Private information definitions

Personal Information –Information that is recorded in any form, whether true or not, about an individual whose identity is apparent, or can be reasonably be determined from the information or opinion. This includes all paper and electronic records, photographs and video recordings. Examples: Name, Address, Date of Birth.

Health Information – Information that related to a person’s physical, mental or psychological health, or disability, which is also classified as personal information. This includes information or opinion related to a person’s health status and medical history. Examples: Student Medical History, Immunisation Records.

Sensitive Information – Information that relates to a person’s racial or ethnic origin, political opinions, religion, trade union, or other professional or trade association membership, sexual preferences, or criminal record that is also classified as personal information about an individual. Examples: Country of Birth, TFN, Family Court Orders.

The Kinds of Information the School Collects and Holds

Westbourne Grammar School collects information relating to current and past staff, students, parents/guardians, alumni and prospective students, parents/guardians. The information is gathered via enrolment forms, medical information forms, job applications, phone conversations, face-to-face meetings and electronic/mail correspondences.

The School collects and holds information about students, staff, parents and guardians for the purpose of:

• The maintenance of the School’s records of past, present and future staff, students and the parents/guardians of such students;
• Providing day-to-day operational services, such as education, administration, pastoral care, extra-curricular and health services;
• Assisting the School services and its staff to fulfil its duty of care obligations to students;
• Complying with regulatory reporting requirements;
• Complying with statutory and/or other legal obligations in respect of staff;
• Investigating incidents or defend any legal claims against the School, its services or its staff;
• Marketing, promotional and fundraising activities;
• Research and statistical analysis; and
• Employment of staff.

The kinds of information the School collects and holds about students includes (but is not limited to) personal information, inclusive of health and sensitive information, such as:

• Student name, contact details (including next of kin), date of birth, gender, nationality, previous school information and religion;
• student medical information, such as details of medical conditions, disabilities and any relevant reports or management plans;
• student Medicare number and health fund details;
• student academic reports, student wellbeing and behaviour reports, or counselling reports;
• incident reports;
• student Visa details, Homestay and Guardian contact details;
• family court orders;
• parent education history, occupation and nationality;
• parent volunteer information (working with children check); and
• student photos and videos.

The kinds of information the School collects and holds about staff members, job applicants, volunteers and contractors includes (but is not limited to) personal information, inclusive of health and sensitive information, such as:

• name, contact details (including next of kin), date of birth, gender, nationality, and religion;
• employment history and referees (job application);
• salary and banking information, including superannuation details;
• medical information, such as details of medical condition management plans;
• Working with Children Check details (where applicable);
• VIT registration details (where applicable);
• incident reports and workers compensation details;
• work email correspondence and internet browsing history;
• public liability insurance details; and
• copies of trade licences.

Unsolicited Information

The School may be provided with personal information without having sought it through our normal means of collection.  This is known as “unsolicited information” and is often collected by:

• Misdirected postal mail – Letters, Notes, Documents
• Misdirected electronic mail – Emails, electronic messages
• Employment applications sent to us that are not in response to an advertised vacancy
• Additional information provided to us which was not requested.

Unsolicited information obtained by the School will only be held, used and or disclosed if it is considered as personal information that could have been collected by normal means. If that unsolicited information could not have been collected by normal means then the School will destroy, permanently delete or de-identify the personal information as appropriate.

Consent to Use or Disclose Personal Information

The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.

Where consent for the use or disclosure of personal information is required, the School will seek consent from the person. In the case of a student’s personal information, the School will seek the consent from the student and/or parent/guardian depending on the circumstances and the student’s mental ability and maturity to understand the consequences of the proposed use and disclosure of information.

Use and Disclosure of Personal Information

For this policy, ‘personal’ information refers to personal information, health information and sensitive information unless otherwise specified.

The purposes for which the School uses personal and health information of students and parents/guardians include:

• Keeping parents/guardians informed about matters related to their child’s
• Care and management of students’ educational, social and health
• Celebrating the efforts and achievements of
• Undertake day-to-day administration
• Promotional publications; school reports, newsletters, marketing and fundraising
• Adhering to the School’s legal and regulatory

The purposes for which the School uses personal information of job applicants, staff members and contractors include:

• Assessing the suitability for
• Administering the individual’s employment or
• For insurance purposes, such as public liability or
• Satisfying the School’s legal
• Investigating incidents or defending legal claims about the School, its services or

The School will use and disclose personal information about a student, parent/guardian and staff when:

