Privacy

Purpose

The Australian Film, Television and Radio School (AFTRS) is an Australian government statutory authority, established by the Australian Film, Television and Radio School Act 1973 (AFTRS Act), which specifies its functions and activities.

As an Australian government statutory authority, AFTRS must comply with the Privacy Act 1988 (Privacy Act). The Privacy Act requires AFTRS to have a Privacy Policy.

This Policy provides information about AFTRS’ handling of personal information, including sensitive information, according to the Privacy Act and, in particular, the Australian Privacy Principles (APPs) set out in that Act.

Scope

This Policy applies to AFTRS, its officers, employees, contractors, volunteers, students, prospective students, and to members of the public.

It concerns AFTRS’ management of personal information, except in relation to potential, current and past employees, which is dealt with in AFTRS’ Privacy Policy – Human Resources.

Policy statement

AFTRS is committed to:

  • protecting individuals’ privacy according to the Privacy Act; and
  • ensuring that its officers, employees, contractors and volunteers understand AFTRS’, and their, rights and responsibilitie
  • AFTRS’ officers, employees, contractors and volunteers are responsible for ensuring their own work practices comply with this Policy and any related Procedures. A breach of this Policy may constitute misconduct and be subject to disciplinary action, or a breach of contract.
Collecting personal information

AFTRS collects the personal information it needs to carry out a particular function or activity.

Direct collections

  • Usually, AFTRS collects this information from a person when they provide it directly to AFTRS. For example, AFTRS may collect the information:
  • when you apply to study at AFTRS, and when you enrol;
  • when you apply for employment or are employed by AFTRS;
  • when you become a member of the AFTRS’ library;
  • when you sign up to receive AFTRS’ newsletters and ask to be added to AFTRS’ email lists;
  • to enter into a contract with a third party service provider or a volunteer.
  • AFTRS operates a closed circuit television system for security and safety purposes, and your image may be captured if you are filmed by this system while on AFTRS’ premises.

AFTRS may collect sensitive information, for example, to properly meet its obligation to make reasonable adjustments where a student has a disability, or to provide student welfare support.

Indirect collections

Sometimes, AFTRS collects personal information indirectly from a third party. For example, AFTRS may collect information about your prior learning from another tertiary institution that is relevant to your academic progression at AFTRS. AFTRS may collect information that is an opinion about your creative work from third party assessors or referees.     


Anonymous and pseudonymous interactions

Usually, AFTRS requires your name and other contact details to deal with you, for example, to enrol you as a student in a course. However, where possible, AFTRS will still interact with you if you wish to be anonymous or to use a pseudonym. If you make a general enquiry, for instance, AFTRS will not require you to provide your name, unless this is necessary to respond to the enquiry.  

Collecting information through AFTRS’ website

Information about AFTRS’ collection of personal information through AFTRS’ website is provided in AFTRS’ "Privacy Collection for WEbsite Users'

AFTRS uses social networking services such as Twitter, Facebook and YouTube to communicate about AFTRS activities and its students’ work. If you communicate with AFTRS using these services AFTRS may collect your personal information, but will only use it to help AFTRS communicate with you and the public through these services. However, please be aware that the social networking services which AFTRS uses will also handle personal information for their own purposes and have their own privacy policies.

Examples of personal information held

The kinds of personal information held include:

  • in relation to students: name, postal address, email addresses, telephone numbers, date of birth, education, academic record, production credits, work experience, and health information
  • in relation to employees: name, postal address, employment history, results of employment checks, medical records, financial information
  • in relation to third party service providers and volunteers: name, postal address, email addresses, superannuation fund details; names, postal address, email addresses, telephone numbers and employment details of key personnel; work experience for mailing lists: name, postal address, telephone numbers, fax numbers, email addresses, name of organisation, history as student or employee of AFTRS
  • in relation to library members and applicants for membership: name, postal address, telephone numbers, email addresses, and business name; for people making complaints and enquiries: name, postal address, email addresses, and telephone numbers.

