The objectives of this policy are to:
(a)ÌýÌýÌýÌýÌýÌýÌý identify the Collegeâ€™s obligations for handling personal information of past and present College staff, students, prospective students and other individuals associated with the College;
(b)ÌýÌý ÌýÌýÌýÌý encourage all College staff to take a proactive approach to privacy; and
(c) Ìý ÌýÌýÌýÌý identify the Collegeâ€™s obligations for responding to complaints about potential privacy breaches.
This policy applies to all personal and health information (including sensitive information) collected by the College, including that of staff and students and other individuals associated with the College.
This policy complies with the Privacy Act 1988 (Cth) and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).Ìý The policy also complies with the Health Records Act 2001 (Vic).
4.1 Ìý ÌýProactive privacy â€“ The College is proactive in its approach to privacy protection by anticipating and preventing invasive events before they occur.
4.2. Ìý Privacy by design â€“ The College embeds privacy considerations into the design and architecture of information technology systems and business processes.
4.3. Ìý The College collects, uses, discloses and manages personal information in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) and meets its obligations under the Notifiable Data Breaches Scheme (NDB).
4.6. Ìý The College collects health information of its staff, students and other individuals, in accordance with the Health Privacy Principles (HPPs) in the Health Records Act 2001 (Vic).
5.1.Ìý ÌýÌýThe Collegeâ€™s Privacy Officer (Deputy Principal) is responsible for responding to all complaints of potential privacy or personal data protection breaches.
5.2.Ìý ÌýÌýPrivacy impact assessmentsÌý(PIAs) must be undertaken throughout the development and implementation of any project that collects, handles, processes or discloses personal information, or when making changes to existing systems or activities.
5.3.Ìý Ìý General privacy statements must be available on the Collegeâ€™s website.
5.4.Ìý ÌýÌýPrivacy collection notices specific to particular projects or activities must be provided at the point of collection of any personal information from individuals.
5.5.Ìý ÌýÌýBoth the general website privacy statements and specific privacy collection notices must include the following information:
(a)ÌýÌýÌýÌýÌý the main functions of the College and the types of personal information collected to fulfil these;
(b)ÌýÌýÌýÌýÌý the name and contact details of the appropriate College representative in relation to those functions;
(c)ÌýÌýÌýÌýÌý the purposes of collection of the information;
(d)ÌýÌýÌýÌýÌý how personal information is used and to whom it is routinely disclosed;
(e)ÌýÌýÌýÌýÌý whether collection of personal information is optional or compulsory under applicable legislation;
(f)ÌýÌýÌýÌýÌýÌý how the information is stored securely, how access is properly managed, and the retention periods for the information;
(g)ÌýÌýÌýÌýÌý details of any transfer or storage of the information outside Australia and how privacy is protected in such circumstances;
(h)ÌýÌýÌýÌýÌý how individuals can request access to, or correction of, their personal information; and
(i)ÌýÌýÌýÌýÌýÌý the name and contact details of the Collegeâ€™s Privacy Officer.
If you would like further information about the way the College manages the personal information it holds, please contact the Principal.