Personal Information –Information that is recorded in any form, whether true or not, about an individual whose identity is apparent, or can be reasonably be determined from the information or opinion. This includes all paper and electronic records, photographs and video recordings. Examples: Name, Address, Date of Birth.
Health Information – Information that related to a person’s physical, mental or psychological health, or disability, which is also classified as personal information. This includes information or opinion related to a person’s health status and medical history. Examples: Student Medical History, Immunisation Records.
Sensitive Information – Information that relates to a person’s racial or ethnic origin, political opinions, religion, trade union, or other professional or trade association membership, sexual preferences, or criminal record that is also classified as personal information about an individual. Examples: Country of Birth, TFN, Family Court Orders.
The Kinds of Information the School Collects and Holds
Westbourne Grammar School collects information relating to current and past staff, students, parents/guardians, alumni and prospective students, parents/guardians. The information is gathered via enrolment forms, medical information forms, job applications, phone conversations, face-to-face meetings and electronic/mail correspondences.
The School collects and holds information about students, staff, parents and guardians for the purpose of:
The kinds of information the School collects and holds about students includes (but is not limited to) personal information, inclusive of health and sensitive information, such as:
The kinds of information the School collects and holds about staff members, job applicants, volunteers and contractors includes (but is not limited to) personal information, inclusive of health and sensitive information, such as:
The School may be provided with personal information without having sought it through our normal means of collection. This is known as “unsolicited information” and is often collected by:
Unsolicited information obtained by the School will only be held, used and or disclosed if it is considered as personal information that could have been collected by normal means. If that unsolicited information could not have been collected by normal means then the School will destroy, permanently delete or de-identify the personal information as appropriate.
Consent to Use or Disclose Personal Information
The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.
Where consent for the use or disclosure of personal information is required, the School will seek consent from the person. In the case of a student’s personal information, the School will seek the consent from the student and/or parent/guardian depending on the circumstances and the student’s mental ability and maturity to understand the consequences of the proposed use and disclosure of information.
Use and Disclosure of Personal Information
For this policy, ‘personal’ information refers to personal information, health information and sensitive information unless otherwise specified.
The purposes for which the School uses personal and health information of students and parents/guardians include:
The purposes for which the School uses personal information of job applicants, staff members and contractors include:
The School will use and disclose personal information about a student, parent/guardian and staff when:
The School may disclose personal information to a Third Party when:
Disclosure of Information to Third Parties
The School, on occasion, uses or discloses private information to third parties for administrative, educational and regulatory purposes. This includes disclosing information to other schools, regulatory bodies (Australian Government – Census for Non-Government Schools), other agencies, such as police (welfare concerns, child protection), medical practitioners, intervention specialists (such as speech pathologist and psychiatrists), and individuals providing services to the School, including specialist teachers, sports coaches and camp providers.
In addition, personal information of international students may be disclosed to Commonwealth and State agencies pursuant to obligations under the ESOS Act 2000, ESOS Regulations 2019 and the National Code of Practice for Providers of Education and Training to Overseas Students 2018.
Disclosure of Information to an Overseas Recipient
Personal Information may be disclosed to overseas organisation in the course of providing our services, such as:
The School uses online applications and cloud-based service providers to store personal information and to provide services to the School, such as OneNote, email, educational applications, assessment tools, training platform and incident reporting. Personal information may be disclosed to these services for the purpose of identifying and authenticating users.
Cloud-based services may store information in countries situated outside Australia and must comply with the Australian Privacy Principles in relation to protection and security of data.
Storage and Security of Personal Information
The School has strategies in place to protect personal information from being misused, accessed without authorisation, modified or disclosed.
Personal information data is securely stored (password access only) and protected from unauthorised access. Storage of personal information, disposal (when no longer required) or de-identification, is managed in accordance with the School’s Records Management practices. The school has adopted a framework for the management of both data and paper files.
Any instances of suspected data breaches, such as unauthorised access, unauthorised disclosure or loss of personal information that could result in serious harm to an individual, must be reported to the School in accordance with our Notifiable Data Breach Policy.
Closed Circuit Television (CCTV)
The School has installed CCTV on the school premises and private charter buses as part of the School’s security and personal safety measures. CCTV footage will be used for the following security purposes:
Access to the CCTV recorded footage is limited to authorised staff and Security Personnel with a legitimate reason to view and/or otherwise use the captured footage, including the provision of evidence in support of a breach of the School Policies, School Rules, student behaviour or prosecution of criminal proceedings.
Requesting Access to Personal Information
A student, parent/guardian, or staff member may seek access to their personal information, provided by them, that is held by the School. A request to access personal information must be made in writing to the School’s Privacy Officer.
The School holds the right to verify the identity of the individual of whom the request has been made and determine if appropriate to grant access to the information. If appropriate, the School will release requested information in a reasonable timeframe.
If the School determines that a request to access personal information is not appropriate, the outcome will be communicated in writing to the person who made the request. If the requesting person wishes to make a complaint relating to the School refusing to release information, a complaint must be made in writing to the School.
Updating Personal Information
The School aims to keep personal information it holds accurate, complete and up-to-date. A person may update their personal information by contacting the School or via the School Portal, Parent Portal; My Details.
Complaints relating to the management of personal information, including privacy breaches must be made in writing to the School’s Privacy Officer (Business Manager). Should the School receive a complaint relating to a breach of privacy, this will be treated seriously and investigated thoroughly in accordance with the School’s polices. The School may require to seek further information to assist with an investigation of a privacy breach.
Complaints are to be directed to:
Post: Attn: Business Manager Westbourne Grammar School PO Box 37
Werribee VIC 3030
If a complaint is not resolved by the School, then it is recommended that the matter be directed to the Office of the Australian Information Commissioner (OAIC).
Breach of Policy
The School will consider each breach of this policy in the context in which it has occurred and will determine the relevant severity of the breach. A serious breach may result in disciplinary action, up to and including termination of employment or enrolment.
Notifications to the Office of the Australian Information Commissioner (OAIC) and/or other agencies will be made where the School is required to do so.