Privacy Policy

This Privacy Policy is to inform individuals about the practices of the School in relation to personal information. It also serves as a guide to the School’s staff as to the standards to be applied in respect of handling personal information and ensure consistency in the School’s approach to privacy
The School respects and is committed to protecting privacy.  This Privacy Policy informs how personal information, and students’ sensitive information is processed and used. The School will use personal information only in ways that are compatible with this Privacy Policy. This Privacy Policy and Procedures Document disclose what information we gather, how we use it, and how to correct or change it.
St Andrew’s Cathedral School may, from time to time, review and update this Privacy Policy taking account of legislation and other changes to the School’s operations and practices.

Except where otherwise specified, “staff” in this document refers to both teaching and non-teaching staff employed by St Andrew’s Cathedral School (the School), as well as itinerant music teachers, casual relief staff, coaches, volunteers and contractors.

This Policy should be read in conjunction with any other relevant St Andrew’s Cathedral School Policies.


School Council
All policy is under the governance of the School Council.  They determine our policies and establish criteria for compliance.
Head of School
The Head of School has a responsibility to articulate the School’s obligation to Privacy in appropriate guideline documents such as the Privacy Policy and Procedures document.
The School Executive
The School Executive is responsible for:
  • ensuring that employees are aware of and understand the policy;
  • monitoring and, where necessary, enforcing policies; and
  • providing leadership by example.
Deputy Head of School
  • Reproduce the Privacy Policy and Procedures’ document and ensuring each member of staff is issued with one.
  • Implement training for all teaching staff (Secondary and Primary), Non-Teaching staff and the School Executive.
  • Implement training for all new staff as part of the SACS Induction Program (Teaching and Non-Teaching)
  • Conduct debrief and performance reviews
  • Responsible for all matters contained within the Privacy Policy and Procedure document which relate to the staff and students of the School and their adherence to the procedures contained therein.
Privacy Officer (Registrar)
  • Review documents for practical and operational matters in liaison with Deputy Head of School and Business Manager.
  • Co-ordinate the development and implementation and audit of Privacy procedures in all areas of the School.
All employees share a responsibility to ensure:
  • They have read, understood and implement the Privacy Policy and Procedures document.
  • They lead by example to students and other members of the School community.
Review of Document
This document will be reviewed by the School Executive regularly.

Privacy Policy

This Privacy Policy sets out how the School manages personal information provided to or collected by it. The School is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act. In relation to health records, the School is also bound by the New South Wales Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (Health Records Act). The School may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the School’s operations and practices and to make sure it remains appropriate to the changing school environment.

What kinds of personal information does the School collect and how does the School collect it?

The type of information the School collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

• pupils and parents and/or guardians (‘Parents’) before, during and after the course of a pupil’s enrolment at the School;

• job applicants, staff members, volunteers and contractors (note that the Australian Privacy Principals do not apply to employee record); and

• other people who come into contact with the School.

Personal Information you provide: The School will generally collect personal information held about an individual by way of forms filled out by Parents or pupils, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than Parents and pupils provide personal information.

Personal Information provided by other people: In some circumstances the School may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.

Exception in relation to employee records: Under the Privacy Act and the Health Records Act, the Australian Privacy Principles and Health Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the School’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the School and employee.

How will the School use the personal information you provide?

The School will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.

Pupils and Parents: In relation to personal information of pupils and parents, the School’s primary purpose of collection is to enable the School to provide schooling for the pupil. This includes satisfying the needs of Parents, the needs of the pupil and the needs of the School throughout the whole period the pupil is enrolled at the School. The purposes for which the School uses personal information of pupils and parents include:

• to keep Parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;

• day-to-day administration of the School;

• looking after pupils’ educational, social and medical wellbeing;

• seeking donations and marketing for the School;

• to satisfy the School’s legal obligations, including the disclosure of information, which is incumbent upon operators of all government and non-government schools that receive Australian Government schools funding (approved authorities), to provide information to the Australian Government Department of Education and Training (the Department) for the purposes of the Nationally Consistent Collection of Data (NCCD) on Students with Disability;

• and allow the School to discharge its duty of care.

