Privacy Policy

1 Purpose:

Radford College is required to collect information about staff, students and others with a role within the College, to ensure their safety and wellbeing and to allow the operation of the College. This policy outlines the College’s systems for collecting, using, managing and storing personal information as legislated in the Australian Privacy Principles contained in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Health Records (Privacy and Access) Act 1997, and the Workplace Privacy Act 2011.

2 Application and Scope:

This policy applies to all staff at the College. This policy outlines the personal information handling practices of the College.

3 Definitions:

Word/Term - Definition

APP - AustralianPrivacy Principles

OAIC - Office of the Australian Information Commissioner

Sensitive information - Information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record; and health information about an individual.

Staff - All reaching, support and other staff members.

4 Policy:

4.1 Information Collected

The College only collects information required to perform its functions and fulfil its legal obligations, including a duty of care. This information is collected and managed in accordance with relevant privacy legislation. The type of information the College collects and holds includes (but is not limited to) personal information, including sensitive information, about:
• Students and parents and or guardians before, during and after the course of a student’s enrolment at the College
• Job applicants, staff members, volunteers and contractors; and
• Other people who come into contact with the College such as Board members.

4.1.1 personal information

The College will generally collect personal information about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails and telephone calls.

4.1.2 Personal Information Generated at School

Personal information is generated throughout a student’s time at the College, including academic reports, student class work and assessment documentation.

4.1.3 Personal Information Provided by Other People

In some circumstances, Radford College may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from another school.

4.1.4 Exception in Relation to Employee Records

Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.

4.2 Use of Personal Information

Radford College will not use personal information or disclose information it collects other than in specified
circumstances including:
• for the primary purpose for which it is collected
• with the individual’s consent
• for such other secondary purposes that are related to the primary purpose and are reasonably expected
• where required under law
• where the school believes there is threat to life, health or public safety
• where the school believes an unlawful activity has taken place
• supporting the activities of College associations eg. Collegians Association
• where the school believes the use of the information is reasonably necessary to assist with locating a person
reported as missing.

4.2.1 Storage and Security Personal Information

Radford College stores personal information in database, hard copy files, personal devices and through third party storage providers. The College takes all reasonable steps to protect the security of the personal information we hold from both internal and external threats. This includes restricting access, ensuring password protection, ensuring hard copy files are stored in lockable filing cabinets in lockable rooms with restricted staff access, ensuring IT and cyber security is implemented and is up to date, staff compliance with College information policies and procedures, ensuring third party service providers are compliant with the APPs, regular audits, and the destruction, deletion or de-identification of personal information that is no longer needed or required to be retained by any other laws.

4.2.2 Students and Parents

In relation to personal information of students and parents, Radford College's primary purpose of collection is to enable it to provide schooling to, and a duty of care for, the student. This includes satisfying both the needs of parents and the needs of the student throughout the whole period the student is enrolled at the College. The
purposes for which personal information of students and parents is used include:
• keeping parents informed about matters related to their child’s schooling, through correspondence
• newsletters and magazines
• day-to-day administration
• looking after students’ educational, social, spiritual and medical wellbeing
• seeking donations and marketing for the College
• satisfying the College’s legal obligations and allowing the College to discharge its duty of care.
Where the College requests personal information about a student or parent, and the information requested is not obtained, the College may not be able to enrol or continue the enrolment of the student, or permit the student to take part in a particular activity.

4.2.3 Job Applicants, Staff Members and Contractors

In relation to personal information of job applicants, staff members and contractors, Radford College's primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which the College uses personal information of job applicants, staff members and contractors include:
• administering the individual’s employment or contract, as the case may be
• for insurance purposes
• seeking funds and marketing for the College
• satisfying Radford College's legal obligations, for example, in relation to child protection legislation.
The College complies with the Tax File Number Guidelines 2011 issued under s17 of the Privacy Act 2988 (Privacy Act) which regulate the collection, storage, use, disclosure, security and disposal of individuals’ TFN information.

4.2.4 Volunteers

Radford College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as the P & F Association and the Collegians Association, to enable the College and the volunteers to work together.

4.2.5 Marketing and Fundraising

Radford College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to be a quality learning environment in which both students and staff thrive. Personal information held by Radford College may be disclosed to an organisation that assists in the College's fundraising, for example, the P & F Association and the Collegians Association. Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, like newsletters and magazines, which include personal information, may be used for marketing purposes. The College retains limited personal information about past students and staff in the College’s archives, which may be used for the purposes described above and historical purposes, including future reference, study or exhibition.

