Purpose
This policy has been established for Genazzano FCJ College and accords with the requirements of the Commonwealth and State Government; and aligns with the policies and practices of Genazzano FCJ College Limited.
Genazzano FCJ College is a Catholic Day and Boarding School that embodies the charism of our founders, the sisters Faithful Companions of Jesus and is inspired by Ignatian spirituality. The College shares with their community a future-oriented and distinctive learning culture guided by reflection, wisdom, and service and empowers young children to transform the world with hope and care. Each person’s dignity is an essential element in how the College lives out its vision and promotes the safety, wellbeing, and inclusion of all children and young people.
Policy Statement
Genazzano College is committed to complying with the National Privacy Laws by ensuring the privacy of all stakeholder information (students, staff, and parents). This Privacy Policy sets out how the College manages personal information provided to or collected by it and explains how the College is bound by the Australian Privacy Principles (APPs) contained in the Commonwealth Privacy Act 1988. In relation to health records, the College is also bound by the Health Records Act 2001 (Vic.) and the Health Privacy Principles in that Act.
The APPs are designed to protect the privacy of individuals by regulating the way personal information is managed. The College may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the College’s operations and practices and to make sure it remains appropriate to the changing school environment.
Enabling Structures
What kinds of personal information does the College collect and hold?
The College collects and holds personal information, including health and other sensitive information, about:
Students before, during and after the course of a student’s enrolment at the College including:
- name, contact details (including next of kin), date of birth, gender, language background, previous school, and religion
- medical and welfare information (e.g., details of disability and/or allergies, and details of any assistance the student receives in relation to those disabilities, medical reports, cognitive assessments, names of doctors)
- conduct and complaint records, or other behaviour notes, school attendance and school reports
- information about referrals to government welfare agencies
- information obtained during counselling
- any court orders
- photos and videos at College events.
Parents and/or guardians of students including:
- name, address, and contact details, education, occupation, and language background o health fund details and Medicare number
- any court orders
- volunteering information (including Working with Children Clearance)
- financial information
- photos and videos at school events.
Job applicants, staff members, volunteers, and contractors, including:
- name, contact details (including next of kin), date of birth and religion
- information on job application
- information provided by a former employer or a referee
- professional development history
- salary and payment information, including superannuation details
- medical information (e.g., details of disability and/or allergies and medical certificates)
- complaint records and investigation reports o employee details
- photos and videos at school events
- workplace surveillance information
- work emails and private emails (when using work email address) and internet browsing history
Other people who come into contact with the College, including name and contact details and any other information necessary for the particular contact with the College.
Exception in relation to employee records
Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College’s treatment of an employee record where the treatment is directly related to a current or former employment relationship between the College and employee. The College handles staff health records in accordance with the Health Privacy Principles in the Health Records Act 2001 (Vic.).
How will the College collect and hold personal information?
Personal Information you provide: The College will generally collect personal information held about an individual by way of forms completed by parents, guardians, carers or students, face-to-face meetings and interviews, emails, and telephone calls, and through the College’s online portal GenConnect and EdSmart school data system.
On occasions people other than parents and students (such as job applicants and contractors) provide personal information to the College.
Personal Information provided by other people: In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school. The type of information the College may collect from another school may include:
- academic records and/or achievement levels
- information that may be relevant to assisting the new school meet the needs of the student including any adjustments
Anonymity: The College needs to be able to identify individuals with whom it interacts and to collect identifiable information about them to facilitate the delivery of schooling to its students and its educational and support services, conduct the job application process and fulfil other obligations and processes. However, in some limited circumstances some activities and interactions with the College may be done anonymously where practicable, which may include making an inquiry, complaint or providing feedback.
Holding your personal information: The College’s approach to holding personal information is to ensure that it is stored securely, and that access is provided only to persons who need such access.
Depending on the nature of the personal information, it may be stored in locked rooms or cabinets (in the case of paper records), on secure digital devices or on our computer systems and databases with appropriate password protection.
How will the College use the personal information you provide?
