Privacy Policy
Privacy Policy
This Policy should be read in conjunction with the following MLC information:
- Code of Conduct - Staff
- Credit Card Information Policy
- Bursary Policy
- Assessment Policy
- Child Protection Policy
- Cyber Safety Policy
- Pastoral Care Policy
- Tracking and Knowing Girls on their Kindergarten-Year 12 Pathway Policy
- Reporting Policy
Relevant legislation:
- Children and Community Services Act 2004
- Children and Community Services Amendment (Reporting Sexual Abuse of Children) Act 2008
- Commonwealth Privacy Act 1988
Rationale
MLC is concerned about protecting individuals' privacy. As such, Methodist Ladies' College (the College) acknowledges the need to have in place rigorous and effective Privacy practices which are directed and guided by this policy.
The College is bound by the 13 Australian Privacy Principles contained in the Commonwealth Privacy Act.
This Privacy Policy describes:
- the kinds of personal information the College collects and stores;
- how the College collects and manages personal information;
- the purposes for which the College collects, stores and may disclose personal information it collects;
- the circumstances in which the College may disclose personal information to overseas recipients;
- how you can access and seek correction of any inaccuracies in your personal information;
- how the College treats students' rights of access to their personal information; and
- how you can make a complaint about the College's practices in relation to the Australian Privacy Principles and how complaints will be handled.
The College may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the College's operations and practices and to make sure it remains appropriate to the changing school environment.
Aims
- To comply with legislative requirements;
- To protect the personal and sensitive information the College collects about:
- Students and parents and/or guardians before, during and after the course of a student's enrolment at the College;
- Job applicants, staff members, volunteers and contractors; and
- Other people who come into contact with the College.
3. To encourage a safe, trusting environment.
What kinds of personal information does the College collect and how does the College collect it?
The College collects information about:
- students and parents and/or guardians ('Parents') before, during and after the course of a student's enrolment at the College;
- job applicants, staff members, volunteers and contractors; and
- other people who come into contact with the College.
The type of information the College collects and holds includes:
- Personal information;
- Sensitive information; and
- Health information.
Personal information includes but is not limited to, names, addresses (including email), telephone numbers, an enrolling student's previous school reports, applicable Court Orders, and birth dates.
Sensitive information includes information relating to:
- a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; and
- health information and biometric information about an individual.
Health information includes any information or opinion about the health or disability of an individual. This includes general medical information, immunization records, counselling notes, individual action plans (e.g. for diabetes, asthma, allergies) and dietary requirements.
Personal Information you provide: The College will generally collect personal information held about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails, telephone calls, and monitoring systems such as CCTV and social media.
Personal Information provided by other people: In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another College. The College may also acquire personal information from independent, public sources such as the telephone directory and media.
Unsolicited Personal Information: If we receive unsolicited personal information about you, we will only retain and use that information if we could have otherwise gathered that information directly from you for the purposes of conducting the business of the College.
Exception in relation to employee records: Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College's treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.
How will the College use the personal information you provide?
The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
Students and Parents: In relation to personal information of students and Parents, the College's primary purpose of collection is to enable the College to provide education for the student. This includes satisfying the needs of Parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at the College.
The purposes for which the College uses personal information of students and Parents include:
- to keep Parents informed about matters related to their daughter's education, through correspondence, newsletters and magazines;
- day-to-day administration of the College;
- looking after students' educational, social and medical wellbeing;
- seeking donations and marketing for the College; and
- to satisfy the College's legal obligations and allow the College to discharge its duty of care.
In some cases where the College requests personal information about a student or Parent, if the information requested is not provided, the College may not be able to enroll or continue the enrolment of the student or permit the student to take part in a particular activity.
Job applicants, staff members and contractors: In relation to personal information of job applicants, staff members and contractors, the College's primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the College uses personal information of job applicants, staff members and contractors include:
- in administering the individual's employment or contract, as the case may be;
- for insurance purposes;
- seeking donations and marketing for the College; and
- to satisfy the College's legal obligations, for example, in relation to child protection legislation.
Volunteers: The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as the Collegians, Per Ardua and parent support groups, to enable the College and the volunteers to work together.
Marketing and fundraising: The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment in which both students and staff thrive. Personal information held by the College may be disclosed to organisations that assist in the College's fundraising, for example, the College's Foundation.
Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, such as newsletters and magazines, which include personal information, may be used for marketing purposes.
Who might the College disclose personal information to?
The College may disclose personal information, including sensitive information, held about an individual to:
- another College;
- government departments;
- medical practitioners;
- people providing services to the College, including specialists visiting teachers, counsellors and sports coaches;
- recipients of College publications, such as newsletters and magazines;
- Parents;
- anyone you authorise the College to disclose information to; and
- anyone to whom we are required to disclose the information to by law.
Sending information overseas: The College may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with 'cloud' service providers which are situated outside Australia or to facilitate a College overseas tour or student exchange. However, the College will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
Management and security of personal information
The College's staff are required to respect the confidentiality of students' and Parents' personal information and the privacy of individuals.
The College has in place steps to protect the personal information the College holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including:
- locked storage of paper records and access restricted to those who directly use the data stored there;
- password access rights to computerised records;
- policy that requires staff not to share their personal password;
- regulated levels of access to databases for staff according to the needs of their role;
- security for College buildings, including coded electronic locking as well as physical locks;
- policies and practices that ensure staff management of personal information complies with the Australian Privacy Principles (APP);
- Information and Communication Technology security systems, policy and procedures are designed to protect personal information stored on College systems and devices;
- completing due diligence with regard to third party service providers, including cloud service providers, to ensure as far as practicable where they have access to personal information collected and stored by the College, their own practices are compliant with the APP or equivalent privacy protocols.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
When personal information we have collected is no longer required, it is destroyed, deleted or de-identified as appropriate.
Access and correction of personal information
The Principal acts as the College Privacy Officer.
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. Students will generally be able to access and update their personal information through their Parents, but older students may seek access and correction themselves.
There are some exceptions to these rights set out in the applicable legislation. To make a request to access or update any personal information the College holds about you or your child, please contact the Principal in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
Consent and rights of access to the personal information of students
The College respects every Parent's right to make decisions concerning their child's education.
Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student's Parents. The College will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.
As mentioned above, Parents may seek access to personal information held by the College about them or their child by contacting the Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College's duty of care to the student.
The College may, at its discretion, on the request of a student, grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the student and/or the student's personal circumstances so warranted.
Enquiries and complaints
If you would like further information about the way the College manages the personal information it holds, or wish to lodge a complaint about a perceived breach of the Australian Privacy Principles by the College, please contact the Principal. You may provide the Principal with the details of your complaint in writing or by requesting a meeting with the Principal to provide details verbally.
To contact the Principal: Phone +61 (08) 9384 4000
Addresses for written complaints:
Email mlc@mlc.wa.edu.au or privacyofficer@mlc.wa.edu.au
Methodist Ladies' College
356 Stirling Highway
Claremont WA 6010
The College will investigate any complaint through the College's Resolving Grievances: Respect for self, others and the environment Policy and in that process, may request additional information from you. The Principal will notify you of the making of a decision in relation to your complaint as soon as is practicable.
Under the Privacy Act 1988 you can also make a complaint to the Office of the Australian Information Commissioner (OAIC) about the handling of your personal information.