Privacy Policy for St Patrick’s Technical College
and other Diocesan Schools and the Catholic Education Office of the Archdiocese of Adelaide
Individuals’ privacy is important
This Privacy Policy applies to all Catholic schools administered by the Catholic Education Office (‘CEO’) of the Catholic Archdiocese of Adelaide in South Australia (the legal entity for which is the Catholic Church Endowment Society Inc (CCES)). The Privacy Policy also applies to the CEO itself. In this Privacy Policy, a Catholic school operated within the Archdiocese of Adelaide is referred to as a ‘School’.
This Privacy Policy outlines how each School and the CEO uses and manages personal information provided to or collected by it. Each school and the CEO are bound by the National Privacy Principles contained in the Commonwealth Privacy Act 1988.
The CEO may, from time to time, review and update this Privacy Policy to take account of new laws and technologies, changes to its and Schools’ operations and practices and to make sure the policy remains appropriate to the changing school environment.
What kind of personal information does a School and the CEO collect and how do they collect it?
The type of information Schools and the CEO collect and hold includes (but is not limited to) personal information, including sensitive information, about:
- students and their parents and/or guardians (‘Parents’) before, during and after the course of a student’s enrolment at a School;
- job applicants, staff members, volunteers and contractors; and
- other people who come into contact with the School or the CEO.
Personal Information provided by an individual: A School or the CEO will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, and telephone calls. The CEO also collects information through data transfers from schools.
Personal Information provided by other people: In some circumstances a School or the CEO may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from another School.
Exception in relation to employee records: This Privacy Policy does not apply, and the National Privacy Principles do not bind Schools or the CEO, in relation to a School’s treatment of an employee record, where the treatment is directly related to the current or former employment relationship between the School/CEO and employee.
How will a School or the CEO use the personal information an individual provides?
A School or the CEO will use personal information it collects from an individual for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which an individual has consented.
Students and Parents: For personal information about students and Parents, a School’s or the CEO’s primary purpose of collection is to enable the School to provide schooling for the student. This includes satisfying both the needs of Parents and the needs of the student throughout the whole period the student is enrolled at the School.
The purposes for which a School or the CEO uses personal information of students and Parents include:
- to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
- day-to-day administration;
- to look after students’ educational, social, spiritual and medical well-being;
- to seek donations and marketing for the School;
- to contribute to aggregated data that the CEO or the South Australian Commission for Catholic Schools Inc. (‘SACCS’) may require from time to time to meet their reporting, planning, contract and funding responsibilities on behalf of Schools;
- to satisfy CCES/CEO’s and the School’s legal obligations and allow the School to discharge its duty of care.
In some cases where a School requests personal information about a student or Parent, if the information requested is not obtained, the School may not be able to enrol or continue the enrolment of the student.
Job applicants, staff members and contractors: For personal information about job applicants, staff members and contractors, a School’s or the CEO’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which a School or the CEO use personal information of job applicants, staff members and contractors include:
- to administer the individual’s employment or contract (as the case may be);
- for insurance purposes;
- to seek funds and marketing for the School;
- to contribute to aggregated data that SACCS and the CEO use to meet their reporting, planning, contract and funding responsibilities;
- to enable SACCS and the CEO to maintain necessary staff information for entitlements including long service leave, maternity leave, Workcover and other necessary industrial or employment purposes, and for accreditation and funding purposes;
- to satisfy CCES/CEO’s and the Schools’ legal obligations (for example, in relation to child protection legislation).
Volunteers: A School also obtains personal information about volunteers who assist the School in its functions or conduct associated activities, such as Parents and Friends and Old Scholars Associations, to enable the School and the volunteers to work together.
Marketing and fundraising: Schools treat marketing and seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to be a quality learning environment in which both students and staff thrive. Personal information held by a School may be disclosed to an organisation that assists in the School’s fundraising, for example, the School’s Foundation or Parents and Friends Association.
Parents, staff, contractors and other members of the wider School community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
The Privacy Act allows each diocesan School in the Archdiocese of Adelaide to share personal information with other diocesan Schools within the diocese. This allows Schools to transfer information between them, for example, when a pupil transfers from one School operated by CCES/CEO to another school conducted by CCES/CEO. It also allows Schools to transfer information to the CEO.
To whom might the CEO or a School disclose personal information?
The CEO or a School may disclose personal information (including sensitive information) held about an individual to:
- another School operated by CCES/CEO;
- a school within the Diocese of Port Pirie;
- a Catholic Education Office in South Australia;
- SACCS;
- a Congregational School;
- Catholic Church Insurances;
- government departments;
- the local parish;
- people providing services to the School (including specialist visiting teachers, consultants and sports coaches);
- recipients of School publications, like newsletters and magazines;
- Parents; and
- anyone to whom the individual authorises the School to disclose information.
Sometimes a School or the CEO may ask individuals to consent to some disclosures or uses of personal information for certain purposes, either in writing or verbally. In other cases, consent may be implied.
Sending information overseas: The CEO or a School will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the National Privacy Principles.
How will sensitive information be treated?
‘Sensitive information’ means information relating to a person’s racial or ethnic origin, political opinions, religion, trade unions or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The CEO’s and the Schools’ staff are required to respect the confidentiality of students’ and Parents’ personal information and the privacy of individuals.
The CEO and each School have in place steps to protect the personal information held from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and pass-worded access rights to computerised records.
Updating personal information
The CEO and each School endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by contacting the Director or Principal respectively, at any time. The National Privacy Principles require the CEO or a School not to store personal information longer than necessary.
Individuals have the right to check what personal information a School or the CEO holds about them
Under the Privacy Act 1988, individuals may seek access to any personal information that the CEO or a School holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right set out in the Privacy Act 1988. Students will generally have access to their personal information through their Parents.
For individuals to make a request to access any information the CEO or a School holds about them, they should contact the Director or the Principal respectively, in writing.
The CEO or a School may require individuals to verify their identity and specify what information they require. A fee may be charged to cover the cost of verifying the individual’s application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the individual will be advised of the likely cost in advance.
Consent and rights of access to the personal information of students
The CEO and Schools respect every Parent’s right to make decisions concerning their child’s education. Generally, a School or the CEO will refer any requests for consent and notices in relation to the personal information of a student to the student’s Parents. A School and the CEO will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.
Parents may seek access to personal information held by the CEO or a School about them or their child by contacting the Director or Principal respectively. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s or the CEO’s duty of care to the student.
A School or the CEO may, at its discretion, on the request of a student grant that student access to information held by the School or the CEO about them, or allow a student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the student involved had reached 18 years of age, but a School or the CEO could do so in other circumstances when the maturity of the student and/or the student’s personal circumstances so warranted.
Enquiries
If you would like further information about the way the CEO or a School manages the personal information it holds, please contact the Director or the Principal respectively.