The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
Students and Parents: In relation to personal information of students and parents, the College’s primary purpose of collection is to enable the College to provide education to students enrolled at the school (including educational and support services for the student), exercise its duty of care and perform necessary associated administrative activities which will enable students to take part in all the activities of the College. This includes satisfying the needs of parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at Genazzano FCJ College.
In particular, the purposes for which the College uses personal information of students and parents include:
- to keep parents informed about matters related to their child’s education, through correspondence, newsletters, and magazines
- day-to-day administration of the College
- looking after students’ educational, social, and medical wellbeing
- seeking donations and marketing for the College
- to satisfy the College’s legal obligations and allow the College to discharge its duty of care
- to satisfy the legal obligations of the school’s governing authority, FJC Education Australia and Melbourne Archdiocese Catholic Schools Ltd (MACS)
- to satisfy the College service providers’ legal obligations
In some cases where the College requests personal information about a student or parent, if the information requested is not provided, the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
Job applicants and contractors: In relation to personal information of job applicants and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant, or contractor, as the case may be.
The purposes for which the College uses personal information of job applicants and contractors include:
- administering the individual’s employment or contract, as the case may be
- for insurance purposes
- satisfying the College’s legal obligations, for example, in relation to child protection legislation.
Volunteers: The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as the Alumnae Associations, to enable the College and the volunteers to work together, to confirm their suitability and to manage their visits.
The purposes for which the College uses personal information of volunteers includes:
- to enable the College to manage the engagement process of volunteers
- for insurance purposes
- satisfying the College’s legal obligations, for example, in relation to child protection
- to confirm their suitability and to manage their visits.
College marketing, Investment and Development Fundraising, bequests, capital foundation: The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment in which both students and staff thrive. Personal information held by the College may be disclosed to organisations that assist in the school’s fundraising, for example, the College’s Foundation or Alumnae Associations (or, on occasions, external fundraising organisations).
Parents, staff, contractors, and other members of the wider College community may from time to time receive fundraising information and these marketing packages will be clearly endorsed by the College.
School publications, like newsletters and magazines, which include personal information and sometimes people’s images, may be used for marketing purposes.
Who might the College disclose personal information to and store your information with?
The College may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:
- College service providers which provide educational, support and health services to the College, (either at the school or off campus) including the Catholic Education Commission of Victoria Ltd (CECV), Catholic Education Offices, specialist visiting teachers, volunteers, counsellors, sports coaches and providers of learning and assessment tools
- people providing educational support such as sports coaches and pre-service teachers
- third party service providers that provide online educational and assessment support services, document and data management services, training and support services, hosting services, and software-as-a-services applications (such as the Integrated Catholic Online Network (ICON) and Google’s G Suite)
- authorised agencies and organisations to enable the school to discharge its responsibilities e.g., under the Australian Education Regulation 2013 (Regulation) and the Australian Education Act 2013 (Cth) (AE Act) relating to students with a disability, including Nationally Consistent Collection of Data (NCCD) quality assurance processes, participation in the Australian Early Development Census (AEDC), government audits etc.
- other third parties which the school uses to support or enhance the educational or pastoral care services for its students or to facilitate communications with parents
- support the training of selected staff in the use of the school’s systems, such as ICON/ROSAE
- another school including to its teachers to facilitate the transfer of a student
- Federal and State government departments and/or agencies engaged by them
- health service providers
- recipients of college publications, such as newsletters and magazines
- student’s parents or guardians and their emergency contacts
- assessment and educational authorities including the Australian Curriculum, Assessment and Reporting Authority
- anyone to whom you authorise the school to disclose information
- anyone who we are required or authorised to disclose the information to by law, including under child protection and information sharing laws.
Child Information Sharing Scheme (CISS) and Privacy
The CISS regime includes legislative principles to guide the collection, use or disclosure of confidential information. It is a principle of the CISS regime that Sharing Entities (ISEs) such as Genazzano FCJ College give precedence to the wellbeing and safety of a child over the right to privacy. The use or disclosure of confidential information under the CISS regime is in good faith and with reasonable care does not constitute a contravention of any other Act. This means that where a disclosure is made in compliance with the CISS, it is not a privacy breach.
