Read carefully
Effective from 18 February, 2024
Hill College cares deeply about the privacy of its guests and members. To that end, this Privacy Policy (“Privacy Policy”) describes how Hill College, together with its affiliated companies (“Hill College”, “The College”, “we”, “our”, or “us”), collect, use, and share your Personal Information, as well as an explanation of the data rights you may have in that Personal Information. This Privacy Policy applies to all Hill College members, including unregistered users, un-/registered community guests, and registered guests (collectively, “Guests”, “Members”, “Staff”, “Students”, “Community”, “you”, or “your”), and to all Hill College services, including our websites (including hillcollege.org, hillcollege.services, hillcollege.online, hillcollege.wixsite.com and any of its subdomains, the “Website”) and related services (collectively, the “Services”, “Classes”, or “Education”).
​
Prior to accessing or using our Services, please read this policy and make sure you fully understand our practices in relation to your Personal Information. If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave and discontinue all use of any of our Services. If you have any questions or concerns regarding this policy, please contact us here.
​​
​
1. What is Personal Information
Personal information is information or an opinion about an individual from which they can be reasonably identified. Depending on circumstances we may collect personal information from the individual in their capacity as a student, staff member, un-/registered guest, community, stakeholder, job applicant, alumni, visitors or others that come into contact with the College. In providing services we may collect, personal, sensitive and health information, generally we will seek consent from the individual before we collect their sensitive and health information.
​
2. Collection of Personal Information
The College will generally collect personal information if reasonable and practical to do so directly from the individual. There are occasions, depending on circumstances, people other than students, staff and guests provide personal information. We take all reasonable steps to ensure the personal information collected and disclose is accurate, complete and up-to-date, including at the time of using or disclosing the information. If the College becomes aware the information is incorrect or out of date, reasonable steps will be taken to rectify the information.
​
2.1 Access and Correction
Parents, Guardians and students may submit a request for access to relevant personal information we hold or request changes be made to the personal information held. Upon receiving such a request we will take steps to verify identity before granting access or correcting the information. To make a request to access any personal information the College holds about individuals and their children, please contact the Headmaster in writing. The College may require you to verify your identity and specify required information. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance. If we cannot provide access to that information, we will provide written notice explaining the reasons for refusal.
​
2.2 Personal Information of Students
The Privacy Act does not differentiate between adults and children and does not specify the age after which individuals can make their own decisions with respect to personal information. We are aware that children do have rights under the Privacy Act and that in certain circumstances, especially when dealing with students and with sensitive information, it will be appropriate to seek and obtain consent directly from students. We acknowledge that there may be occasions where a student may give or withhold consent with respect to the use of their personal information independently from their parents or carers. There may also be occasions where parents and carers are denied access to information with respect to their children, because to provide such information would have an unreasonable impact on the privacy of others or result in a breach of the College’s duty of care to the student.
​
2.3 Personal Information of Staff Members
Personal information held by the College, relating to someone’s current or former employment, is not covered by the Australian Privacy Principles, but only when used by the employer directly in relation to their employment. This information includes:
-
Personal contact details (including names, emails, phone number, address)
-
Application information and details (including previous employment)
-
Information about terms and conditions of employment
-
Records of engagement, resignation or termination of employment
-
Information about training, performance and conduct
-
Working experiences and details of role(s)
​
3. Solicited Information
The College, where possible has attempted to standardise the collection of personal information by using specifically designed forms completed by guests, staff or students. Due to the nature of operations of the College, personal information can also be collected by email, face-to-face meetings, interviews, telephone calls, notes, via the website, through financial transactions or email and device monitoring. Information can also be collected by a third party or independent sources. This will only occur when it is not possible to collect the personal information from the individual directly. We may collect information based on website usage. We use data collection methods to collate information on website activity, such as visitor activity and the pages visited. This information provides the College with the tools to improve our website, focus for marketing campaigns and statistic recording.
​
4. Unsolicited Information
Hill College may be provided with personal information which is unsolicited, this may occur through misdirected emails, postage mail, employment applications for unadvertised positions and additional information not requested by the College. Unsolicited information not collected in normal means will be destroyed, permanently deleted or de-identified as appropriate.
