Cornerstone Privacy Policy

Cornerstone Privacy Policy

1. Purpose & Context

Cornerstone Christian College Limited (‘the College’) is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. This Privacy Policy sets out how the College manages personally identifiable information provided to or collected by it.

The College may, from time to time, review and update this Privacy Policy to take account of new laws or technology, changes to College operations or practices and to ensure it remains appropriate to the changing school education environment.

Cornerstone Christian College is organisationally connected to Christian Community Ministries Limited (CCM). CCM operates colleges providing primary and secondary school education in Queensland, New South Wales, South Australia and Western Australia. CCM is an approved operator of early childhood education and care (ECEC) centres in Queensland. CCM is also a Registered Training Organisation (#31056), registered with the Australian Skills Quality Authority (ASQA) to deliver certain Vocational Education and Training (VET) courses.

2. Scope

 

This policy applies to Board members, employees, parents/guardians and students, volunteers, contractors, and people visiting the College and describes the type of information collected, how the information is handled, how and to whom the information is disclosed, and how the information may be accessed.

3. Policy Statement

The College collects and retains a range of personal information in order to deliver services and support its operations. In doing so, the College –

  • seeks to procure and hold personal information only where there is a direct correlation between the information and tasks or obligations of the College;

  • commits to make those supplying personal information aware of the purpose(s) for which the information is being collected;

  • acts to protect and appropriately manage personal information collected; and expects that any information given to the College by a third party, on behalf of another individual, has been provided with the individual’s knowledge and acceptance.

4. What personal information is collected and how is it collected?

The type of information the College collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

  • students and parents and/or guardians ('parents') before, during and after the course of a student’s enrolment at the College; including –

    • name, contact details (including next of kin), date of birth, sex, language background, religion, previous school, level of schooling completed, other qualifications completed and current employment status;

    • parents' education, occupation and language background;

    • medical information (for example: details of disability and/or allergies, absence notes, medical reports and names of doctors);

    • results of assignments, tests and examinations;

    • conduct and complaint records, or other behaviour notes, and school reports;

    • financial information related to fees or charges for goods or services provided;

    • information about referrals to government welfare agencies;

    • counselling reports;

    • health fund details and Medicare number;

    • any court orders, custody arrangements or parenting orders;

    • volunteering information;

    • Unique Student Identifier (USI) from the Australia Government VET Registry System for students enrolled in VET qualifications;

    • use of College computer systems and networks (for example, login and access records);

    • use of College facilities and attendances on campus (for example, CCTV video security system images); and

    • photographs and video recordings at College events.

  • job applicants, staff members, volunteers and contractors; including –

    • name, contact details (including next of kin), date of birth, and religion;

    • information on applications for employment, volunteer involvement or engagement as a contractor;

    • professional development history;

    • salary and payment information, including superannuation details;

    • medical information (for example, details of disability and/or allergies, and medical certificates or reports);

    • complaint records and investigation reports;

    • attendance and leave details;

    • financial information related to fees or charges for goods or services provided;

    • workplace surveillance information (for example, CCTV video security system images);

    • use of computer systems and networks (for example, login and data access records);

    • work emails and private emails (when using work email address) and Internet browsing history; and

    • photographs and video recordings at College events.

  • other people who come into contact with the College including name and contact details and any other information necessary for the particular contact with the College.

Personal Information Provided Directly

The College will generally collect personal information held about an individual by way of forms filled out personally (for example, by parents or students), face-to-face meetings and interviews, emails and telephone calls. On occasions people other than parents and students provide personal information.

Personal Information Provided by Other People

In some circumstances the College may be provided with personal information about an individual from a third party; for example, a report provided by a medical professional or a reference from another school.

Personal Information Provided via Websites or Online Services

The College may collect personal information when an individual registers or submits queries or other forms via a College website, online system or network. How an individual uses these College online systems (and the services provide by means of these system) will determine what personal information about them is collected. The College may collect personal information from or about an individual when they use a College website by doing things such as completing an online form or providing information to the College by email. The College and/or its service provider may take a record of a user’s visit to a College website and log information from the user’s browser including IP address, the date and time of visit, the pages accessed, documents downloaded, and the type of browser used. The information collected is not linked back to individual users except, in the unlikely event of an investigation, where a law enforcement agency exercises a right to inspect the service provider’s logs.

5. How will Personal Information provided be used?

 

The College will use personal information it collects for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by the individual or for which consent has been given.

