This policy is applicable to all IES employees, Board members, IES College students, parents/guardians, contractors, volunteers and visitors.
The following roles are expected to be familiar with this document as outlined in their relevant position description:
- Managing Director
- General Manager
- College Principal
- Human Resources Coordinator
- Director of Corporate & Client Relations
- Enrolment & Student Services Manager
- Student Counsellor
IES is committed to the responsible and transparent handling of personal information and respects an individual’s right to know how the information will be collected, used, disclosed, stored and disposed of.
In collecting personal information IES will comply with the privacy requirements of, and mandatory reporting requirements of:
- the Australian Privacy Principles as set out in the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012;
- the Information Privacy Act 2009, including the Information Privacy Principles;
- the National Vocational Education and Training Regulator Act 2011, including the Data Provision Requirements 2012;
- the Student Identifiers Act 2014;
- the ESOS Act 2000; and
- the Child Protection Act 1999 (Qld).
EXEMPTION IN RELATION TO EMPLOYEE RECORDS:
The type of information IES collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:
Students and where applicable parents and/or guardians (‘Parents’) before, during and after the course of a student’s enrolment:
- name, contact details (including next of kin), date of birth, gender, language background, previous school;
- passport and visa details;
- parents’ education, occupation and language background;
- medical information (e.g. details of health matters, absence notes, medical reports and names of doctors);
- attendance, conduct and complaint records, or other behaviour notes, academic progress and reports; information about referrals to government agencies;
- counselling reports;
- health fund details and Medicare number;
- any court orders;
- volunteering information; and
- photos and videos at events (in accordance with the Image Use policy).
Job applicants, staff members, volunteers and contractors:
- name, contact details (including next of kin), date of birth;
- information on job application;
- professional development history;
- salary and payment information, including tax file number and superannuation details;
- medical information (e.g. details of health matters, and medical certificates);
- complaint records and investigation reports;
- leave details;
- photos and videos at events, in accordance with IES’ Image Use policy;
- workplace surveillance information;
- vehicle information, applicable to those using IES’ car parks.
- agency name, including and trading names;
- address(s), of head office as well as any relevant branches;
- key contact people;
- phone number(s);
- email address(s);
- applicable Territory(s);
- ABN (for onshore agents);
- copies of Agent Agreements;
- copies of all relevant correspondence;
- QEAC qualified persons details, including accessing profile information on the published QAEC list.
COLLECTION AND USE OF PERSONAL INFORMATION
IES uses personal information concerning staff, students and third parties in conducting its business activities. Only personal information that is required for a lawful activity or function will be collected.
Personal information will be collected in a way that is lawful, fair and not unreasonably intrusive to the privacy of the individual concerned. IES will take reasonable steps to ensure that the information collected is up to date, accurate and complete. Where it is reasonable and practicable to do so IES will collect personal information directly from the individual concerned, rather than from a third party.
When collecting information from the individual, IES will take reasonable steps to inform the individual:
- why the information is being collected, and how it is intended to be used;
- IES’ authority to collect the information; and
- any third parties to whom IES routinely disseminates the information to.
Should a person decline to provide the requested information it may not be possible for IES to provide the person with the services. The person may be informed of the consequences of the information not being provided.
If IES receives unsolicited personal information, we will consider if collecting that information would have been reasonably necessary in the provision of the organisation’s services. If collecting the information would not have been reasonably necessary, IES will destroy the information. An example of this is where a student has provided unnecessary personal details, considered sensitive information, relating to their health, race or sexual preference to IES in the course of an enquiry.
HOW INFORMATION IS COLLECTED:
IES will generally collect personal information about an individual by way of forms filled out in person, online via email or the website, and telephone calls. In some circumstances, IES may be provided with personal information about an individual from a third party—for example, a medical report or reference.
CERTIFICATE IV & ENGLISH PATHWAY STUDENTS
In relation to personal information of students, the primary purpose of collection is to enable IES to provide education for the student. This includes satisfying the needs of both student and parents as applicable throughout the admissions process and enrolment at IES.
