Home / Document / Privacy policy Print Download

Your privacy is important

This Privacy Policy sets out how Christ Church Grammar School (the School) protects your privacy and how we comply with the requirements of the Privacy Act 1988 and the 13 Australian Privacy Principles (APPs).

This policy also describes:

  • from whom we collect information;
  • the types of personal information collected and held by the School;
  • how this information is collected and held;
  • the purposes for which your personal information is collected, held, used and disclosed;
  • how you can gain access to your personal information and seek its correction;
  • how you may complain or inquire about our collection, handling, use or disclosure of your personal information and how that complaint or inquiry will be handled; and
  • whether we are likely to disclose your personal information to any overseas recipients.

Scope of policy

This policy outlines the circumstances in which we obtain personal information, how we use and disclose that information and how we manage requests to access and/or change that information.

What is personal information and how do we collect it?

Personal information is information or an opinion about an individual from which they can be reasonably identified. The type of information the School collects and holds includes (but is not limited to) personal information from students, parents/guardians/carers (the Parent), prospective parents, job applicants, staff members, Council members, volunteers and others including alumni, contractors, visitors and others that come into contact with the School.

Personal information you provide  

The School will generally collect personal information held about an individual by way of forms filled out by parents or students, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and students provide personal information.

Personal information includes names, addresses and other contact details; dates of birth; next of kin details, financial information, citizenship, employment references, regulatory accreditation, media, directorships, property ownership, drivers licence and attendance records.

Personal information provided by other people

In some circumstances the School may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.

Sensitive information

The School only collects sensitive information reasonably necessary for one or more of its functions or activities, if we have the consent of the individuals to whom the sensitive information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety, or another permitted general situation (such as locating a missing person) or permitted health situation (such as the collection of health information to provide a health service) exists.

If we do not have the relevant consent or a permitted general situation does not exist, then we may still collect sensitive information provided it relates solely to individuals who have regular contact with the School in connection with our activities. These individuals may include students, parents, volunteers, former students and other individuals with whom the School has regular contact in relation to its activities.

Sensitive information includes government identifiers (such as TFN), nationality, country of birth, racial or ethnic origins, political opinions, languages spoken at home, religion, professional or trade union memberships, family court orders and criminal records.

Health information

A wide range of health information may be collected including medical records, immunisation details, individual action plans, psychological reports, and dietary requirements, as well as relevant information about disabilities.

Exception in relation to employee records

Under the Privacy Act the Australian Privacy Principles (and Health Privacy Principles) do not apply to an employee record. As a result, this Privacy Policy does not apply to the School’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the School and employee.

Solicited information

Christ Church Grammar School has, where possible, attempted to standardise the collection of personal information by using specifically designed forms (e.g. an Enrolment Form or Health Information Disclosure Form). However, given the nature of our operations we also receive personal information by email, letters, notes, via our website, over the telephone, in face-to-face meetings, through financial transactions and through surveillance activities such as the use of CCTV security cameras or email monitoring.

We may also collect personal information from other people (e.g. a third-party administrator, referees for prospective employees) or independent sources. However, we will only do so where it is not reasonable and practical to collect the personal information from the individual directly.

Information collected from our website

To continually improve our users’ experience, we collect data based on how individuals interact with our website. We use ‘cookies’ and other data collection methods to collect information on activities such as the number of visitors and number of pages viewed on our website. The information is anonymous and is not used to personally identify individuals.

How will the School use the personal information you provide?

The School only uses personal information that is reasonably necessary for one or more of its functions or activities (primary purpose), or for a related secondary purpose reasonably expected by you, or for an activity or purpose to which you have consented.

Students and parents

In relation to personal information of students and parents, the School’s primary purpose of collection is to enable the School to provide schooling for the student. This includes satisfying the needs of parents, the needs of the student and the needs of the School throughout the whole period the student is enrolled at the School.

The primary purposes for which the School uses personal information of students and parents include (but are not limited to):

  • providing education, pastoral care, extra-curricular and health services (looking after our students’ educational, social and medical wellbeing)
  • keeping parents informed about matters related to their student’s schooling through correspondence, reports, newsletters, website and other school publications
  • satisfying the School’s legal obligations including our duty of care and child protection obligations
  • school day-to-day operations including training our staff; administration systems development; developing new programs and services undertaking planning, research and statistical analysis
  • school administration, including for insurance purposes
  • the employment of staff
  • the engagement of volunteers
  • school marketing, promotional and fundraising activities
  • supporting the activities of parent support groups
  • supporting the activities and objectives of the Old Boys’ Association
  • supporting community-based causes and activities, charities and other causes in connection with the School’s functions or activities.

In some cases where the School requests personal information about a student or parent, if the information requested is not provided, the School may be unable to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of this information is allowed by law.

Job applicants, staff members and contractors

In relation to personal information of job applicants, staff members and contractors, the School’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which the School uses personal information of job applicants, staff members and contractors include:

  • in administering the individual’s employment or contract, as the case may be
  • for insurance purposes
  • seeking donations and marketing for the School and
  • to satisfy the School’s legal obligations, for example, in relation to child protection legislation.


