PREAMBLE

NT CHRISTIAN SCHOOLS - JULY 2020


Privacy Policy


Who this Policy applies to

This Privacy Policy applies across NT Christian Schools and sets out how the system and each school manages personal information provided to or collected by it.


  1. Summary

    1. NT Christian Schools is bound by the Australian Privacy Principles contained in the Privacy Act 1988 and subsequent amendments, including the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act).

    2. NT Christian Schools may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes in schools’ operations and practices and to make sure it remains appropriate to the changing school environment.

  2. Related Documents

    1. NT Christian Schools Code of Conduct

    2. NT Christian Schools Protected Disclosures (Whistleblowers) Policy

    3. NT Christian Schools Working from Home Process

    4. NT Christian Schools Complaints and Investigations Policy

    5. NT Christian Schools IT use guidelines (TBD)


  3. Commencement of Policy


    This Policy will commence from July 2020. It replaces all other Privacy Policies of NT Christian Schools (whether written or not).


  4. Definitions


    1. Privacy refers to the need to protect the personal information that the school collects, stores and uses relating to individual students, parents, guardians, applicants for enrolment, staff, job applicants, volunteers, contractors and other people.

    2. Personal information is information about an individual from which the individual can be identified.


    3. Personal information includes (but is not limited to):


      1. Sensitive information such as racial or ethnic origins, political opinion or affiliations, religious or philosophical opinion or affiliations, sexual preferences or practices, criminal records, scholarship results, exam marks or teachers’ notes

      2. Health information such as physical or mental health or disability

  5. Guiding Principles


    1. The type of personal information schools collect and hold includes (but is not limited to) personal information, including health and other sensitive information, about:

      1. Pupils and parents and/or guardians (parents) before, during and after the course of a pupil’s enrolment at the school;

      2. Job applicants, staff members, volunteers and contractors; and

      3. Other people who come into contact with the school.


    2. Personal information provided directly: NT Christian Schools will generally collect personal information held about an individual by way of forms filled out by parents or pupils, face-to- face meetings and interviews, emails and telephone calls. On occasions people other than parents and pupils provide personal information.


    3. Personal Information provided indirectly: In some circumstances NT Christian Schools may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.


    4. Exceptions in relation to employee records: Under the Privacy Act the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to NT Christian School’s treatment of employee records, where the treatment is directly related to a current or former employment relationship between NT Christian Schools and an employee.


  6. How will a school use the personal information provided?


    1. A school campus or other functional entity of NT Christian Schools will use personal information it collects for the primary purpose of appropriate data collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which a person has consented.


    2. Pupils and Parents: In relation to personal information of pupils and parents, a school’s primary purpose of collection is to enable the school to provide schooling for the pupil. This includes satisfying the needs of parents, the needs of the pupil and the needs of the organisation and schools throughout the whole period the pupil is enrolled at the school.


    3. The purposes for which NT Christian Schools and its schools use personal information belonging to pupils and parents include:

      1. To keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;

      2. Day-to-day administration;

      3. Looking after pupil’s educational, social, spiritual and physical/medical wellbeing;

      4. Seeking funding, donations and marketing for the school; and

      5. To satisfy the systems and the schools’ legal obligations and allow the school to discharge its duty of care.

    4. In some cases where a school requests personal information about a pupil or parent, if the information requested is not provided, the school may not be able to enrol or continue the enrolment of the pupil or permit the pupil to take part in a particular activity.


    5. Job applications, staff members and contractors: In relation to personal information of job applicants, staff members and contractors, a school’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.


    6. The purposes for which NT Christian Schools uses the personal information of job applicants, staff members and contractors include:

      1. In administering the individual’s employment or contract, as the case may be;

      2. For insurance purposes;

      3. Seeking funds and marketing for the school; and

      4. To satisfy the systems and the schools’ legal obligations, for example, in relation to child protection legislation.

    7. Volunteers: A school also obtains personal information about volunteers who assist the school in its functions or conduct associated activities to enable the school and the volunteers to work together.


    8. Marketing and fundraising: Schools treat marketing and seeking donations for the future growth and development of the school as an important part of ensuring that the school continues to be a quality learning environment in which both pupils and staff thrive. Personal information held by a school may be disclosed to an organisation that assists in the school’s fundraising, for example the school’s Foundation or alumni organisation.


    9. Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.


  7. Exception with regard to related schools


    The Privacy Act allows each school, being legally related to each of the other schools operated by the system to share personal (but not sensitive) information with other schools operated by NT Christian Schools. Other schools may then only use the personal information for the purpose for which it was originally collected by the organisation. This allows schools to transfer information between them, for example, when a pupil transfers from one school to another within the organisation.


