PRIVACY POLICY
Purpose: Caloundra Christian College is bound by the Australian Privacy Principles contained in the Privacy Act. This statement outlines the privacy policy of the College and describes how the College uses and manages personal information provided to or collected by it.
Scope: This policy applies to Board members, employers, employees, volunteers, parents/carers and students, contractors, and people visiting the College site; and describes the type of information the College collects, how the information is handled, how and to whom the information is disclosed, and how the information may be accessed.
References: Privacy Act 1988 (Cth)
- Australian Privacy Principles
- Caloundra Christian College Complaints Handling Policy & Procedures
- Caloundra Christian College Child Protection Policy
- Caloundra Christian College Disability Discrimination Policy
- Caloundra Christian College Data Security Incident Response Plan
- Caloundra Christian College Social Media Policy
- Exception in relation to employee records:
Under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles do not apply to an employee record held by the employing entity. As a result, this Privacy Policy does not apply to the College’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.
- Policy
This Privacy Policy sets out how the College manages personal information provided to or collected by it. The College is bound by the Australian Privacy Principles contained in the Privacy Act. The College may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the College’s operations and practices and to make sure it remains appropriate to the changing College environment.
- What kinds of personal information does the College collect and how does the College collect it?
The type of information the College collects and holds includes, but is not limited to, personal information, including health and other sensitive information, about:
- students and parents and/or carers (‘parents’) before, during and after the course of a student’s enrolment at the College;
- name, contact details (including next of kin), date of birth, gender, language background, previous school and religion;
- parents’ education, occupation and language background;
- medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors);
- conduct and complaint records, other behaviour notes and College reports;
- information about referrals to government welfare agencies;
- counselling reports;
- health fund details and Medicare number;
- any court orders;
- volunteering information; and
- photos and videos at College events.
- job applicants, staff members, volunteers and contractors;
- name, contact details (including next of kin), date of birth, and religion;
- information on job application;
- professional development history;
- salary and payment information, including superannuation details;
- medical information (e.g. details of disability and/or allergies, and medical certificates);
- complaint records and investigation reports;
- leave details;
- photos and videos at College events;
- workplace surveillance information; and
- work emails and private emails (when using work email address) and Internet browsing history.
- other people who come into contact with the College including name and contact details and any other information necessary for the particular contact with the College.
Personal Information you provide:
The College will generally collect personal information held about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and students provide personal information.
Personal Information provided by other people:
In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
How will the College use the personal information you provide?
The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary educational purposes that are related to the primary purpose of collection, and reasonably expected by you, or to which you have consented.
- 4.Students and Parents
In relation to personal information of students and parents, the College’s primary purpose of collection is to enable the College to provide schooling to students enrolled at the College, exercise its duty of care and perform necessary associated administrative activities, which will enable students to take part in all the activities of the College. This includes satisfying the needs of parents, the needs of the students and the needs of the College throughout the whole period the student is enrolled at the College.
The purposes for which the College uses personal information of students and parents include:
- to keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
- day-to-day administration of the College;
- looking after students’ educational, social and medical wellbeing;
- seeking donations and marketing for the College; and
- to satisfy the College’s legal obligations and allow the College to discharge its duty of care.
In some cases, where the College requests personal information about a student or parent, if the information requested is not provided, the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
On occasions information such as academic and sporting achievements, student activities and similar news is published in College newsletters and magazines, on our intranet, Facebook and on our website. This may include photographs and videos of student activities such as sporting events, College camps and excursions. The College will obtain permissions (annually) from the student’s parent or carer (and from the student if appropriate) if we would like to include such photographs or videos or other identifying material in our promotional material or otherwise make this material available to the public such as on the internet.
- Job applicants, Staff Members and Contractors
In relation to personal information of job applicants, staff members and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the College uses personal information of job applicants, staff members and contractors include:
- in administering the individual’s employment or contract, as the case may be;
- for insurance purposes;
- seeking donations and marketing for the College; and
- to satisfy the College’s legal obligations, for example, in relation to child protection legislation.
- Volunteers
The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as alumni associations, to enable the College and the volunteers to work together.
