Caulfield Grammar School (CGS) is bound by the Australian Privacy Principles, which are part of the Privacy Act 1988 (Cth) (Privacy Act). In relation to health records CGS holds, CGS is also bound by the Health Privacy Principles under the Health Records Act 2001 (Vic).
CGS recognises and acknowledges that the protection of individuals’ privacy is important and required under the relevant legislation.
- CGS protects the privacy of personal information and health information which CGS collects and uses;
- CGS may use such information and to whom such information may be disclosed; and
- individuals can access their personal information, correct any personal information which CGS holds, lodge complaints in relation to alleged breaches of privacy or make any related enquiry.
All members of CGS staff, contractors and volunteers must comply with this policy in relation to any personal information they handle.
Personal information may be collected from any individual with whom CGS may have contact, including current and prospective students and their parents/guardians, alumni, job applicants, volunteers, contractors, past employees and other individuals who come into contact with CGS.
CGS may also collect, use and disclose health information in relation to the provision of health services to students while in the care of CGS.
Types of information CGS collects and holds
CGS collects a range of personal information about an individual, including an individual’s name, address, telephone number, email address, age and date of birth.
In addition to this information, where CGS provides health services in the course of discharging its duty of care, CGS may collect information about health services previously provided to an individual, an individual’s current health status and an individual’s expressed wishes in relation to the provision of health services.
CGS may also collect information about individuals when individuals access CGS’ website for statistical purposes. Information CGS collects from visits to its website is generally anonymous and CGS does not use such information to identify individuals. However, due to the nature of internet protocols, such information may contain details which may identify a particular individual, such as the IP address of the computer accessing CGS’ website, the internet service provider used by the individual, the web-page directing the individual to CGS’ website and the individual’s activity on CGS’ website.
How CGS collects personal information
CGS may collect personal information from an individual from a variety of sources, including:
- a form that is completed and submitted to CGS;
- a telephone, email or in-person inquiry or discussion about CGS and the services that CGS provides;
- mail correspondence, emails and other electronic means (including by accessing CGS’ website and use of the “contact us” form);
- publicly available sources of information;
- reference from another school about an individual student; and
- a report provided to CGS by a medical professional in relation to health services previously provided or to be provided by CGS to an individual.
CGS will usually collect personal information directly from the individual, unless it is unreasonable or impracticable to do so. Additionally, CGS will usually only collect personal information when CGS asks for that personal information. However, CGS may from time to time receive unsolicited personal information about an individual. Where CGS determines that CGS could not have collected such personal information lawfully, then CGS will promptly destroy or de-identify such information.
CGS may collect data from its website using various technologies, including “cookies”. A “cookie” is a text file that CGS’ website sends to an individual’s browser which is stored on the individual’s computer as an anonymous tag identifying the individual’s computer (but not the individual) to CGS. A browser can be configured to disable cookies; however, parts of CGS may not function properly (or at all) if cookies are disabled.
From time to time, CGS may seek consent of parents/guardians to using their child’s name, image and likeness in materials produced or published by CGS, including newsletters, magazines, posters and other advertising materials to promote CGS and its services. Where parents/guardians do not consent to their child’s name, image and likeness being used by CGS in this manner, CGS will refrain from using their child’s name, image and likeness. Additionally, parents/guardians may at any time withdraw their consent and CGS will promptly remove their child’s name, image and likeness from the materials produced or published.
How CGS uses personal information it collects
CGS generally only uses personal information for the primary purpose for which personal information is collected or a secondary purpose when permitted by the Privacy Act.
To the extent that CGS collects “sensitive information” (as the Privacy Act defines the term), then CGS would only use such information for the primary purpose of collection and for any secondary purposes which are directly related to the primary purpose and you would reasonably expect CGS to use or disclose the information for the secondary purpose.
CGS may use or disclose personal information (including sensitive information) for a purpose other than the primary purpose of collection if authorised or required by law.
CGS collects personal information for the purposes of:
- facilitating its ability to function as an educational institution;
- other administrative functions, including assessing job applicants and managing volunteers;
- fulfilling its duty of care to its students;
- complying with its legal obligations owed to the State and Commonwealth Governments in relation to the provision of education to students;
- addressing queries or resolving complaints;
- marketing CGS and the education services CGS provides to prospective students;
- keeping parents and guardians informed on matters relating to their child’s schooling at CGS through correspondence, newsletters, magazines and reports;
- assessing applications for scholarships to attend CGS and awarding and administering scholarships to current students at CGS; and
- seeking and administering donations and bequests made to CGS.
CGS may also disclose personal information it collects from individuals to third parties, such as CGS’ bankers, professional advisers, courts, tribunals, regulatory authorities, other companies and individuals for the purpose of:
- complying with its obligations owed to an individual under any contract between CGS and the individual, or as required by law;
- enabling those third parties to perform services on behalf of CGS; and
- recovering debts where amounts owed to CGS in consideration for services CGS provides remain due and outstanding beyond the payment terms.
Third parties CGS engages from time to time may have access to personal information held by CGS about individuals, but CGS will not authorise them to use such information for any other purpose.
CGS may disclose personal information (including sensitive information) held about an individual to another school, government departments (where CGS must disclose such information for the purpose of CGS complying with its legal obligations), medical practitioners, service providers (including specialist visiting teachers and sports coaches), recipients of CGS publications (such as newsletters and magazines), and parents and guardians.
