ISA PRIVACY POLICY

Updated January 2025

INTRODUCTION

Independent Schools Australia ABN 83 005 118 927 (ISA, we, us, our) complies with the Australian Privacy Principles (APPs), which are part of the Privacy Act 1988 (Cth) (Privacy Act). The APPs require ISA to have a readily available Privacy Policy that describes how ISA collects, uses, discloses and manages the personal information it holds.

ISA is also bound by other relevant legislation, including but not limited to:

  • Information Privacy Act 2014 (ACT)
  • Health Records (Privacy and Access) Act 1997 (ACT)

ISA recognises that protecting individuals’ privacy is of fundamental importance and required by law. This Privacy Policy explains:

  • what sorts of personal information ISA collects;
  • how ISA may use that personal information and to whom it may be disclosed;
  • how ISA protects the personal information we hold from unauthorised use or disclosure; and
  • how you can access and correct the personal information we hold about you, and your options to complain if you believe we have breached our privacy obligations to you.

ISA reserves the right (at its discretion) to modify, amend or replace this Privacy Policy from time to time to take account of new laws and technology, changes to ISA’s operations and practices and to make sure it remains appropriate. The modified, amended or replaced policy will be posted by ISA to its website in place of the older Privacy Policy.

 

POLICY STATEMENT

ISA complies with the APPs and recognises that protecting individuals’ privacy is of fundamental importance and required by law.

We will collect, use and disclose personal information only in accordance with this Privacy Policy;

As outlined in this Privacy Policy, we will only:

  • Collect sensitive information where you agree and it is reasonably necessary for ISA’s functions and activities;
  • Use and disclose sensitive information for the purpose for which it was collected or a directly related secondary purpose that you would reasonably expect unless you agree otherwise; or
  • Otherwise collect, use and disclose sensitive information as authorised or required by law.

We will respond to any inquiries or compliance within a reasonable timeframe in accordance with this Privacy Policy.

 

SCOPE

This Privacy Policy applies to Member Associations, key stakeholders, job applicants, volunteers, contractors, service providers, visitors, website users, attendees at ISA events and other people with whom ISA ordinarily interacts.

This Privacy Policy does not apply to employees or employee records, as the handling of employee records by a private sector employer is exempt from the Privacy Act if it is directly related to the employee’s current or former employment relationship.

 

DEFINITIONS OF PERSONAL AND SENSITIVE INFORMATION

According to the Privacy Act, ‘personal information’ means information or an opinion about an identified individual, or a reasonably identifiable individual, and includes sensitive information.

According to the Privacy Act, ‘sensitive information’ means personal information relating to a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, membership of a trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices, or criminal record. It also includes health or genetic information about an individual or biometric information used for specific purposed.

 

TYPES OF PERSONAL INFORMATION WE COLLECT AND HOLD

ISA collects and holds a range of personal information, including some sensitive information about Member Associations, key stakeholders, job applicants, volunteers, contractors, service providers, visitors, website users, attendees at ISA events and other people with who ISA ordinarily interacts which may include:

  • Member Associations and key stakeholders:
    • Organisation name, contact details, emergency contact / next of kin, membership dates, Director IDs, Director qualifications and probity check results;
    • Complaint records and investigation reports;
    • Photos and videos taken at ISA events; and
    • Workplace surveillance records.
  • Job applicants, volunteers, service providers and contractors:
    • Full name, date of birth / age, contact details, emergency contact / next of kin;
    • Nationality, languages spoken;
    • Resumes, employment histories and qualifications, training records and competency assessments, references and professional development history;
    • Salary and payment information, including superannuation details;
    • Complaint records and investigation reports;
    • Photos and videos at ISA events;
    • Workplace surveillance records; and
    • Emails and Internet browsing history when using ISA email address or resources.
  • Interested parties / general public:
    • Full name, date of birth / age, gender, contact details (including email and phone number);
    • Nationality, languages spoken;
    • Education history, including the name of the school and occupation; and
    • Photos and videos taken at ISA events.
  • Website users:
    • We may also collect information about you when you access our website using a technology called ‘cookies’. That information includes the pages viewed and the information downloaded, the IP address of the computer or mobile used to visit our website, the page from where the individual visited our website, the type of browser used, unique device identifiers and information about websites visited before the individual visited our website. You can configure your browser to disable cookies, but some parts of our website may not function properly (or at all) if cookies are disabled.