- Marketing and fundraising
The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment in which both students and staff flourish. Personal information held by the College may be disclosed to organisations that assist in the College’s fundraising, for example, the College’s Foundation or alumni organisation or, on occasions, external fundraising organisations.
Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
If parents, staff, contractors and other members of the wide College community would like to opt-out of direct marketing, they can contact College Administration at general@calcc.qld.edu.au.
- Who might the College disclose Personal Information to?
The College may disclose personal information, including sensitive information, held about an individual to:
- another school or staff at another school;
- government departments including for policy and funding purposes;
- medical practitioners;
- people providing educational, support and health services to the College, including specialist visiting teachers, sports coaches, volunteers, counsellors and providers of learning and assessment tools;
- assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
- people providing administrative and financial services to the College;
- recipients of College publications, such as newsletters and magazines;
- Student’s parents or carers;
- anyone you authorise the College to disclose information to; and
- anyone to whom we are required to disclose the information to by law, including child protection laws.
- Sending and Storing Information Overseas
The College may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the College will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied as per below); and
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s server which may be situated outside Australia.
An example of such a cloud service provider is Google. Google provides the ‘Google Apps for Education’ (GAFE) including Gmail, and stores and processes limited personal information for this purpose. College personnel and the College and its service providers may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering GAFE and ensuring its proper use.
The data centres where the personal information is likely to be kept are located in the USA, Taiwan, Singapore, Ireland, Netherlands and Belgium.
- Sensitive Information
In referring to ‘sensitive information’, the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is required by law.
- 11.Management and security of personal information
The College’s staff are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals. The College has in place steps to protect the personal information the College holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
- Data Breaches
It will be deemed that an ‘eligible data breach’ has occurred if:
- there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (the affected individuals);
- a reasonable person would conclude there is a likelihood of serious harm to any affected individuals as a result; and
- the information is lost in circumstances where:
- unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
- assuming unauthorised access to, or unauthorised disclosure of, the information was to occur, a reasonable person would conclude that it would be likely to result in serious harm to the affected individuals.
Serious harm may include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation.
What must the College do in the event of an ‘eligible data breach’?
If the College suspects that an eligible data breach has occurred, it will carry out a reasonable and expedient assessment/investigation within 30 days.
If such an assessment/investigation indicates there are reasonable grounds to believe an eligible data breach has occurred, then the College will be required to lodge a statement to the Privacy Commissioner (Commissioner). Where practical to do so, the College will also notify the affected individuals. If it is not practicable to notify the affected individuals, the College will publish a copy of the statement on its website, or publicise it in another manner.
Exception to notification obligation
An exception to the requirement to notify will exist if there is a data breach and immediate remedial action is taken, and as a result of that action:
- there is no unauthorised access to, or unauthorised disclosure of, the information; and
- there is no serious harm to affected individuals, and as a result of the remedial action, a reasonable person would conclude the breach is not likely to result in serious harm.
For more information about Data Breaches, please see the College’s Data Security Incident Response Plan.
- Access and Correction of Personal Information
Under the Privacy Act, an individual has the right to seek and obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. There are some exceptions to these rights set out in the Act. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.
To make a request to access or update any personal information the College holds about you or your child, please contact the College Principal in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
The College will take reasonable steps to ensure that any personal information is accurate, up to date, complete, relevant and not misleading.
- Consent and Rights of Access to the Personal Information of Students
The College respects every parent’s right to make decisions concerning their child’s education. Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. The College will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.
As mentioned above, parents may seek access to personal information held by the College about them or their child by contacting the College Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.
The College may, at its discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.
- Enquiries and complaints
If you would like further information about the way the College manages the personal information it holds, or wish to make a complaint about the College’s breach of the Australian Privacy Principles please contact the College Principal. The College will investigate any complaint in accordance with the College Complaints Handling Policy and will notify you of a decision in relation to your complaint as soon as is practicable after it has been made.
END POLICY
POLICY CHANGES
DATE: |
POLICY CHANGES |
29/12/2005 |
SUPERCEDED |
11/02/2011 |
SUPERCEDED |
12/09/2016 |
New Policy |
26/06/2018
03/04/19 |
Combined dot points 6 and 7 under who might disclose personal information to.