Students and Parents

In relation to personal information of students and parents, the primary purpose of collection is to enable the College to provide schooling for the student enrolled at the College, exercise its duty of care, and perform necessary associated administrative activities, which will enable students to take part in all the activities of the College. This includes satisfying the needs of parents, the needs of the student and the needs of the College throughout the whole period the student is enrolled at the College.

The purposes for which the College uses personal information of students and parents include:

  • to keep parents informed about matters related to their child's schooling, through correspondence, newsletters and magazines;

  • day-to-day administration of the College (including seeking the payment of fees);

  • looking after students’ educational, social and medical wellbeing;

  • marketing and seeking donations for the College; and

  • to satisfy the College’s legal obligations and allow the College to discharge its duty of care.

In some cases where the College requests personal information about a student or parent, if the information requested is not provided the College may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.

Job Applicants, Staff Members, Contractors and Volunteers

In relation to personal information of job applicants, staff members, contractors and volunteers, the primary purpose of collection is to assess and (if successful) to engage the applicant, staff member, contractor or volunteer (as the case may be).

The purposes for which the College uses personal information of job applicants, staff members, contractors and volunteers include:

  • administration of the individual's employment or contract or engagement as a volunteer, as the case may be;

  • conducting the operations of the College including associated activities (such as parents groups or past students organisations);

  • for insurance and related purposes;

  • marketing and seeking donations for the College; and

  • to satisfy the College’s legal obligations (for example, in relation to child protection legislation).

 

Exception in Relation to Employee Records

Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record held by the employing entity. As a result, this Privacy Policy does not apply to the College's treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.

Marketing and Fundraising

The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to provide a quality learning environment for both students and staff. Personal information held by the College may be used to make a marketing or fundraising appeal and be disclosed to organisations that assist in the College’s marketing or fundraising activities (for example: a College parents group; past students’ organisations; or, on occasions, external fundraising organisations).

Parents, staff, contractors, volunteers and other members of the wider College community may from time to time receive fundraising information. College publications like newsletters and magazines, which include personal information, may be used for marketing purposes.

An individual may opt-out of direct marketing by submitting a written request to the relevant College Principal.

Photographs and Video Images

Images of individuals in photographs or videos may be considered as personal information under the Privacy Act where the person’s identity is clear or can reasonably be determined from that image.

Photographs and video images are regularly created and used by the College for a number of educational and related purposes including classroom learning activities, presentations at functions or events, acknowledgement of academic or sporting achievements, documenting College events and providing of news updates about College operations. Images may be used in print or electronic formats, including publication on intranet and/or internet websites (including social media platforms); this includes photographs and video images of students, student activities and other individuals in attendance at College events.

Use by the College of photographs or video images of students and student activities for educational and related purposes is considered a reasonably expected use of such images when a student is enrolled at a school or early education centre. The College will specifically confirm permission from the student's parent or guardian (and from the student if appropriate) for the inclusion of photographs or video images or other identifying details in websites, social media, promotional or marketing materials and/or newspapers or other news media.

Any photographs or video images taken by individuals (including parents, students and other family members or friends) at College functions or events must be for their personal use only and are not to be posted in any public places outside of the College. Further, any such images should not to be shared without the confirmed specific consent of any individual who may be identifiable in the image.

Parents should immediately notify the College Principal in writing if any circumstance arises that would prevent the College from using their student’s photograph or video images as outlined above.

Exception in Relation to Related Colleges and Centres

The Privacy Act allows each CCM college and ECEC centre as well as CCM RTO, being legally related to each of the other colleges and ECEC centres conducted by CCM, to share personal (but not sensitive) information with other colleges and ECEC centres and RTO conducted by CCM. The other CCM college or ECEC centre or CCM RTO may then only use this personal information for the purpose for which it was originally collected by the initial college or ECEC centre or the RTO. This allows colleges and ECEC centres and CCM RTO to transfer information between them; for example, when a student transfers enrolment from a CCM college or ECEC centre to another college or ECEC centre conducted by CCM.

6. Who might Personal Information be disclosed to?

 

The College may disclose personal information, including sensitive information, held about an individual for educational, administrative and support purposes. This may include to:

  • another school or staff at another school;

  • government departments (including for policy and funding purposes);

  • medical or healthcare practitioners;

  • people providing educational, support and health services to the College, including specialist visiting teachers or tutors, sports coaches, volunteers, counsellors and providers of learning and assessment tools;

  • providers of specialist advisory services and assistance to the College, including in the areas of human resources, child protection and students with additional needs;

  • providers of learning and assessment tools;

  • assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);

  • Australian Skills Quality Authority (ASQA) and National Centre for Vocational Education Research (NCVER) under requirements of the Australian Vocational Education and Training Management Information Statistical Standards (AVETMISS) – for students undertaking Vocational Education and Training courses;

  • government agencies administering subsidy funding for enrolments in early education and care services including outside school hours care;

  • agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes;

  • people and organisations providing administrative, technology and financial services to the College;

  • recipients of College publications, such as newsletters and magazines;

  • parents or guardians of students;

  • anyone a relevant provider of personal information has authorised the College to disclose information to; and

  • anyone to whom we are required to disclose the information to by law, including child protection laws.

