SCECS collects personal information of parents, guardians, children, employees and stakeholders for the primary purpose of providing early childhood education and care services. In some circumstances, we may be required by law to provide personal information to another organisation. The personal information will only be used for the purpose or related purpose, for which it was collected.
SCECS is committed to managing collected personal information, storage, use and disclose, as well as disposal, to a high standard of diligence and care, in accordance with both State and Commonwealth Legislation in line with the Australian Privacy Principles.
2.1 SCECS is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). In relation to health records, SCECS is also bound by the NSW Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (NSW)
3.1 Personal Information
3.1.1 The type of information individual services and SCECS collect and hold includes (but is not limited to) personal information, including health and other sensitive information, about:
Children and parents and / or guardians (hereafter referred to as parents) before, during and after the course of a child's enrolment at the service, including:
Job applicants, staff members, students, volunteers and contractors, including:
4.1.2 Personal information parents and children provide: services will generally collect personal information held about a child /en by way of, but not limited to,
4.1.3 Personal Information provided by other people: in some circumstances services may be provided with personal information about a child / ren from a third party,for example a report provided by a medical professional or a government agency.
4.2.1 A service will use personal information it collects from parents for the primary purpose of collection, and for secondary purposes that are related to the primary purpose and reasonably expected by parents, or to which they have consented.
4.2.2 Children and parents: in relation to personal information of children and parents, a service's primary purpose of collection is to enable the service to provide an education and leisure learning program for the child / ren. This includes satisfying the needs of the parents, the needs of the child / ren and the needs of SCECS, and the service throughout the whole period the child is enrolled.
4.2.3 Purposes for which SCECS and a service use personal information include:
4.2.4 In some cases, where a service requests personal information about a child or parent, if the information requested is not provided, the service may not be able to enrol or continue the enrolment of the child, or permit the child to take part in a particular activity / incursion /excursion.
4.2.5 Job applicants, staff members and contractors: in relation to personal information of job applicants, staff members and contractors, SECS primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, whichever the case may be.
4.2.6 Purposes for which SCECS uses the personal information of job applicants, staff members and contractors include:
4.2.7 Volunteers: SCECS also obtain personal information about volunteers who assist the service in its functions or conduct associated activities, to enable the service and the volunteers to work together and meet regulatory requirements.
4.2.8 Marketing: SCECS regards marketing to be an important part of ensuring that the service promotes its high quality education and leisure environment in which children and staff thrive. Service publications, such as newsletters, which include personal information,may be used for marketing purposes.
4.2.9 Exceptions in relation to related services: The Privacy Act allows each service, to share personal (but not sensitive) information with the other services conducted by SCECS. Other services may then only use this personal information for the purpose for which it was originally collected by SCECS or the service. This allows services to transfer information between them, for example, when a child transfers from an OSHC service to a vacation care service, or there is an outstanding debt.
4.3.1 A service may disclose personal information, including sensitive information held about a child/ren to:
4.3.2 The service may use online or 'cloud' service providers to store personal information and to provide facilities to the service that involve the use of personal information, such as email, education and leisure applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored on a cloud service provider's servers which may be situated outside Australia.
An example of such a cloud service provider is Google. Google provides the 'G Suite for Education' (G Suite) including Gmail, and stores and processes limited personal information for this purpose. Service personnel, SCECS and their service providers may have the ability to access, monitor, use or disclose emails, communications, documents and administrative data for the purposes ensuring the proper use of the G Suite.
4.4.1 In referring to 'sensitive information', the service means information about an individual relating to their racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices, criminal record, health information and biometric information.
4.4.2 Sensitive information will be used and disclosed only for the purpose for which it was provided, or a directly related secondary purpose, unless a parent agrees otherwise or the use or disclosure of the sensitive information is allowed by law.
4.5.1 SCECS and service staff are required to respect the confidentiality of children and parents' personal information and the privacy of individuals.
4.5.2 Each service has steps in place to protect the personal information the serviceholds from misuse, interference, loss, unauthorised access, modification or disclosure. These include secure storage of paper records and password protected access to computerised records.
4.5.3 SCECS and its services also store personal information on digital information management and storage platforms called Storypark Manage, Storypark and 'G suite'. Access to personal information may be granted to children and parents to allow them to update personal information online. Children and parents privacy and information access rights remain the same regardless of where or how the information is stored.
4.5.4 Personal information will be restricted and only accessible by persons authorised by SCECS.
4.6.1 Under the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW), a child and parent has the right to obtain access to any personal information which SCECS or a service holds about them and to advise SCECS and the service of any perceived inaccuracy. Children and parents will generally be able to access and update their personal information. There are some exceptions to these rights set out in the applicable legislation.
4.6.2 To make a request to access or update any personal information SCECS or a service holds about a parent or a child, a parent may contact the service Director /Coordinator or the Privacy Officer SECS Administration email@example.com in writing. The service may require the parent to verify their identity and specify what information is required. The service may charge a fee to cover the cost of verifying an application and locating, retrieving, reviewing and copying the material requested. If the information sought is extensive, the service will advise the likely cost in advance. If the service cannot provide access to the requested information, the service will provide the parent with a written notice explaining the reasons for refusal.
4.7 Consent and Right of Access to the Personal Information of Children
4.7.1 SECS respects every parent's right to make decisions concerning their child's education and leisure learning program. Generally, a service will refer any requests for consent and notices in relation to the personal information of a child to that child's parents. A service will treat consent given by parents as consent given on behalf of the child, and notice to parents will act as notice given to the child.
4.7.2 As mentioned above, parents may seek access to personal information held by a service or SCECS about them or their child, by contacting the Service's Director/Coordinator or Privacy Officer SCECS Administration. However, there will be occasions when access is denied. Such occasions would include, but is not limited to the following circumstances,
4.8.1 A data breach can occur when personal information is lost or subjected to unauthorised access, modification, use or disclosure. Data breaches can give rise to a range of actual or potential harm to individuals, agencies or organisations.
4.8.2 In the event of any suspected or actual data breach, the matter will be investigated to determine,
4.9.1 For further information about the way SCECS or a service manages the personal information it holds, or to complain about an alleged breach of the Australian Privacy Principles by the service, please contact the service's Director / Coordinator or the Privacy Officer SCECS Administration on 02 9568 8628 or by email to firstname.lastname@example.org.The service and SCECS will investigate any complaint and will notify the parent of the decision in relation to the complaint as soon as is practicable.
If you are not satisfied with the response provided, you may refer your complaint to the Office of the Australian Information Commissioner on 1300 363 992 or by email to email@example.com.
This policy will be monitored to ensure compliance with legislative requirements and unless deemed necessary through the identification of gaps, the service will review this policy every three years.
In accordance with R. 172 of the Education and Care Services National Regulations, the service will ensure that families of children enrolled in the service are notified at least 14 days before making any change to a policy or procedure that may have significant impact on the provision of education and care to any child enrolled at the service; a family's ability to utilise the service; the fees charged or the way in which fees are collected.
The authorisation and amendment history for this document must be listed in the following table: