This Privacy Policy outlines how Shore manages personal information and is intended to be made available to students, parents, prospective parents, job applicants, staff, volunteers and others including past students, contractors, visitors and others that come into contact with the School.

The purpose of this Policy is to detail how we take steps to protect your privacy and how we comply with the requirements of the Privacy Act 1988 (including the 13 Australian Privacy Principles (APPs) and the Health Records and Information Privacy Act 2002 (including the Health Privacy Principles (HPPs). The School also has legal obligations to disclose information in specific circumstances, including in accordance with the Education Acts, public health laws and the Children and Young Persons (Care and Protection) Act 1998 (NSW).

The purpose of this Privacy Policy

This Policy also describes:

  • who we collect personal information from;
  • the types of personal information collected and held by us;
  • how this personal information is collected and held;
  • the purposes for which your personal information is collected, held, used and disclosed;
  • how you can request access to your personal information and seek its correction;
  • how you may complain or inquire about our collection, handling, use or disclosure of your personal information and how that complaint or inquiry will be handled; and
  • whether we are likely to disclose your personal information to any overseas recipients.

Who do we Collect Personal Information From?

At Shore, we collect personal information from students, parents, prospective parents, job applicants, staff, volunteers and others including past students, contractors, visitors and others that come into contact with the School.

Employee records are not covered by the APPs or the HPPs. Therefore, this Policy does not apply to the School’s treatment of an employee record, where it relates to a current or former employment relationship between the School and the employee.

What Kinds of Personal Information Do We Collect?

The School collects personal information that is reasonably necessary for one or more of its activities or functions. The kinds of personal information we collect is largely dependent upon whose information we are collecting and why we are collecting it. However, in general terms the School may collect and hold:

  • Personal information including: names, addresses and other contact details; dates of birth and ID documents; next of kin and family details; financial information, audio visual images and recordings (including through CCTV footage), attendance records, academic reports, family or other court orders and other records linked to a third party (such as child protection, Police and WWCC).. Other information we collect (particularly in relation to student and parent records) may include sensitive information such as religious beliefs and ideology, government identifiers and biometric data, nationality and ethnicity, country of birth, languages spoken at home, professional memberships, and criminal records.
  • Health information (particularly in relation to student and parent records) including medical records, disabilities, immunisation details, individual health care plans and health fund, counselling reports, nutrition, allergies and dietary requirements.

Sensitive information means information or an opinion about: an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record that is also personal information. Sensitive information also includes health information about an individual, genetic information (that is not otherwise health information), biometric information (used for identification) and biometric templates.

How do we collect your personal information?

How we collect personal information will largely be dependent upon whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you. The collection, of personal information will also be conducted in a manner that is lawful and fair. When information is collected or as soon as practicable after collection the School will take reasonable steps to ensure the individual to whom the information relates is aware of certain matters (required by APP 5) such as the School’s contact details, the purposes for which the information is collected and intended recipients.

Where possible the School has attempted to standardise the collection of personal information by using specifically designed forms (e.g. an Enrolment Form). However, given the nature of our operations, we often also receive personal information by email, letters, notes, over the telephone, in face to face meetings, through our website, social media, software applications (including mobile apps) and through other digital platforms, through financial transactions and through surveillance activities such as the use of CCTV security cameras at School premises or email monitoring. If you create a user account for School software applications and digital platforms, you may be asked to provide the School (and sometimes the software provider) with personal information reasonably necessary to access and use the application or platform.

We may also collect personal information from other people (e.g. a personal reference) or independent sources (e.g. a telephone directory), including from medical and health professionals (usually with your consent), and from other schools and education centres. However, we will only do so where it is not reasonable and practical to collect the information from you directly. We may also collect information (other than sensitive information) from, and disclose information to, a related body corporate, such as the Shore Foundation.

Sometimes we may be provided with personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we receive unsolicited information we will only hold, use and/or disclose that information if we determine we could have collected it by normal means and it is reasonably necessary for one or more of the School’s activities and functions. If that unsolicited information could not have been collected by normal means (or is not reasonably necessary) then we will take steps to destroy, permanently delete or de-identify the information as appropriate.

We will ask for consent to collect and use sensitive information, unless a permitted general situation exists (such as locating a missing person, or where collection is necessary to lessen or prevent a serious threat to life, health or safety) or a permitted health situation exists (such as the collection of health information to provide a health service).

