Purpose

The Privacy Policy defines Central Coast Montessori’s approach for the collection, use, management, and disclosing of personal information collected as part of the School’s activities. Central Coast Montessori is bound by the requirements of the Australian Privacy Principles (APPs) and its obligations under the Privacy Act 1988 (the Privacy Act). 
 

Scope

The Privacy Policy applies to the management of personal information collected by all campuses and operations of Central Coast Montessori in the course of our operations, including that which is collected by solicited and unsolicited means, and is applicable to the management of any personal information which is under the control of Central Coast Montessori. The management of personal information refers to the circumstances in which we obtain personal information, how we use and disclose that information, and how we manage requests to access, dispose of, and/or change that information. The policy does not apply to information that is under the control of any third party to which Central Coast Montessori provides personal information in accordance with this policy. 
 

What is Personal Information?

Personal information is information or an opinion about an individual from which they can be reasonably identified.
This may include: 
 

• an individual’s name, signature, address, phone number, photograph or date of birth

• sensitive information, such as:

  • racial or ethnic origin

  • political opinions or associations

  • religious or philosophical beliefs

  • trade union membership or associations

  • sexual orientation or practices

  • criminal record

  • health or genetic information

  • some aspects of biometric information.

• credit information

• elements of employee records and notes

• internet protocol (IP) addresses

• voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)

• location information from a mobile device (because it can reveal user activity patterns and habits).

 
Collection of Personal Information

Central Coast Montessori may collect personal information from an individual in their capacity as a current or prospective student or parent/guardian, contractor, volunteer, job applicant, employee, alumni, visitor, or others who come into contact with the School. 
 
If it is reasonable and practical to do so, Central Coast Montessori will collect personal information directly from the individual. In the course of providing our services, we may collect and hold information including but not limited to: 
 

• General identifying information including names, addresses, emails, phone numbers, gender, and date of birth

• Sensitive information including place of birth, nationality, religious beliefs, medical information and history, and criminal history

• Financial and business information

• Personal information of emergency contacts

• Photographic images, sound, and video recordings.
   

Generally, Central Coast Montessori will seek consent from the individual in writing before collecting their sensitive information. It is noted that employee records are not covered by the APPs where they relate to current or former employment relations between the School and the employee. However, a current or former employee’s health records are covered by the New South Wales Health Privacy Principles. 
 

Solicited Information

Central Coast Montessori has, where possible, attempted to standardise the collection of personal information by using specifically designed forms to ensure that only the information required for Central Coast Montessori to provide its services is collected. However, the School may also receive personal information necessary to effectively deliver its services or meet its legislative obligations via email, letters, notes, social media, our website, over the telephone, in face-to-face meetings, through financial transactions, and surveillance activities such as the use of CCTV security cameras or email monitoring. 
 
Central Coast Montessori may also collect personal information from other sources (e.g., a third-party administrator, referees for prospective employees, etc.). Personal information will only be collected from third parties where it is not reasonable and practical to collect the personal information from the individual directly. 
 
 
Unsolicited Information

Central Coast Montessori may be provided with personal information without having sought it through our normal means of collection. This is known as “unsolicited information” and can be collected by: 
 

• Misdirected postal mail – Letters, documents

• Misdirected electronic mail – Emails, electronic messages

• Employment applications sent to us that are not in response to an advertised vacancy

• Information entered into or stored in online systems and platforms

• Information communicated through mail, email, telephone or verbal communication

 
Unsolicited information obtained by Central Coast Montessori will only be held, used, or disclosed if it is considered information that could have been collected by normal means. If that unsolicited information could not have been collected by normal means, it will be destroyed, permanently deleted, or de-identified as appropriate. 

 
Device Information and Activity
 
When visiting our websites/app, we may collect information about your device and activity, for example, technical information, including:  
 

• The IP address used to connect your computer to the Internet

• Your login information

• Browser type and version

• Time zone setting

• Browser plug-in types and versions

• Cookies

• Operating system and platform

• The type of device used.