5. Collection and Use of Sensitive Information
The College will only obtain sensitive information if it is necessary for functions or activities and the College has individual consent, or becomes necessary to lessen or prevent serious threat to life, health or safety, permitted health and general situations. We may share sensitive information to other entities within the College structure if necessary for us to provide our services or products.
The College will use personal information it collections from you for the primary purpose of collection, and for the secondary purposes related to the primary purpose reasonably expected by you, or to which you have consented.
6. Use of Personal Information
Hill College only uses personal information as deemed necessary or for related purpose which would be reasonably expected by you for an activity or event to which you have consented.
6. Disclosure of Personal Information
The College may disclose personal information, held about an individual which included, but is not limited to:
-
Providing education, pastoral care, extra-curricular and health services
-
Satisfying legal obligations including duty of care and child protection obligations
-
Requirement by law
-
Disclosure that prevents or lessens serious threat to life, health, safety of individuals
-
People providing services to the College, including specialist visiting guests, and counsellors
-
Recipients of college publications, such as newsletters and magazines
-
Marketing, promotional and fundraising activities
-
Systems development, undertaking planning and research and statistical analysis
-
Staff employment
-
Engagement of Volunteers
-
Day to day operations improvement, including staff training
-
Anyone a parent or guardian authorises the College to disclose information to
6.1. Marketing and Fundraising
Hill College treats marketing and seeking donations for the future growth and development the College as an important part of ensuring that the College continues to be a quality learning environment in which both students and staff thrive. Personal information held by a school may be disclosed to an organisation that assists in the College’s fundraising, for example, the College’s Foundation, Parents and Friends Association and on occasions, external fundraising organisations. Students, staff and other members of the wider school community may from time to time receive fundraising information. School publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
6.2. Sensitive or Health Information
The College will only disclose sensitive or health information for a secondary purpose if reasonably expected and the secondary purpose is directly related to the primary purpose.
6.3. Disclosure to Overseas Recipients
The College follows the principle of data sovereignty and personal information is stored by cloud service providers on Australian soil and not overseas, although cannot always be ensured. The College may disclose personal information about an individual to an overseas organisation in the course of providing services.
The College will take all reasonable steps no to disclose or send personal information about an individual outside Australia without:
-
Obtaining the consent of the individual (in some cases this consent will be implied)
-
The College has satisfied itself that the overseas recipient is otherwise complying with the Australian Privacy Principals or the other applicable privacy legislation
-
The College has formed the opinion that disclosure will lessen or prevent serious threat to life, health or safety or an individual or to public safety
-
The College is taking reasonable action in relations to suspected unlawful activity or serious misconduct
7. Storage and Security of Personal Information
Personal information is stored in a variety of formations including, but not limited to:
-
Databases
-
Hard/paper based files
-
Personal devices, including laptops
-
Third party storage providers such as cloud storage facilities
The College has taken all reasonable steps to protect the personal information we hold from misuse, loss, authorised access, modification or disclosure. Staff are required to respect the confidentiality of students’ and community’s’ personal information and the privacy of the individuals. Staff have restricted access and user privilege to information depending on their role and responsibilities. Hard/paper copy files should be stored securely. Ensuring our IT and cyber security systems, policies and procedures are implemented and up-to-date. Ensuring our staff are aware and comply with internal policies and procedures when handling information. Undertaking due diligence with respect to a third party service provider who may have access to personal information, including customer identification providers and cloud service providers, to ensure as far as practicable that they are compliant with the APPs or a similar privacy regime. The destruction, deletion or de-identification of personal information we hold is no longer needed or required to be retained by any other laws.
8. Data Breaches
There is no single method of responding to a data breach. Data breaches must be dealt with on a case-by-case basis, by undertaking assessment of the risks involved, and using the risk assessment to decide the appropriate course of action.
​
Compliance
Please contact charlie@hillcollege.org for policy inquiries, including editing, compliance, or reporting.
​
Approved by Charlie Hill, Headmaster on 18/01/2024
​