4.3 Disclosure of Personal Information

Radford College may disclose personal information, including sensitive information, held about an individual to:
• another school
• government departments
• medical practitioners
• people providing services to the College, including specialist visiting teachers and sport coaches
• recipients of College publications, like newsletters and magazines
• parents
• anyone, in addition to the above,to whom you authorise the College to disclose information
• anyone to whom we are required to disclose the information by law.
Such information would only be shared where it is legal to do so and only if necessary for the College to fulfil its functions or its legal obligations, including those of duty of care. Where personal information is shared with a third party, only the information that needs to be disclosed is shared, not necessarily all information relating to that person. Upon enrolment at the College, permission will be sought from parents/carers for information and related photographs regarding academic and sporting achievements, student activities, excursions and events to be published in newsletters, the annual report, prospectus, and Radford on Line.

4.3.1 Sending Information Overseas

The College may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with ‘cloud’ service providers which are situated outside Australia or to facilitate a school exchange. However, the College will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual(in some cases consent will be implied) or
• otherwise complying with the Australian Privacy Principles or other privacy legislation.
The College may also store personal information in the ‘cloud’ which may mean that it resides on servers situated outside Australia.

4.4 Management of Sensitive Information

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless agreed by the individual, or the use or disclosure of the sensitive information is allowed by law. Radford College and its staff respect the confidentiality of students’ and parents’ personal information and the privacy of individuals. The College has in place steps to protect the personal information the College holds from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and security protected access rights to computerised records.

4.4.1 Updating personal information

Radford College endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the College by contacting Main Reception staff. The Australian Privacy Principles require the College not to store personal information longer than necessary.

4.4.2 Access and Correction of Personal Information

Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which Radford College holds about them and to advise the College of any perceived inaccuracy. There are someexceptions to this right set out in the Act. Students will generally have access to their personal information through their parents, but older students may seek access themselves. To access personal information that Radford College holds, an individual should contactthe Principal in writing.

4.5 ICT

4.5.1 Social Networking Services

We use social networking services such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.

4.5.2 Data Collection and Processing from Internet Access

Access via our website, social media pages and plugins as well as queries on various platforms may result in the collection and processing of data. Following are details of specific policy measures which relate to such collection and processing: When you visit our website, our web servers save each access temporarily to a log file. The following data are entered and saved until automated deletion:

• Anonymized IP address of the requesting computer

• Date and time of the access

• Name and URL of the called data

• Report whether the call was successful

• Identification data ofthe used browser and operating system

• Website, from which the access is carried out

• Name of your Internet access provide

The lawful processing of these data occurs for the purposes of enabling use of the website (establishing connection), for system security, for technical administration of the network infrastructure and for optimization of the Internet offering. By agreeing to this privacy policy, you give your consent to our collection of these data. You may refuse this data processing. Insofar as you refuse the use of the data, we hereby inform you that our services may only be usable to limited degree. These personal data are not processed beyond the cases indicated above, unless you explicitly consent to further processing.
We also use TryBooking to manage event registrations. You can access TryBooking’s privacy policy here. When registering for an event, you may be required to give TryBooking personal information including your name, address, telephone number and email address. You may also be required to provide financial information, including credit card number and expiration date, if you make a payment for an event. TryBooking may share with us some of your personal information, but we do not receive your financial information.

4.5.3 Responding to data breaches

Radford College will take appropriate, prompt action if we have reasonable grounds to believe that a data breach may have or is suspected to have occurred. Depending on the type of data breach, this may include a review of our internal security procedures, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC). If we are unable to notify individuals, we will publish a statement on our website and take reasonable steps to publicise the contents of this statement.

4.6 Security Cameras

The College’s premises are protected by security cameras. The College uses security cameras for 24 hour video surveillance, which monitors and records activity in the following areas:

• College driveways

• TB MillarHall and surrounding area

• Morison Centre and surrounding area

• Mackinnon Building and surrounding area

• Locker areas

• Gymnasium and carpark

• Student car park

• Bike rack

• Canteen

• Years 5 & 6 Staff Room

• Junior School Reception

• Junior School carpark

• Outside School Hours Care and Years 3 & 4 quadrangle

• Early Learning Centre

• Maintenance sheds

• Rowing Shed

• McKinnon Oval

• Maths area

• Library Lockers and Quad

• Gold Building

• Ridge Building

The purpose of this monitoring and recording is to provide a safe and secure work environment for College staff and visitors. Security cameras are only used in the areas specified in this privacy notice. Video surveillance is being used to deter any form of aggressive, harmful or unlawful behaviour and to assist in identifying offenders. Should an incident occur, the recordings may be provided as evidence to law enforcement authorities such as the police to assist with investigations or enquiries. The cameras are not used to monitor the actions of students and staff. However, it may be used to investigate allegations of serious misconduct by staff. The images recorded by the cameras are securely stored as digital files within the security software, which is only accessible to the Safety, Risk and Security Manager and the Caretaker. The digital files are stored for a maximum of four weeks after which they are programmed to be automatically erased unless required by law enforcement authorities. Images are viewed only by authorised staff. Controlled access to the secured footage is strictly maintained. Copies of recordings will not be made for other purposes unless they are relevant to the purpose of surveillance or are required by law. Any copies made are stored in a securely lockable area. Circumstances under which recordings will be shown to a third party include:

• unlawful acts (police)

• occupational health and safety complaints (eg Workplace Health & Safety Officer and QLS’ Insurer)

• when otherwise required by law(eg court order).

