privacy

The Privacy Amendment (Private Sector) Act was promulgated by the Federal Parliament on 21 December 2001. This Act regulates the way in which private organisations collect, use, disclose, keep secure and allow people access to their personal information. Stirling affirms the National Privacy Principles (NPP’s) of the Act and will respect the dignity and privacy of all individuals with whom it is engaged.

This policy sets out principles and procedures to protect the personal and sensitive information that Stirling collects from students, staff, volunteers and donors and uses in order to carry out its educational functions and activities. It also sets out principles and procedures to protect the personal and sensitive information that Stirling collects from employees and uses in order to carry out its function as an employer.

1. Definitions of personal and sensitive information
1.1 Personal information relates to a living human being (a company is not a living human being, even though it may be recognised as a legal ‘person’ under the law). It is defined as information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion (e.g. name, address, e-mail address, telephone number, image, story, file notes). It includes all personal information, regardless of its source.
1.2 Sensitive information is a subset of personal information. It includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, or health information.

2. Privacy awareness, openness and transparency
2.1 Stirling aims to foster a culture of respect for privacy and confidentiality and shall include a privacy and confidentiality module in all staff and volunteer induction programs
2.2 A Privacy Statement shall be posted on the Stirling web site and shall also be available in hard copy to any individual who requests it. Stirling reserves the right to charge a minimal fee for providing the Privacy Statement in hard copy.
2.3 On request, Stirling shall advise in a general manner, what sorts of personal information it holds, for what purposes, and how it collects, uses, displays and discloses that information.

3. Collection
3.1 Stirling will collect only that information necessary for the primary purpose of providing theological education to its students. Such information will be collected in a lawful and non-obtrusive way and will generally comprise:
   · Name and contact details (including phone, fax and email).
   · Tax file number for the purpose of administering the federal government’s education loan scheme
     (FeeHelp).
   · Date of birth, nationality, residency status (for reporting to the Department of Education, Employment
     and Workplace Relations)
   · Whether or not a student has a disability
   · Bank account details where direct payment or direct debit has been an agreed transaction.
   · Credit and/or debit card details where payment is made for services via this facility.
3.2 Stirling will collect only that information necessary for the purpose of providing appropriate employment conditions to its employees. Such information will be collected in a lawful and non-obtrusive way and will generally comprise
   · Name and contact details (including phone, fax and email)
   · Bank account details where direct payment or direct debit has been an agreed transaction
   · Tax file numbers where the individual is employed by Stirling for any purpose and for any length of time 3.3 Stirling will collect only that information necessary for the purpose of receipting, taxation reporting and appropriate recording of donations received from individuals, churches, companies and other agencies. Such information will be collected in a lawful and non-obtrusive way and will generally comprise:
   · Name and contact details
   · Bank account details where direct payment or direct debit has been an agreed transaction
   · Specified advice on distribution of funds
3.4 Stirling may also collect sensitive information for specific purposes (such as student surveys), but only with the consent (explicit or implicit) of the individual concerned.
3.5 Stirling shall only collect personal information by fair and lawful means and not in an unreasonably intrusive way.
3.6 At the time of, or as soon as practicable after, collecting information (whether through an employee, volunteer, consultant or agency) from an individual, Stirling shall ensure that the individual is aware of:
   · Stirling’s identity and how to contact the organisation
   · their right to gain access to their information as recorded by Stirling
   · the purposes for which the information is collected
   · the organisations to which Stirling may disclose such information (e.g. MCD)
   · any legal obligations that require the individual to provide, or Stirling to collect, personal information
     (e.g for AUSTUDY, FeeHelp or taxation purposes)
   · the consequences, if any, if all or part of the information is not provided
3.7 Apart from any legal requirements to disclose information, Stirling shall only disclose personal information to third parties that are prepared, by formal agreement, to provide surety that they are compliant with the NPPs.

4. Use and Disclosure
4.1 Stirling will use and disclose personal information about an individual only for the purpose for which it is collected, unless consent has been obtained to use the information for additional purposes. Exceptions to this include where disclosure is:
   · required by law
   · reasonably necessary to assist a law enforcement agency
   · required by affiliated agencies for the purpose of issuing academic statements or external agencies
     handling mailed correspondence
   · required by auditors, legal advisers, consultants or other agencies administering the academic
     records in the interest of the students.
Stirling shall take reasonable steps to protect the personal information it holds from misuse, loss and unauthorised access, modification or disclosure. Accordingly, Stirling shall ensure that:
   · privacy and confidentiality training is provided to all staff
   · all staff, volunteers, and board members sign a confidentiality agreement
   · access to information and information systems by all staff and volunteers is limited to that required
     by their current position or role
   · all staff and volunteers adhere to the practice of securing paper records containing personal
     information at the end of each day or whilst their desks are unattended
   · electronic information systems are protected by adequate security measures and protocols
   · physical information and storage facilities are protected by adequate security measures and protocols. 4.2 Stirling shall take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed.

5. Personal Information Quality
5.1 Stirling will aim to ensure that all personal information received is kept accurately, completely and up to date. Staff, students, volunteers and donors will have access to their personal information at any time, be provided with appropriate procedures to alter that information when changed circumstances invalidate the data. Staff and students will have access to processes whereby perceived inaccuracies in personal records may be formally challenged.
5.2 If the individual and Stirling disagree about whether the information is accurate, complete and up-to-date, the matter shall be referred to the designated Privacy Officer for investigation and mediation. In cases where Stirling elects not to amend the information, the Privacy Officer shall provide reasons for not amending that information. If the information is amended, reasonable steps will be taken to inform relevant parties of the amendments.
5.3 Should an individual be dissatisfied with the decision of the Privacy Officer, he or she may lodge a complaint with the Federal Privacy Commissioner.

6. Result of an interference with privacy
6.1. If an individual believes that Stirling has interfered with their privacy they can complain to the Grievances Officer (ask the Principal or Registrar for information), who shall investigate and mediate a resolution.
6.2. If the individual and Stirling cannot resolve the complaint between themselves, the individual can complain to the Privacy Commissioner, who may conciliate the complaint. As a last resort, the Commissioner can make a formal determination enforceable by the Federal Court.
6.3. The Commissioner may also investigate an act or practice that may be a breach of privacy even if there is no complaint.

7. Stirling electronic communications: The inclusion of a privacy statement is desirable on all Internet communications in which any private information is conveyed.

CAUTION – this message may contain privileged and confidential information intended for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the Stirling Theological College or of Churches of Christ in Australia.

8. Availability A general privacy statement will be made available to all persons associated with the Stirling Theological College. This will be effected by placing the policy on the College website. The policy statement publication should be readily available to all enrolled students as soon as possible after enrolment; all staff and volunteers as soon as possible after employment or recruitment, and all donors.