The School obtains personal information about volunteers who assist the School in its functions or conduct associated activities, to enable the School and the volunteers to work together.

Marketing, fundraising and events

The School treats marketing and seeking donations for the future growth and development of the School as an important part of ensuring the School continues to provide an outstanding learning environment in which both students and staff thrive.

Personal information held by the School may be disclosed to organisations that assist in the School’s fundraising, for example, the School’s Foundation or Old Boys’ Association or, on occasions, external fundraising organisations.

The School and the Old Boys’ Association work closely together to assist the Association in achieving its objectives. Through shared use of data, the School designs and distributes invitations to events, mails members directly (newsletters, birthday cards, requests for information etc), hosts events and maintains the database including all member contact details.

Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. School publications, such as newsletters and magazines, which include personal information, may be used for marketing purposes.

To whom might the School disclose personal information?

The School may disclose personal information, including sensitive information, held about an individual to:

  • government departments
  • another school
  • medical practitioners
  • people providing services to the School, including specialist visiting teachers, counsellors and sports coaches
  • recipients of school publications, such as newsletters and magazines
  • parents
  • anyone to whom you authorise the School to disclose information and
  • anyone to whom we are required to disclose the information by law.

Sending information overseas

The School may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with ‘cloud’ service providers situated outside Australia or to facilitate a school exchange. However, the School will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied); or
  • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

How does the School treat sensitive information?

In referring to ‘sensitive information,’ the School means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, criminal record, that is also personal information; health information and biometric information about an individual.

Management and security of personal information

Christ Church Grammar School stores personal information in a variety of forms including, but not limited to; electronic databases, hard copy files, personal devices including laptop computers, third party storage providers such as cloud storage facilities, and paper-based filing systems.

The School’s staff is required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals. The School has in place steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.

Handling of data breaches

Christ Church Grammar School will take appropriate, prompt and necessary action if there are reasonable grounds to believe that a data breach has, or is suspected to have occurred. Depending on the type of data breach, this may include a review of our internal security protocols, taking remedial internal action, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).

If we are unable to notify individuals, we will publish a statement on our website and take reasonable steps to communicate the nature of the breach.

Access and correction of personal information

Under the Commonwealth Privacy Act (and the Health Records Act), an individual has the right to obtain access to any personal information that the School holds about them and to advise the School of any perceived inaccuracy.

Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.

To make a request to access or update any personal information the School holds about you or your child, please contact the Principal in writing. The School may require you to verify your identity and specify what information you require.

The School may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, we will advise the likely cost in advance.

If we cannot provide you with access to that information, you will be notified accordingly. You will be provided a written notice explaining the reasons for access being denied.

Consent and rights of access to the personal information of students

The School respects every parent’s right to make decisions concerning their child’s education. Generally, the School will refer any requests for consent and notices in relation to the personal information of a student to the parents. The School will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student.

Parents may seek access to personal information held by the School about them or their child by contacting the Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the School’s duty of care to the student.

The School may, on the request of a student, grant that student access to information held by the School about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student’s personal circumstances so warranted.

Storage and Security of personal information

The School stores personal information in a variety of formats including, but not limited to databases, hard copy files, personal devices and third party storage providers such as cloud storage facilities.

The School takes all reasonable steps to  protect personal information held from misuse, loss, unauthorised access, modification or disclosure. These steps include ensuring staff do not share passwords, storing hard copy files in lockable filing cabinets / lockable rooms, ensuring access to the School premises are secured at all times, ensuring IT and cyber security systems, policies and procedures are implemented and up to date, undertaking due diligence regarding third party service providers who may have access to personal information to ensure they are compliant with the Australian Privacy Principles or a similar regime and the destruction, deletion or deidentification of personal information held that is no longer needed re required to be retained by any laws.


You can make a formal complaint regarding Christ Church Grammar School’s management of personal information, including a breach of the Australian Privacy Principles (APPs), by notifying us in writing as soon as possible. We will respond to the complaint within a reasonable timeframe (generally within 30 days) which may involve seeking further information to enable a full and complete response.

Anonymous complaints are also welcome and may be where there is no name or address supplied, or where the complainants say they do not wish to be identified. Complainants however, are encouraged to provide their names and are given reassurance on the issue of confidentiality. If they persist in wishing to remain anonymous, it is at the Privacy Officer’s discretion as to what action, if any, will be taken, depending on the nature of the complaint.

Christ Church Grammar School does not charge a fee for the handling of complaints.

If you are not satisfied with our response, you may refer the complaint to the Office of the Australian Information Commissioner. A complaint can be made using the OAIC online Privacy Complaint form, by mail in writing, or via email.

A referral to the OAIC should be a last resort once all other options of resolution have been exhausted.

How to contact us

Christ Church Grammar School can be contacted about this Privacy Policy or about personal information by:

  • Emailing
  • Calling +61 8 9442 1555
  • Writing to our Privacy Officer at PO Box 399, Claremont WA 6910 or by contacting +61 8 9442 1531