Privacy Policy

CES Ltd POLICY

Privacy 

1. Vision

The vision for Catholic Education Sandhurst Limited (CES Limited) is to provide, in partnership with our families, stimulating, enriching, liberating and nurturing learning environments in each of the Catholic School communities within the Diocese. At the heart of this vision is our commitment to the ongoing duty of care that we have for the safety, wellbeing, and inclusion of all children and young people.
We believe:
• that the values of the Gospel are central to who we are, what we do, and how we act
• in leadership encompassing vision, innovation, and empowerment.

2. Purpose

CES Limited recognises the importance of privacy and are committed to protecting personal information which may be collected, held and stored. CES Limited is bound by a range of privacy legislation, including the applicable privacy principles (APPs) under the Privacy Act 1988 (Cth). In relation to health records, CES Limited is also bound by the Health Records Act 2001 (Vic.) and the Health Privacy Principles in that Act. At times, personal information may be handled relying on exemptions under the applicable legislation, for example, the Privacy Act exempts certain actions by employers in connections with employee records. Any exemptions will take priority over this Policy to the extent of any inconsistency. But we aim to comply incorporating the Australian Privacy Principles and manage personal information with a high degree of diligence and care. https://www.oaic.gov.au/ CES Limited may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the CES Limited’s operations and practices and to make sure it remains appropriate to the changing workplace environment.  

3. Data and Information Collection

3.1 Type of Information Collected

CES Limited collects and holds personal information, including health and other sensitive information, about:
• Students and parents, guardians and/or carers ('Parents') before, during and after the course of a student's enrolment within a school of the Diocese, including:
- name, contact details (including next of kin), date of birth, gender, language background, previous school and religion
- Parents’ education, occupation, and language background
- medical information (e.g., details of disability and/or allergies, and details of any assistance the student receives in relation to those disabilities, medical reports, names of doctors)
- conduct and complaint records, or other behaviour notes, school attendance and school reports
- information about referrals to government welfare agencies
- counselling reports - health fund details and Medicare number
- any court orders
- volunteering information (including Working With Children Checks)
- photos and videos at CES Limited events
• Job applicants, staff members, volunteers and contractors, including:
- name, contact details (including emergency contact details), date of birth and religion
- information on job application
- professional registrations, including Victorian Institute of Teaching registrations
- screening information, including Working With Children Checks (WWCC) and or National Police Record Checks
- professional development history
- salary and payment information, including superannuation details
- medical information (e.g., details of disability and/or allergies and medical certificates)
- complaint records, disciplinary records, and investigation reports - leave details 
- photos and videos at CES Limited events and school activities
- workplace surveillance information, in accordance with the Surveillance Devices Act 1999 (Vic) and,
- work emails and private emails (when using work email address) and internet browsing history
• other people who come into contact with CES Limited, including name and contact details and any other information necessary for the particular contact with the CES Limited.

3.2. Personal Information you provide

CES Limited will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Parents and students (such as job applicants and contractors) provide personal information to the CES Limited.

3.2 Personal Information provided by other people

In some circumstances CES Limited may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a report from a school. The type of information CES Limited may collect from a school may include: • academic records and/or achievement levels • information that may be relevant to assisting a school meet the needs of the student including any adjustments.

3.3 Exception in relation to employee records

Under the Privacy Act 1988 (Cth), the Australian Privacy Principles do not generally apply in relation to employment records of current and former employees. As a result, this Privacy Policy does not apply to CES Limited’s treatment of an employee record where the treatment is directly related to a current or former employment relationship between CES Limited and employee. This exemption does not extend to job applicants, contractors, or other privacy obligations such as tax file number requirements and health privacy laws. CES Limited handles staff health records in accordance with the Health Privacy Principles in the Health Records Act 2001 (Vic.).

3.4 Anonymity

CES Limited needs to be able to identify individuals with whom it interacts and to collect identifiable information about them to facilitate the delivery of services to schools, conduct the job application process and fulfil other obligations and processes. However, in some limited circumstances some activities and interactions with CES Limited may be done anonymously where practicable, which may include making an inquiry, complaint or providing feedback.

4. CES Limited Use of Information

CES Limited will use personal information it collects for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.

4.1 Students and Parents

In relation to personal information of students and Parents, CES Limited’s primary purpose of collection is to enable the CES Limited to provide services to Schools in supporting students enrolled at schools in the Diocese (including educational and support services for the student), exercise its duty of care and perform necessary associated administrative activities which will enable students to take part in all School activities. This includes satisfying the needs of Parents, the needs of the student and the needs of the Schools throughout the whole period the student is enrolled at the school. The purposes for which School uses personal information of students and Parents include: • to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines • day-to-day administration of the School • looking after students’ educational, social, and medical wellbeing • seeking donations and marketing for the School • to satisfy the School’s legal obligations and allow the School to discharge is duty of care • to satisfy the School service providers’ legal obligations, including the Catholic Education Commission of Victoria Ltd (CECV) and CES Limited. In some cases where the School requests personal information about a student or Parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

4.2 Job applicants, volunteers, and contractors

In relation to personal information of job applicants and contractors, CES Limited’s primary purpose of collection is to assess and (if successful) to engage the applicant, or contractor, as the case may be. The purposes for which CES Limited uses personal information of job applicants and contractors include:

• verifying and screening job applicants and contacting nominated referees
• administering the individual's employment or executing a contract, as the case may be
• for insurance purposes
• seeking donations and marketing for CES Limited
• satisfying CES Limited’s legal obligations, for example, in relation to child protection legislation.