CGS may use health information collected about an individual for the purpose of providing health services to that individual where required. CGS may disclose health information to a medical professional or to a health service provider where that other health service provider is engaged in providing health services to that individual. CGS will not use or disclose such health information for a purpose other than the primary purpose of collection unless:
- the individual consents to the use or disclosure;
- the secondary purpose is directly related to the primary purpose and the individual would reasonably expect CGS to use or disclose the information for the secondary purpose;
- the use or disclosure is required, authorised or permitted, whether expressly or impliedly by or under law; or
- as otherwise authorised, permitted or required under the Health Records Act 2001 (Vic).
Effect of non-provision of personal information; anonymity and pseudonymity
From time to time you may be able to deal with CGS anonymously or by using a pseudonym. For example, without limitation, if you have a general inquiry about us, and/or our services, we may be able to respond to your inquiry on an anonymous or pseudonymous basis.
However, if you do not provide the personal information CGS requests, or you provide the information anonymously or pseudonymously, then CGS may be unable to provide fulfil its functions as an educational institution to you or to your child or discharge its duty of care to you or to your child.
Further, in some situations, CGS may need to verify your identity as part of CGS’ response to a request to access and/or correct personal information or health information CGS holds about an individual, or as part of CGS’ complaints handling procedure. If CGS cannot verify your identity, or you continue to engage with CGS in an anonymous or pseudonymous basis, then CGS may be unable to complete your request or pursue its complaints-handling procedure.
CGS may directly market its services to you on the basis that you would reasonably expect CGS to do so, where CGS has already collected your personal information. Where CGS collects personal information about you from a third party, CGS will not use that information to directly market to you without your consent.
CGS will also comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth).
All direct marketing communications which CGS send will include an easy opt-out procedure if at any time you wish CGS to stop sending you information about CGS or its services.
Cross-border transfer or disclosure of information
CGS may disclose an individual’s personal information to entities outside Australia from time to time. For example, CGS may be required to disclose the personal information of students travelling to CGS’ Nanjing campus to Australian and Chinese government authorities.
CGS may transfer health information about an individual to an entity other than CGS or the individual which is outside Victoria only when CGS reasonably believes that the recipient is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the requirements under the Health Records Act 2001 (Vic), if the individual consents to the transfer or otherwise as permitted under the Health Records Act 2001 (Vic).
In the event CGS engages in cross-border disclosures of information, CGS will ensure that adequate security mechanisms are in place to protect the information disclosed. Wherever reasonably practicable, CGS will first seek your consent to such cross-border disclosure. Where you consent to such disclosure, CGS will be exempt from the requirements of the Privacy Act 1988 (Cth) in relation to such disclosed information. Where it is not reasonably practicable for CGS to obtain your consent, CGS will otherwise comply with the requirements of the Privacy Act 1988 (Cth).
Quality and security of information
CGS takes reasonable steps to ensure that, having regard to the purpose for which the information is to be used or disclosed by CGS, the personal information and the health information CGS collects, uses, holds or discloses is accurate, complete, up-to-date and relevant to CGS’ functions or activities.
Additionally, CGS will take reasonable steps to destroy or de-identify personal information it holds about an individual if CGS no longer requires that personal information.
CGS has implemented procedures and adopted technical and security measures to ensure that the security of individuals’ personal information and health information is not compromised.
Personal information collected from CGS’ website and from other channels you may have used (such as email, telephone or by written correspondence) is stored by CGS on a secure server.
All personal information is encrypted and all internet links maintained by CGS have firewalls to ensure a high level of security.
CGS will only retain personal information for the period necessary for the use for which it is submitted to CGS.
Accessing and correcting information
You are entitled at any time, upon request, to access the personal information CGS holds about you. CGS will respond within a reasonable period of time after CGS receives the request. CGS will give access to the information in the manner you request, unless it is impracticable for CGS to do so. CGS is entitled to charge you a reasonable administrative fee for giving access to the information requested.
CGS may from time to time refuse an individual access to the information CGS holds about that individual, in accordance with the relevant legislation. Where CGS refuses access, CGS will explain the reasons for refusal in writing and, if you wish to lodge a formal complaint about our refusal, CGS will explain the complaint procedure.
CGS reserves the right to verify your identity before granting access to the personal information CGS holds about you.
If at any times you believe that personal information CGS holds is incorrect, incomplete or inaccurate, you may request that we amend such personal information. If CGS refuses the correction request, then CGS will provide written reasons and information about CGS’ complaints-handling process should you not be satisfied with those reasons.
Where CGS corrects the personal information held about an individual, CGS will take reasonable steps to notify third parties of the correction.
Lodging a complaint
If you wish to complain about an alleged breach of the privacy of your personal information, the complaint should be made in writing to the attention of CGS’ Privacy Officer of the below address.
CGS will acknowledge receipt of your complaint and CGS will endeavour to deal with your complaint and provide you with a response within a reasonable time following receipt of your complaint (generally 30 days of receipt of your complaint). Where a complaint requires a more detailed investigation it may take longer to resolve. If this is the case, CGS will provide you with progress reports.
CGS will verify your identity and seek, where appropriate, information from you in connection with the complaint.
Where required by law, CGS will acknowledge your complaint in writing and provide information in writing on how we will deal with your complaint. Further, if required to do so by law, CGS will provide our determination on your complaint to you in writing.
CGS may refuse to investigate and deal with a complaint if CGS considers it to be vexatious or frivolous.
If you are dissatisfied with the outcome of your complaint, you may seek an internal review of our decision, which will be completed by an officer not previously involved in your complaint. If you remain dissatisfied, you may escalate your complaint to the office of the Australian Information Commissioner.
The Privacy Officer
Caulfield Grammar School
217 Glen Eira Road
East St Kilda VIC 3183