 
Additionally, as you browse our websites and platforms, we collect information about the individual web pages or products that you view, what websites or search terms referred you across those platforms, and information about how you interact with our suite of products. We refer to this automatically collected information as “Device Information”. 
 
We collect Device Information using the following technologies: 
 

• “Cookies” - Data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org

• "Log files” - Track actions occurring on our websites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

• “Web beacons”, “tags”, and “pixels” - Electronic files used to record information about how you browse our websites.
  
   

Information from Third Parties
 
Information may be collected by us or on our behalf via third parties including: 
 

• The date and time of your visit to our websites

• IP address

• Documents and pages you access

• The type of browser and browser settings

• Your operating system

• Address of a recurring site you are about to visit

• Information you submit regarding payment particulars

• Device identifier, including Unique Device Identifiers (UDID)

• Device details

• Pages visited

• Language selections

• Cookies

• Tracking pixels

• ​Geographic area and location.

We collect this information for the purpose of: 
 

• Providing you with local information and alerts about our products and services

• Improving our website and services

• Complying with local legal obligations

• Gathering anonymised statistics for analytical purposes

• Ensuring proper function of the website and online software

• Any other reason allowed at law
  
   

Collection and use of sensitive information

Central Coast Montessori will only collect sensitive personal information if it is: 
 

• reasonably necessary for the delivery of our services or to meet our legislative obligations

• necessary to lessen or prevent a serious threat to life, health or safety

• another permitted health situation.

 
Central Coast Montessori may share sensitive information with other entities in our organisational structure, but only if necessary, to provide our services. Sensitive information may also be disclosed outside of Central Coast Montessori where required or permitted under legislation. 
 
 
Use of Personal Information

Central Coast Montessori only uses personal information that is reasonably necessary to deliver our services (the primary purpose), for a related secondary purpose that would be reasonably expected by the individual, or for an activity or purpose to which an individual has consented. 
 
Central Coast Montessori’s primary uses of personal information include, but are not limited to: 
 

• Providing education, student support, extra-curricular and health services

• Satisfying our legal obligations including our duty of care and child safety and wellbeing obligations

• Sharing School information with parents/guardians

• Marketing, promotional and fundraising activities

• Supporting the activities of school associations

• Supporting the activities of the Central Coast Montessori Foundation

• Supporting community-based causes and activities, charities and other causes in connection with the School’s events or activities

• Helping us to improve our day-to-day operations including training our staff

• Systems development; developing new programs and services; undertaking planning research and statistical analysis

• School administration including for insurance purposes

• Employment of staff

• Engagement of volunteers.

 
We will only use or disclose sensitive information for a secondary purpose if an individual would reasonably expect us to use or disclose the information and the secondary purpose is directly related to the primary purpose. We may share personal information with related bodies corporate, but only if necessary, for us to provide our services. 
 
Storage and Security of Personal Information

Central Coast Montessori stores personal information in a variety of locations including, but not limited to: 
 

• Local servers

• Remote servers

• Hard copy files

• Personal devices, including laptop computers

• ​Third-party app and management system providers such as Transparent Classroom, OWNA, OWNA HQ, accounting software MYOB and OneSpot/Seabird Apps

• Third-party storage providers such as cloud storage facilities
  
  Central Coast Montessori may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with technology service providers which are situated outside Australia or to facilitate a school transfer. The countries in which these overseas recipients are likely to be located include the United States of America. 
  
  Central Coast Montessori takes all reasonable steps to protect the personal information we hold from misuse, loss, interference, unauthorised access, modification or disclosure. 
   
  These steps include, but are not limited to: 

• Restricting access and user privilege of information by staff depending on their role and responsibilities

• Educating staff and students on protection of personal passwords

• Ensuring hard copy files are stored in lockable filing cabinets in lockable rooms. Staff access is subject to user privilege

• Implementing security measures around the School buildings and grounds

• Ensuring our IT and cyber security systems, policies and procedures are implemented and current

• Monitoring staff compliance with internal policies and procedures when handling personal information 

• Undertaking due diligence with respect to third-party service providers who may have access to personal information, including customer identification providers and cloud service providers, to ensure as far as practicable that they are compliant with the APPs or a similar privacy regime

• The destruction, deletion, or de-identification of personal information we hold that is no longer needed or required to be retained by any other laws.