4.4 Counsellors

CES Limited contracts with external providers to provide counselling services for some students. The Principal may require the Counsellor to inform him or her or other teachers of any issues the principal and the Counsellor believe may be necessary for CES Limited to know for the well being or development of the student who is counselled or other students at CES Limited.

4.5 Parish

CES Limited may disclose limited personal information to the school parish to facilitate religious and sacramental programs, and other activities such as fundraising. Prior permission would be required to obtain personal information for fundraising purposes.

4.6 Marketing and Fundraising

CES Limited treats marketing and seeking donations for the future growth and development of the school as an important part of ensuring that the school continues to provide a quality learning environment in which both students and staff thrive. Personal information held by CES Limited may be disclosed to organisations that assist in school’s fundraising, for example, the School’s Foundation or alumni organisation. Prior permission would be required to obtain personal information for fundraising purposes for external providers not connected to the school community. Parents, staff, contractors and other members of the wider CES Limited, school community may from time to time receive fundraising information. School Publications, like newsletter and magazines, which include personal information and sometimes people’s images, may be used for marketing purposes.

4.7 Data Integrity

Personal information must only be collected as necessary, in accordance with the above, and activities must comply with legal or regulatory obligations. Personal information must always be collected by lawful and fair means and not in an unreasonably intrusive way. CES Limited must take steps to ensure that the personal information collected, used and disclosed is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

5. CES Limited Disclosure of Information

CES Limited may disclose personal information, including sensitive information, held about an individual for educational, legal, administrative and support purposes. This may include providing information to:
• CES Limited service providers which provide educational, support and health services to the schools or CES Limited, (either at the CES location or off site at a school campus) including the Catholic Education Commission of Victoria Ltd (CECV), specialist visiting teachers, volunteers, counsellors, and providers of learning and assessment tools
• third party service providers that provide online educational and assessment support services, document and data management services, training and support services, host services and/or applications to schools and school systems including the Integrated Catholic Online Network (ICON) and Google’s G Suite, including Gmail and, where necessary, to support the training of selected staff in the use of these services
• CECV to discharge its responsibilities under the Australian Education Regulation 2013 (Regulation) and the Australian Education Act 2013 (Cth) (AE Act) relating to students with a disability
• Authorised organisations in accordance with the Child Information Sharing Scheme (CISS) or the Family Violence Information Sharing Scheme (FVISS)
• other third parties which the School uses to support or enhance the educational or pastoral care services for its students or to facilitate communications with parents
• another School, including to its teachers to facilitate the transfer of a student
• Federal and State government departments and agencies
• health service providers
• recipients of CES Limited publications, such as newsletters and magazines
• student's parents, guardians and/or carers and their emergency contacts
• assessment and educational authorities including the Australian Curriculum, Assessment and Reporting Authority
• anyone to whom you authorise to disclose information and,
• anyone who we are required or authorised to disclose the information to by law, including child protection laws.

5.1 Nationally Consistent Collection of Data on Schools with Disability

The School is required by the Federal Australian Education Regulation (2103) and Australian Act (2013) (Cth) (AE Act) to collect and disclose certain information under the Nationally Consistent Collection of Data (NCCD) on students with disability. The School provides the required information at an individual student level to Catholic Education Sandhurst and CECV, as an approved authority. Approved authorities must comply with reporting, record keeping data quality assurance under the NCCD. Student information provided to the federal government for the purpose of the NCCD does not explicitly identify any student.

5.2 Sending and storing information overseas

CES Limited may disclose personal information about an individual to overseas recipients, for instance, to facilitate a School visit or student exchange. However, CES Limited will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual; or
• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation. CES Limited may from time to time use the services of third-party online service providers (including for the delivery of services and third-party online applications, or Apps relating to email, instant messaging and education and assessment, such as Google’s G Suite, including Gmail) which may be accessible by you. Some personal information (including sensitive information) may be collected and processed or stored by these providers in connection with these services. These online service providers may be located in or outside Australia. CES Limited personnel and CES Limited’s service providers, and the CECV and its service providers, may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering the system and services ensuring their proper use. CES Limited makes reasonable efforts to be satisfied about the security of any personal information that may be collected, processed and stored outside Australia, in connection with any cloud and third-party services and will endeavour to ensure the cloud is located in countries with substantially similar protections as the APPs. The countries in which the servers of cloud providers and other third-party service providers are located may include: School to insert if relevant: List of countries or regions that servers are located via cloud providers, to the extent possible or provide a link to the list which may be updated as required. Schools can remove this statement if required. Where personal and sensitive information is retained by a cloud service provider on behalf of CES Limited or CECV to facilitate Human Resources and staff administrative support, this information may be stored on servers located in or outside Australia.  

