Privacy

Privacy

The Department of Education (the Department) is committed to protecting your privacy and the confidentiality of your personal information.

The Department of Education does not attempt to collect 'personal Information' about you when you visit this website.

This statement explains, in further detail, the types of personal information we collect, how we collect, use and disclose this information, the steps we take to protect information, how you can access and change your personal information and how you can make a privacy complaint.

The Department processes personal information both as a processor and as a controller, as defined in the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).

The Department is not responsible for the content, policy or practices of websites operated by third parties that are linked to this website. Links to third-party sites do not constitute sponsorship, endorsement or approval by the Department of the content, policies or practices of those third-party sites. When you follow a link from this website to another website, we recommend you read and consider the privacy statement of that website. 

You can generally visit this website without revealing Personal Information*, unless you choose to provide it. The information collected by the Western Australian Department of Education is dependent upon the actions undertaken when visiting the website.

Definitions 

In accordance with the Privacy Act, this statement uses the following definitions: 

  • An entity "collects" personal information only "if the entity collects the personal information for inclusion in a record or generally available publication". 
  • Direct marketing involves the use and/or disclosure of personal information to communicate directly with an individual to promote goods and services. A direct marketer may communicate with an individual through a variety of channels, including telephone, SMS, postal mail, e-mail and online advertising. 
  • An entity “discloses” personal information “when it permits that information to become known outside the entity and releases it from its effective control”. 
  • An entity “holds” personal information “if the entity has possession or control of a record that contains personal information”. 
  • "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable. 
  • "Primary purpose" refers to the particular purpose for which the information in question was collected.   
  • "Secondary purpose" is any purpose other than the primary purpose for which we have collected your personal information. 
  • "Sensitive information" means information or an opinion about an individual’s personal preferences or characteristics (such as race, ethnicity, political views, memberships, religious or philosophical beliefs and sexual preference), health information and/or biometric information.    
  • An entity “uses” personal information “where personal information is handled, or an activity is undertaken with the information, within the entity”. 
Kinds of information we collect and/or hold

The types of personal information the Department may collect and hold includes: 

  • full name, postal address, e-mail address and telephone numbers 
  • occupation 
  • date of birth and gender 
  • any other information you provide to us by any means 
  • information associated with web browsing, such as your IP address. 

Generally, the kinds of information the Department will collect and/or hold will depend on the kind of campaign we are concerned with – essentially, the purpose of the activity we are conducting. Accordingly, the kinds of information we record will usually simply extend to your name, and applicable contact details.

On occasion, we may collect and/or hold other kinds of information – such as when we run a specific campaign. When we do this, we will disclose our intention to do so to you. 

How we collect your personal information

The Department is bound by the State Records Act 2000 (WA) (the State Records Act) and the Department’s Records Management policy, which is made pursuant to that legislation. The State Records Act and the Department’s Records Management policy apply to all records generated by the Department. 
 
The Department may collect personal information from or about you in several circumstances, including: 

  • when you use our services or contact us directly 
  • when you sign up to receive information from us 
  • when you take part in one of our competitions and/or promotions 
  • when you use our website and/or via software, such as cookies and web/tracking pixels (also known as 'web beacons') 
  • when you provide or offer services to us 
  • from third parties 
  • from our own records at the Department  
  • when legally required to do so. 

You can browse the general content of the Department's website anonymously, without disclosing your personal information. However, some functionality on this website may require you to provide personal information. 
 
For example, when you register your interest or otherwise in the course of us providing services to you, the Department may need to collect personal information which may include your name, address, telephone/mobile phone number, e-mail address and professional qualifications. 
 
Subject to legal constraints or obligations, the Department will, at all times, take reasonable steps to collect your personal information directly from you. 
 
The Department only collects (and holds) sensitive information when knowingly and voluntarily submitted by you, although the Department will rarely hold and/or collect this kind of information. Subject to any legal constraints or obligations, the Department will, at all times, take reasonable steps to obtain your express consent where the Department proposes to handle your sensitive information. 

Notification of collection  

When the Department collects personal information about you, it will take reasonable steps to notify you or to otherwise ensure you are aware of certain matters. These matters include our identity as an organisation and contact details, the context of the collection, the purposes of the collection and the Department’s usual disclosure of personal information and information about our privacy statement. 
 
