Your privacy is important
This statement outlines Wesley College’s policy on how the College uses and manages personal information provided to or collected by it.
The College is bound by the National Privacy Principles contained in the Commonwealth Privacy Act 1988.
From whom do we Collect Personal Information?
At Wesley College we collect personal information from students, parents, prospective parents, prospective employees, staff, Council Members, volunteers and others including alumni, contractors, visitors and others that come into contact with the College.
What types of Personal Information Do We Collect?
The types of personal information we collect are largely dependent upon whose information we are collecting and why we are collecting it, however in general terms the College may collect:
- Personal Information about an identified individual including names, addresses and other contact details; dates of birth; next of kin details; financial information, photographic images and attendance records.
- Sensitive Information (particularly in relation to student and parent records) including religious beliefs, government identifiers, nationality, country of birth, languages spoken at home, professional or union memberships, family court orders and criminal records.
- Health Information means information about the health or a disability (at any time) of an individual or an individual’s expressed wishes about the future provision of health services (particularly in relation to student and parent records) including medical records, immunisation details, individual health care plans, counselling reports, nutrition and dietary requirements.
How do we collect your personal information?
How we collect personal information will largely be dependent upon whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.
Where possible the College has attempted to standardise the collection of personal information by using specifically designed forms. However, given the nature of our operations, we often also receive personal information by email, letters, notes, over the telephone, in face to face meetings, through financial transactions and through surveillance activities such as the use of CCTV security cameras or email monitoring.
We may also collect personal information from other people (e.g. a personal reference) or independent sources (e.g. a telephone directory), however we will only do so where it is not reasonable and practical to collect the information from you directly.
In the event we need to collect information that we cannot reasonably obtain directly from you, we will request your consent to exchange information with the relevant third party.
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we collect unsolicited information we will only hold, use and/or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
How will the College use the personal information you provide?
We only use personal information that is reasonably necessary for one or more of our functions or activities (the primary purpose) or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.
Our primary uses of personal information include but are not limited to:
- providing education, pastoral care, extra-curricular and health services;
- satisfying our legal obligations including our duty of care and child protection obligations;
- keeping parents informed as to College community matters through correspondence, newsletters and publications;
- marketing, promotional and fundraising activities;
- supporting the activities of College associations such as OWCA;
- supporting community based causes and activities, charities and other causes in connection with the College’s functions or activities;
- helping us to improve our day to day operations including training our staff; systems development; developing new programs and services; undertaking planning, research and statistical analysis;
- College administration including for insurance purposes;
- the employment of staff;
- the engagement of volunteers.
We only collect sensitive information reasonably necessary for one or more of these functions or activities, if we have the consent of the individuals to whom the sensitive information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety, or another permitted general situation (such as locating a missing person) or permitted health situation (such as the collection of health information to provide a health service) exists.
If we do not have the relevant consent and a permitted health situation or permitted general situation does not exist, then we may still collect sensitive information provided it relates solely to individuals who have regular contact with the College in connection with our activities. These individuals may include students, parents, volunteers, former students and other individuals with whom the College has regular contact in relation to our activities.
We will only use or disclose sensitive information for a secondary purpose if you would reasonably expect us to use or disclose the information and the secondary purpose is directly related to the primary purpose.
How does the College treat sensitive information?
We store personal information in a variety of formats including on databases, in hard copy files and on personal devices including laptop computers, mobile phones, cameras and other recording devices.
The security of your personal information is of importance to us and we take all reasonable steps to protect the personal information we hold about you from misuse, loss, unauthorised access, modification or disclosure.
These steps include:
- Restricting access to information on the College databases on a need to know basis with different levels of security being allocated to staff based on their roles and responsibilities and security profile.
- Ensuring all staff are aware that they are not to reveal or share personal passwords.
- Ensuring where sensitive and health information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
- Implementing physical security measures around College buildings and grounds to prevent break-ins.
- Implementing ICT security systems, policies and procedures, designed to protect personal information storage on our computer networks.
- Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
- Undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.
Personal information we hold that is no longer needed is destroyed in a secure manner, deleted or de-identified as appropriate.
Our website may contain links to other websites. We do not share your personal information with those websites, and we are not responsible for their privacy practices. Please check their privacy policies.
Who might the College disclose personal information to?
We only use personal information for the purposes for which it was given to us, or for purposes which are related (or directly related in the case of sensitive information) to one or more of our functions or activities. We may disclose your personal information to government agencies, other parents, other schools, recipients of College publications, visiting teachers, medical practitioners, counsellors and coaches, our service providers, agents, contractors, business partners and other recipients from time to time, if:
- you have consented; or
- you would reasonably expect us to use or disclose your personal information in this way; or
- we are authorised or required to do so by law; or
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- where another permitted general situation or permitted health situation exception applies; or
- disclosure is reasonably necessary for a law enforcement related activity.
Student information can be shared by the Commonwealth (including Tuition Protection Service (TPS)), and state or territory agencies.
Personal Information of Students
The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.