Further details of the kinds of information collected and held by the AFTRS’ Human Resources (and how it is used and disclosed) is set out in the 'Privacy Policy - Human Resources'

If AFTRS is not able to collect your personal information, AFTRS may not be able to provide its services or products to you or do business with you or the organisation with which you are connected.

Using and disclosing personal information

AFTRS may use personal information (that is not sensitive information) for the purposes for which it was collected, for related purposes that you would reasonably expect, or if you agree to the use.

For example:

  • in relation to students: to process your application and enrolment, to enable you to be placed on AFTRS’ electoral rolls, to communicate with you as AFTRS’ students and graduates, for course monitoring, evaluation and surveys, for record-keeping and archiving, for student support, and to meet AFTRS’ internal and external reporting requirements;
  • in relation to third party service providers and volunteers: to engage and pay you or reimburse you for expenses; on AFTRS’ mailing lists: to send information about AFTRS and its functions and activities
  • in relation to library members and applicants for membership: to identify you, process your library application and manage your library membership and borrowings
  • where AFTRS receives a complaint or enquiry: to deal with the complaint or enquiry.

AFTRS may disclose personal information (that is not sensitive information) for the purposes for which it was collected, for related purposes that you would reasonably expect, or if you agree to the disclosure.
For example:

  • in relation to students: to other educational institutions and academically related professional bodies for educational or official purposes; to another agency to assist  you to receive an allowance or permission to study from the agency;
  • to the Department of Education Employment and Workplace Relations for the purpose of reports
  • in relation to third party service providers: to superannuation funds
  • where AFTRS receives a complaint: to the person or organisation who is the subject of, or who is involved in the handling of the complaint.


Where AFTRS seeks your agreement to a use or disclosure of your personal information, AFTRS will consider you are capable of agreeing if you are 15 years or older, unless AFTRS is aware of circumstances that suggest the contrary.   If you are under 15, AFTRS will ask your parent or guardian to agree on your behalf.

AFTRS discloses your sensitive information for the purposes for which it is given, or for directly related purposes you would reasonably expect, or for purposes you agree to.

Sometimes, AFTRS is also required or authorised by law, including by the Privacy Act, to use or disclose personal information, for example, where a warrant or order issued by a court requires AFTRS to provide information or documents.

Under no circumstances will AFTRS sell or receive payment for licensing or disclosing personal information.

Disclosing information overseas

There may be circumstances where AFTRS discloses personal information to an overseas recipient, including where AFTRS needs to provide a lecturer who is overseas with the contact details of students with whom they will be working or provides an overseas recipient with information relating to a graduate’s overseas placement.

AFTRS will not send information about you outside Australia without complying with the requirements of the Privacy Act.

In addition, web traffic information is disclosed to Google Analytics when you visit AFTRS’ website and Google stores information across multiple countries.

When you communicate with AFTRS through a social network service such as Facebook or Twitter, the social network provider and its partners may also store your personal information overseas.

Information quality

To ensure that the personal information AFTRS collects is accurate, up-to-date and complete, AFTRS:

  • where necessary, confirms the accuracy of information AFTRS collects from a third party or a public source;
  • adds updated or new personal information to existing records as set out in the section of this Policy dealing with corrections of personal information; and

audits AFTRS’ contact lists to check their accuracy from time to time.


AFTRS also reviews the quality of personal information before AFTRS uses or discloses it.

Storage and Security

AFTRS takes steps to protect records of personal information, whether paper or electronic, from misuse, interference and loss, and unauthorised access, modification or disclosure.

Personal information automatically collected through our website is stored mainly in internally managed ICT systems or in external systems managed by third parties providing ICT storage facilities for AFTRS. These third parties are subject to the terms of a service agreement.

AFTRS employs firewalls for the protection of its ICT network. Passwords and graded access rights as well as auditing logs are used to regulate access to personal information.