The Department will take reasonable steps to provide this notification before, or at the time it collects your personal information. If it is not possible for it to do so, the Department will take reasonable steps to provide notification as soon as practicable after collection. 

Social media 

When you browse and make use of the Department’s social media pages (such as Facebook, Twitter, YouTube and Instagram), you are using an external site and are therefore subject to the privacy policies and practices of that site. If you have any questions or concerns regarding that site’s privacy policies and practices, you should review the privacy statement of the relevant site. The Department does not exercise any control over the management of those sites. The Department does not endorse, and is not accountable for, any views expressed by third parties using those sites. 
 
The Department records all information posted to its social media pages and uses that information for the purposes of administering the pages, for record keeping, for considering and/or addressing any comments made and for running campaigns. No attempt will be made to further identify social media subscribers except where requested and authorised by law. 

How we hold and store your information

All information we collect is stored locally on our network storage array in the local Data Centre and the data is encrypted at rest. All information is backed up daily, which is held onsite in a safe environment. These backups are replicated to an offsite location.

Security 

The Department strives to ensure the security, integrity and privacy of the personal and sensitive information of its clients. The Department takes reasonable steps to protect the security of all personal information. 

The Department personnel are required to respect the confidentiality of personal information and the privacy of individuals.

The Department uses a variety of physical and electronic security measures, including restricting physical access to our offices and firewalls and secure databases to keep personal information secure from misuse, loss or unauthorised use or disclosure. In relation to personal information provided through the Department’s websites, unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.

Information retention and destruction practices or obligations

The State Records Act and the Department's Record Management policy determine when the Department will retain or destroy records of personal information. 

Cookies 

A cookie is a small text file stored on your computer’s browser. Many cookies from websites will be visible from your browser. You will usually find information on cookies and how to manage them under “options” or “settings” in your browser. You can choose to see cookies before deleting them and to keep cookies from some sites. 
There are several different types of cookies (some of which are used on the Department’s website): 

  • First party cookies: A “first party” cookie is sent from a website to your web browser when you visit that site. This is how websites “record” or “remember” things like your customised settings (such as your location), your shopping cart contents and your log in details. 
  • Temporary cookies: Temporary cookies generally only last for one browsing session (until you close your web browser). 
  • Persistent cookies: Persistent cookies remain on your computer after you close your browser and will be sent back to the applicable website each time you visit it. 
  • Third-party cookies: Third-party cookies are sent by businesses that provide content, such as advertising, on websites you visit. Many websites feature advertising from third parties and those third parties may use cookies to track your browsing activities. They will normally use this information to “show” you targeted advertising – that is, advertising relating to products or services they think you will be interested in based on your prior web searches. 
  • Tracking / web pixels (also known as “web beacons”): Tracking pixels are clear picture files used to keep track of your navigation through a single website or a series of websites. Tracking pixels are normally used by websites that use third-party traffic monitoring and tracking services. 
  • Local Stored Object cookie or “flash cookies”: Flash cookies contain more information than the other kinds of cookies referred to above and are not generally cleared when you clear cookies in your web browser. 
Why and how we use cookies

Generally, we use cookies to learn about the way you interact with the Department’s content and to help us to improve your experience when visiting our website. 

The Department may record your visit through the use of cookies and may log the following information for purely statistical purposes: 

  • your server address 
  • your top-level domain name (for example, .com, .gov, .uk) 
  • the date and time of your visit to The Department’s site 
  • the pages accessed and documents downloaded by you 
  • the previous site(s) visited by you 
  • the type of browser used by you.  

Most of the information collected by cookies will not be sufficient to identify you – this is because the information collected will be very 'general' in nature, relating to your interests (i.e. the products you have looked at) and the websites you have visited previously. Information collected via cookies will only be deemed to be “personal information” for the purposes of the Privacy Act 1988 (Cth) if you or any other individual are identified or reasonably identifiable.

The Department will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through any cookies, tracking/web pixels or Google advertising products or features, unless it has robust notice of and the relevant party’s consent to that merger.

Third-party cookies 

Third-party cookies are sent by different organisations (such as businesses that provide content such as advertising) to the owner of the website you are visiting – so in this instance, this means by organisations other than the Department.

Third-party cookies are used on the Department’s website to enable remarketing and reporting for impression assisted visits, website conversions, user demographics and user interests. 

