Privacy Policy
Apr 16, 2024 07:13 AM
Privacy & Confidentiality Policy
Privacy Statement
Dance Northside recognises that every individual has the right to ensure their personal
information is accurate and secure, and only used or disclosed to achieve the outcomes for which it was initially collected. Personal information will be managed openly and transparently in a way that protects an individual’s privacy and respects their rights under Australian privacy laws.
Implementation
Our Privacy Notice and Disclosure Statement are at the end of this Policy. Our Studio practices are consistent with the Australian Privacy Principles.
Collection of personal information
We collect personal information if it is necessary for us to carry out Studio operations or to comply with our legal obligations. Information may also be collected to comply with other Laws including State or Territory Health Laws.
The privacy policy for our online enrolment process using Dance Studio Pro can be found here - https://info.dancestudio-pro.com/privacy-policy/
We usually collect personal information directly from a parent or guardian via our online enrolment system. We may also collect information through our website, social media page, Family Law court orders or agreements, special needs agencies and training courses.
In most cases, if we are unable to collect relevant personal information, we will be unable to enrol a student at Dance Northside.
The Director will advise individuals about any unsolicited personal information we receive from other organisations and keep because it is directly related to our functions and activities (unless we are advised not to by a Government authority). The Director will destroy any unsolicited personal information that is not directly related to our Studio operations unless it adversely impacts the health, safety and wellbeing of a student at Dance Northside. If this happens the Director will contact the appropriate Government authorities and take action as directed while protecting the confidentiality of the individuals concerned.
Use or disclosure of personal information
We will not use personal information for any purpose that is not reasonably needed for the proper or effective operation of Dance Northside. Personal information may be accessed by and exchanged with staff or by administrative staff.
We do not disclose your personal information to others unless you would have reasonably expected us to do this or we have your consent. For example, personal information may be disclosed to:
emergency personnel so they can provide medical treatment in an emergency
special needs educators or inclusion support agencies
volunteers, trainees and work experience students
trainers or presenters if students participate in special learning activities
the new operator of the Studio if we sell our business and you have consented to the transfer of enrolment and other documents.
We may disclose personal information where we are permitted or obliged to do so by an Australian law. For example, personal information may be disclosed to:
Government employees
software companies
management companies we may engage to administer Dance Northside
lawyers in relation to a legal claim
officers carrying out an external dispute resolution process
a debt collection company we use to recover outstanding fees
authorities if we are taking action in relation to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety.
We do not disclose personal information to any person or organisation overseas or for any direct marketing purposes.
Quality of personal information
The Director will take reasonable steps to ensure the personal information we collect, use and disclose is accurate, current and complete. Dance Northside employees will:
view original sources of information if practical when information is collected.
record the date personal information was collected or updated.
update information in our physical or electronic records as soon as it’s provided.
In addition the Director will:
regularly remind families via newsletters, emails, private Facebook groups or noticeboard display to update their personal information including emergency contact details and student health information.
ask students to update their enrolment details annually, or whenever their circumstances change.
verify the information is accurate, current and complete before disclosing it to any external organisation or person.
ensure documentation about students is based on facts and free from prejudice.
Security of personal information
The Director will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. These steps include:
taking responsibility for the security of personal information and regularly checking the practices implemented to protect it. This will include management of access privileges to ensure only people who genuinely need to see personal information can access it.
ensuring information technology systems have appropriate security measures including password protection, anti-virus and ‘malware’ software, and data backup systems.
ensuring physical repositories of personal information are secure INFORMATION IS STORED eg Directors Office in a filing cabinet.
ensuring all employees are aware of their obligations in relation to the collection, use and disclosure of personal information, through activities like mentoring, staff meetings or online training courses.
ensuring records which we don’t need to keep, including unsuccessful job applications are destroyed in a secure way as soon as possible by, for example, shredding, incinerating or permanently deleting electronic records including archived or back-up copies.