 

The College may disclose personal information to the CCM central administrative office for administrative and management purposes including insurance, fees management (including debt collection), child protection, legislative compliance and professional standards.

Sending and Storing Information Overseas and use of Online Service Providers

The College may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange or College supervised tour or mission trip. However, the College will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied); or

  • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

 

The College may use online or 'cloud' service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored in the 'cloud' which means that it may reside on a cloud service provider's servers which may be situated outside Australia.

An example of such a cloud service provider is Microsoft Office 365 for Education. Office 365 provides email and other software for the College and stores and processes limited personal information for this purpose. College personnel and service providers may have the ability to access, monitor, use or disclose emails, communications, documents and associated administrative data for the purposes of administering Office 365 and ensuring its proper use. This includes Office 365 user accounts provided to College students and staff.

The data centres where personal information held by the College is most likely to be kept are located in Australia; however, for some cloud-based services used by the College the service provider may utilise data centres situated outside Australia.

7. Sensitive Information

 

In referring to 'sensitive information', the College means: information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.

8. Management and Security of Personal Information

 

The College will take reasonable steps to seek to ensure that personal information the College holds is protected from misuse, interference and/or loss from unauthorised access, modification or disclosure, by a range of security measures.

College staff are required to respect the confidentiality of students’ and parents' personal information and the privacy of individuals. All College staff are made aware of their obligations to handle personal information in accordance with the Privacy Act. If staff use or disclose information without authority they may face disciplinary sanctions including, in the most serious cases, termination of employment.

The College will take reasonable steps to implement and maintain security precautions and endeavour to prevent unauthorised access to, and disclosure of, personal information provided to it via electronic means such as email or websites. However, as no data transmission over the internet is 100% secure, the College is unable to guarantee that unauthorised access to submitted information will not occur, either during transmission of that information or after the College receives that information. College websites may contain links to websites of other organisations and companies; the College is not responsible for the privacy policies, practices or content of such websites external to the College.

 

Eligible Data Breaches

The Privacy Act establishes requirements for responding to data breaches, including notification obligations if an ‘eligible data breach’ occurs. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the information relates. Whether a data breach is likely to result in serious harm requires an objective assessment, determined from the viewpoint of a reasonable person in the circumstances.

 

An eligible data breach arises when the following three criteria are satisfied:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that the College holds;

  • this is likely to result in serious harm to one or more individuals; and

  • the College has not been able to prevent the likely risk of serious harm with remedial action.

 

If the College suspects that an eligible data breach has occurred, an assessment or investigation will be undertaken within 30 days. If such an assessment/investigation indicates there are reasonable grounds to believe an eligible data breach has occurred, then the College will be required to lodge a statement to the Australian Information Commissioner. Where practical to do so, the College will also notify the affected individuals. If it is not practicable to notify the affected individuals, the College will publish a copy of the statement on its website or publicise it in another manner.

Not all data breaches are eligible data breaches. For example, if the College acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the Commissioner.

9. Access to and Correction of Personal Information

 

Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.

To make a request to access or update any personal information the College holds about them, an individual (or parent regarding their child) is to make application in writing the relevant College Principal. The College may require the individual to verify their identity and specify what information is required.  The College may charge a fee to cover costs of verifying the application and locating, retrieving, reviewing and copying any material requested.  If the information sought is extensive, the College will advise the likely cost in advance. If the College cannot provide access to the requested information, the applicant will be provided with written notice explaining the reasons for refusal (unless, in light of the grounds for refusing, it would be unreasonable to provide reasons).

The College will take reasonable steps to ensure that any personal information is accurate, up to date, complete, relevant and not misleading. For certain online systems used by the College, parents may be provided with login access enabling them to correct and update some of their own or their child’s personal information at any time.

10. Consent and Rights of Access to the Personal Information of Students

 

The College respects every Parent's right to make decisions concerning their child's education.

