Your privacy is important
This statement outlines Wesley College’s policy on how the College uses and manages personal information provided to or collected by it.
The College is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act.
What kind of personal information does the College collect and how does the College collect it?
The type of information the College collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:
- students and parents and/or guardians (hereafter described as ‘parent’) before, during and after the course of a student’s enrolment at the College;
- job applicants, staff members, volunteers and contractors; and
- other people who come into contact with the College.
Personal Information you provide: The College will generally collect personal information held about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and students provide personal information.
Personal Information provided by other people: In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school or college.
How will the College use the personal information you provide?
The College will use personal information it collects from you for the primary purpose of being necessary for one or more of the College’s functions or activities, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
Students and Parents: In relation to personal information of students and parents, the College’s primary purpose of collection is to enable the College to provide schooling for the student. This includes satisfying both the needs of parents and the needs of the student throughout the whole period the student is enrolled at the College.
The purposes for which the College uses personal information of students and parents include (but are not limited to):
- keeping parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
- day-to-day administration including for insurance purposes.
- looking after the educational, social and medical wellbeing of students. This may include photographic documentation to alert staff to certain health or pastoral conditions;
- seeking donations and marketing for the College;
- satisfying the College’s legal obligations and allowing the College to discharge its duty of care;
- provision of data to state and federal government agencies.
In some cases where the College requests personal information about a student or parent, if the information requested is not obtained, the College may not be able to enrol or continue the enrolment of the student.
Job applicants, staff members and contractors: In relation to personal information of job applicants, staff members and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the College uses personal information of job applicants, staff members and contractors include (but are not limited to):
- in administering the individual’s employment or contract;
- for insurance purposes;
- seeking funds and marketing for the College;
- to satisfy the College’s legal obligations, for example, in relation to child protection legislation.
Volunteers: The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as the OWCA.
Communication, marketing and fundraising: Wesley College regards these as an integral part of engaging the community and planning future growth and development.
Relevant personal information may be used for fundraising purposes. Parents, staff and other members of the wider college community may receive fundraising and marketing information from the College.
For various types of communication and also for educational purposes, samples of student’s work, photographic images and videos of students taken during college activities may be used. This includes, but is not limited to, college newsletters, college website, college publications and external media.
The practice of the Community Relations Department is to consult parents before proposing any external media interviews with students or use of copy of images that name a student.
Parents can opt out of their child being photographed or identified in marketing and communications at time of enrolment or by detailing this on the MyDetails tab, which can be accessed via the portal/synergetic portal/MyDetails. They can also email firstname.lastname@example.org .
How does the College treat sensitive information?
In referring to ‘sensitive information’ the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Who might the College disclose personal information to?
Wesley College may disclose personal information, including sensitive information, held about an individual (for safety or compliance reasons) to:
- another College;
- government departments;
- medical practitioners and relevant allied health professionals;
- people providing services to the College, including specialist visiting teachers and sports coaches;
- anyone to whom we are required to disclose the information by law;
- parents; and
- anyone you authorise the College to disclose your private information to.
Sending information overseas
Personal information about an individual may be disclosed to an overseas organisation in the course of providing the College’s services, for example, when storing information with a “cloud service provider” which stores data outside of Australia.
The College will however take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless the College:
- has obtained the consent of the individual (in some cases this consent will be implied); or
- is satisfied that the overseas recipient is compliant with the Australian Privacy Principles or a similar privacy regime.
- forms the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- is taking appropriate action in relation to suspected unlawful activity or serious misconduct.
Management and security of personal information
Staff members are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.
The College has in place steps to protect the personal information held by the College from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and pass worded access rights to electronic records.
From February 2017 the College must notify Eligible Data Breaches to the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable after it becomes aware that “there are reasonable grounds to believe that there has been an eligible data breach of the entity” and where the College is unable to take sufficient remedial action in response to the eligible data breach before it causes serious harm.
If the College is unable to notify individuals, the College will publish a statement on its website and take reasonable steps to publicise the contents of this statement.
The College’s Privacy Compliance Manual provides additional information on the processes required to be undertaken should it be considered that the College may have an Eligible Data Breach.
Updating personal information
The College endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the College by contacting the Director of Finance of the College at any time.
The Australian Privacy Principles require the College not to store personal information longer than necessary.
You have the right to access what personal information the College holds about you
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Students will generally have access to their personal information through their parents, but older students may seek access themselves.
To make a request to access any information the College holds about you or your child, please contact the College’s Director of Finance in writing.
The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance.
Consent and rights of access to the personal information of students
The College respects every parent’s right to make decisions concerning their child’s education.
Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student’s Parents. The College will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.
Parents may seek access to personal information held by the College about them or their child by contacting the Director of Finance. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.
The College may, at its discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.
An individual can make a complaint about how the College manages personal information by notifying the College in writing as soon as possible. The College will respond to the complaint within a reasonable time (generally within 30 days) and may seek further information in order to provide a full and complete response.
The College does not charge a fee for the handling of complaints.
If you are not satisfied with the College’s response, you may refer the complaint to the Office of the Australian Information Commissioner (OAIC). A complaint can be made by using the OAIC online Privacy Complaint form or by mail, fax or email.
A referral to the OAIC should be a last resort once all other avenues of resolution have been exhausted.
If you would like further information about the way the College manages the personal information it holds, please contact the Director of Finance.
Credit Card Security
Credit Card Transactions are performed using 128 bit SSL Encryption Security from the NAB.
Payers are inside the NAB Network when making Credit Card transactions.
Credit Card transactions are recorded as Purchases and not Cash Advances. This means that, unlike Cash Advances, interest is not immediately charged and your Interest Fee Period remains intact.
No credit card details are stored by Wesley College. All the credit card details and transaction processing is conducted by the NAB.
The NAB Transact payment gateway complies with the Payment Card Industry Data Security Standards, which is the global mandate of the payment card schemes for merchants and payment processors. By using NAB to capture details, Wesley College meets PCI DSS compliance requirements.