IES uses personal and academic information of students, and parents, collected with:
- Australian Commonwealth and State government agencies pursuant to obligation under the ESOS Act and National Code 2018, and
- Australian Universities for the purpose of subsequent enrolment into an undergraduate program and ongoing contact during the undergraduate program.
Where relevant, IES will share the student’s academic and personal details with Australian Universities for the purpose of subsequent enrolment into an undergraduate program and ongoing contact during the undergraduate program.
IES will provide all Australian government entities with information regarding the student as requested and in accordance with the relevant legislation. In particular, student information may be made available to Commonwealth and State agencies pursuant to obligation under the ESOS act and National Code 2018.
IES is required to advise Department of Home Affairs (DHA) of certain changes to a student’s enrolment and any breach by a student of a student visa condition relating to attendance or satisfactory academic performance (via PRISMS).
For all students enrolled in the Certificate IV program, IES are required to hold a verified USI number. IES will ensure the security of a student’s USI, and this information will only be shared in accordance with IES’ AVETMISS reporting requirements, or requests from the regulator. IES will not hold USI information for any student NOT currently enrolled in the Certificate IV program, regardless of whether they hold a valid USI or not.
IES COLLEGE STUDENTS
In relation to personal information of IES College students and parents, IES’s primary purpose of collection is to enable IES to provide education for the student. This includes satisfying the needs of both students, and parents as applicable, throughout admissions process and enrolment at IES.
IES uses personal information of IES College students and parents collected for:
- correspondence with parents to keep them informed about matters related to their child’s schooling (including student’s progress reports)
- publication of School newsletters, magazines and articles on the website
- day-to-day administration including provision of personal information and data to the IB
- looking after students’ educational, social and medical wellbeing (including disclosing student’s personal information and health information to medical practitioners in an emergency)
- to request any previous school the student attended provide confirmation that all fees associated with the student’s schooling have been paid in full
- the collection of debts owed
- seeking donations and other fundraising activities
IES may publish the contact details of parents in a class list and directory. If parents do not consent to their contact details being published in a class list and/or directory, they must notify IES.
USI (UNIQUE STUDENT IDENTIFIER)
At the end of Year 11 where a student moves into the Certificates Program to undertake the Certificate IV in University Preparation, or when students undertake first aid and CPR training as a part of CAS, IES College is required to hold a verified USI number for them.
Typically, the College will instruct students and their parent / guardian on the processes to apply for a USI themselves. Where that is the case, the student must provide that USI to the College. In some instances, IES may need to apply for or search for a USI on behalf of a student, the College will not do this without first notifying the student and their parent / guardian of their intention and providing them with the opportunity not to provide that consent.
IES will ensure the security of a student’s USI, and this information will only be shared in accordance with IES’ AVETMISS reporting requirements, or requests from the regulator. IES will not hold USI information for any student NOT currently enrolled in the Certificate IV program or other nationally recognised training program.
DISCLOSURE OF PERSONAL INFORMATION
There may be instances where IES may disclose personal information, possibly including sensitive information, held about an individual to:
- education institutions;
- government departments;
- medical practitioners;
- people providing services to IES, including specialist visiting teachers and sports coaches;
- recipients of IES publications and e-communication;
- anyone to whom the student (or their parent/guardian if under 18) authorise IES to disclose information to.
In accordance with IES policy, this information will not be shared without the prior consent of the student (or their parent / guardian where the student is under 18).
Whilst studying at IES students may utilise the services of Student Counsellors. Meetings and discussions held between Counselling staff and students are treated confidentially, and recorded in a way to always protect the privacy of the student. All relevant documentation supplied to Student Services, such as medical certificates, medical reports and other sensitive personal information is recorded and store in the same confidential manner.
Confidential student counselling notes, or related medical documentation will not be disclosed internally to non-Student Services staff without the consent of the student and approval of the Student Services Manager or General Manager.
