CONTEXT

As a Catholic boys boarding school in the Jesuit tradition, Saint Ignatius’ College Riverview seeks to promote the spiritual, academic, social, physical and experiential growth of members of the community.

The educational program at the College is dedicated to the integral formation of the human person. It aims to enable all to reach their full potential, immersed in an environment that aspires to Human Excellence and the promotion of a faith that does justice.

The purpose of the College policies and procedures is to provide a framework which ensures that the safety, individual care (cura personalis) and wellbeing of each person is paramount.

PRINCIPLES

The College regards the privacy of all members of the community as paramount.

The College is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 (Privacy Act). In relation to health records, the College is also bound by the NSW Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (NSW) (Health Records Act).

The College treats the handling of personal information of students, parents, employees and others in accordance with the ‘Privacy Act’ and ‘Health Records Act’.

The College is fully committed to respecting all individuals, including adults and children both within the College and the wider community.

The College may, from time to time, review and update this Privacy Policy to take into account changes in laws, technologies, College operations and practices as well as to ensure appropriate contextual alignment.

Collection of Information

The type of information the College collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

  • Students and parents and/or guardians before, during and after the course of a student’s enrolment at the College, including:
  • name, contact details (including next of kin and siblings), date of birth, gender, language background, previous school, parish details, religion and name and relationship of relatives who attended the College;
  • parents’ education, occupation and language background;
  • financial information;
  • medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors);
  • results of assignments, tests and examinations;
  • conduct and complaint records, or other behaviour notes, and appropriate pastoral records;
  • information about referrals to government welfare agencies;
  • counselling reports, accessed only through legal channels;
  • health fund details and Medicare number;
  • any court orders;
  • volunteering information; and
  • photos and videos at College events.

Job applicants, staff members, volunteers and contractors, including:

  • name, contact details (including next of kin), date of birth, and religion;
  • information on job application;
  • professional development history;
  • qualifications and education details;
  • salary and payment information, including superannuation details;
  • medical information (e.g. details of disability and/or allergies, and medical certificates);
  • complaint records and investigation reports;
  • leave details;
  • photos and videos at College events;
  • workplace surveillance information;
  • results of criminal background and working with children checks; and
  • work emails and private emails (when using work email address) and Internet browsing history.

Other people who come into contact with the College, including name and contact details and any other information necessary for the particular contact with the College.

Personal Information You Provide

The College will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Parents and students provide personal information.

Personal Information Provided by Other People

In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.

Exception in Relation to Employee Records

Under the Privacy Act and the Health Records Act, the Australian Privacy Principles and Health Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.

Purpose and Use of Personal Information

The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.

Students and Parents

In relation to personal information of students and Parents, the College’s primary purpose of collection is to enable the College to provide schooling to students enrolled at the College, exercise its duty of care, and perform necessary associated administrative activities, which will enable students to take part in all the activities of the College. This includes satisfying the needs of parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at the College.

The purposes for which the College uses personal information of students and parents include:

  • to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
  • day-to-day administration of the College;
  • looking after students’ educational, social and medical wellbeing;
  • seeking donations and marketing for the College; and
  • to satisfy the College’s legal obligations and allow the College to discharge its duty of care.

In some cases where the College requests personal information about a student or parent, if the information requested is not provided, the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

Job Applicants and Contractors

In relation to personal information of job applicants and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant or contractor, as the case may be.

The purposes for which the College uses personal information of job applicants and contractors include:

  • administering the individual’s employment or contract, as the case may be;
  • for insurance purposes;
  • seeking donations and marketing for the College; and
  • satisfying the College’s legal obligations, for example, in relation to child protection legislation.

Volunteers

The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities to enable the College and the volunteers to work together.

Marketing and Fundraising

The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment in which both students and staff thrive. Personal information held by the College may be disclosed to organisations that assist in the College’s fundraising, for example, the College’s Foundation or alumni organisation or, on occasions, external fundraising organisations.

On occasion, the College may use external companies to source publicly available information about the College community for the purposes of fundraising opportunities. As part of this process, the College may disclose personal information, including sensitive information to the external companies. Where this information sharing occurs, the College will enter into specific privacy and confidentiality agreements with the external company to ensure that all information is gathered, stored and deleted in accordance with the Australian Privacy Principles.

Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, such as newsletters and magazines, which include personal information, may be used for marketing purposes.