4.7 Consent and Rights of Access to the PersonalInformation of Students

Radford College respects every parent’s right to make decisions concerning their child’s education.Generally, Radford College will refer any requests for consent and collection notices in relation to the personal information of a studentto the student’s parents. Radford College will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student. Parents may seek access to personal information held by Radford College about them or their child by contacting the Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release mayresult in a breach of the College’s duty of care to the student. The College may, atits discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of the parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted. The College will provide school reports to non-custodial parents in most circumstances. However, there may be exceptions, such as where court protection orders against a parent are in operation and do not permit the College to provide reports to that parent. To access personal information that the College holds, an individual should contact the Principal in writing, including verification of identity and outline the specific information required. The College may charge a fee to cover the cost verifying the application and locating, retrieving, reviewing and copying any material requested. If the College is unable to provide access to the information sought, it will provide the applicant with written notice explaining the reasons for refusal.

4.8 Enquiries and Complaints

If you would like further information about the way the College manages the personal information it holds, or wish to complain that you believe that the College has breached the Australian Privacy Principles, please contact the Chief Operating Officer. The College will investigate any complaint and will notify you of the decision in relation to the complaint as soon as practicable. The College may seek further information in order to provide a full and complete response. The College does not charge a fee for the handling of complaints. If you are not satisfied with the College response, you may refer the complaint to the OAIC using the OAIC online Privacy Complaint form or by mail, fax or email. A referral to the OAIC should be used as a last resort once all other avenues of resolution have been exhausted. If the College rejects a request to change personal information, the individual may make a statement about the requested change and this will be attached to their record.

4.9 Privacy Standard Collection Notice

The College collects personal information, including sensitive information about students and parents or guardians before and during the course of a student’s enrolment at the College. This may be in writing or in the course of conversations. The primary purpose of collecting this information is to enable the College to provide schooling to the student and to enable them to take part in all the activities of the College. Some of the information we collect is to satisfy the College’s legal obligations, particularly to enable the College to discharge its duty of care. Laws governing or relating to the operation of a school require certain information to be collected and disclosed. These include relevant Education Acts, and Public Health and Child Protection laws. Health information about students is sensitive information within the terms of the Australian Privacy Principles under the Privacy Act. We may ask you to provide medical reports about students from time to time. The College from time to time discloses personal and sensitive information to others for administrative and educational purposes, including facilitating the transfer of a student to another school. This includes to other schools, government departments, medical practitioners, and people providing services to the College, including specialist visiting teachers, coaches, service providers, volunteers and counsellors.Personal information collected from students is regularly disclosed to their parents or guardians. The College may store personal information in the ‘cloud’, which may mean that it resides on servers situated outside Australia. The College’s Privacy Policy sets out how parents or students may seek access to personal information collected about them. However, there will be occasions when access is denied. Such occasions would include where access
would have an unreasonable impact on the privacy of others, where access may result in a breach of the College’s duty of care to the student, or where students have provided information in confidence.
The College Privacy Policy also sets out how you may complain about a breach of privacy and how the College will deal with such a complaint.
As you may know the College from time to time engages in fundraising activities. Information received from you may be used to make an appeal to you. We will not disclose your personal information to third parties for their own marketing purposes without your consent.
On occasion information such as academic and sporting achievements, student activities and similar news is published in College newsletters and magazines and in online services. Photographs of student activities such as sporting events, school camps and school excursions may be taken for publication in College newsletters and
magazines and on our online systems. The College will obtain separate permissions from the students’ parent or guardian prior to publication if we would like to include photographs or other identifying material in promotional material for the school or otherwise make it available to the public such as on the Internet. We will seek parents’ permission to include student and parent contact details in class / year group directory. If you provide the College with the personal information of others, such as doctors or emergency contacts, we
encourage you to inform them that you are disclosing that information to the College and why, that they can access that information if they wish and that the College does not usually disclose this information to third parties.

5 Related Policies/Further Information:

Code of Conduct

Discrimination, Harassment, Bullying and Grievance Policy

6 Legislation/References:

Privacy Act 1988

Privacy Amendment(Enhancing Privacy Protection) Act 2012

Children and Young People Act 2008 (ACT)

Health Records (Privacy and Access) Act 1997 (ACT)

Workplace Privacy Act 2011

Working with Children and Young People – Volunteering – ACT Government Policy

7 Version Control and Change History:

  1. November 2016 - Updated.
  2. January 2017 - Updated. New policy format.
  3. 10 March 2020 - Addition of Storage of Information, ICT and
    Security Camera sections. Expansion of
    complaints section.
  4. 18 June 2021 - Update of Security Camera section.

PDF Version Attached - Privacy Policy