DISCLOSURE OF PERSONAL INFORMATION OVERSEAS:
IES may disclose personal information about an individual to overseas recipients, for example to education agents or to facilitate a school exchange. However, IES will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied)
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
IES may use online or ‘cloud’ service providers to store personal information and to provide services to IES that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s server which may be situated outside Australia.
DISCLOSURE OF PERSONAL INFORMATION OVERSEAS FOR IBDP STUDENTS, PARENTS AND STAFF:
The International Baccalaureate Organisation (IB), a Swiss foundation, with a registered address at Route des Morillons 15, 1218 Le Grand-Saconnex, Geneva, Switzerland and/or its affiliates owns and operates several websites, including www.ibo.org. The IB is committed to protecting the privacy of students, parents, educators and others who use our websites, services and products.
UPDATING PERSONAL INFORMATION
It is important that personal information IES collects is accurate, complete and up-to-date. IES will take reasonable steps to make sure that the personal information it collects uses or discloses is accurate, complete and up-to-date. Members of the IES community are asked to keep IES informed of any changes to personal information and can contact IES at any time to update personal information held by IES.
IES will only keep personal information for the term required by IES, for any purpose for which we may use or disclose it, unless we are required by or under an Australian law or a court order to retain it.
All staff are responsible for reporting any breaches of this Policy to the Compliance and Policy Manager or General Manager as soon as practicable after the breach has been identified. Following notification, management will:
- for minor breaches of the Policy: liaise with the relevant department on the necessary actions required to prevent a similar breach from occurring
- for major breaches of the Policy: instigate an investigation into the breach.
The General Manager must be informed of breaches of this policy or procedure and any actions arising out of any investigations. A breach of this policy or procedure may, depending on the circumstances, constitute a breach of IES’s Staff Code of Conduct Policy.
NOTIFIABLE DATA BREACHES
In adherence with the Privacy Act, under the Notifiable Data Breach scheme, it is mandatory for IES to report all eligible data breaches to the Office of the Australian Information Commissioner (OAIC).
An eligible data breach will occur if:
- there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by IES, and
- a reasonable person would conclude that the access, disclosure or loss would be likely to result in serious harm to any of the individuals to whom the information relates.
In the event of a data breach, IES College will contain the data breach to prevent any further compromise of personal information; assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, acting to remediate any risk of harm.
If IES has reasonable grounds to believe that an eligible data breach has occurred in these circumstances, it will notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals of the breach. A review of the incident will be undertaken and actions taken to prevent future breaches.
REQUESTING DETAILS OF OWN PERSONAL INFORMATION
Under the Privacy Act, an individual has the right to obtain access to any personal information that IES holds about them and to advise IES of any perceived inaccuracy. All requests to access any information IES holds must be made to the General Manager in writing.
IES may be required to verify the persons’ identity and specify what information they require. IES may charge a fee to cover the cost of verifying the application, locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, IES will advise the likely cost in advance. IES will seek to handle all requests for access to personal information as quickly as possible.
REQUESTING DETAILS OF PERSONAL INFORMATION OF STUDENTS UNDER 18:
IES respects every parent’s right to make decisions concerning their child’s education. Generally, IES will refer any requests for consent and notices in relation to the personal information of a student to the student’s parents. IES will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.
As mentioned above, parents may seek access to personal information held by IES about them or their child by contacting the General Manager. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of IES ‘s duty of care to a student.
IES may, at its discretion, on the request of a student grant that student access to information held by IES about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances warrant it.
If an individual believes that their privacy has been breached, a complaint should be made in writing to the General Manager via:
- email – Balveren@iescollege.com
- mail – PO Box 989 Spring Hill QLD 4004 Australia
- fax – + 61 (0) 7 3832 9850
so that the complaint can be investigated. An investigation will be conducted and IES will respond in writing.
If the complaint is not resolved to the individual’s satisfaction, and more than 30 business days have passed since the complaint was made to IES, the individual may lodge a complaint with the OAIC. If the person lodging the complaint has any queries about how to do so, they can contact the OAIC by firstname.lastname@example.org or 1300 363 992.