Nationally Consistent Collection of Data on School Students with Disability
The school is required by the Federal Australian Education Regulation (2013) and Australian Education Act 2013 (Cth) (AE Act) to collect and disclose certain information to inform Students with a Disability (SwD) loading via the NCCD (Nationally Consistent Collection of Data). The College provides the required information at an individual student level to an approved authority. Approved authorities must comply with reporting, record keeping and data quality assurance obligations under the NCCD. Student information provided to the federal government for the purpose of the NCCD does not explicitly identify any student.
Sending and storing information overseas
The College may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the College will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual; or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The College may from time to time use the services of third-party online service providers (including for the delivery of services and third-party online applications, or Apps relating to email, instant messaging and education and assessment, such as Google’s G Suite, including Gmail) which may be accessible by you. Some personal information [including sensitive information] may be collected and processed or stored by these providers in connection with these services. These online service providers may be located in or outside Australia.
College personnel and the school’s service providers, and the CECV and its service providers, may have the ability to access, monitor, use or disclose emails, communications (e.g., instant messaging), documents and associated administrative data for the purposes of administering the system and services ensuring their proper use.
The College makes reasonable efforts to be satisfied about the security of any personal information that may be collected, processed, and stored outside Australia, in connection with any cloud and third-party services and will endeavour to ensure the cloud is in countries with substantially similar protections as the APPs.
The countries in which the servers of cloud service providers and other third-party service providers are located may include: USA, UK, Canada, France, Chile, Taiwan, Singapore, Netherlands, Finland, Belgium, China, Korea.
Where personal and sensitive information is retained by a cloud service provider on behalf of CECV to facilitate Human Resources and staff administrative support, this information may be stored on servers located in or outside Australia.
Otherwise, it is not practicable to specify in this Policy the countries in which overseas recipients of personal information are likely to be located.
How does the College treat sensitive information?
In referring to ‘sensitive information’, the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The College’s staff are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.
The College has in place steps to protect the personal information the College holds from misuse, interference and loss, unauthorised access, modification, or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records. This includes responding to any incidents which may affect the security of the personal information it holds. If we assess that anyone whose information is affected by such a breach is likely to suffer serious harm as a result, we will notify them and the Office of the Australian Information Commissioner of the breach.
It is recommended that parents and the College community adopt secure practices to protect themselves. Passwords need to be regularly updated and log in details are kept secure. Good practice is to not share your personal information with anyone without first verifying their identity and organisation. If you believe any of your personal information has been compromised, please let the College know immediately.
Access and correction of personal information
Under the Privacy Act and the Health Records Act, an individual has the right to seek and obtain access to any personal information and health records respectively which the College holds about them and to advise the College of any perceived inaccuracy. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.
There are some exceptions to the access rights set out in the applicable legislation.
To make a request to access or to update any personal information the College holds about you or your child, please contact the Privacy Officer in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing, and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If the College cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
There may be circumstances where the reason for refusal is not provided, if doing so may breach the privacy of another person.
Consent and rights of access to the personal information of students
The College respects every parent’s right to make decisions concerning their child’s education. Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. The College will treat consent given by parents as consent given on behalf of the student and notice to parents will act as notice given to the student.
Parents may seek access to personal information held by the College about them or their child by contacting the Privacy Officer in writing. However, there may be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.
The College may, at its discretion, on the request of a student grant that student access to information held by the school about them or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances warrant it.
Enquiries, Complaints and Contact Details
If you would like further information about the way the College manages the personal information it holds about you or wish to complain that you believe that the College has breached its privacy obligations, please contact the Privacy Officer for the College.
The Privacy Officer
Genazzano FCJ College
301 Cotham Road
Kew VIC 3101
Telephone: (03) 8862 1000
Fax: (03) 8862 1133
Email: [email protected]
The College will investigate your complaint and will notify you of a decision in relation to your complaint as soon as is practicable after it has been made.
If you are not satisfied with the decision, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) whose contact details are:
GPO Box 5218, Sydney, NSW 2001
Telephone: 1300 363 992
www.oaic.gov.au
Reporting and Review
Policy created: April 2021
Ratified by College Council: 31 August 2021
Policy to be reviewed: 31 August 2024