Search

Privacy Policy

Privacy Policy

This Privacy Policy sets out how the School manages personal information provided to or collected by it.

The School is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988. In relation to health records, the School is also bound by the New South Wales Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (Health Records Act).

The School may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the School’s operations and practices and to make sure it remains appropriate to the changing school environment. The current version of this Privacy Policy is published on our website.

This policy is to be read in conjunction with ‘Information Sharing Between Principals and Schools’ document created by AIS, CED and DEC.

Kinds of personal information we collect

The type of information the School collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

Students and parents and/or carers (‘parents’) before, during and after the course of a student’s enrolment at the School; including:

  • name, contact details (including next of kin), date of birth, gender, language background, previous school and religion;
  • parent’s education, occupation and language spoken at home, nationality and country of birth;
  • health information (e.g., details of disability and/or allergies, dietary requirements, absence notes, immunisation details, medical reports and names of doctors);
  • results of assignments, tests and examinations;
  • conduct and complaint records, or other behaviour notes, and school reports;
  • information about referrals to government welfare agencies;
  • counselling reports;
  • health fund details and Medicare number;
  • any Family court orders;
  • criminal records;
  • volunteering information; and
  • photos and videos at School events. 

Job applicants, volunteers and contractors, including:

  • name, contact details (including next of kin), date of birth, religion;
  • information on job application;
  • Working With Children Check information;
  • insurance details (contractors);
  • health information (e.g., details of disability, and/or allergies, and medical certificates);
  • complaint records and investigation reports;
  • photos and videos at School events;
  • workplace surveillance information; and

Other people who come into contact with the School, including name and contact details and any other information necessary for the particular contact with the School.

How we collect personal information

Personal information you provide: The School will generally collect personal information about an individual directly from the individual (or their Parents in the case of students). This includes by way of forms, face-to-face meetings and interviews, emails and telephone calls.

Personal information provided by other people: In some circumstances, the School may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from another school or a referee for a job applicant. If a student transfers to a new school, the new school may collect personal information about the student from the student’s previous school to facilitate the transfer of the student.

Personal information from other sources: We may also collect personal information through surveillance activities (such as CCTV security cameras) student email monitoring, student internet usage and visitor electronic sign on system.

Exception in relation to employee records: Under the Privacy Act 1988 and Health Records Act (NSW) 2002, the Australian Privacy Principles and Health Privacy Principles do not apply to certain treatment of an employee record. As a result, this Privacy Policy does not apply to the School’s treatment of an employee record held by the School, where the treatment is directly related to a current or former employment relationship between the School and employee.

 

Purposes for which we collect, use and disclose personal information

The purposes for which the School collects, uses and discloses personal information depend on our relationship with you and include the following:

Students and Parents:

  • providing schooling and school activities;
  • satisfying the needs of Parents, the needs of students and the needs of the School throughout the whole period a student is enrolled at the School;
  • making required reports to government authorities;
  • keeping Parents informed about matters related to their child’s schooling, through correspondence, apps, newsletters and magazines;
  • day-to-day administration of the School;
  • looking after students’ educational, social and health wellbeing;
  • seeking donations for the School (see the ‘Fundraising’ section of this Privacy Policy); and
  • to satisfy the School’s legal obligations and allow the School to discharge its duty of care.

In some cases where the School requests personal information about a student or parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

Volunteers:

  • to contact you about, and administer, the volunteer position;
  • for insurance purposes; and
  • satisfying the School’s legal obligations, for example, in relation to child protection legislation.

Job applicants and contractors:

  • assessing and (if successful) engaging the applicant or contractor;
  • administering the individual’s employment or contract;
  • seeking donations for the School (see the ‘Fundraising’ section of this Privacy Policy);
  • for insurance purposes; and
  • satisfying the School’s legal obligations, for example, in relation to child protection legislation.