making sure employees and other relevant persons only have access to the personal information required to do their job
‘de-identifying’ personal information which may come into the public domain. For example, removing identifying names or details from newsletters etc.
ensuring staff comply with our Social Media Policy (for example by obtaining authorisation from a student's parents/guardian before posting any photos of the student on the Studio social media page, and not posting personal information on any social media page which could identify children or families.)
ensuring confidential conversations with students, families or with staff are conducted in a quiet area away from other students, families and staff.
requiring all employees, volunteers and work experience students to sign a ‘Confidentiality Statement’ acknowledging that personal information:
can only be accessed if it is necessary for them to complete their job
cannot be disclosed to other organisations (including colleges, RTOs) or discussed with individuals outside the Studio including personal family members unless they have written consent from the person (or parent) concerned.
must be stored in compliance with Studio practices which safeguard its security.
Breaches of Personal Information
The Director will implement the Studio’s Data Breach Response Plan and notify individuals and the Australian Information Commissioner (the Commissioner) if personal information is lost (hard copies or electronic), accessed or intentionally/unintentionally disclosed without authorisation, and this is likely to cause one or more persons serious harm.
Data Breach Response Plan
Employees must notify the Director about a breach or suspected breach of personal data as soon as they suspect the breach or become aware a breach has occurred. The Director will:
quickly assess the situation to decide whether or not there has been a breach. This assessment must be completed within 30 days but given the potential for serious harm to individuals, should be completed as soon as possible
record the nature of any data breach, and the steps taken to immediately contain the breach where possible and ensure it does not happen again. If necessary they will contact external experts for advice and guidance, for example on cybercrime (hacking) and information technology security measures like access, authentication, encryption and audit logs
notify the Commissioner and the individuals where there is a risk of serious harm after a data breach
liaise with their insurer to determine whether the insurance policy covers data breaches and any steps they need to take
evaluate the effectiveness of their response to the data breach and implement improvements to the Plan if required after all notifications, records and remedial action are taken.
Serious harm
The Director will decide whether serious harm of a physical, psychological, emotional, financial or reputational nature is likely once fully informed about the type and extent of the breach. They will consider the type and sensitivity of the information, the type of security protecting the information (e.g. encryption) and how likely it is that the information will be used to cause harm to individuals.
Examples of the kinds of information that may increase the risk of serious harm include sensitive information like an individual’s health records, documents commonly used for identity fraud.
The Director will also consider how long the personal information has been accessible because serious harm is more likely the longer it has been since the data breach.
Where a data breach occurs, there may not always be a risk of serious harm. This may be the situation, for example, if a trustworthy person or organisation who has received personal information in error confirms they have not copied, and have permanently deleted the information, or where expert advice states it’s unlikely encrypted data can be accessed.
Where they are satisfied there is no risk of serious harm, the Director is not required to notify individuals or the Commissioner about the breach. They may choose to advise the individuals concerned about the breach and the action taken. The Director will however appropriately keep records about the breach.
Notifying the Commissioner
Where there is a risk of serious harm after a data breach, the Director will prepare a Statement for the Commissioner which includes the name and contact details of the Director, a description of the data breach (including date occurred and detected and who obtained information), the type of information involved (why it may cause serious harm), and the steps individuals at risk of serious harm should take in response to the breach (eg steps to request new credit card). The Director will get specialist advice about the recommended steps if required. They may use the Notifiable Data Breach Form available online from the Office of the Australian Information Commissioner to notify the Commissioner.
Notifying Individuals
Where there is a risk of serious harm after a data breach, the Director will notify individuals about the breach as soon as possible using the most appropriate communication methods for the individuals concerned e.g. a telephone call, SMS, physical mail, social media post, or in-person conversation. The information provided is the same as that required for the Commissioner. It might also explain steps the Studio has taken to reduce the risk of harm to individuals. The Director may notify everyone whose personal information was part of the breach or only those individuals at risk of serious harm. If this is not possible or practical, they may publish a copy of the Statement, for example on their website or Facebook page, and take steps to ensure individuals at risk of serious harm see the publication.
