The policy applies to the management of personal information collected by the OHA in the course of its operations, including that which is collected by solicited and unsolicited means and is applicable to the management of any personal information which is under the control of the OHA.
The management of personal information refers to the circumstances in which we obtain personal information, how we use and disclose that information and how we manage requests to access, dispose of and/or change that information.
The policy is not applicable to information which is under the control of any third party to which the OHA provides personal information in accordance with this policy.
What is personal data and how to we collect it?
Personal information is information or an opinion about an individual from which they can be reasonably identified. The OHA may collect personal information from an individual in their capacity as an alumni, visitor or others who come into contact with the OHA.
If it is reasonable and practical to do so, the OHA will collect personal information directly from the individual.
In the course of providing membership services we may collect and hold:
- Personal Information including:
- Residential and mailing address
- Phone numbers and email address
- Date of birth
- Next of kin / emergency contact details
- Photographic images, and
- Attendance records
- Sensitive Information including:
- Country of birth
- Professional memberships/registrations
- Family court orders, and
- Criminal records
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Generally, the OHA will seek consent from the individual in writing before collecting their sensitive information.
The OHA may be provided with personal information without having sought it through our normal means of collection. This is known as “unsolicited information” and can be collected by:
- Misdirected postal mail – Letters, notes, documents
- Misdirected electronic mail – Emails, electronic messages
- Employment applications sent to us that are not in response to an advertised vacancy
- Information entered into or stored in online systems and platforms
- Information communicated through mail, email, telephone or verbal communication.
Unsolicited information obtained by the OHA will only be held, used or disclosed if it is considered as personal information that could have been collected by normal means. If that unsolicited information could not have been collected by normal means it will be destroyed, permanently deleted or de-identified as appropriate.
Collection and use of Sensitive Information
The OHA will only collect sensitive information if it is:
- reasonably necessary for one or more of its functions or activities, and the individual has provided consent
- required to meet legislative requirements
- necessary to lessen or prevent a serious threat to life, health or safety
- another permitted general situation
- another permitted health situation.
The OHA may share sensitive information with other entities in our organisational structure, but only if necessary to provide our products or services.
Use of Personal Information
The OHA only uses personal information that is reasonably necessary for one or more of our functions or activities (the primary purpose) or for a related secondary purpose that would be reasonably expected by the individual, or for an activity or purpose to which an individual has consented.
The OHA’s primary uses of personal information include, but are not limited to:
- Providing membership experience to all alumni
- Satisfying our legal obligations including our duty of care and child protection obligations
- Keeping members informed as to School community matters through correspondence, newsletters and magazines
- Marketing, promotional and fundraising activities
- Supporting the activities of the Haileybury Foundation
- Supporting community-based causes and activities, charities and other causes in connection with the School’s functions or activities
- Helping us to improve our day-to-day operations
- Systems development; developing new programs and services; undertaking planning, research and statistical analysis
- Engagement of volunteers, club members, ambassadors and councillors.
We will only use or disclose sensitive or health information for a secondary purpose if an individual would reasonably expect us to use or disclose the information and the secondary purpose is directly related to the primary purpose.
We may share personal information with related bodies corporate, but only if necessary for us to provide our services.
The OHA may disclose information about an individual to overseas recipients only when it is necessary, for example, to facilitate a student exchange program. The OHA will not send information about an individual outside of Australia without their consent.
Storage and Security of Personal Information
The OHA stores personal information in a variety of locations including, but not limited to:
- Local servers
- Remote servers
- Hard copy files
- Personal devices, including laptop computers
- Third-party storage providers such as cloud storage facilities
The OHA takes all reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
These steps include, but are not limited to:
- Restricting access and user privilege of information by staff depending on their role and responsibilities
- Educating staff and students on protection of personal passwords
- Ensuring hard copy files are stored in lockable filing cabinets in lockable rooms. Staff access is subject to user privilege
- Implementing physical security measures around the School buildings and grounds to prevent break-ins
- Ensuring our IT and cyber security systems, policies and procedures are implemented and up-to-date
- Monitoring staff compliance with internal policies and procedures when handling personal information
- Undertaking due diligence with respect to third-party service providers who may have access to personal information, including customer identification providers and cloud service providers, to ensure as far as practicable that they are compliant with the APPs or a similar privacy regime
- The destruction, deletion or de-identification of personal information we hold that is no longer needed or required to be retained by any other laws.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Responding to Data Breaches
The School maintains procedures for responding to data breaches, including initial containment, formal investigation the formation of a data breach response team.
If we have reasonable grounds to believe that a data breach has occurred which is likely to result in serious harm to any individual, Haileybury will:
- Enact procedures to contain and investigate the data breach
- Attempt to notify the affected and or at-risk individuals directly or, if it is not possible to notify individuals directly, publish a statement on our website and through appropriate public channels, and
- Provide a statement to the Office of the Australian Information Commissioner (OAIC) including details of the breach.
Disclosure of Personal Information
Personal information is used for the purposes for which it was given to the OHA, or for purposes which are directly related to one or more of our functions or activities.
Personal information may be disclosed to government agencies, other parents, other schools, employees, recipients of School publications, visiting teachers, counsellors and coaches, our service providers, agents, contractors, business partners, related entities and other recipients from time-to-time, if the individual:
- has given consent; or
- would reasonably expect the personal information to be disclosed in that manner.
Haileybury may disclose personal information without consent or in a manner which an individual would reasonably expect if:
- we are required to do so by law
- the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety
- disclosure is reasonably necessary for a law enforcement related activity
- another permitted general situation applies
- another permitted health situation exists.
Quality of Personal Information
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up-to-date, including at the time of using or disclosing the information.
If the OHA becomes aware that the personal information is incorrect or out of date, we will take reasonable steps to rectify the incorrect or out of date information.
Access and Correction of Personal Information
You may submit a request to the OHA to access the personal information we hold, or request that we change or update the personal information. Upon receiving such a request, we will take steps to verify your identity before granting access or correcting the information.
If we reject the request, you will be notified accordingly. Where appropriate, we will provide the reason/s for our decision. If the rejection relates to a request to change personal information, an individual may make a statement about the requested change and we will attach this to their record.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
The OHAy takes all complaints seriously. Privacy complaints can be made to the Director of Development and Alumni Relations and will be handled in accordance with our Complaints Procedures.
How to Contact Us
Email: [email protected]
Phone: (03) 9904 6615
Mail: Old Haileyburians Association, Haileybury, 855 Springvale Rd KEYSBOROUGH VIC 3173