The Department makes use of tracking/web pixels to run and facilitate the campaigns and competitions it runs via Facebook. The tracking/web pixel allows the Department to track the 'conversions' that happen as a result of our Facebook advertisements.

Manage, reject and/or delete cookies

We will not knowingly use cookies to collect personally identifiable information about you. However, if you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. You should note cookies may be necessary to provide you with features or functions on this website and on other websites.

As noted above, the Department sometimes links to or embeds content from other websites and organisations such as Facebook and YouTube. The Department does not control the dissemination of third-party cookies from these sites. In order to manage and/or reject third-party cookies, you will need to refer to the privacy policies of the relevant third-party website(s).

If you want to make changes to your cookie selection for this site, select the 'Cookies' link located at the bottom of this page.

How and in what circumstances we use or disclose your personal information

Your personal and/or sensitive information will only be used and disclosed for the primary purpose for which it was submitted or for such other secondary purposes related to that purpose, unless we disclose other uses in this privacy statement or at the time of the collection of that information.

When collecting your information, we will inform you of the primary purpose of our collection and/or any anticipated secondary purpose that may arise. The purpose of our collection will vary from project to project, depending on the nature of the project and the nature of your involvement and/or interest in the project.

The Department will use and disclose your personal information to provide our services to you or to fulfil administrative functions associated with these services. In general, we will use and disclose your personal information for the following purposes: 

  • to notify you about an event you may wish to be involved in 
  • to communicate with you with respect to an existing event or booking 
  • to provide and market our services 
  • to help us manage and enhance our services
  • for any purpose for which the information was provided 
  • any other purpose related to any of the above. 

We will only make use of or disclose your personal information for a secondary purpose if: 

  • you have consented to the use or disclosure of that information 
  • you would reasonably expect the Department to use or disclose the information for the secondary purpose 
  • the use or disclosure of that information is required or authorised by or under legislation or court/tribunal order 
  • a “permitted general situation” exists in relation to the use or disclosure of the information by the Department 
  • the Department reasonably believes the use of the information is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body. 

Apart from the primary and secondary purposes outlined above, personal information may be disclosed in special situations where the Department has reason to believe doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. It may also be used as required by legislation in Western Australia, including the Freedom of Information Act 1992 (WA) (the FOI Act). Finally, The Department may disclose personal information when it believes in good faith that the law requires disclosure. 

Our privacy and responsible information-sharing values

We respect the privacy of our staff, students and their families. We commit to privacy practices that protect personal information.

We responsibly collect, use and share information to:

  • deliver education services for the benefit of the public
  • support our work and other organisations.

For more information, refer to Privacy and Responsible Information Sharing.

Direct marketing

The Department will not use or disclose your personal information for the purpose of direct marketing, unless:

  • we collected the information from you
  • we obtained your consent to the use or disclosure of the information for that purpose (except where it was impracticable to do so)
  • you would reasonably expect the Department to use or disclose the information for that purpose
  • we provide you with an easy-to-use means of opting out of receiving any further direct marketing communications and you have not requested we cease sending you direct marketing communications.

The Department makes use of Google Analytics Advertising features, allowing us to reach people who have previously visited its website and to match users with appropriate advertising.

If you would like to control or opt out of the application, you can change your cookie settings in the 'cookie' link at the bottom of this page.

The Department will only make use of your sensitive information for direct marketing purposes if you have consented to the use or disclosure of that information for that purpose.

If you receive direct marketing communications from the Department or from an associated entity, you are entitled to:

  • request you receive no further direct marketing communications for the Department and/or the associated entity
  • request the Department disclose the source of the information.

The Department will take reasonable steps to facilitate a request by you to opt-out of receiving direct marketing communications. This may be a request to opt out of receiving certain communications or to opt out altogether. The Department will not charge you for making such a request or for giving effect to such a request.

The Department will take reasonable steps to give effect to such request within a reasonable period of time after the request is made and will reply to a request for the source of the information in a reasonable period of time (unless it is unreasonable or impracticable for us to do so).

Who accesses your personal information and what conditions apply to their use of your personal information 

As a general rule, your personal and sensitive information will only be accessed and/or viewed by the Department staff and officers, as and when it is appropriate or necessary. However, your personal information may also be accessed, from time to time, by: 

  • Department contractors 
  • Department project partners
  • Department suppliers. 

