Privacy Statement

1. Context

GOAL College is an independent not-for-profit senior secondary school in the state of NSW. The College offers an HSC program with a focus on applied learning.

This policy communicates the personal information handling practices of GOAL College and assists the College to manage personal information in an open and transparent way.

This policy gives students and staff a better and more complete understanding of the types of personal information the College holds and the way that it handles that information.

2. Definitions

The College, and College, refers to GOAL College.

3. Statement of Policy

3.1 What information do schools collect?

Schools need to collect information which is reasonably necessary for, or directly related to, one or more of the school‘s function or activities. This includes collecting data for the purpose of the Federal Government’s annual census and address collections.

3.2 What kinds of personal information?

The kinds of personal information that the College may collect and hold about an individual include: name, address, telephone numbers, email address, photographs, bank account details, financial information, assessment results, sex, marital status and parent/guardian details.

3.3 What is sensitive information?

If the school is collecting sensitive information, it must be:

• reasonably necessary for one or more of the schools function or activities
• and the individual consents to the collection

Sensitive information is personal information about an individual’s

• religious beliefs and affiliations
• racial or ethnic origin
• political opinions, membership or political association
• sexual preferences,
• criminal record,
• financial information
• health information
• biometric data.

3.4 How the College collects personal information

It is usual practice for the College to collect personal information directly from the individual. For a student enrolled in our school, personal information may be collected from a student, a student’s parent or legal guardian.

Sensitive information will only be collected with the individual’s consent and where the collection is reasonably necessary for one or more of the College’s functions or activities (unless a legal exemption applies).

Where the collection is required or authorised under Australian Law, sensitive information may be collected and disclosed without the consent of the individual concerned. This covers information that is collected so that the school can fulfil its legal obligation to exercise its duty of care.

3.6 The purposes for which The College collects personal information

The College will collect and hold personal information about individuals that is reasonably necessary for one or more of the College’s functions or activities.

In relation to students and parents, the College’s primary purpose of collection is to provide educational services and related support services, including health and wellbeing support and to comply with the government’s mandatory data collection requests.

In relation to staff, the College’s primary purpose of collection is to facilitate employment, meet statutory requirements, and administer the staff member’s benefits and other entitlements.

3.7 Who might the College disclose personal information to?

As part of its functions or activities, the College may be required to disclose personal information to other organisations, including to:

• a government education department.
• other government departments (such as police).
• professional services contractors (including IT consultants, insurers, accountants, lawyers) that assist the College to conduct its functions or activities
• industry organisations related to the functions or activities of the College, such as the sports partners (this would only apply to student information as needed for legal, registration and child protection purposes).

Normally parents can expect, and students should expect that parents will have access to the student’s personal information.

However, In some circumstances, students of more mature age and capacity may seek to limit or prevent access to their school records to one or both parents or others– e.g. in the context of family breakdown. The age and capacity of the student are relevant and the school will seriously consider any request from a student aged 15 or older.

3.8 Sending information overseas

The College would not usually have reason to send personal information about an individual outside Australia. In the unusual event that this occurs, the College will comply with the Australian Privacy Principles (contained in the Privacy Act 1988).

3.9 Management and security of personal information

The College takes reasonable steps to protect the personal information the College holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure. The College’s steps include locked storage of any paper records and security-protected access rights to computerised records.

The majority of our data collection is now done online via a secure portal which each parent, guardian, student and staff member has password protected access to. Passwords are not known to the staff at the school.

Banking details are not held by the school but are entered directly by families, and can only be updated by them via the finance portal.

Where the school no longer needs the information for any purpose for which the information may be used or disclosed or the school is not required to keep by law, the school will take such steps as are reasonable in the circumstances to either destroy the information, or where destruction is not possible, de-Identify the information where an individual can no longer be reasonably identified by reference to that information.

Action in the event of security breach

In the event of a data breach, or a suspected data breach, the College will:

• take immediate remedial action to reduce harm to individuals
• assess whether breach is likely to result in serious harm
• if serious harm is likely to result notify the Australian Information Commissioner.

3.10 Updating and accessing personal information

The College will take reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. Individuals may seek access to and seek the correction of personal information the College holds about them.

Parents are able to update their own records via the portal, or by written request to the office.

3.11 Access by a parent or guardian

For a student enrolled in our school, personal information may be collected, used and disclosed to a student’s parent or legal guardian. If the student has sufficient maturity and understanding, personal information may be collected from, used with and disclosed directly to the student.

Before providing information, a staff member must be satisfied of the identity of the individual seeking the information, and that the individual is entitled to access the information.

3.12 Complaints & Monitoring

Individuals may complain about a breach of privacy under the College’s Raising Concerns & Complaints Policy.

While the College encourages its staff and students to raise concerns with the College directly, external privacy complaints can be made to the Office of the Australian Information Commissioner.

4. Application

This policy applies to:

• all prospective students
• all current students
• all staff
• all personal information collected or handled by the College

Any reference to staff also includes contractors and volunteers.

5. Referenced Documents

This policy references the following documents:

• Privacy Act 1988 (Commonwealth); and
• Raising Concerns & Complaints Policy

This policy has been drafted with reference to the resources of the Office of the Australian Information Commissioner.

Further information can be found at https://www.oaic.gov.au/