Billanook College is bound by and adheres to the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 and Privacy Amendment (Enhancing Privacy Protection) Act 2012 (referred to as the Privacy Act), and the Privacy Amendment (Notifiable Data Breaches) Act 2017. In relation to health records, the College is also bound by the Victorian Health Privacy Principles as contained in the Victorian Health Records Act 2001. As such this statement outlines how the College uses and manages personal information provided to or collected by it.
This policy applies to all members of the College community, as well as members of the public who provide information to the College.
1. WHAT KIND OF PERSONAL INFORMATION DOES BILLANOOK COLLEGE COLLECT AND HOW DOES THE COLLEGE COLLECT IT?
The type of information Billanook College collects and holds includes (but is not limited to) personal information, including health and other sensitive information about:
• students and parents and/or guardians (‘Parents’) before, during and after the course of a student’s enrolment at the College, including;
• job applicants, staff members, volunteers and contractors including;
• other people who come into contact with the College, including name and contact details and any other information necessary for the particular contact with the College.
Personal information you provide
The College will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions, people other than Parents and students provide personal information.
Personal information provided by other people
In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
The College does not collect personal information from their credit providers or credit reporting bodies.
Exception in relation to employee records
2. THE PURPOSE FOR WHICH AND HOW BILLANOOK WILL USE THE PERSONAL INFORMATION YOU PROVIDE?
The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
Students and Parents
In relation to personal information of students and Parents, the College’s primary purpose of collection to enable the College to provide schooling to students enrolled at the College, exercise its duty of care, and perform necessary associated administrative activities, which enable students to take part in all activities of the College. This includes satisfying both the needs of Parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at the School.
The purposes for which the College uses personal information of students and Parents include:
In some cases where the College requests personal information about a student or Parent, if the information requested is not provided, the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
Job Applicants and Contractors
In relation to personal information of job applicants and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant or contractor, as the case may be.
The purposes for which the College uses personal information of job applicants and contractors include:
• assessing the individual’s employment or contract, as the case may be
• for insurance purposes
• seeking donations and marketing for the College; and
• to satisfy the College’s legal obligations, for example, in relation to child protection legislation.
The College also obtains personal information about volunteers who assist in its functions or conduct associated activities, such as the Billanook College Past Students’ Association or the Friends of Billanook, to enable the College and the volunteers to work together.
Marketing and Fundraising
Billanook College treats marketing and seeking donations for its future growth and development of the College as an important part of ensuring that the College continues to be a quality learning environment in which both students and staff thrive. Personal information held by the College may be disclosed to an organisation that assists in its fundraising, for example, the Friends of Billanook (Parents and Friends Association) or Billanook College Past Students’ Association or, on occasions, external fundraising organisations.
Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
Collection and use of student imagery
At various times Billanook College students will be involved in activities that are of interest to the wider community and showcase the students and the College. Personal information in the form of imagery (e.g. photograph, student movies, video/audio presentations, text, graphics) of students may be used by the College and its agents (e.g. Outdoor education professionals) in College promotion (including but not limited to newsletters, magazines, outdoor banners, bus signage and the Billanook website), social networking sites, online directories, affiliated websites, in advertising, or in the media. Imagery is taken with the knowledge of the College, arranged by the Marketing and Community Relations Office, or by staff responsible for a particular activity. There are also times when student work may be displayed, published or photographed for educational or promotional purposes.
As a condition of enrolment the College obtains permission for publication from the students’ parent or guardian. Parents/guardians who do not wish their child’s image to be used are required to notify the College Principal in writing. In certain circumstances, such as arranged promotional photographic opportunities, specific consent will be requested from the parent/guardian.
3. WHO MIGHT BILLANOOK COLLEGE DISCLOSE PERSONAL INFORMATION TO AND STORE YOUR INFORMATION WITH?
The College may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:
• other schools and teachers at those schools
• government departments (including for policy and funding purposes)
• medical practitioners
• people providing educational support and health services to the College, including specialist visiting teachers, counselors, (sports) coaches, volunteers and counsellors
• providers of specialist advisory services and assistance to the School, including in the area of Human Resources, child protection and students with additional needs
• providers of learning and assessment tools
• assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
• agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes
• people providing administrative and financial services to the College
• recipients of College publications, like newsletters and magazines
• outside legal representatives for non-payment of fees
• The Friends of Billanook College (Parents and Friends Association)
• students, parents and guardians
• anyone you authorise (in writing) the College to disclose information to; and
• anyone to whom we are required or authorised to disclose the information to by law, including child protection laws.
Sending and Storing Information Overseas
The College may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with cloud service providers which are situated outside Australia or to facilitate a school exchange or overseas school trip.
However, the College will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual (in some cases this consent will be implied); or
• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The College may use online or ‘cloud’ service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s server which may be situated outside Australia.
Examples of such a cloud service provider is Microsoft and Google. Microsoft provides the ‘Microsoft 365’ group of Apps including email, and stores and processes limited personal information for this purpose. College personnel and the College and its service providers may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering Microsoft 365 and ensuring its proper use.
4. HOW DOES BILLANOOK COLLEGE TREAT SENSITIVE INFORMATION?
In referring to ‘sensitive information,’ the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
5. MANAGEMENT AND SECURITY OF PERSONAL INFORMATION
The College’s Staff are required to respect the confidentiality of students’ and Parents’ personal information and the privacy of individuals.
The College has in place steps to protect the personal information the College hold’s from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage or paper records and password protected access rights to computerised records.
In accordance with the Privacy Act, the College is required to notify specific types of data breaches to individuals affected by the breach and to the Office of the Australian Information Commissioner (OAIC). A notifiable breach is defined as a data breach that is likely to result in serious harm to any of the individuals to whom the information relates. Serious harm could include serious physical, psychological, emotional and financial harm, as well as serious harm to reputation. The College has implemented a Data Breach Response Plan to provide direction to staff on the management of a data breach.