ISA may also collect the following types of sensitive information only where necessary or appropriate, or you have otherwise consented:

  • Medical information (eg details of disability and / or allergies, and medical certificates);
  • Criminal record and probity check results;
  • Racial or ethnic origin (including whether a person identifies as Aboriginal or Torres Strait Islander;)
  • Political opinions and / or membership of a political association; and
  • Religious affiliations

PURPOSE FOR COLLECTING PERSONAL INFORMATION

ISA’s primary purpose for collecting personal information is to support the functions and activities of ISA, including:

  • Generating statistical data and preparing reports for policy and funding purposes;
  • Supporting the Independent school sector with accurate, up-to-date information;
  • Advocating for Independent schools to government bodies;
  • Organising and managing events / functions;
  • For insurance purposes, internal accounting and administration;
  • For publications such as magazines, newsletters and use in social media, including publication of that material (both physically and online);
  • Marketing for ISA events and ISA related events;
  • Reporting to educational and Government authorities;
  • Building and maintaining constructive relationships with the Australian Government and national education agencies;
  • Deepening collaboration between ISA and Member Associations to leverage and build expertise and resources;
  • Influencing the development and implementation of education policy;
  • Promoting the autonomy, quality, diversity and social and economic contribution of the Independent sector;
  • Contributing to Australian education through expert and timely research and analysis;
  • Informing the national education debate and education policy;
  • Supporting the independent school sector with accurate and up-to-date information;
  • Fulfilling legal requirements, including taking reasonable steps to reduce the risk of harm to staff and visitors, making reasonable adjustments for individuals with disabilities and complying with child protection legislation; and
  • Assessing an applicant’s suitability for employment or a volunteer position and enabling ISA and the applicant or volunteer to work together.

HOW WE COLLECT PERSONAL INFORMATION

ISA collects personal information about an individual directly from that individual, where reasonable and practicable to do so. We collect information in a variety of ways, including:

  • Electronic or paper documents (including forms, letters and invoices), face-to-face meetings and interviews, emails and telephone calls;
  • From our website using various technologies, including ‘cookies’;
  • Online tools (including apps or other software used by ISA);
  • Photographs, video or other recordings;
  • Polls, surveys and / or questionnaires;
  • From other parties, such as education agencies, recruiters, job applicants, representatives or referees or social media; and
  • From publicly available sources.

HOW WE USE AND DISCLOSE THE PERSONAL INFORMATION WE COLLECT

As a general principle, and in accordance with our statutory obligations, we only use and disclose personal information for:

  • The primary purpose for which the information was collected;
  • A secondary purpose that is related to the primary purpose and for which you would reasonably expect us to use the collected information;
  • A secondary purpose that is directly related to the primary purpose where it is sensitive information; or
  • As otherwise required or authorised by law, including the APPs.

In particular, we may disclose personal information to the following people, where appropriate:

  • Third-party service providers who provide services, including document and data management services, training and support services, administration, financial or educational services to ISA;
  • Another peak body;
  • Government departments (both state and federal);
  • Recipients of ISA’s publications such as newsletters and magazines;
  • Third parties to whom you authorise us to disclose personal information;
  • Where authorised or required by law or court order, or other governmental order of process, such as where we believe in good faith that the law compels us to disclose information to:
    • Lessen or prevent a serious threat to your life, health or safety or public health or safety where it is impractical to obtain you consent;
    • Take appropriate action in relation to suspected unlawful activity or serious misconduct;
    • To locate a person reported as missing;
    • To assert a legal or equitable claim; or
    • To conduct an alternative dispute resolution process; and
    • Where we are required to do so as a result of any obligations we owe under a contract.

When ISA engages third parties to provide products and / or services to ISA, such as IT service providers, software providers and payment processors, such third parties may have access to personal information ISA holds about individuals. ISA does not authorise those third parties to use any personal information disclosed to or accessed by the third party for any purpose other than to facilitate the third party’s completion of its obligations owed to ISA.