At Wesley College, we take a common sense approach to dealing with a student’s personal information and generally will refer any requests for personal information to a student’s parents/carers. We will treat notices provided to parents/carers as notices provided to students and we will treat consents provided by parents/carers as consents provided by a student.
We are however cognisant of the fact that children do have rights under the Privacy Act, and that in certain circumstances (especially when dealing with older students and especially when dealing with sensitive information), it will be appropriate to seek and obtain consents directly from students. We also acknowledge that there may be occasions where a student may give or withhold consent with respect to the use of their personal information independently from their parents/carers.
There may also be occasions where parents/carers are denied access to information with respect to their children, because to provide such information would have an unreasonable impact on the privacy of others or result in a breach of the College’s duty of care to the student.
Sending information overseas
We may disclose personal information about an individual to overseas recipients in certain circumstances, such as when we are organising an overseas excursion, facilitating a student exchange, or storing information with a “cloud computing service” which stores data outside of Australia. We will however take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless:
- We have the individual’s consent (which may be implied); or
- We have satisfied ourselves that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy regime; or
- We form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- We are taking appropriate action in relation to suspected unlawful activity or serious misconduct.
How we handle your personal information when you visit our website
When you use our website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via an online form or by email, for example, if you:
- send a general enquiry via e-mail
- complete the online feedback survey
- register for an event
- send a written complaint or enquiry to our Privacy Officer.
When you use our website, our Internet Service Provider (ISP) will record and log for statistical purposes the following information about your visit:
- your computer address
- your top level name (for example, .com, . gov, .org, .au etc)
- the date and time of your visit
- the pages and documents you access during your visit, and
- the browser you are using
We may use statistical data collected by our ISP to evaluate the effectiveness of our website. We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our ISP logs, if an investigation being conducted warrants such inspection.
A “cookie” is a device that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
Our website uses temporary cookies. This means that upon closing your browser, the temporary cookie assigned to you will be destroyed and no personal information is maintained which will identify you at a later date.
Personal information such as your email address is not collected unless you provide it to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. You can configure your browser to accept or reject all cookies and to notify you when a cookie is used. We suggest that you refer to your browser instructions or help screens to learn more about these functions. However, please note that if you configure your browser so as not to receive any cookies, a certain level of functionality of the Wesley College website and other websites may be lost.
Wesley College is committed to protecting the security of your personal information. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. We will take all reasonable steps to prevent your information from loss, misuse or alteration.
If you choose to complete our online forms or lodge enquiries via our website, we will ensure that your contact details are stored on password protected databases.
Staff members associated with website maintenance have access to our website’s backend system. This is password protected. Our website service is also password protected.
How we ensure the quality of your personal information
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up to date. These steps include ensuring that the personal information is accurate, complete and up to date at the time of collection and when using or disclosing the personal information. On an ongoing basis we maintain and update personal information when we are advised by individuals or when we become aware through other means that their personal information has changed.
Please contact us if any of the details you have provided change. You should also contact us if you believe that the information we have about you is not accurate, complete or up to date.
How can you access your information?
An individual has the right to obtain access to any personal information that the College holds about them and to advise the College of any perceived inaccuracy in that information. Students will generally be able to access and update their personal information through their parents, but older students may seek access to and correction of their personal information.
To make a request to access or update any personal information the College holds about you or your child, please contact the Director of Finance & Resources in writing. Wesley College may require you to verify your identity and specify what information you require.
If we cannot provide you with access to that information, you will be notified accordingly. You will be provided a written notice explaining the reasons for access being denied. Access may be denied where:
- there is a legal impediment to access;
- the access would unreasonably impact on the privacy of another;
- your request is frivolous;
- the information relates to anticipated or actual legal proceedings and you would not be entitled to access the information in those proceedings in the interests of national security;
- to provide access would create a serious threat to life or health.
No application fee is charged, however an administration and copying fee may be charged. Your request will be actioned as soon as practicable.
If you wish to make a complaint about an alleged breach by Wesley College of the Australian Privacy Principles you may do so by providing your written complaint by email, letter, facsimile or by personal delivery to any one of our contact details as noted below. You may also make a complaint verbally.
We will respond to your complaint within a reasonable time (usually no longer than 30 days) and we may seek further information from you in order to provide a full and complete response.
Your complaint may also be taken to the Office of the Australian Information Commissioner.
If you would like further information about the way the College manages the personal information it holds, please contact the Director of Finance & Resources.
Credit Card Security
Credit Card Transactions are performed using 128 bit SSL Encryption Security from the NAB.
Payers are inside the NAB Network when making Credit Card transactions.
Credit Card transactions are recorded as Purchases and not Cash Advances. This means that, unlike Cash Advances, interest is not immediately charged and your Interest Fee Period remains intact.
No credit card details are stored by Wesley College. All the credit card details and transaction processing is conducted by the NAB.
The NAB Transact payment gateway complies with the Payment Card Industry Data Security Standards, which is the global mandate of the payment card schemes for merchants and payment processors. By using NAB to capture details, Wesley College meets PCI DSS compliance requirements.