• It is required for general administration duties and statutory
• It relates to the purposes for which it was
• There is no reason to believe they would object to the

The School may disclose personal information to a Third Party when:

• The person or parent/guardian
• It is necessary to lessen or prevent a serious or imminent threat to life, health, safety or welfare of a person (duty of care obligations).
• Is required by law or for law enforcement
• Is required as part of a child protection related

Disclosure of Information to Third Parties

The School, on occasion, uses or discloses private information to third parties for administrative, educational and regulatory purposes.  This includes disclosing information to other schools, regulatory bodies (Australian Government – Census for Non-Government Schools), other agencies, such as police (welfare concerns, child protection), medical practitioners, intervention specialists (such as speech pathologist and psychiatrists), and individuals providing services to the School, including specialist teachers, sports coaches and camp providers.

In addition, personal information of international students may be disclosed to Commonwealth and State agencies pursuant to obligations under the ESOS Act 2000, ESOS Regulations 2019 and the National Code of Practice for Providers of Education and Training to Overseas Students 2018.

Disclosure of Information to an Overseas Recipient

Personal Information may be disclosed to overseas organisation in the course of providing our services, such as:

• participation in student exchange program;
• enrolment and management of an international student;
• participation in an overseas school tour;
• it is required in relation to a legal matter; or
• cloud-based services.

The School uses online applications and cloud-based service providers to store personal information and to provide services to the School, such as OneNote, email, educational applications, assessment tools, training platform and incident reporting. Personal information may be disclosed to these services for the purpose of identifying and authenticating users.

Cloud-based services may store information in countries situated outside Australia and must comply with the Australian Privacy Principles in relation to protection and security of data.

Storage and Security of Personal Information

The School has strategies in place to protect personal information from being misused, accessed without authorisation, modified or disclosed.

Personal information data is securely stored (password access only) and protected from unauthorised access. Storage of personal information, disposal (when no longer required) or de-identification, is managed in accordance with the School’s Records Management practices. The school has adopted a framework for the management of both data and paper files.

Any instances of suspected data breaches, such as unauthorised access, unauthorised disclosure or loss of personal information that could result in serious harm to an individual, must be reported to the School in accordance with our Notifiable Data Breach Policy.

Closed Circuit Television (CCTV)

The School has installed CCTV on the school premises and private charter buses as part of the School’s security and personal safety measures. CCTV footage will be used for the following security purposes:

• To prevent, deter and detect a breach of School Policies, School Rules and Student behaviour.
• Collect information on any incidents that arise on School premises or private charter buses.
• The provision of visual coverage for the management of

Access to the CCTV recorded footage is limited to authorised staff and Security Personnel with a legitimate reason to view and/or otherwise use the captured footage, including the provision of evidence in support of a breach of the School Policies, School Rules, student behaviour or prosecution of criminal proceedings.

Requesting Access to Personal Information

A student, parent/guardian, or staff member may seek access to their personal information, provided by them, that is held by the School. A request to access personal information must be made in writing to the School’s Privacy Officer.

The School holds the right to verify the identity of the individual of whom the request has been made and determine if appropriate to grant access to the information. If appropriate, the School will release requested information in a reasonable timeframe.

If the School determines that a request to access personal information is not appropriate, the outcome will be communicated in writing to the person who made the request. If the requesting person wishes to make a complaint relating to the School refusing to release information, a complaint must be made in writing to the School.

Updating Personal Information

The School aims to keep personal information it holds accurate, complete and up-to-date. A person may update their personal information by contacting the School or via the School Portal, Parent Portal; My Details.

Privacy Complaints

Complaints relating to the management of personal information, including privacy breaches must be made in writing to the School’s Privacy Officer (Business Manager). Should the School receive a complaint relating to a breach of privacy, this will be treated seriously and investigated thoroughly in accordance with the School’s polices. The School may require to seek further information to assist with an investigation of a privacy breach.

Complaints are to be directed to:

Post: Attn: Business Manager Westbourne Grammar School PO Box 37

Werribee VIC 3030

Email: businessmanager@westbourne.vic.edu.au

If a complaint is not resolved by the School, then it is recommended that the matter be directed to the Office of the Australian Information Commissioner (OAIC).

Breach of Policy

The School will consider each breach of this policy in the context in which it has occurred and will determine the relevant severity of the breach. A serious breach may result in disciplinary action, up to and including termination of employment or enrolment.

Notifications to the Office of the Australian Information Commissioner (OAIC) and/or other agencies will be made where the School is required to do so.