How we use personal information

We collect and hold personal information that is reasonably necessary for one or more of our functions or activities (the primary purpose). We will use personal information for our primary purpose, or for a related secondary purpose where an exception applies, such as where you have consented to the secondary use or disclosure.

Our primary purposes of personal information include but are not limited to:

  • providing education, pastoral care, extra-curricular and health services;
  • looking after students’ educational, social, behavioural, spiritual and medical well being, and handling any complaints;
  • satisfying our legal obligations including our duty of care, work health and safety, and child protection obligations (including to investigate and respond to child protection matters);
  • keeping parents, former students and supporters informed as to Shore community matters through correspondence, newsletters, magazines and other publications;
  • Shore marketing, promotional and fundraising activities;
  • supporting the activities of School associations such as the Shore Parent’s Association including distribution of parents’ contact details on a class contact list;
  • supporting the activities and fundraising of the Shore Foundation;
  • supporting the activities of the Shore Old Boys’ Union;
  • supporting community-based causes and activities, charities and other causes in connection with the School’s functions or activities;
  • helping us to improve our day to day operations including training our staff; systems development; developing new programs and services; undertaking planning, research and statistical analysis;
  • school administration including for insurance purposes, and information about past students and staff in the School’s archives, for historical purposes, including future reference, study, or exhibition;
  • the employment of staff, and administering job applicants and employment contracts; and the engagement and administration of volunteers and contractors, and other information relevant to the supply of provisions or services to the School.

We use personal information reasonably necessary for one or more of these functions or activities. We will only use or disclose personal information for a secondary purpose if permitted to do so, such as where you would reasonably expect us to use or disclose the information and the secondary purpose is related to the primary purpose.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the person from whom the information was collected has agreed otherwise, or the use or disclosure is required by law.

The School may also collect information on how its online and software services are accessed and used and may use cookies and similar tracking technologies to track the activity on its websites. This data may include information such as your device’s Internet Protocol address, browser type, browser version, the pages of services visited, time and date of the visit, time spent on those pages, unique device identifiers and other diagnostic data.

Storage and Security of Personal Information

We store personal information in a variety of formats including on databases (including remotely, in the cloud), in hard copy files and on personal devices including laptop computers, mobile phones, cameras and other recording devices.

The security of your personal information is of importance to us and we take all reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

These steps include:

  • Restricting access to information on the School and remote databases on a need to know basis, through user accounts and access controls (like passwords and passkeys), with different levels of security being allocated to staff based on their roles and responsibilities and security profile.
  • Ensuring all staff are aware of the security protocols, including that they are not to reveal or share personal passwords.Ensuring where personal and health information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
  • Implementing physical security measures around the School buildings and grounds to prevent break- ins.
  • Implementing ICT security systems such as firewalls, encryption, and policies and procedures, designed to protect personal information stored on our computer networks.
  • Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to require staff to follow correct protocols when handling personal information.
  • Undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers (which may be overseas), to ensure as far as practicable that they are compliant with the APPs or a substantially similar privacy regime.

Shore is an APP entity that is required to report any known or suspected data breach that is likely to cause serious harm to any of the individuals to whom the information relates (an ‘eligible data breach’), which is not able to be prevented by remedial action. Under the Notifiable Data Breaches Scheme Shore must notify those individuals affected by the eligible data breach, and the Office of the Australian Information Commissioner (OAIC). Not all data breaches are eligible data breaches and if the School acts quickly to remediate a data breach, and, as a result the data breach is not likely to result in serious harm, there is no requirement to notify an individual or the OAIC.

The School will take reasonable steps to destroy, deleted or de- identify (as we consider appropriate) personal information we hold once it is no longer needed. There are some exceptions to this, such as where a law, court or tribunal order requires us to keep the information.

When we disclose personal information

We only use and disclose personal information for the purposes for which it was collected (the primary purpose), or for purposes which are related (or for sensitive information, purposes which are directly related) to one or more of our functions or activities. We may disclose your personal information to government agencies, other parents/carers, other Schools, medical practitioners, recipients of School publications, visiting teachers, counsellors and coaches, our service providers, agents, contractors, business partners and other recipients from time to time when permitted to do so, such as where one or more of the following apply:

  • you have consented;
  • you would reasonably expect us to use or disclose your personal information in this way;
  • we are authorised or required to do so by law;
  • disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
  • where another permitted general situation or permitted health situation exception applies; or
  • disclosure is reasonably necessary for a law enforcement related activity.