Generally, the College will refer any requests for consent and notices in relation to the personal information of a student to the student's Parents. The College will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.

 

As mentioned above, parents may seek access to personal information held by the College about them or their child by contacting the College Principal. However, there will be occasions when access is denied.  Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College’s duty of care to a student.

The College may, at its discretion, on the request of a student grant that student access to information held by the College about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student's personal circumstances warrant it.

11. Enquiries and Complaints

 

For further information about the way the College manages the personal information it holds, or to complain if it is believed that the College has breached the Australian Privacy Principles, please contact the College Principal. The College will investigate any complaint and will notify the complainant of the making of a decision in relation to the complaint as soon as is practicable after it has been made.

Current contact details for the College are:

Contact person: Mr Garry Maynard  (Principal – Cornerstone Christian College)

Address: Grace Court  (PO Box 775), Busselton  WA  6280

Telephone: (08) 9754 1144

Email: admin@cornerstone.education

 

General enquiries or complaints regarding privacy and the handing of personal information by the College may be directed in writing to Privacy Officer, Christian Community Ministries Ltd, PO Box 147 Kingston  QLD  4114 or via email to privacy.officer@ccmschools.edu.au. Any communications received by the Privacy Officer may be redirected to the College for review or response.

12. References and Review

Policy Owner: Cornerstone Christian College Board of Directors  (Governing Body)

Responsible Officer: Chief Executive Officer

Approval date: 18 December 2019

Policy review cycle: Biennial

Next review due: November 2021

References:

APPENDIX 1 - Standard Collection Notice

  1. The College collects personal information, including sensitive information about students and parents or guardians, before and during the course of a student's enrolment at the College. This may be in writing, through technology systems or in the course of conversations. The primary purpose of collecting this information is to enable the College to provide schooling to students enrolled at the College, exercise its duty of care, and perform necessary associated administrative activities, which will enable students to take part in all the activities of the College.

  2. Some of the information we collect is to satisfy the College's legal obligations, particularly to enable the College to discharge its duty of care.

  3. Laws governing or relating to the operation of a school require certain information to be collected and disclosed.  These include relevant Education Acts, and child protection and public health laws.

  4. Health information about students is sensitive information within the terms of the Australian Privacy Principles (APPs) under the Privacy Act. We may ask for medical reports about students to be provided from time to time.

  5. The College may disclose personal and sensitive information for educational, legal, administrative, marketing and support purposes. This may include disclosure to:

    • other schools and teachers at those schools;

    • government departments (including for policy and funding purposes);

    • Christian Community Ministries (CCM) central administrative office and other CCM Colleges or related entities;

    • Medical and other healthcare practitioners;

    • people providing educational, support and health services to the College, including specialist visiting teachers or tutors, sports coaches, volunteers, and counsellors;

    • providers of specialist advisory services and assistance to the College, including in the areas of human resources, child protection and students with additional needs;

    • providers of learning and assessment tools;

    • assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities (who will disclose it to the entity that manages the online platform for NAPLAN);

    • Australian Skills Quality Authority (ASQA) and National Centre for Vocational Education Research (NCVER) under requirements of the Australian Vocational Education and Training Management Information Statistical Standards (AVETMISS) – for students undertaking Vocational Education and Training courses;

    • government agencies administering subsidy funding for enrolments in early education and care services including outside school hours care;

    • agencies and organisations to whom we are required to disclose personal information for education, funding and research purposes;

    • people and organisations providing administrative, technology and financial services to the College;

    • anyone you authorise the College to disclose information to; and

    • anyone to whom the College is required or authorised to disclose the information to by law, including child protection laws.

  6. Personal information collected from students is regularly disclosed to their parents or guardians.

  7. The College may use online or 'cloud' service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider's servers which may be situated in Australia or outside Australia.

  8. The College Privacy Policy, accessible via the College’s website, sets out how individuals (including parents or students) may seek access to and correction of their personal information which the College has collected and holds. However, access may be refused in certain circumstances such as where access would have an unreasonable impact on the privacy of others, where access may result in a breach of the College’s duty of care to a student, where students have provided information in confidence or where the College is otherwise required or authorised by law to refuse access. Any refusal will be notified in writing with reasons (unless, given the grounds for refusal, it would be unreasonable to provide reasons).

  9. The College Privacy Policy also sets out how individuals (including parents and students) can make a complaint about a breach of the APPs and how the complaint will be handled.

  10. The College may from time to time engage in fundraising activities. Information received from you may be used to make an appeal to you. It may also be disclosed to organisations that assist in the College's fundraising activities solely for that purpose.  We will not disclose your personal information to third parties for their own marketing purposes without your consent.