6. ACCESS AND CORRECTION OF PERSONAL INFORMATION
The College endeavours to ensure that the personal information it holds is accurate, complete and upto-date. A person may seek to update their personal information held by the College by contacting the Registrar of the School at any time.
The Australian Privacy Principles require the College not to store personal information longer than necessary.
Under the Commonwealth Privacy Act and the Victorian Health Records Act 2001, an individual has the right to obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. Students will generally have access to their personal information through their Parents, but older students may seek access themselves and correction themselves. There are some exceptions to these rights set out in the applicable legislation.
To make a request to access any information the College holds about you or your child, please contact the Principal in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reason for refusal. (unless, in light of the grounds for refusing, it would be unreasonable to provide reasons).
7. INTERACTING WITH US ANONYMOUSLY OR BY USE OF A PSEUDONYM
You may interact with the College anonymously or by using a pseudonym (e.g. an email address that does not contain your actual name) in some circumstances, such as when you make general inquiries about enrolment or employment opportunities. However, we will need to know your identity before we can provide our services to you (i.e. when you wish to enrol a student or be employed by the College.)
8. CONSENT AND RIGHTS OF ACCESS TO THE PERSONAL INFORMATION OF STUDENTS
The College respects every Parent’s right to make decisions concerning their child’s education.
Generally, the College will refer any requests for consent and notices in relation to the personal information of the student to the student’s Parents. The College will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.
Parents may seek access to personal information held by the College about them or their child by contacting the Principal in writing. However, there may be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.
The College may, at its discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.
9. COLLECTION, USE AND STORAGE OF FINANCIAL DETAILS
The use of the College’s online payment system indicates acceptance by users of our Privacy and Security policies in regard to the collection and use by the College of any information provided for payment purposes.
Identifiable information collected through online payments will be used only for the purpose of processing that individual payment transaction. Non-identifying information may be used for statistical, reporting and research purposes.
The College may store parent credit card or bank account details for the purposes of fee payment for the duration of the student’s enrolment at the College.
10. ENQUIRIES AND COMPLAINTS
If you would like further information about the way Billanook College manages the personal information it holds, or wish to complain that you believe that the College has breached the Australian Privacy Principles please contact the Principal via email: firstname.lastname@example.org. The College will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.
Standard Collection Notice
In respect of collecting information of a personal or sensitive nature the following Standard Collection Notice shall apply:
1. Billanook College collects personal information including sensitive information about students and parents or guardians before and during the course of a student’s enrolment at the School. This may be in writing, through technology systems or in the course of conversations. The primary purpose of collecting this information is to enable the College to provide schooling to students enrolled at the College, exercise its duty of care, and perform necessary associated administrative activities, which enable students to take part in all the activities of the College.
2. Some of the information we collect is to satisfy the College’s legal obligations, particularly to enable the College to discharge its duty of care.
3. Laws governing or relating to the operation of schools require that certain information be collected and disclosed. These include relevant Commonwealth and State Education Acts. Child Protection laws and Public Health laws. You may contact the College if you have a question about this.
4. Health information about students is sensitive information within the terms of the Australian Privacy Principles (APP’s) under the Privacy Act 1988. We require medical reports about students from time to time. If you do not consent to us obtaining this information you must advise us.
5. The College may disclose certain personal information and sensitive information for administrative and educational purposes. This may include to:
• Other schools and teachers at those schools, including facilitating the transfer of a pupil to another school.
• government departments (including for policy and funding purposes)
• medical practitioners
• people providing educational, support and health services to the College, including specialist visiting teachers, outdoor education professionals, (sports) coaches, volunteers and counsellors
• Providers of learning and assessment tools
• Assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN).
• Agencies and organisations to whom we are required to disclose information for education and research purposes
• People providing administrative and financial services to the College
• Anyone you authorize the College to disclose information to
• Anyone the College is required or authorized to disclosed to information to by law, including child protection laws; and
• To legal representatives in order to recover outstanding school fees. The College does not collect personal information from their credit providers or credit reporting bodies.
6. A student’s enrolment may be delayed or prevented if the College cannot collect certain personal information. This is particularly so where the information is relevant to the health and safety of the student, other students and/or staff.
7. Personal information collected from students is regularly disclosed to their parents and guardians.
11. As you may know the College from time to time engages in fundraising activities. The information received from you may be used to make an appeal to you. (It may also be disclosed to organisations that assist in the College’s fundraising activities solely for that purpose). We will not disclose your personal information to third parties for their own marketing purposes without your consent.
12. On occasions information such as academic and sporting achievements, student activities and similar news is published in College newsletters, magazines and on our intranet and website or otherwise shared with the College community. This may include photographs and videos or other imagery of student activities such as sporting events, concerts and plays, school camps and school excursions. As a condition of enrolment the College obtains permission for publication from the students’ parent or guardian. Parents/guardians who do not wish their child’s image to be used are required to notify the College Principal in writing. In certain circumstances, such as arranged promotional photographic opportunities, specific consent will be requested from the parent/guardian.
13. We may include students’ and students’ parents contact details in a class list and College directory.
14. If you provide the College with the personal information of others, such as doctors or emergency contacts, we encourage you to inform them that you are disclosing that information to the College and why
15. The College is obligated under the Privacy Amendment (Notifiable Data Breaches) Act 2017 to notify specific types of data breaches to individuals affected by the breach and to the Office of the Australian Information Commissioner (OAIC). The College has implemented a Data Breach Response Plan to provide direction to staff on the management of a data breach.