Who we disclose personal information to

The School may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:

  • other schools and teachers at those schools;
  • government departments (including for policy and funding purposes);
  • medical practitioners;
  • people providing educational, support and health services to the School, including specialist visiting teachers, sports coaches, volunteers, and counsellors;
  • organisations that assist us with fundraising (see ‘Fundraising’ section of this Privacy Policy);
  • providers of specialist advisory services and assistance to the School, including in the area of Human Resources, child protection, students with additional needs and for the purpose of administering Google Apps for Education and ensuring its proper use (see further the section below ‘Sending and storing information overseas’);
  • providers of learning and assessment tools;
  • assessment and education authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
  • agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes;
  • people providing administrative and financial services to the School;
  • recipients of School publications, such as newsletters and magazines;
  • students’ parents or carers;
  • anyone you authorise the School to disclose information to; and
  • anyone to whom we are required or authorised to disclose the information to by law, including child protection laws.

How we store personal information

We store your personal information in hard copy and electronically.

Sending and storing information overseas

The School may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange.

The School may use online or ‘cloud’ service providers to store personal information and to provide services to the School that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services.  This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s servers which may be situated outside Australia.**

An example of such a cloud service provider is Google. Google provides the ‘Google Apps for Education’ (GAFE) including Gmail, and stores and processes limited personal information for this purpose. School personnel and its service providers may have the ability to access, monitor, use or disclose emails, communications (e.g., instant messaging), documents and associated administrative data for the purposes of administering GAFE and ensuring its proper use. **

** If applicable

Fundraising and marketing

The School treats seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to provide a quality learning environment in which both students and staff thrive. Your personal information may be used to make an appeal to you. It may also be disclosed to organisations that assist in the School’s fundraising activities, for example, the School’s Foundation or alumni organisation and, on occasions, external fundraising organisations.

If you do not want to receive fundraising communications from us, please contact our Privacy Officer (privacy@wccs.nsw.edu.au).

 

How does the School treat sensitive information?

In referring to ‘sensitive information’, the School means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

Security of personal information

The School’s staff are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.

The School has in place steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods.

These steps include:

  • Restricting access to information on the School databases on a need to know basis with different levels of security being allocated to staff based on their roles and responsibilities and security profile.
  • Ensuring all staff are aware they are not to reveal or share personal password.
  • Ensuring where personal and health information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
  • Implementing physical security measures around the School buildings and grounds to prevent break-ins.
  • Implementing ICT security systems, policies and procedures, designed to protect personal information storage on our computer networks.
  • Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
  • Undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.

Access and correction of personal information

Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to seek access to, and/or correction of, any personal information which the School holds about them. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.

There are some exceptions to these rights set out in the applicable legislation.

To make a request to access, update or correct any personal information the School holds about you or your child, please contact the School  by email (admin@wccs.nsw.edu.au), post or telephone. The School may require you to verify your identity and specify what information you require. The School may charge a reasonable fee for giving access to your personal information (but will not charge for the making of the request or to correct your personal information). If the information sought is extensive, the School will advise the likely cost in advance.

If we decide to refuse your request, we will provide you with written notice explaining the reasons for refusal (unless, in light of the grounds for refusing, it would be unreasonable to provide reasons) and how to complain.

Consent and rights of access to the personal information of students

The School respects every parent’s right to make decisions concerning their child’s education.

Generally, the School will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. Generally, the School will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.

Parents may seek access to personal information held by the School about them or their child by contacting the School by email (admin@wccs.nsw.edu.au) or telephone. However, there may be occasions when access is denied. Such occasions may include (but are not limited to) where the School believes the student has capacity to consent and the School is not permitted to disclose the information to the parent without the student’s consent, where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the student.

The School may, at its discretion, on the request of a student grant that student access to information held by the School about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances warrant it.

Enquiries and complaints

If you would like further information about the way the School manages the personal information it holds, or wish to complain that you believe that the School has breached the Australian Privacy Principles, please contact the Privacy Officer (privacy@wccs.nsw.edu.au). The School will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) via the OAIC website at http://www.oaic.gov.au.

Privacy Policy Version 1.3

Prepared by / sourced from:

National Catholic Education Commission and

National Council of Independent Schools’ Association

Approved by: Senior Executive

Date Approved: December 2023

Monitored by: Compliance and Privacy Officer

Reviewed by: Compliance and Privacy Officer

Date for next review: December 2025

Status: Active