any perceived inaccuracy. A Student will generally be able to access and update their Personal Information through their Parents, but former Students, once attaining the age of 18 years, may seek access and correction themselves. It should be understood that there are some exceptions to these rights set out in the applicable legislation.
6.2 Relevant legislation must always be observed when obtaining access to Personal Information. Refer to the Privacy Act, APP 12 – Access to personal information and Health Records Act for further information. Extensive literature is available on the Office of the Australian Information Commission (OAIC) website.
6.3 To make a request to access or to update any Personal Information the School holds about an individual please contact the Deputy Head Master – Policy and Strategy or Governance & Compliance Administrator by telephone on +61 2 9581 6000 or in writing. The School may require you to verify your identity and specify what information you require. The School may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the School will advise the likely cost in advance. If the School cannot provide the requested information, written notice explaining the reasons for refusal will be provided.
7. Consent and rights of access to the Personal Information of Students
7.1 The School respects every Parent’s right to make decisions concerning their child’s education. Generally, the School will refer any requests for consent and notices in relation to the Personal Information of a Student to the Student’s Parent(s). The School will treat consent given by Parent(s) as consent given on behalf of the Student, and notice to Parents will act as notice given to the Student.
7.2 Parents may seek access to Personal Information held by the School about them or their child as outlined in Clause 6. There may be occasion(s) when access is denied. Such occasion(s) would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the Student.
7.3 The School may (at its discretion), on the request of a Student, grant that Student access to information held by the School about them, or allow a Student to give or withhold consent to the use of their Personal Information, independently of their Parent(s). This would normally be done only when the maturity of the Student and/or the Student’s personal circumstances warrant it.
8. Enquiries and complaints
8.1 Please contact the Deputy Head Master – Policy and Strategy on +61 2 9581 6000, if you would like;
8.1.1 further information, or wish to raise a concern, about the way the School manages any personal information it holds;
8.1.2 to receive a translated copy of this information.