This Privacy Statement applies to schools conducted by the Archdiocese of Adelaide and sets out how the CEO (Adelaide) and each school manages personal information provided to or collected by it.
Schools and the CEO are bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.
From time to time this Privacy Statement may be reviewed and updated to take account of new laws and technology, changes to schools’ operations and practices and to make sure it remains appropriate to the changing school environment.
The provisions of this statement apply to Catholic schools and the Catholic Education Office in the Archdiocese of Adelaide, the legal entity for which is the Catholic Church Endowment Society Inc.
3.1 What kind of personal information does a school collect and how does a school collect it?
The type of information schools collect and hold includes (but is not limited to) personal information, including health and other sensitive information, about:
- pupils and parents and/or guardians (parents) before, during and after the course of a pupil’s enrolment at the school
- name, contact details (including next of kin), date of birth, gender,
- language background, previous school and religion;
- parents’ education, occupation and language background;
- medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors);
- conduct and complaint records, or other behaviour notes, and school reports;
- information about referrals to government welfare agencies;
- counselling reports;
- health fund details and Medicare number;
- any court orders;
- volunteering information; and
- photos and videos at school events;
- job applicants, staff members, volunteers and contractors
- name, contact details (including next of kin), date of birth, and religion;
- information on job application;
- professional development history;
- salary and payment information, including superannuation details;
- medical information (e.g. details of disability and/or allergies, and medical certificates);
- complaint records and investigation reports;
- leave details;
- photos and videos at school events;
- workplace surveillance information;
- work emails and private emails (when using work email address) and internet browsing history; and
- other people who come into contact with the school, including name and contact details and any other information necessary for the particular contact with the school.
Personal Information you provide: A school will generally collect personal information held about an individual by way of forms filled out by parents or pupils, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and pupils provide personal information.
Personal Information provided by other people: In some circumstances a school may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
Exception in relation to employee records: Under the Privacy Act 1988, this Privacy Statement does not apply to the school’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the school and employee.
3.2 How will a school use the personal information you provide?
A school will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
Pupils and Parents: In relation to personal information of pupils and parents, a school’s primary purpose of collection is to enable the school to provide schooling to pupils enrolled at the school, exercise its duty of care, and perform necessary associated administrative activities, which will enable pupils to take part in all the activities of the school. This includes satisfying the needs of parents, the needs of the pupil and the needs of the CEO and school throughout the whole period the pupil is enrolled at the school.
The purposes for which the CEO and a school uses personal information of pupils and parents include:
- to keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
- day-to-day administration;
- looking after pupils’ educational, social, spiritual and medical wellbeing;
- seeking donations and marketing for the school; and
- to satisfy the CEO and the school’s legal obligations and allow the school to discharge its duty of care.
In some cases where a school requests personal information about a pupil or Parent, if the information requested is not obtained, the school may not be able to enrol or continue the enrolment of the pupil or permit the pupil to take part in a particular activity.
Job applicants and contractors: In relation to personal information of job applicants and contractors, a school’s primary purpose of collection is to assess and (if successful) to engage the applicant or contractor, as the case may be.
The purposes for which a school uses personal information of job applicants and contractors include:
- administering the individual’s employment or contract, as the case may be;
- for insurance purposes;
- seeking funds and marketing for the school; and
- satisfying the CEO’s and the school’s legal obligations, for example, in relation to child protection legislation.
Volunteers: A school also obtains personal information about volunteers who assist the school in its functions or conduct associated activities, such as alumni associations, to enable the school and the volunteers to work together.
Marketing and fundraising: Schools treat marketing and seeking donations for the future growth and development of the school as an important part of ensuring that the school continues to be a quality learning environment in which both pupils and staff thrive. Personal information held by a school may be disclosed to an organisation that assists in the school’s fundraising, for example, the school’s Foundation or alumni organisation or, on occasions, external fundraising organisations.
Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
Exception in relation to related schools: The Privacy Act 1988 allows each school, being legally related to each of the other schools conducted by the CEO to share personal (but not sensitive) information with other schools conducted by the CEO. Other CEO schools may then only use this personal information for the purpose for which it was originally collected by the CEO. This allows schools to transfer information between them, for example, when a pupil transfers from a CEO school to another school conducted by the CEO.
