|Scheduled Review Date:||01/01/2024|
GOAL College is an independent not-for-profit senior secondary school in the state of NSW. The College offers an HSC program with a focus on applied learning.
This policy communicates the personal information handling practices of GOAL College and assists the College to manage personal information in an open and transparent way.
This policy gives students and staff a better and more complete understanding of the types of personal information the College holds and the way that it handles that information.
The College, and College, refers to GOAL College.
Schools need to collect information which is reasonably necessary for, or directly related to, one or more of the school‘s function or activities. This includes collecting data for the purpose of the Federal Government’s annual census and address collections.
The kinds of personal information that the College may collect and hold about an individual include: name, address, telephone numbers, email address, photographs, bank account details, financial information, assessment results, sex, marital status and parent/guardian details.
If the school is collecting sensitive information, it must be:
Sensitive information is personal information about an individual’s
It is usual practice for the College to collect personal information directly from the individual. For a student enrolled in our school, personal information may be collected from a student, a student’s parent or legal guardian.
Sensitive information will only be collected with the individual’s consent and where the collection is reasonably necessary for one or more of the College’s functions or activities (unless a legal exemption applies).
Where the collection is required or authorised under Australian Law, sensitive information may be collected and disclosed without the consent of the individual concerned. This covers information that is collected so that the school can fulfil its legal obligation to exercise its duty of care.
The College will collect and hold personal information about individuals that is reasonably necessary for one or more of the College’s functions or activities.
In relation to students and parents, the College’s primary purpose of collection is to provide educational services and related support services, including health and wellbeing support and to comply with the government’s mandatory data collection requests.
In relation to staff, the College’s primary purpose of collection is to facilitate employment, meet statutory requirements, and administer the staff member’s benefits and other entitlements.
As part of its functions or activities, the College may be required to disclose personal information to other organisations, including to:
Normally parents can expect, and students should expect that parents will have access to the student’s personal information.
However, In some circumstances, students of more mature age and capacity may seek to limit or prevent access to their school records to one or both parents or others– e.g. in the context of family breakdown. The age and capacity of the student are relevant and the school will seriously consider any request from a student aged 15 or older.
The College would not usually have reason to send personal information about an individual outside Australia. In the unusual event that this occurs, the College will comply with the Australian Privacy Principles (contained in the Privacy Act 1988).
The College takes reasonable steps to protect the personal information the College holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure. The College’s steps include locked storage of any paper records and security-protected access rights to computerised records.
The majority of our data collection is now done online via a secure portal which each parent, guardian, student and staff member has password protected access to. Passwords are not known to the staff at the school.
Banking details are not held by the school but are entered directly by families, and can only be updated by them via the finance portal.
Where the school no longer needs the information for any purpose for which the information may be used or disclosed or the school is not required to keep by law, the school will take such steps as are reasonable in the circumstances to either destroy the information, or where destruction is not possible, de-Identify the information where an individual can no longer be reasonably identified by reference to that information.
Action in the event of security breach
In the event of a data breach, or a suspected data breach, the College will:
The College will take reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. Individuals may seek access to and seek the correction of personal information the College holds about them.
Parents are able to update their own records via the portal, or by written request to the office.
For a student enrolled in our school, personal information may be collected, used and disclosed to a student’s parent or legal guardian. If the student has sufficient maturity and understanding, personal information may be collected from, used with and disclosed directly to the student.
Before providing information, a staff member must be satisfied of the identity of the individual seeking the information, and that the individual is entitled to access the information.
Individuals may complain about a breach of privacy under the College’s Raising Concerns & Complaints Policy.
While the College encourages its staff and students to raise concerns with the College directly, external privacy complaints can be made to the Office of the Australian Information Commissioner.
This policy applies to:
Any reference to staff also includes contractors and volunteers.
This policy references the following documents:
This policy has been drafted with reference to the resources of the Office of the Australian Information Commissioner.
Further information can be found at https://www.oaic.gov.au/