Major Update due to change in legislation. |
07/07/2020 |
New Format. As per ISQ. Minimal content changes, mostly grammar etc. |
2 Mar 2021 |
Added URL for G Drive Policies Folder |
Jul-21 |
Small formatting amendments. Added references to Data Security Incident Response Plan & Social Media Policy. Also clarified clause #11 under the Standard Collection Notice. The College won’t “obtain permissions” but will remind Parents of their right to request that their children not be published in College marketing etc. |
Oct-22 |
Updated Hyperlinks. No ISQ updates – no content changes. |
Jun-23 |
Updated Hyperlinks. No ISQ updates – minor changes to grammar. Changed the contact from Principal to College Administration at 7. Marketing & Fundraising Appendix 2 – removed ‘such as services relating to email, instant messaging and education and assessment applications’ and replaced with ‘such as email services’ in line with IQ. Appendix 3 – removed ‘such as services relating to email, instant messaging and education and assessment applications’ and replaced with ‘such as email services’ in line with IQ. Appendix 4 – removed ‘such as services relating to email, instant messaging and education and assessment applications’ and replaced with ‘such as email services’ in line with ISQ. |
- APPENDIX 1
Standard Collection Notice
- The College collects personal information, including sensitive information about students and parents or carers before and during the course of a student’s enrolment at the College. This may be in writing or in the course of conversations. The primary purpose of collecting this information is to enable the College to provide schooling to students enrolled at the College, exercise its duty of care, engage in marketing/fundraising and perform necessary associated administrative activities, which will enable students to take part in all the activities of the College.
- Some of the information we collect is to satisfy the College’s legal obligations, particularly to enable the College to discharge its duty of care.
- Laws governing or relating to the operation of a school require certain information to be collected and disclosed. These include relevant Education Acts, and Public Health and Child Protection* Laws.
- Health information about students is sensitive information within the terms of the Australian Privacy Principles (APP) under the Privacy Act 1988. We may ask you to provide medical reports about students from time to time.
- The College may disclose personal and sensitive information for educational, legal, administrative, marketing and support purposes. This may include to:
- other schools and teachers at those schools;
- government departments (including for policy and funding purposes);
- other related church agencies/entities (Christian Schools Australia), and Schools within these organisations*;
- medical practitioners;
- people providing educational, support and health services to the College, including specialist visiting teachers, [sports] coaches, volunteers, and counsellors;
- providers of learning and assessment tools;
- assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
- people providing administrative and financial services to the College;
- anyone you authorise the College to disclose information to; and
- anyone to whom the College is required or authorised by law, including child protection laws, to disclose the information.
- Personal information collected from students is regularly disclosed to their parents or carers.
- The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider’s servers which may be situated outside Australia. Further information about the College’s use of on online or ‘cloud’ service providers is contained in the College’s Privacy Policy.**
- The College’s Privacy Policy, accessible on the College’s website, sets out how parents or students may seek access to and correct their personal information which the College has collected and holds. However, access may be refused in certain circumstances such as where access would have an unreasonable impact on the privacy of others, where access may result in a breach of the College’s duty of care to a student, or where students have provided information in confidence. Any refusal will be notified in writing with reasons if appropriate.
- The College Privacy Policy also sets out how you may complain about a breach of the APPs and how the College will deal with such a complaint.
- As you may know the College from time to time engages in fundraising activities. Information received from you may be used to make an appeal to you. It may also be disclosed to organisations that assist in the College’s fundraising activities solely for that purpose. We will not disclose your personal information to third parties for their own marketing purposes without your consent.
- On occasions information such as academic and sporting achievements, student activities and similar news is published in College newsletters and magazines, on our intranet, Facebook and on our website. This may include photographs and videos of student activities such as sporting events, College camps and College excursions. The College will remind parents/carers (annually) of this Policy and in particular this clause. Should parents/carers not want their children to be included in College publications, you are required to inform the Principal in writing, in accordance with the Enrolment Contract. For more significant marketing publications, for example: bus wraps or permanent advertising, the College will seek separate parental permission.
