Privacy Policy
This Privacy Procedure applies to schools conducted by the Free Reformed School Association (FRSA) and sets out how the FRSA and each school manages personal information provided to or collected by it.
The FRSA and Schools are bound by the Australian Privacy Principles (AAP’s) contained in the Commonwealth Privacy Act 1988.
The FRSA may, from time to time, review and update this Privacy Procedure to take account of new laws and technology, changes to schools’ operations and practices and to make sure it remains appropriate to the changing school environment.
The FRSA and Schools approach to Privacy has at its core:
1. A commitment from all staff, Council, Committee and Board members to promote and comply with the Australian Privacy Principles
2. An expectation that matters of concern will be resolved through effective management, communication and consultation.
The FRSA and Senior Staff are responsible for complying with the Australian Privacy Principles (APP’s) and the Commonwealth Privacy Act (1998).
This responsibility is to be discharged by:
- Promoting awareness of the APP’s and the Commonwealth Privacy Act (1988)
- Managing personal information in an open and transparent way
- Taking such steps as are reasonable in the circumstances to implement policy, procedures, practices and systems relating to the FRSA and School’s functions or activities that will:
– Ensure compliances with the APP’s
– Enable the FRSA (and Schools) to deal with inquiries or complaints about compliance with the APP’s
- Having a clearly expressed and up-to-date Privacy Policy and associated documents about the FRSA’s and Schools managements of personal information
- If it is lawful or practicable, give individuals the option of interacting anonymously with the FRSA and School’s by using a pseudonym
- Only collecting personal information that is reasonably necessary for achieving the FRSA’s and School’s objective and directly related activities
- Using fair and lawful means to collect personal information
- Collecting personal information directly from an individual if it is reasonable and practicable to do so
- At the time the FRSA and School’s collect personal information or as soon as practical afterwards, take such steps (if any) as are reasonable in the circumstances to make an individual aware of
– Why the information is being collected
– Who else the information may be shared with
– Any other relevant matters
- Only using or disclosing personal information for the primary purpose of the collection unless one of the exceptions in APP 6.2 applies (for example, for a related secondary purpose within the individual’s reasonable expectations, the FRSA or School has consent or there are specific law enforcement or public health or public safety circumstances). If the information is sensitive, the uses or disclosures allowed are more limited. A secondary purpose within reasonable expectations must be directly related to the primary purpose of collection.
- Not using personal information for direct marketing, unless one of the exceptions in APP 7 applies (for example, the FRSA or School has obtained consent or where the individual has a reasonable expectation of the information being used or disclosed for that purpose and the FRSA or School has provided a simple means for the individual to unsubscribe from such communications).
- Taking such steps (if any) as are reasonable in the circumstances to ensure the personal information the FRSA or School collects, uses or discloses is accurate, complete and up-to-date. This may require the FRSA or School to correct the information and possibly advise organisations to whom it has disclosed the information of the correction.
- Taking such steps as are reasonable in the circumstance to protect the personal information the FRSA or School holds from misuse, interference and loss from unauthorised access, modification or disclosure.
- Taking such steps as are reasonable in the circumstance to destroy or permanently de-identify personal information no longer needed for any purpose for which the FRSA or School may use of disclose the information.
- If requested, the FRSA or School must give access to the personal information it holds about an individual unless particularly circumstances apply that allow it to limit the extent to which is gives access.
- Reviewing all electronic and paper-based systems for compliance with the APP’s (for example the membership database, finance systems, electronic communication etc)
- Managing suspected or actual data breaches in accordance with the data breach response plan and requirements of the Australian Privacy Commissioner.
The Principal is responsible for complying with the Australian Privacy Principles and the Commonwealth Privacy Act (1998).
This responsibility is to be discharged at the local school level by:
- Promoting awareness of the APP’s and the Commonwealth Privacy Act (1988)
- Promoting awareness of the FRSA Privacy Policy, Procedure and associated supporting documents amongst staff, Council members and committee members (as appropriate)
- Ensuring that Government related identifiers are not adopted, used or disclosed unless one of the exceptions applies (for example the use of disclosure is reasonably necessary to verify the identity of the individual for the purposes of the School’s functions or activities)
- Reviewing all electronic and paper-based systems for compliance with the APP’s (for example SEQTA)
- Managing suspected or actual data breaches in accordance with the data breach response plan and requirements of the Australian Privacy Commissioner.
Individual staff (teachers, education assistants, management and administration), Council, Committee and Board members are responsible for complying with the Australian Privacy Principles and the Commonwealth Privacy Act (1998).
This responsibility is to be discharged by:
- Promoting awareness of the APP’s and the Commonwealth Privacy Act (1988)
- Managing personal information in an open and transparent way
- Taking such steps as are reasonable in the circumstances to implement approved policies, procedures, practices and systems relating to the FRSA and School’s functions or activities that will:
– Ensure compliances with the APPs
– Enable the FRSA (and Schools) to deal with inquiries or complaints about compliance with the APP’s - Taking such steps as outlined in relevant policies (for example password policy) to ensure that access to systems that hold personal information are not compromised
- Maintaining confidentiality and protecting the privacy of personal and sensitive information
- Referring requests for personal information to the Principal or Manager
- Reporting suspected or actual data breaches in accordance with the Data Breach Response Breach Plan.
We have implemented reCAPTCHA v3 on sites in our domain and the use of reCAPTCHA v3 is subject to the Google Privacy Policy and Terms of Use.