Where a party, other than an employee or officer of the Department, has access to the personal information of individuals, they will be required to comply with applicable privacy legislation and, where appropriate, to enter into Privacy Agreements with the Department. 
 
The access and use of your personal or sensitive information by a third party will be restricted to the purpose for which it was first collected and/or to a closely related secondary purpose.
 
In some limited circumstances, we may also need to use or disclose personal information for other specific purposes, including either: 

  • where the Department reasonably believes the use or disclosure of the information is reasonably necessary for one or more enforcement-related activities conduct by or behalf of an enforcement body
  • where required to do so by or under a law of Western Australia, a law of the Commonwealth or a court or tribunal order, for example, pursuant to the FOI Act or in response to a subpoena. 
Access your personal information or seek the correction of your personal information
You can make a request for access to your personal information informally in writing or pursuant to the terms of the FOI Act. If you are in the EU, you may request access pursuant to the terms of Article 15 of the GDPR. The Department aims to, whenever possible, facilitate informal requests for personal or sensitive information. 

The Department will take reasonable steps to respond to a request for access within a reasonable period of time after the request is made (within 45 days) and to give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so. 

In the event the Department refuses to give you access to the personal information requested by you, we will give you a written notice which sets out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal. 
 
For more information and to lodge a request, refer to Freedom of information.
 
Enquiries
Contact: Coordinator Information Access 
Telephone: +61 8 9264 4564 
Email: FOI.Enquiries@education.wa.edu.au 
 
The Department reserves the right to impose minimal charges for providing you with your personal information if it forms the view your request is unfounded or excessive. The scale of fees and charges set out in the Freedom of Information Regulations 1993 (WA) will apply to a request under the FOI Act. 
 
Should you experience difficulty in determining the correct route through which to request access to your personal information, please contact our Coordinator Information Access and they will provide you with assistance. 
 
Request for correction of personal information 
You can make a request for the correction and/or amendment of your personal information informally in writing or pursuant to the terms of the FOI Act. 
 
Applications to have personal information held by the Department corrected or amended should: 
  1. be made in writing to the Coordinator Information Access 
  2. provide enough information to determine what changes are required
  3. provide your current contact details. 
In the event the Department refuses to correct your personal information, the Department will give you a written notice which sets out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal. 
 
The Department will take reasonable steps to respond to a request for access within a reasonable period of time after the request is made (within 45 days) and will not charge you for the making of the request or for the correction of the personal information.
 
Your rights in the EU
Subject to legal constraints, including the Department's obligations under the State Records Act, if you are in the EU your principal rights under the GDPR are: 
  • the right to be informed 
  • the right to access 
  • the right to rectification 
  • the right to erasure, i.e to be forgotten 
  • the right to restrict processing 
  • the right to object to processing 
  • the right to data portability 
  • the right to not be subject to automated decision making. 
You can read the relevant laws and guidance from the regulatory authorities under the GDPR for a full explanation of these rights. 
 
Notifiable data breaches 
We are committed to protecting information we hold about you, and to compliance with the Notifiable Data Breaches scheme. Where we become aware of a potential data breach which is likely to result in serious harm to any individuals about whom we hold information, we will: 
  • investigate the suspected breach and determine scope of any breach that has occurred and the risk of harm to affected individuals whose information may have been compromised 
  • notify you and the Privacy Commissioner of the potential breach 
  • take steps to minimise any harm caused to affected individuals as a result of the breach.
Submit a complaint about a breach or give feedback on how the Department deals with your personal information
Use the address in the 'Queries and feedback' section to contact us to:
  • provide the Department with feedback about its management of your personal information
  • complain about a breach of the Department’s privacy obligations or the FOI Act
  • appeal a decision about a request for access to or the correction of personal information. 
 The Department will take reasonable steps to respond to your complaint or feedback within 45 days. In the event you wish to have a decision refusing access to your personal information and/or refusing to correct your personal information reviewed or to lodge a complaint with respect to the management of your personal information, contact us at the address in the 'Queries and feedback' section. 
 
Queries and feedback 
If you have any queries relating to this privacy statement, or you have any feedback, contact:
Coordinator Information Access 
Telephone: +61 8 9264 4564 
Email: FOI.Enquiries@education.wa.edu.au