Disclosure and Storage of Personal Information

The College may disclose personal information, including sensitive information, held about an individual for educational, administrative, marketing, fundraising, compliance and support purposes. This may include but is not limited to:

  • Jesuit Education Australia Ltd, Australian Province of the Society of Jesus, The Society of Jesus in Australia Limited;
  • other schools and teachers at those schools;
  • government departments and agencies (including for policy and funding purposes);
  • health service providers including medical practitioners;
  • people providing educational, support and health services to the College, including but not limited to specialist visiting teachers, coaches, volunteers, and counsellors;
  • providers of specialist advisory services and assistance to the College, including in the area of Human Resources, child safeguarding and students with additional needs;
  • providers of learning and assessment tools including online educational and assessment support services;
  • providers of information technology services, software, applications and document and data management services, including to support the training of staff in the use of these services;
  • assessment and educational authorities, including the Australian Curriculum, NSW Educations Standards Authority (NESA), Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
  • agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes;
  • people providing administrative and financial services to the College, including to support or enhance the educational or pastoral care services the College provides to its students or to facilitate communications with parents and guardians;
  • people providing insurance and insurance services to the College;
  • recipients of College publications, such as newsletters and magazines;
  • students’ parents or guardians;
  • external    fundraising    and    public    domain    information gathering organisations;
  • anyone you authorise the College to disclose information to; and
  • anyone to whom we are required or authorised to disclose the information to by law, including child protection laws.

Sending and Storing Information Overseas

The College may disclose personal information about an individual to overseas recipients, for instance, to facilitate a College exchange. However, the College will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied); or
  • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

The College may use online or ‘cloud’ service providers (who may be located in, or outside Australia) to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s server which may be situated outside Australia.

Examples of such cloud service providers are Google and Microsoft. The College provides both Google Apps for Education (GAFE) and Microsoft 365 for Education to staff and students. These providers store and process limited personal information for this purpose. College personnel and its service providers may have the ability to access, monitor, use or disclose emails, communications (eg. instant messaging), documents and associated administrative data for the purposes of administering GAFE, Microsoft 365 for Education and ensuring its proper use.

Sensitive Personal Information

In referring to ‘sensitive information’, the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

Handling Sensitive Personal Information

The College’s staff are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.

The College has in place steps to protect the personal information the College holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.

Access and Update Personal Information

Under the Privacy Act and the Health Records Act, an individual has the right to seek and obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.

There are some exceptions to these rights set out in the applicable legislation.

To make a request to access or to update any personal information the College holds about you or your child, please contact the Principal by telephone or in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal (unless, in light of the grounds for refusing, it would be unreasonable to provide reasons).

Consent and Rights of Access to Personal Information

The College respects every parent’s right to make decisions concerning their child’s education.

Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. The College will treat consent given by parents as consent given on behalf of the student and notice to parents will act as notice given to the student.

Parents may seek access to personal information held by the College about them or their child by contacting the Principal by telephone or in writing.

However, there may be occasions when access is denied. Such occasions may include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.

The College may, at its discretion, on the request of a student grant that student access to information held by the College about them or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances warrant it.

Responding to Data Breaches

The College will take appropriate, prompt action if it has reasonable grounds to believe that a data breach may have or is suspected to have occurred. Depending on the type of data breach, this may include a review of internal security procedures, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC). If unable to notify individuals, the College will publish a statement on our website and take reasonable steps to publicise the contents of this statement

Log Data

Like many website operators, the College collects information that a user’s browser sends whenever it visits our website (Log Data).

This Log Data may include information such as a user’s computer’s Internet Protocol (IP) address, browser type, browser version, the pages of the College’s website that a user visits, the time and date of his or her visit, the time spent on those pages and other statistics.

In addition, the College may use third party services such as Google Analytics (or similar web traffic analytic tools) that collects, monitors, analyses and records all visits to the College’s website.

Enquiries and Complaints

If you would like further information about the way the College manages the personal information it holds, please contact the Chief Risk Officer by emailing Privacy@riverview.nsw.edu.au

Please refer to the Complaints Handling Policy and Procedure documents for further information regarding complaints.

The College takes seriously all complaints and procedures are in place to investigate and respond in a timely manner to any complaint made.

 

Accountabilities

Responsible Officer Chief Information Officer

Contact Officer

Chief Risk Officer

Supporting Information

Relevant Legislation

This Policy supports the College’s compliance with the following legislation and instruments:

  • The Privacy Act (1988)
  • Health Records and Information Privacy Act 2002, No. 17

Relevant Documents

  • Australian Province Code of Conduct
  • Employment Collection Notice

Relevant College Policies

The following policies of the College must be considered in relation to:

  • Complaints Handling Policy
  • Child Safeguarding Policy

Related Procedures

  • Complaints Handling Procedures

Superseded Documents

Nil

Definitions and Acronyms

Revision History

Version

Approved by

Approval date

Effective date

Sections modified

5.0

Compliance Officer

16 January 2023

Updated references to Child Safeguarding where required

4.0

Risk and Compliance Committee

17 August 2022

17 August 2022

  • Sending and Storing Information Overseas
  • All sections pertaining to Personal Information pp.5-8

3

2

SIC Board

19 May 2021

Marketing and Fundraising

1

Compliance Officer

15 January 2021

Nil