3.3 Who might a school disclose personal information to and store your information with?
A school may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:
- other schools and teachers at those schools;
- government departments (including for statement and funding purposes);
- the CEO, the South Australian Commission for Catholic Schools (SACCS), the school’s local diocese and parish, other related church agencies/entities, and schools within other Dioceses/other Dioceses;
- medical practitioners;
- people providing educational, support and health services to the school, including specialist visiting teachers, sports coaches, volunteers, and counsellors;
- providers of learning and assessment tools;
- assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration
- Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);
- people providing administrative and financial services to the school;
- recipients of school publications, such as newsletters and magazines;
- pupils’ parents or guardians;
Sending and storing information overseas: A school may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, a school will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The school may use online or ‘cloud’ service providers to store personal information and sensitive information and to provide services to the school that involve the use of personal information and sensitive information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s servers which may be situated outside Australia.
An example of such a cloud service provider is Microsoft O365. Microsoft O365 provides email and stores and processes limited personal information for this purpose. School personnel, the CEO, SACCS and their service providers may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering Microsoft O365 and ensuring its proper use.
3.4 How does a school treat sensitive information?
In referring to ‘sensitive information’, a school means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
3.5 Management and security of personal information
The CEO’s and the schools’ staff are required to respect the confidentiality of pupils’ and parents’ personal information and the privacy of individuals.
Each school has in place steps to protect the personal information the school holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
3.6 Access and correction of personal information
Under the Commonwealth Privacy Act, an individual has the right to seek and obtain access to any personal information which the CEO or a school holds about them and to advise the CEO or the school of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Pupils will generally be able to access and update their personal information through their parents, but older pupils may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.
To make a request to access or to update any personal information the CEO or a school holds about you or your child, please contact the school’s Principal by telephone or in writing.
The school may require you to verify your identity and specify what information you require. The school may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the school will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for
3.7 Consent and rights of access to the personal information of pupils
The CEO respects every Parent’s right to make decisions concerning their child’s education.
Generally, a school will refer any requests for consent and notices in relation to the personal information of a pupil to the pupil’s parents. A school will treat consent given by parents as consent given on behalf of the pupil, and notice to parents will act as notice given to the pupil.
Parents may seek access to personal information held by a school or the CEO about them or their child by contacting the school’s Principal by telephone or in writing. However, there may be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the school’s duty of care to the pupil.
A school may, at its discretion, on the request of a pupil grant that pupil access to information held by the school about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the pupil and/or the pupil’s personal circumstances warrant it.
4 Enquiries and complaints
If you would like further information about the way the CEO or a school manages the personal information it holds, or wish to complain that you believe that the CEO or a school has breached the Australian Privacy Principles, please contact the school’s Principal or the Director of Catholic Education, Archdiocese of Adelaide (as appropriate) by writing or telephone. The CEO or the school will investigate any complaint and will notify you of a decision in relation to your complaint as soon as is practicable after it has been made.
The school or CEO includes the Catholic schools and any associated entities (including e.g. committees, OSHC, FLP, pre-school, early learning centres, etc.) and the Catholic Education Office (CEO) in the Archdiocese of Adelaide, as well as sites on which staff or others engaged in duties or activities such as excursions or conference attendance sanctioned by their School or CEO.
Staff means staff employed by any Catholic School or the Catholic Education Office in the Archdiocese of Adelaide.
Parents means parents and/or guardians
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable whether the information is true or not, and whether the information is recorded in a material form or not. It includes all personal information regardless of its source.
Sensitive information is a type of personal information that is given extra protection and must be treated with additional care. It includes any information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record. It also includes health information.
6 Related Policies, Procedures and Resources
This Statement is to be read in conjunction with, and is additional to, any other relevant South Australian Commission for Catholic Schools (SACCS), school or CEO statement, procedure or support document including:
- Privacy collection notices available at CESA privacy collection
National Catholic Education Commission and National Council of Independent Schools’ Association Privacy Compliance Manual May 2018
Privacy Collection – privacy statement, statements and collection notice templates for schools, privacy information for enrolments, employees, volunteers, contractors, etc.