6. Sensitive Information

Sensitive information about a person includes information or an opinion relating to a person's racial or ethnic origin, political opinions, membership of a political, trade or other philosophical or religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

7. Management and security of personal information

CES Limited’s staff are required to respect the confidentiality of individuals’ personal information and the privacy of individuals. These obligations apply both where the information is held at a CES Limited premises or where the information is held by service providers CES Limited has in place steps to protect the personal information CES Limited holds from misuse, interference and loss, unauthorised access, modification, or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records. This includes responding to any incidents which may affect the security of the personal information it holds. If we assess that anyone whose information is affected by such a breach is likely to suffer serious harm as a result, we will notify them and the Office of the Australian Information Commissioner of the breach. CES Limited recommends that all persons adopt secure practices to protect themselves and their data, including ensuring that all passwords used are strong and regularly updated and that applicable log in details are kept secure. Do not share your personal information with anyone without first verifying their identity and organisation. If you believe any of your personal information has been compromised, please let CES Limited or the School know immediately.

8. Access and Collection

Under the Privacy Act and the Health Records Act, an individual has the right to seek and obtain access to any personal information and health records which CES Limited holds about them and to advise CES Limited of any perceived inaccuracy.

8.1 Student Data

Students will generally be able to access and update their personal information through their Parents, but older students may seek access and correction themselves. There are some exceptions to the access rights set out in the applicable legislation. To make a request to access or to update any personal information CES Limited holds about you or your child, please contact the School Principal by telephone or in writing insert telephone number or email address or CES Limited’s Privacy Officers (via telephone on 5443 2377 or email This email address is being protected from spambots. You need JavaScript enabled to view it.). CES Limited or the school may require you to verify your identity and specify what information you require. A fee may be charged to cover the cost of verifying your application and locating, retrieving, reviewing, and copying any material requested. If the information sought is extensive, the CES Limited will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal. There may be circumstance where the reason for refusal is not provided if doing so may breach the privacy of another person.

8.2 CES Limited Employees

Subject to some exceptions under privacy laws, employees have the right to see and have a copy of their personal information and to advise CES Limited of any changes necessary if the information is not correct. Where CES Limited decides not to make a requested correction to the personal information and the employee disagrees, they may request that a note of the requested correction with the information be placed in their personnel file.

9. Consent and Rights of Access to the Personal Information of Students

CES Limited respects every parents, guardians and/or carers (‘Parents’) right to make decisions concerning their child's education. Generally, CES Limited will refer any requests for consent and notices in relation to the personal information of a student to the student's Parents. In most circumstances CES Limited will treat consent given by Parents, as consent given on behalf of the student and notice to Parents will act as notice given to the student. Parents may seek access to personal information held by CES Limited about them or their child by contacting the School Principal by telephone or in writing insert telephone number or email address or CES Limited’s Privacy Officers (via telephone on 5443 2377 or email This email address is being protected from spambots. You need JavaScript enabled to view it.). However, there may be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of CES Limited’s duty of care to the student. CES Limited may, at its discretion, on the request of a student, grant that student access to information held by CES Limited about them or allow a student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the student and/or the student's personal circumstances warrant it.

10. Enquiries and Complaints

If you would like further information on this policy or you wish to complain that you believe that CES Limited has breached its privacy obligations, please contact the CES Limited’s Privacy Officers (via telephone on 5443 2377 or email This email address is being protected from spambots. You need JavaScript enabled to view it.). All complaints should initially be in writing and directed to CES Limited’s Privacy Officers. CES Limited Privacy Officers will respond to the complaint as soon as possible but not later than within fourteen working days to confirm the responsible person to manage the query. CES Limited will attempt to resolve the complaint within 30 working days however, if this is not possible, CES Limited will contact the complainant to provide an update. If the complainant feels that the complaint has not been adequately dealt with, they may make a complaint to the Privacy Commissioner whose contact details are as follows: Office of the Australian Information Commissioner (OAIC) GPO Box 5218, Sydney, NSW 2001 Telephone: 1300 363 992 http://www.oaic.gov.au

11. Roles and Responsibilities

11.1 Approval Authority

The Executive Director of Catholic Education, or delegate member of the Executive Leadership team.

11.2 Responsible Officer
Assistant to the Executive Director: People and Culture

12. Review

This policy is schedule for review every 3 years or more frequently if appropriate.

13. Revisions made to this document Date Description of Revision (s)

March 2017 Schedule review
August 2018 Schedule review
May 2021 Schedule review
May 2024 

 

 Updated May 2021

 

 CES Ltd POLICY PRIVACY (310521) 

PAM

CEOSLOGO


The Sandhurst Catholic Education Office and Schools acknowledge the traditional custodians of the land on which their Offices and Schools are built. We commit to working in partnership with Aboriginal people for reconciliation and justice.

Believe !     Imagine !     Serve !
KanePaintingStongerSmall