Issue Date: December 2016
Review Date: December 2019
Next Review Date: December 2019

Authorised By: Executive Director
Title: Privacy Policy

Version 1.0



1. Rationale

Schools and other organisations are required by law to set out how they manage personal information provided to or collected by it.  Worawa Aboriginal College is committed to this through the implementation of this Policy.

2. Principles

Two laws protect privacy in Victoria:

  • the Privacy Act 2000 (Cth)  covers the private sector
  • the Health Records Act  2001 (Vic) deals specifically with health information

3. Scope:

This Policy applies to all staff, contractors, volunteers, partners and students of Worawa Aboriginal College.

4. Procedure

4.1. Type of Information Collected

The type of information the College collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

  • students and parents and/or guardians (‘Parents’) before, during and after the course of a student’s enrolment at the College;
  • job applicants, staff members, volunteers and contractors; and
  • other people who come into contact with the College.

Personal Information you provide:
The College will generally collect personal information held about an individual by way of forms filled out by Parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions, people other than Parents and students provide personal information.

Personal Information provided by other people:
In some circumstances, the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another college.

Exception in relation to employee records:
Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College’s treatment of an employee record unless required by law or organisational policy where the treatment is directly related to a current or former employment relationship between the College and employee. The College handles staff health records in accordance with the Health Privacy Principles in the Health Records Act 2001 (Vic.)

The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.

Students and Parents:
In relation to personal information of students and Parents, the College’s primary purpose of collection is to enable the College to provide collegeing for the student. This includes satisfying the needs of Parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at the College.

The purposes for which the College uses personal information of students and Parents include:

  • to keep Parents informed about matters related to their child’s collegeing, through correspondence, newsletters and magazines;
  • day-to-day administration of the College;
  • looking after students’ educational, social and medical wellbeing;
  • seeking donations and marketing for the College; and
  • to satisfy the College’s legal obligations and allow the College to discharge its duty of care.

In some cases where the College requests personal information about a student or Parent, if the  information requested is not provided, the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

Job applicants and contractors:
In relation to personal information of job applicants and contractors, the College’s primary purpose of collection is to assess and (if successful) to engage the applicant, or contractor, as the case may be. The purposes for which the College uses personal information of job applicants and contractors include:

  • administering the individual’s employment or contract;
  • for insurance purposes;
  • seeking donations and marketing for the College; and
  • to satisfy the College’s legal obligations, for example, in relation to child protection legislation.

The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, to enable the College and the volunteers to work together.

Marketing and fundraising:
The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment in which both students and staff thrive. Personal information held by the College  may be disclosed to organisations that assist in the College’s fundraising, for example, the College’s Foundation [or, on occasions, external fundraising organisations].

Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.

4.2. Management of Protected Information

The College may disclose personal information, including sensitive information, held about an individual to:

  • another school;
  • government departments;
  • medical practitioners;
  • people providing services to the College, including specialist visiting teachers, counsellors and sports coaches, College Doctor;
  • recipients of College publications, such as newsletters and magazines;
  • Parents;
  • anyone you authorise the College to disclose information to; and
  • anyone to whom we are required or authorised to disclose the information to by law.

Sensitive Information
In referring to ‘sensitive information’, the College means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation, criminal record, health information and about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

The College has in place steps to protect the personal information the College holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.

Access and correction of personal information
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information and health records respectively which the College holds about them and to advise the College of any perceived inaccuracy.

To make a request to access or update any personal information the College holds about you or your child, please contact the Executive Director/Principal in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.

Consent and rights of access to the personal information of students
The College respects every Parent’s right to make decisions concerning their child’s education. Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student’s Parents. The College will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.

As mentioned above, parents may seek access to personal information held by the College about them or their child by contacting the College Principal. However, there will be occasions when access is denied.  Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to the student.

The College may, at its discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.

The College’s staff are required to respect the confidentiality of students’ and Parents’ personal  information and the privacy of individuals. Worawa Aboriginal College collects and holds personal and health information about temporary and permanent employees, contractors and applicants for employment.

4.3. Breach of Privacy

If you believe that Worawa Aboriginal College has breached your privacy, please contact the Executive Director/Principal.

If you are still not satisfied, you have the right to complain to the Privacy Commissioner. The Commissioner will try to conciliate your complaint. Where conciliation is not reasonably possible or fails, complaints may go to the Victorian Civil and Administrative Appeals Tribunal (VCAT).

4.4. Consequences for Breach of the Policy

In the event that any employee is found to be in breach of this Policy, disciplinary action, including termination of employment may be taken.

You can find more information about privacy at

4.5. Access to Information

Worawa Aboriginal College will give individuals access to personal or health information we hold about  them on request. We will also correct information if the individual believes that the information we hold is inaccurate, incomplete or out of date. Requests for access to and correction of personal and health information should be made to the Executive Director/Principal or the Human Resources Manager.

5. Review

The Privacy Policy will be reviewed every three years.