  11. Information such as academic or sporting achievements, student activities and similar news may on occasions be published in print or electronic formats in College newsletters, magazines and on intranet and/or internet websites (including social medial platforms). This may include photographs and video images of students and student activities. Use by the College of photographs or video images of students and student activities for educational and related purposes (as described in the Privacy Policy) is considered a reasonably expected use of such images when a student is enrolled at a school or early education centre. Parents should immediately notify the College Principal in writing if any circumstance arises that would prevent the College from using their student’s photograph or video images as outlined above.

  12. The College will specifically confirm permission from the student's parent or guardian (and from the student if appropriate) for the inclusion of photographs or video images or other identifying details in websites, social media, promotional or marketing materials and/or newspapers or other news media. Parents are to confirm with the College Principal in writing if information or images regarding their student are not to be used in this manner.

  13. If you provide the College with the personal information of others, such as healthcare practitioners or emergency contacts, we encourage you to inform them that you are disclosing that information to the College and why, that they can access that information if they wish and that the College does not usually disclose this information to third parties.

APPENDIX 2 - Employment Collection Notice

  1. In applying for an employment position you will be providing the College with personal information. The College’s current contact details are on the employment application form and available from the College website.

  2. We collect your personal information directly from you (for example, your name and address or information contained on your resume or CV. We may also collect it from other sources (such as your referees and the results of criminal background and working with children checks). We collect the information in order to assess your application for employment. This assessment may include sharing your personal information with Christian Community Ministries (CCM) central administrative office or other CCM colleges. We may keep your personal information on file if your application is unsuccessful in case another position becomes available.

  3. The College's Privacy Policy, accessible via the College’s website, contains details of how you may complain about a breach of the Australian Privacy Principles and how you may seek access to personal information which the College has collected and holds. However, access may be refused in certain circumstances such as where access would have an unreasonable impact on the privacy of others or where the College is otherwise required or authorised by law to refuse access. Any refusal will be notified in writing with reasons (unless, having regard to the grounds for refusal, it would be unreasonable to provide reasons).

  4. We will not disclose your personal information to a third party without your consent unless otherwise permitted. By providing contact details for a third party (such as a referee) as part of your application, you consent to the College contacting that third party and disclosing personal information as part of assessing your application for employment.

  5. We may be required to conduct a criminal record check and collect information regarding whether you are or have been the subject of an apprehended violence order and certain criminal offences under Child Protection laws. We may also collect personal information about you in accordance with these laws.

  6. The College may use online or 'cloud' service providers to store personal information and to provide services to the College that involve the use of personal information, such as email services. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider's servers which may be situated in Australia or outside Australia.

  7. If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.

APPENDIX 3 - Contractors and Volunteers Collection Notice

  1. In offering, applying or agreeing to provide services to the College, you will be providing the College with personal information. The College’s current contact details are on application forms and available from the College website.

  2. We collect your personal information directly from you (for example, your name and address or information contained on your resume or business profile or provided on an application or registration form). We may also collect it from other sources (such as referees and the results of criminal background and working with children checks). We may also make notes and prepare a confidential report in respect of your application. This assessment and report may include sharing your personal information with Christian Community Ministries (CCM) central administrative office or other CCM colleges.

  3. You agree that we may store this information for the period of your contract or volunteer service provision to the College and as reasonably required thereafter.

  4. The College's Privacy Policy, accessible on the College's website, contains details of how you may complain about a breach of the Australian Privacy Principles and how you may seek access to and correction of your personal information which the College has collected and holds. However, access may be refused in certain circumstances such as where access would have an unreasonable impact on the privacy of others or where the College is otherwise required or authorised by law to refuse access. Any refusal will be notified in writing with reasons (unless, given the grounds for refusal, it would be unreasonable to provide reasons).

  5. We will not disclose your personal information to a third party without your consent unless otherwise permitted to. By providing contact details for a third party (such as a referee) as part of your application, you consent to the College contacting that third party and disclosing personal information as part of assessing your offer or application.

  6. We may be required to conduct a criminal record check and collect information regarding whether you are or have been the subject of an apprehended violence order and certain criminal offences under Child Protection laws. We may also collect personal information about you in accordance with these laws.

  7. The College may use online or 'cloud' service providers to store personal information and to provide services to the College that involve the use of personal information, such as services relating to email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may reside on a cloud service provider's servers which may be situated in Australia or outside Australia.

  8. If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.

  1. If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the College and why.