CES Ltd POLICY
The vision for Catholic Education Sandhurst Limited (CES Limited) is to provide, in partnership with our families, stimulating, enriching, liberating and nurturing learning environments in each of the Catholic School communities within the Diocese. At the heart of this vision is our commitment to the ongoing duty of care that we have for the safety, wellbeing, and inclusion of all children and young people.
• that the values of the Gospel are central to who we are, what we do, and how we act
• in leadership encompassing vision, innovation, and empowerment.
3. Data and Information Collection
3.1 Type of Information Collected
CES Limited collects and holds personal information, including health and other sensitive information, about:
• Students and parents, guardians and/or carers ('Parents') before, during and after the course of a student's enrolment within a school of the Diocese, including:
- name, contact details (including next of kin), date of birth, gender, language background, previous school and religion
- Parents’ education, occupation, and language background
- medical information (e.g., details of disability and/or allergies, and details of any assistance the student receives in relation to those disabilities, medical reports, names of doctors)
- conduct and complaint records, or other behaviour notes, school attendance and school reports
- information about referrals to government welfare agencies
- counselling reports - health fund details and Medicare number
- any court orders
- volunteering information (including Working With Children Checks)
- photos and videos at CES Limited events
• Job applicants, staff members, volunteers and contractors, including:
- name, contact details (including emergency contact details), date of birth and religion
- information on job application
- professional registrations, including Victorian Institute of Teaching registrations
- screening information, including Working With Children Checks (WWCC) and or National Police Record Checks
- professional development history
- salary and payment information, including superannuation details
- medical information (e.g., details of disability and/or allergies and medical certificates)
- complaint records, disciplinary records, and investigation reports - leave details
- photos and videos at CES Limited events and school activities
- workplace surveillance information, in accordance with the Surveillance Devices Act 1999 (Vic) and,
- work emails and private emails (when using work email address) and internet browsing history
• other people who come into contact with CES Limited, including name and contact details and any other information necessary for the particular contact with the CES Limited.
3.2. Personal Information you provide
CES Limited will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Parents and students (such as job applicants and contractors) provide personal information to the CES Limited.
3.2 Personal Information provided by other people
In some circumstances CES Limited may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a report from a school. The type of information CES Limited may collect from a school may include: • academic records and/or achievement levels • information that may be relevant to assisting a school meet the needs of the student including any adjustments.
3.3 Exception in relation to employee records
CES Limited needs to be able to identify individuals with whom it interacts and to collect identifiable information about them to facilitate the delivery of services to schools, conduct the job application process and fulfil other obligations and processes. However, in some limited circumstances some activities and interactions with CES Limited may be done anonymously where practicable, which may include making an inquiry, complaint or providing feedback.
4. CES Limited Use of Information
CES Limited will use personal information it collects for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.
4.1 Students and Parents
In relation to personal information of students and Parents, CES Limited’s primary purpose of collection is to enable the CES Limited to provide services to Schools in supporting students enrolled at schools in the Diocese (including educational and support services for the student), exercise its duty of care and perform necessary associated administrative activities which will enable students to take part in all School activities. This includes satisfying the needs of Parents, the needs of the student and the needs of the Schools throughout the whole period the student is enrolled at the school. The purposes for which School uses personal information of students and Parents include: • to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines • day-to-day administration of the School • looking after students’ educational, social, and medical wellbeing • seeking donations and marketing for the School • to satisfy the School’s legal obligations and allow the School to discharge is duty of care • to satisfy the School service providers’ legal obligations, including the Catholic Education Commission of Victoria Ltd (CECV) and CES Limited. In some cases where the School requests personal information about a student or Parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
4.2 Job applicants, volunteers, and contractors
In relation to personal information of job applicants and contractors, CES Limited’s primary purpose of collection is to assess and (if successful) to engage the applicant, or contractor, as the case may be. The purposes for which CES Limited uses personal information of job applicants and contractors include:
• verifying and screening job applicants and contacting nominated referees
• administering the individual's employment or executing a contract, as the case may be
• for insurance purposes
• seeking donations and marketing for CES Limited
• satisfying CES Limited’s legal obligations, for example, in relation to child protection legislation.
CES Limited contracts with external providers to provide counselling services for some students. The Principal may require the Counsellor to inform him or her or other teachers of any issues the principal and the Counsellor believe may be necessary for CES Limited to know for the well being or development of the student who is counselled or other students at CES Limited.
CES Limited may disclose limited personal information to the school parish to facilitate religious and sacramental programs, and other activities such as fundraising. Prior permission would be required to obtain personal information for fundraising purposes.
4.6 Marketing and Fundraising
CES Limited treats marketing and seeking donations for the future growth and development of the school as an important part of ensuring that the school continues to provide a quality learning environment in which both students and staff thrive. Personal information held by CES Limited may be disclosed to organisations that assist in school’s fundraising, for example, the School’s Foundation or alumni organisation. Prior permission would be required to obtain personal information for fundraising purposes for external providers not connected to the school community. Parents, staff, contractors and other members of the wider CES Limited, school community may from time to time receive fundraising information. School Publications, like newsletter and magazines, which include personal information and sometimes people’s images, may be used for marketing purposes.