  8. Who might a school disclose personal information to?


    1. A school may disclose personal information, including sensitive information, held about an individual to:


      1. Another school;

      2. Government departments;

      3. Medical practitioners;

      4. People providing educational, support and health services to the school, including specialist visiting teachers and sports coaches;

      5. People and organisations providing contribution to a students learning opportunities such as work experience and work placement providers;

      6. Recipients of school publications, such as newsletters and magazines;

      7. Parents;

      8. Anyone the person concerned authorises the school to disclose information to; and

      9. Anyone to whom we are required to disclose the information by law.


    2. Sending and storing information overseas: NT Christian Schools may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with ‘cloud’ service providers which are situated outside Australia or to facilitate a school exchange. However, a school will not send personal information about an individual outside Australia without:


      • Obtaining the consent of the individual (in some cases this consent will be implied); or

      • Otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

  9. How does NT Christian Schools treat sensitive information?


    1. ‘Sensitive information’ includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.


    2. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.


  10. Management and security of personal information


    1. NT Christian Schools and its schools’ staff are required to respect the confidentiality of pupils’ and parents’ personal information and the privacy of individuals.

    2. Each school has in place steps to protect the personal information the school holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.


    3. Where a privacy breach is likely to result in serious harm, NT Christian Schools shall notify the affected individuals, as soon as possible, of such breach.

  11. Access and correction of personal information


    1. Under the Commonwealth Privacy Act, an individual has the right to seek and obtain access to any personal information which NT Christian Schools or a school within NT Christian Schools hold about them to advise the organisation or school of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Pupils will generally be able to access and update their personal information through their parents, but older pupils may

      seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.

    2. Parents and students as appropriate may make a request to access or update any personal information the organisation or a school holds about them (and their child) by contacting

      the school’s principal in writing.


    3. The school may require a person to verify their identity and specify what information they require. The school may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the school will advise the likely cost in advance. If access to that information cannot be provided, NT Christian Schools will provide the person concerned with written notice explaining the reasons for refusal.


  12. Complaints


    1. Any complaint in regard to a breach of the Australian Privacy principles by NT Christian Schools shall be directed to the privacy officer (who is the HR Manager. Note: if it is deemed inappropriate in the circumstances to contact the HR Manager employees are invited to contact the CEO directly)


    2. Depending on the nature of complaint, it may be handled and investigated in line with NT Christian Schools Complaints and Investigation Policy.


  13. Sources informing this policy


Independent Schools Council of Australia and National Catholic Education Commission, Privacy Compliance Manual (Nov 2019)


Privacy Act 1988


Issued by:

NT Christian Schools

Approved by:

Board – July 2020

Version:

V 2.0

Review date:

July 2023

Privacy Amendment (Enhancing Privacy Protection) Act 2012 Privacy Amendment (Notifiable Data Breaches) Act 2017


NT Christian Schools is committed to achieving and maintaining workable solutions for your school. We may make changes to this policy from time to time to improve the effectiveness of its operation. In this regard, any NT Christian Schools member or staff member who wishes to make any comment about this policy may forward their suggestions to us.


5 | P a g e

APPENDIX 1: Privacy Do’s and Don’ts


DO consider how, and in what form, you store personal information, and consider how secure it is.

DO ensure that all hard-copy records of personal information are kept securely locked or supervised.

DO locate personal information that is no longer needed. In such cases, the information should be destroyed or de-identified.

DO ensure that staff maintain adequate security of all personal information under their control.

DO limit access to personal information only to those who require it to carry out their duties for a permitted purpose (i.e. a ‘need to know’ basis), especially in instances where staff may be required to work from home or other locations.

DO contact NT Christian School’s privacy officer if you are unsure as to the Organisation’s practices and procedures for keeping personal information secure.

DO make a note of to whom personal information has been disclosed, for example, a record of who has a particular file, or who has access to a particular database.

DO scrutinise requests for disclosure of personal information, for example follow the School’s procedure to identify an individual who asks you to disclose or ‘check’ their personal information.

DO ensure that in cases of shared computers, tools are implemented to avoid possible privacy breaches.

DO ensure that staff log in and out in accordance with allocated level of access.

DO establish procedures for the destruction or de-identification of personal information which is no longer required.

DO consider the following matters when engaging a cloud service provider:

DO ensure the cloud service provider is subject to strict contractual provisions regarding security of the data and liability for any breach.

DO report any suspected or actual privacy breaches to the privacy officer as soon as possible. Breaches include but are not limited to human error, systems failure or a failure to follow information handling or data security procedures resulting in accidental loss, access or disclosure.


DON’T access, discuss, display, or disclose personal information other than as permitted by the Australian Privacy Principles.


DON’T leave personal information unattended. For example, if you leave your computer for an extended period of time, it should be shut down or you should log off or use a screensaver with password. Don’t leave files where they may be accessed by unauthorised people.


6 | P a g e

DON’T ever allow unauthorised access, modification or disclosure of personal information.