Privacy Policy

     1. Introduction

This Privacy Policy sets out how St Andrew’s Greek Orthodox Theological College (St Andrew’s) collects, uses and discloses personal information, including sensitive information. This Policy aligns with and complements the Sydney College of Divinity Privacy Policy.

This Policy outlines how St Andrew’s complies with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). St Andrew’s will only collect, use and disclose your personal information in accordance with its legal obligations. Detailed information about the Privacy Act can be found on the website of the Office of the Australian Information Commissioner: https://www.oaic.gov.au/

     2. Scope and Purpose

St Andrew’s may collect personal information from an individual in their capacity as a student, employee, contractor, volunteer, job applicant, alumni, visitors or others that come into contact with St Andrew’s directly.

St Andrew’s collects and holds the following kinds of personal information:

a) Personal Information including names, addresses and other contact details; dates of birth; next of kin details; photographic images; educational information, attendance records and financial information.

b) Sensitive Information (particularly in relation to student records) including government identifiers, religious beliefs, nationality, country of birth and professional memberships.

c) Health Information (particularly in relation to student records) including medical records, physical injuries, illnesses, disabilities and psychological reports.

As part of its recruitment processes for employees, contractors and volunteers, St Andrew’s may collect and hold:

a) Personal Information including names, addresses and other contact details, dates of birth, financial information, citizenship, employment references, regulatory accreditation, media, directorships, property ownership and driver’s licence information.

b) Sensitive Information including government identifiers, nationality, country of birth, professional memberships, family court orders and criminal records.

c) Health Information (particularly in relation to prospective staff) including medical records.

Generally, where we obtain personal information directly from an individual, we will seek consent from the individual in writing before we collect their sensitive information.

However, records relating to employees of St Andrew’s are not covered by the APPs.

St Andrew’s only uses personal information that is reasonably necessary to fulfil its purpose, mission and goals, or for a related secondary purpose that would be reasonably expected by you, or for an activity or purpose to which you have consented. Our strategic plan is available from our website: www.sagotc.edu.au

The primary uses of personal information St Andrew’s collects, holds and uses include, but are not limited to:

a) acting as a higher education provider of theological studies

b) complying with Governmental obligations

c) liaising with its accrediting body, the Sydney College of Divinity, particularly in relation to compliance and administration

d) liaising and developing cooperative links with other groups for the advancement of theological education;

e) ensuring the health, safety, welfare and wellbeing of all students, staff, contractors and volunteers;

f) marketing, promotional and fundraising activities;

g) improving our day-to-day operations and training our staff;

h) developing new programs and services; undertaking planning, research and statistical analysis;

i) the employment of staff and the engagement of volunteers.

We will only use or disclose sensitive or health information in accordance with our purpose or if you would reasonably expect us to use or disclose the information.

We may disclose personal information to related bodies, but only if necessary for us to provide our services.

     3. Collection of Personal Information

Provided it is reasonable and practical to do so, St Andrew’s collects personal information directly from individuals. This usually occurs through specific forms, for example, an enrolment form or a job application form, as well as by email, letters, website, telephone, face-to-face meetings, financial transactions and through security activities such as the use of CCTV or email monitoring.

St Andrew’s may be provided with unsolicited personal information, such as misdirected mail or other information provided which was not requested. Unsolicited information will only be used or disclosed if it is considered to be personal information that could have been collected by normal means and is relevant. Otherwise, it will be destroyed.

St Andrew’s only collects sensitive information if it is reasonably necessary for our activities, and only with your consent. However, it may also be necessary to collect such information to prevent a serious threat to life, health or safety.

St Andrew’s uses health information relating to student educational and health needs to determine educational support needs and to allocate appropriate funding for those needs.

     4. Security of Personal Information

St Andrew’s stores personal information in a range of formats including, but not limited to:

a) databases

b) hard copy files

c) computers and other electronic devices

d) cloud storage facilities.

St Andrew’s takes reasonable steps to protect the personal information we hold from misuse, unauthorised access or disclosure. These steps include, but are not limited to, ensuring:

a) access and user privilege of information by employees is in accordance with their roles and responsibilities

b) employees do not share their passwords

c) hard copy files are stored securely and employee access is subject to user privilege

d) access to St Andrew’s premises is appropriately restricted

e) security measures prevent break-ins.

f) ICT and cyber security systems are robust

g) employees comply with relevant policies and procedures when handling personal information.

     5. Preventing and Responding to Data Breaches

St Andrew’s takes reasonable steps to prevent data breaches from occurring and will take swift and appropriate action if it has reasonable grounds to believe that a data breach may have occurred. Depending on the type of data breach, this may include taking immediate remedial action, notifying affected individuals and the Office of the Australian Information Commissioner, and implementing mitigating measures.

     6. Disclosure of Personal Information

Personal information is used for the purposes for which it was given to St Andrew’s, or for purposes directly related to our vision, mission and goals.

Personal information may be disclosed to government agencies, our service providers, agents, contractors, related entities and other recipients, if consent has been given or if it is reasonable to disclose the personal information in accordance with our legal obligations.

St Andrew’s may disclose personal information without consent if:

a) required to do so by law

b) the disclosure will lessen or prevent a serious threat to life, health or safety

c) disclosure is reasonably necessary for a law enforcement related activity

d) another permitted situation applies.

Personal information about an individual may be disclosed to an overseas organisation in the course of providing our services, but only where you give your consent or the disclosure is otherwise authorised by law.

     7. Quality, Access and Correction of Personal Information

St Andrew’s takes all reasonable steps to ensure the personal information we hold, use and disclose is accurate and complete, including at the time of using or disclosing the information. If St Andrew’s becomes aware that personal information is incorrect or out of date, it will take reasonable steps to remedy this.

You may submit a request to access the personal information we hold, or request that we change the personal information. Upon receiving such a request, if necessary, St Andrew’s will take steps to verify your identity before granting access or correcting the information.

If we reject the request, you will be notified. Where appropriate, we will provide the reason for our decision.

     8. Further information

If you would like further information about the way St Andrew’s manages the personal information it holds about you, or believe that we have breached our privacy obligations, please contact St Andrew’s Greek Orthodox Theological College on +61 2 9549 3100, via mail (242 Cleveland St, Redfern NSW 2016), or at [email protected].