4.7 Data Integrity
Personal information must only be collected as necessary, in accordance with the above, and activities must comply with legal or regulatory obligations. Personal information must always be collected by lawful and fair means and not in an unreasonably intrusive way. CES Limited must take steps to ensure that the personal information collected, used and disclosed is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
5. CES Limited Disclosure of Information
CES Limited may disclose personal information, including sensitive information, held about an individual for educational, legal, administrative and support purposes. This may include providing information to:
• CES Limited service providers which provide educational, support and health services to the schools or CES Limited, (either at the CES location or off site at a school campus) including the Catholic Education Commission of Victoria Ltd (CECV), specialist visiting teachers, volunteers, counsellors, and providers of learning and assessment tools
• third party service providers that provide online educational and assessment support services, document and data management services, training and support services, host services and/or applications to schools and school systems including the Integrated Catholic Online Network (ICON) and Google’s G Suite, including Gmail and, where necessary, to support the training of selected staff in the use of these services
• CECV to discharge its responsibilities under the Australian Education Regulation 2013 (Regulation) and the Australian Education Act 2013 (Cth) (AE Act) relating to students with a disability
• Authorised organisations in accordance with the Child Information Sharing Scheme (CISS) or the Family Violence Information Sharing Scheme (FVISS)
• other third parties which the School uses to support or enhance the educational or pastoral care services for its students or to facilitate communications with parents
• another School, including to its teachers to facilitate the transfer of a student
• Federal and State government departments and agencies
• health service providers
• recipients of CES Limited publications, such as newsletters and magazines
• student's parents, guardians and/or carers and their emergency contacts
• assessment and educational authorities including the Australian Curriculum, Assessment and Reporting Authority
• anyone to whom you authorise to disclose information and,
• anyone who we are required or authorised to disclose the information to by law, including child protection laws.
5.1 Nationally Consistent Collection of Data on Schools with Disability
The School is required by the Federal Australian Education Regulation (2103) and Australian Act (2013) (Cth) (AE Act) to collect and disclose certain information under the Nationally Consistent Collection of Data (NCCD) on students with disability. The School provides the required information at an individual student level to Catholic Education Sandhurst and CECV, as an approved authority. Approved authorities must comply with reporting, record keeping data quality assurance under the NCCD. Student information provided to the federal government for the purpose of the NCCD does not explicitly identify any student.
5.2 Sending and storing information overseas
CES Limited may disclose personal information about an individual to overseas recipients, for instance, to facilitate a School visit or student exchange. However, CES Limited will not send personal information about an individual outside Australia without:
• obtaining the consent of the individual; or
• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation. CES Limited may from time to time use the services of third-party online service providers (including for the delivery of services and third-party online applications, or Apps relating to email, instant messaging and education and assessment, such as Google’s G Suite, including Gmail) which may be accessible by you. Some personal information (including sensitive information) may be collected and processed or stored by these providers in connection with these services. These online service providers may be located in or outside Australia. CES Limited personnel and CES Limited’s service providers, and the CECV and its service providers, may have the ability to access, monitor, use or disclose emails, communications (e.g. instant messaging), documents and associated administrative data for the purposes of administering the system and services ensuring their proper use. CES Limited makes reasonable efforts to be satisfied about the security of any personal information that may be collected, processed and stored outside Australia, in connection with any cloud and third-party services and will endeavour to ensure the cloud is located in countries with substantially similar protections as the APPs. The countries in which the servers of cloud providers and other third-party service providers are located may include: School to insert if relevant: List of countries or regions that servers are located via cloud providers, to the extent possible or provide a link to the list which may be updated as required. Schools can remove this statement if required. Where personal and sensitive information is retained by a cloud service provider on behalf of CES Limited or CECV to facilitate Human Resources and staff administrative support, this information may be stored on servers located in or outside Australia.
6. Sensitive Information
Sensitive information about a person includes information or an opinion relating to a person's racial or ethnic origin, political opinions, membership of a political, trade or other philosophical or religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
7. Management and security of personal information
CES Limited’s staff are required to respect the confidentiality of individuals’ personal information and the privacy of individuals. These obligations apply both where the information is held at a CES Limited premises or where the information is held by service providers CES Limited has in place steps to protect the personal information CES Limited holds from misuse, interference and loss, unauthorised access, modification, or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records. This includes responding to any incidents which may affect the security of the personal information it holds. If we assess that anyone whose information is affected by such a breach is likely to suffer serious harm as a result, we will notify them and the Office of the Australian Information Commissioner of the breach. CES Limited recommends that all persons adopt secure practices to protect themselves and their data, including ensuring that all passwords used are strong and regularly updated and that applicable log in details are kept secure. Do not share your personal information with anyone without first verifying their identity and organisation. If you believe any of your personal information has been compromised, please let CES Limited or the School know immediately.
8. Access and Collection
Under the Privacy Act and the Health Records Act, an individual has the right to seek and obtain access to any personal information and health records which CES Limited holds about them and to advise CES Limited of any perceived inaccuracy.
8.1 Student Data
8.2 CES Limited Employees
Subject to some exceptions under privacy laws, employees have the right to see and have a copy of their personal information and to advise CES Limited of any changes necessary if the information is not correct. Where CES Limited decides not to make a requested correction to the personal information and the employee disagrees, they may request that a note of the requested correction with the information be placed in their personnel file.
9. Consent and Rights of Access to the Personal Information of Students
10. Enquiries and Complaints
11. Roles and Responsibilities
11.1 Approval Authority
The Executive Director of Catholic Education, or delegate member of the Executive Leadership team.
11.2 Responsible Officer
Assistant to the Executive Director: People and Culture
This policy is schedule for review every 3 years or more frequently if appropriate.
13. Revisions made to this document Date Description of Revision (s)
March 2017 Schedule review
August 2018 Schedule review
May 2021 Schedule review
Updated May 2021