- We may include students’ and students’ parents’ contact details in a class list and College directory. †
- If you provide the College with the personal information of others, such as doctors or emergency contacts, we encourage you to inform them that you are disclosing that information to the College and why, and that they can access that information if they wish and that the College does not usually disclose this information to third parties.
* As appropriate
** If applicable
† The College will seek specific consent to publish contact details in class lists and College directories.
- APPENDIX 2
Alumni Association Collection Notice
- The College Alumni/the College may collect personal information about you from time to time. The primary purpose of collecting this information is to enable us to inform you about our activities and the activities of the College and to keep alumni members informed about other members.
- We must have the information referred to above to enable us to continue your membership of the College Alumni.
- As you know, from time to time we engage in fundraising activities. The information received from you may be used to make an appeal to you. It may also be used by the College to assist in its fundraising activities. If you do not agree to this, please advise us now.
- The College Alumni/the College may publish details about you on Facebook, in our magazines, College Connections and the College’s website. If you do not agree to this, you must advise us now.
- The College’s Privacy Policy, accessible on the College’s website, contains details of how you may seek access to and correction of your personal information collected about you or how you may complain about a breach of the Australian Privacy Principles.
- The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as email services. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider’s servers which may be situated outside Australia. Further information about the College’s use of online or ‘cloud’ service providers is contained in the College’s Privacy Policy.*
- If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.
* If applicable
- APPENDIX 3
Employment Collection Notice
- In applying for this position you will be providing Caloundra Christian College with personal information. We can be contacted at:
Address: 7 Gregson Place, Caloundra Qld 4551
Email: general@calcc.qld.edu.au
Phone: 07 5436 6777
- If you provide us with personal information, for example, your name and address or information contained on your resume, we will collect the information in order to assess your application for employment. We may keep this information on file if your application is unsuccessful in case another position becomes available.
- The College’s Privacy Policy, accessible on the College’s website, contains details of how you may complain about a breach of the Australian Privacy Principles, or how you may seek access to and correction of your personal information which the College has collected and holds. However, there may be occasions when access is denied. Such occasions would include where access would have an unreasonable impact on the privacy of others. Any refusal will be notified in writing with reasons if appropriate.
- We will not disclose this information to a third party unless otherwise permitted.
- We are required to conduct a criminal record check to collect information regarding whether you are, or have been the subject of an Apprehended Violence Order and certain criminal offences under Child Protection Laws*. We may also collect personal information about you in accordance with these laws.*
- The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as email services. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider’s servers which may be situated outside Australia. Further information about the College’s use of online or ‘cloud’ service providers is contained in the College’s Privacy Policy.*
- If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.
* If applicable
- APPENDIX 4
Contractor/Volunteer Collection Notice
- In applying to provide services to the College, you will be providing Caloundra Christian College with personal information. We can be contacted at:
Address: 7 Gregson Place, Caloundra Qld 4551
Email: general@calcc.qld.edu.au
Phone: 07 5436 6777
- If you provide us with personal information, for example your name and address or information contained on your contract or resume, we will collect the information in order to assess your application. We may also make notes and prepare a confidential report in respect of your application.
- You agree that we may store this information for up to five years.
- The College’s Privacy Policy, accessible on the College’s website, contains details of how you may complain about a breach of the Australian Privacy Principles and how you may seek access to and correction of your personal information which the College has collected and holds. However, access may be refused in certain circumstances such as where access would have an unreasonable impact on the privacy of others. Any refusal will be notified in writing with reasons if appropriate.
- We will not disclose this information to a third party without your consent unless otherwise permitted to.
- We are required to conduct a criminal record check to collect information regarding whether you are, or have been, the subject of an Apprehended Violence Order and certain criminal offences under Child Protection* Laws. We may also collect personal information about you in accordance with these Laws.*
- The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as email services. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider’s servers which may be situated outside Australia. Further information about the College’s use of online or ‘cloud’ service providers is contained in the College’s Privacy Policy.*
- If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.
- If applicable
Privacy Policy
Version No: 3
Review Frequency: Annually
Last Review: Jun-23
Reviewed by: Board
Approved: Jun-23
Approved by: Board
Next Review Date: Jun-24