In some cases where the School requests personal information about a pupil or parent, if the information requested is not provided, the School may not be able to enrol or continue the enrolment of the pupil or permit the pupil to take part in a particular activity.

Job applicants, staff members and contractors: In relation to personal information of job applicants, staff members and contractors, the School’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which the School uses personal information of job applicants, staff members and contractors include:

• in administering the individual’s employment or contract, as the case may be;

• for insurance purposes;

• seeking donations and marketing for the School; and

• to satisfy the School’s legal obligations, for example, in relation to child protection legislation.

Volunteers: The School also obtains personal information about volunteers who assist the School in its functions or conduct associated activities, such as alumni associations, to enable the School and the volunteers to work together.

Marketing and fundraising: The School treats marketing and seeking donations for the future growth and development of the School as an important part of ensuring that the School continues to provide a quality learning environment in which both pupils and staff thrive. Personal information held by the School may be disclosed to organisations that assist in the School’s fundraising, for example, the School’s Foundation or alumni organisation or, on occasions, external fundraising organisations. Parents, staff, contractors and other members of the wider School community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.

Who might the School disclose personal information to and store your information with?

The School may disclose personal information, including sensitive information, held about an individual to:

• another school;

• government departments;

• medical practitioners;

• people providing services to the School, including specialist visiting teachers, counsellors and sports coaches;

• recipients of School publications, such as newsletters and magazines;

• Parents;

• anyone you authorise the School to disclose information to; and

• anyone to whom we are required to disclose the information to by law.

Sending and storing information overseas: The School may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the School will not send personal information about an individual outside Australia without:

• obtaining the consent of the individual (in some cases this consent will be implied); or

• otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

The School may also store personal information in the ‘cloud’ which may mean that it resides on servers which are situated outside Australia.

How does the School treat sensitive information?

In referring to ‘sensitive information’, the School means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

Management and security of personal information

The School’s staff are required to respect the confidentiality of pupils’ and Parents’ personal information and the privacy of individuals. The School has in place steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.

Responding to data breaches

The School will take appropriate, prompt action if we have reasonable grounds to believe that a data breach may have, or is suspected to have occurred. Depending on the type of data breach, this may include a review of our internal security procedures, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC). If we are unable to notify individuals, we will publish a statement on our website and take reasonable steps to publicise the contents of this statement.

Access and correction of personal information

Under the Commonwealth Privacy Act [and the Health Records Act], an individual has the right to obtain access to any personal information which the School holds about them and to advise the School of any perceived inaccuracy. Pupils will generally be able to access and update their personal information through their Parents, but older pupils may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation. To make a request to access or update any personal information the School holds about you or your child, please contact the [School Principal] in writing. The School may require you to verify your identity and specify what information you require. The School may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the School will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.

Consent and rights of access to the personal information of pupils

The School respects every Parent’s right to make decisions concerning their child’s education. Generally, the School will refer any requests for consent and notices in relation to the personal information of a pupil to the pupil’s Parents. The School will treat consent given by Parents as consent given on behalf of the pupil, and notice to Parents will act as notice given to the pupil.

As mentioned above, parents may seek access to personal information held by the School about them or their child by contacting the Head of School. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the pupil. The School may, at its discretion, on the request of a pupil, grant that pupil access to information held by the School about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the pupil and/or the pupil’s personal circumstances so warranted.

Enquiries and complaints

If you would like further information about the way the School manages the personal information it holds, or wish to complain that you believe that the School has breached the Australian Privacy Principles, please contact the School Registrar on 9286 9500 or email [email protected]. The School will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.


The above policy and procedure guidelines provide an essential framework for compliance in the vital matter of Privacy.  I commend it to the St Andrew’s Cathedral School community.

Dr John Collier
Head of School
If you would like further information about the way the School manages the personal information it holds, or a copy of the full Privacy Policy, please contact the Register through the Enrolments office:
+61 2 9286 9500
St Andrew’s Cathedral School
Sydney Square
Sydney NSW 2000
Email: [email protected]