Correction of personal information
Individuals have a right to request the correction of any errors in their personal information. These requests may be made to Administration by telephone on 0417 703 437 or email admin@dancenorthside.com.
The Director will take reasonable steps to correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading as soon as it is available. The Director will:
take reasonable steps to ensure information supplied by an individual is correct.
verify the identity of an individual requesting the correction of personal information.
notify other organisations about the correction if this is relevant, reasonable or practical.
advise the individual about the correction to their information if they are not aware.
if immediately unable to correct an individual’s personal information, explain what additional information or explanation is required and/or why we cannot immediately act on the information provided.
if unable to correct the information, include reasons for this (for example we believe it’s current) and inform the individual about our grievance procedure and their right to include a statement with the information saying they believe it to be inaccurate, out-of-date, incomplete, irrelevant or misleading.
correct the information, or include a statement if requested, as soon as possible.
We will not charge you for making a request to correct their personal information or for including a statement with your personal information.
Complaints
If you believe we have breached Privacy Laws or our Privacy Policy may lodge a complaint with the Director by telephone on 0417 703 437 or email holly@dancenorthside.com. The Director will follow the Dance Northside complaints policy to investigate the complaint. Individuals who are unhappy with the outcome of the investigation may raise their complaint with the Office Australian Information Commissioner www.oaic.gov.au GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601, phone 1300 363 992 or email enquiries@oaic.gov.au
Disclosure Statement
We will not use personal information for any purpose that is not reasonably needed for the proper or effective operation of the Studio. Personal information may be accessed by and exchanged with staff educating and caring for a child or by administrative staff.
We do not disclose your personal information to others unless you would have reasonably expected us to do this or we have your consent. For example, personal information may be disclosed to:
emergency Studio personnel where this is necessary to provide medical treatment in an emergency
special needs educators or inclusion support agencies
volunteers, trainees and work experience students (with consent)
trainers or presenters if students participate in special learning activities
organisations related to the Studio (eg other Studios)
another Studio to which a student is transferring where you have consented to the transfer.
the new operator of the Studio if we sell our business and you have consented to the transfer of enrolment and other documents listed
We may disclose personal information where we are permitted or obliged to do so by an Australian law. For example, personal information may be disclosed to:
Government employees
software companies
lawyers in relation to a legal claim
officers carrying out an external dispute resolution process
a debt collection company we use to recover outstanding fees
react to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety. We are obliged to cooperate with law enforcement bodies in some circumstances.
Privacy Notice
Personal information will be managed openly and transparently in a way that protects an individual’s privacy and respects their rights under Australian privacy laws.
We only collect or use personal information if this is needed to educate and care for students at the Studio, or to comply with our legal obligations. We will take reasonable steps to make sure you know we have your personal information, how we got it and how we'll handle it.
We collect most personal information directly from a parent or guardian. We may also collect information through our website, social media page, Family Law court orders or agreements, special needs agencies and training courses. We may occasionally request information from other organisations which you would reasonably agree is necessary for us to teach your child.
The information collected includes information required to enrol a student at Dance Northside. This includes name, address, date of birth, gender, family contact details, emergency contact details, payment details, medical information and medical management plans, including special needs.
We do not disclose personal information to others unless you would reasonably expect us to do this, we have your consent or we are complying with an Australian law.
We aim to keep the personal information we hold accurate, up-to-date and complete. This enables us to provide high quality education and care while ensuring the health and safety of students, and it is also important that we can contact you in the event of an emergency.
We have systems and practices in place to ensure personal information is secure and can only be accessed by those who need the information or may legally access it.
Our Privacy Officer for privacy matters, including complaints, is the Director who may be contacted by telephone on 0417 703 437 or email holly@dancenorthside.com.
We will provide a copy of any updates to our Privacy and Confidentiality Policy on our website or via email.