Cross-sharing of Information
 
Central Coast Montessori operates both a Preschool and Primary campus under two entities. To facilitate smooth transitions for students moving from Preschool to Primary, it may be necessary to cross-share certain student and family particulars between the two campuses. This sharing of information will be conducted in compliance with the Australian Privacy Principles, ensuring that personal information is managed securely and respectfully. We are committed to protecting the privacy of our students and families and will only use or disclose information for the purposes of enhancing educational outcomes and ensuring a seamless transition experience.
 

Responding to Data Breaches

Central Coast Montessori maintains procedures for responding to data breaches, including initial containment, formal investigation, and the formation of a data breach response team. 
 
If we have reasonable grounds to believe that a data breach has occurred which is likely to result in serious harm to any individual, Central Coast Montessori will: 
 

• Enact procedures to contain and investigate the data breach

• Attempt to notify the affected and/or at-risk individuals directly or, if it is not possible to notify individuals directly, publish a statement on our website and through appropriate public channels, and

• Provide a statement to the Office of the Australian Information Commissioner (OAIC) including details of the breach.

 
 
Disclosure of Personal Information

Personal information is used for the purposes for which it was given to Central Coast Montessori, or for purposes which are directly related to one or more of our functions or activities. 
 
Personal information may be disclosed to government agencies, other parents, other schools, employees, recipients of School publications, visiting teachers, counsellors and coaches, our service providers, agents, contractors, business partners, related entities, and other recipients from time to time, if the individual: 
 

• has given consent; or

• would reasonably expect the personal information to be disclosed in that manner.

 
Central Coast Montessori may disclose personal information without consent or in a manner that an individual would reasonably expect if: 
 

• we are required to do so by law

• the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety

• disclosure is reasonably necessary for a law enforcement-related activity

• another permitted general situation applies

• another permitted health situation exists.

 

Personal Information of Students

The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information. 
 
At Central Coast Montessori, we take a ‘common-sense’ approach to dealing with a student’s personal information and generally will refer any requests for personal information to a student’s parents/carers. We will treat notices provided to parents/carers as notices provided to students, and we will treat consents provided by parents/carers as consents provided by a student. 
 
In seeking to respect the rights of children under the Privacy Act and recognising that in certain circumstances (especially when dealing with older students and when dealing with sensitive information), it will be appropriate to seek and obtain consent directly from students. We also acknowledge that there may be occasions where a student may give or withhold consent with respect to the use of their personal information independently from their parents/carers. 
 
There may also be occasions where parents/carers are denied access to information with respect to their children, because providing such information would have an unreasonable impact on the privacy of others, or result in a breach of the School’s duty of care to the student. 
 

Quality of Personal Information

We take all reasonable steps to ensure the personal information we hold, use, and disclose is accurate, complete, and up-to-date, including at the time of using or disclosing the information. 

If Central Coast Montessori becomes aware that the personal information is incorrect or out of date, we will take reasonable steps to rectify the incorrect or out-of-date information. 
 

Access and Correction of Personal Information

You may submit a request to Central Coast Montessori  to access the personal information we hold or request that we change or update the personal information. Upon receiving such a request, we will take steps to verify your identity before granting access or correcting the information. 

If we reject the request, you will be notified accordingly. Where appropriate, we will provide the reason/s for our decision.
 


Complaints
 
Central Coast Montessori  takes all complaints seriously. Privacy complaints can be made to the Privacy Officer and will be handled in accordance with our Complaints Policy and Procedures.

 
How to contact us
 
Central Coast Montessori  can be contacted about this Privacy Policy or about personal information generally, by:
 
Email: privacyofficer@ccm.nsw.edu.au
Mail: Privacy Officer, Central Coast Montessori 10-12 Debra Anne Drive, BATEAU BAY NSW 2260


Changes to our privacy and information handling practices
 
This Privacy Policy is subject to change at any time. Please check our Privacy Policy on our website regularly for chanes.