DISCLOSURE OF PERSONAL INFORMATION OVERSEAS

ISA does not disclose personal information about an individual to overseas recipients. If ISA does send personal information about an individual outside Australia, it will not be without:

  • Obtaining the consent of the individual (in some cases this consent will be implied); and
  • Otherwise complying with the APPs or other applicable privacy legislation.

In limited situations, ISA may use online or ‘cloud’ service providers to store or back up personal information such as services relation to email and instant messaging. Some limited personal information may also be provided to these service providers to enable them to authenticate users who access their services. This personal information may be stored in the ‘cloud’ which means that it may reside on a cloud service provider’s service which may be situated outside Australia.

ISA does not otherwise disclose or allow a third party located outside Australia to access the personal information ISA holds.

DIRECT MARKETING

Marketing and seeking participation at and registration for ISA events is an important part of ensuring that ISA continues to provide a national voice for Independent schools.

You may from time-to-time receive such marketing materials and communications.

If you would like to opt out of receiving marketing material, please contact ISA’s Privacy Officer (see below). There will also be a simple ‘unsubscribe’ (opt out) method in any marketing emails. If you opt out of receiving marketing material from us, we may still otherwise contact you in relation to our existing relationship with you other than for marketing.

SECURITY AND RETENTION OF PERSONAL INFORMATION

ISA takes security seriously and takes reasonable steps to protect any personal information it holds from misuse, interference and loss. This includes:

  • Physical security measure such as locking cabinets and restricting access to employees in ISA’s premises; and
  • Technology security measures such as employing passwords and multi-factor authentication measures to protect electronic records.

ISA staff are required to respect the confidentiality and privacy of all individuals who interact with ISA.

ACCESSING THE PERSONAL INFORMATION WE HOLD

An individual is entitled to access the personal information we hold about that individual. All enquiries should be directed to ISA’s Privacy Officer (see below).

We will respond to such requests within a reasonable period. We are entitled under the APPs to charge a reasonable fee to cover the costs we incur in providing access but this is usually not required.

We reserve the right to refuse access where an exception applies, for example, where releasing the information would unreasonably impact the privacy of another individual. Alternatively, we reserve the right to redact the information made available, to protect the privacy of other individuals. We also reserve the right to verify the identity of the person requesting the information and their entitlement to access it.

QUALITY OF THE PERSONAL INFORMATION WE HOLD

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy, completeness and currency of the information we hold largely depends on the accuracy of the information supplied to us or which we collect.

If at any time you discover that any information held about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you can request correction of the information by contacting ISA’s Privacy Officer (see below). ISA reserves the right to verify your identity before processing a correction request.

LODGING A COMPLAINT

If you wish to make a complaint to ISA about how ISA handles your personal information we ask that you make the complaint in writing to ISA’s Privacy Officer (see below).

ISA will promptly acknowledge receipt and will respond to you within a reasonable time period (generally within 30 days). Where the complaint requires a more detailed investigation, the complaint may take longer to resolve and we will keep you updated as to progress.

ISA reserves the right to verify the identity of the individual making the complaint and to seek further information from the complainant about the circumstances of the complaint. ISA reserves the right to refuse to investigate or to otherwise deal with a complaint where permitted under the Privacy Act. For example, ISA may refuse to investigate or otherwise deal with a complaint if ISA considers the complaint to be vexatious or frivolous.

If you are not satisfied with our response to your complaint, or you consider that ISA may have breached the APPs or the Privacy Act, you can make a complaint to the Office of the Australian Information Commissioner (‘OAIC”).

Office of the Australian Information Commissioner

Postal address: GPO Box 5288 Sydney, NSW 2001

Phone: 1300 363 992

Website: www.oaic.gov.au

HOW TO CONTACT US

If you have a query about this privacy policy or wish to make a complaint, please contact:

Privacy Officer

Independent Schools Australia

12 Thesiger Court, DEAKIN ACT 2600

Phone: 02 6282 3488

Email: isa@isa.edu.au