Personal Information of Students

The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.

At Shore we take a common sense approach to dealing with a student’s personal information and generally will refer any requests for personal information to a student’s parents/carers (subject to any court orders).

We will treat notices provided to parents/carers as notices provided to students and we will treat consents provided by parents/carers as consents provided by a student.

We are however cognisant of the fact that children do have rights under the Privacy Act, and that in certain circumstances (especially when dealing with older students), it will be appropriate to seek and obtain consents in relation to the use and disclosure of personal information directly from students. There may be occasions where a student may give or withhold consent with respect to the use of their personal information independently from their parents/carers.

There may also be occasions where parents/carers are denied access to information with respect to their children, because to provide such information would have an unreasonable impact on the privacy of others, or result in a breach of the School’s duty of care to the student or to others.

Disclosure of personal information to overseas recipients

We may disclose personal information about an individual to overseas recipients in certain circumstances, such as when we are organising an overseas excursion, facilitating a student exchange, providing information to parents/carers located or travelling overseas, or for staff professional development opportunities. The countries Shore regularly visit in these circumstances are Italy, Germany, France, Phillipines, North America, New Zealand, Japan and the United Kingdom. We will not disclose an individual’s personal information to overseas recipients unless permitted to do so, such as where we:

  • have the individual’s consent (which may be implied);
  • are otherwise required or authorised by law;
  • form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public health or safety; or
  • are taking appropriate action in relation to suspected unlawful activity or serious misconduct,

and have taken steps to ensure the overseas recipient is compliant with the APPs, unless a substantially similar privacy scheme or law applies to the overseas recipient.

On occasion, storing information with a “cloud computing service” which stores data outside of Australia may occur. Shore actively monitors these services and track any changes. Where possible, we request and have storage within Australia.

How we ensure the quality of your personal information

We take reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up to date. These steps include ensuring that the personal information is accurate, complete and up to date at the time of collection and when using or disclosing the personal information. On an ongoing basis we maintain and update personal information when we are advised by individuals or when we become aware through other means that their personal information has changed.

Please contact us if any of the details you have provided change. You should also contact us if you believe that the information we have about you is not accurate, complete or up to date.

How to gain access to your personal information we hold

You may request access to the personal information we hold about you, or request that we correct the personal information (if it is inaccurate, incomplete, irrelevant, misleading or out of date), by contacting the Privacy Officer. You may be required to put the request in writing and provide us with information that identifies you.

If we do not agree to provide you with access, or to amend your personal information as requested, you will be notified accordingly in writing, and we will provide you with the reason/s for our decision (unless it is unreasonable for us to do so) and set out how you may make a complaint. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.

Privacy Complaints

If you wish to make a complaint about a breach by us of the APPs or the HPPs you may do so by providing your written complaint by email, letter, or by personal delivery to our Privacy Officer as noted below. The Privacy Officer will take reasonable steps necessary in the circumstances to investigate and/or resolve the complaint.

We will respond to your complaint within a reasonable time (usually no longer than 30 days) and we may seek further information from you in order to provide a full and complete response.

If you are not satisfied with our response to your complaint, your complaint may also be taken to the OAIC. An individual may also seek redress, either through the OAIC or the Courts (as applicable) for misuse of the individual’s personal information including for serious invasions of privacy (other than where this is outweighed by a countervailing public interest).

In accordance with the Child Safe Standards, the best interests of children are paramount. As such, Shore considers the protection of children to be a public interest that may potentially outweigh an individual’s right to privacy.

How to Contact Us

You can contact us about this Policy or about your personal information by contacting the Privacy Officer:

If practical, you can contact us anonymously (i.e. without identifying yourself) or by using a pseudonym. However, if you choose not to identify yourself, we may not be able to give you the information or provide the assistance you might otherwise receive if it is not practical or reasonable to do so. We will not provide personal information relating to an individual unless that individual has been sufficiently identified.

Changes to our privacy and information handling practices

This Privacy Policy is subject to change at any time, particularly to reflect amendments to the law. Please check our Privacy Policy on our website www.shore.nsw.edu.au regularly for any changes.