Other steps AFTRS takes to protect records of personal information include the following:

  • storing all paper records in locked cabinets, commonly fire resistant
  • restricting access to paper records to relevant staff
    and
  • electronic records are only available to employees who have been issued with personal login identification and access by AFTRS.
    Employees are only given a level of access appropriate to their duties.

Accessing and correcting personal information


You may request access to, or the correction of, your personal information in writing or verbally. AFTRS may correct incorrect personal information on its own initiative.

AFTRS will either give access to, or correct, the personal information requested, or inform you why access or correction is refused, within 30 calendar days after the day the request is made, unless this is impractical. 

You and AFTRS may agree to an intermediary having access to your personal information, for example to a qualified health service provider.  

In giving access, AFTRS will impose as few restrictions as possible and will not impose any charges. AFTRS will give access in the manner requested by you if this manner is reasonable and practical.

AFTRS may refuse access, or refuse to correct information, if it is required or authorised to do so by the FOI Act, or another Commonwealth Act. In this respect, AFTRS is subject to the Archives Act 1983 (Archives Act), and is not permitted to alter Commonwealth records except as permitted by the Archives Act.

If AFTRS decides to refuse access, or to refuse access in the manner requested, AFTRS will inform you in writing, giving its reasons (unless this is unreasonable) and inform you of available complaint mechanisms.

If AFTRS refuses a request for a correction, AFTRS will, at your request, take reasonable steps to attach a statement with the personal information that you believe to be inaccurate, out-of-date, incomplete, irrelevant or misleading. AFTRS will respond to a request to attach a statement within 30 calendar days after AFTRS receives the request.

Requests for access or correction must be referred to the Manager, Student Centre (for students), the Head of Human Resources (for employees), Payroll (for employees) or to the Head of Business Affairs as the Privacy Officer (and FOI Officer).

You also have the right under the FOI Act to request access to documents that AFTRS holds and ask for information that AFTRS holds about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

If there is any uncertainty as to whether a request for access fits within this Policy the matter must be referred to the Privacy Officer or the FOI Officer before any information is given.

Disposing of personal information records

As AFTRS’ records of personal information are likely to be ‘Commonwealth records’ for the purposes of the Archives Act, AFTRS will retain and destroy these records only according to that Act and any AFTRS’ Disposal Authority issued under that Act. 

Complaints

Complaints about interferences with your privacy may be sent in writing to AFTRS for internal review by contacting AFTRS’ Privacy Officer at privacyofficer@aftrs.edu.au.

Please allow AFTRS a reasonable time (usually 30 days) to respond.

People who believe there has been an interference with their privacy may make a complaint in writing to the Information Commissioner. The Information Commissioner may investigate, determine and make declarations in a matter, but will commonly not investigate a complaint if the person has not first raised it with AFTRS.

There is provision in the Privacy Act for the enforcement of the Information Commissioner’s determinations, including by the Federal Court of Australia or the Federal Circuit Court.

Definitions

personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a)       whether the information or opinion is true or not; and

(b)       whether the information or opinion is recorded in a material form or not.

 

sensitive information means

(a) information or an opinion about an individual’s:

(i) racial or ethnic origin; or

(ii) political opinions; or

(iii) membership of a political association; or

(iv) religious beliefs or affiliations; or

(v) philosophical beliefs; or

(vi) membership of a professional or trade association; or

(vii) membership of a trade union; or

(viii) sexual preferences or practices; or

(ix) criminal record;

that is also personal information; or

(b)       health information about an individual; or

(c)       genetic information about an individual that is not otherwise health information; or

(d)       biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

(e)       biometric templates.


Authorisation and distribution

 

Authorisation

Chief Executive Officer

Authorisation date

11 March 2014

Responsible Officer

Director, Corporate and Production Services

Contact Officer

Head of Business Affairs

Implementation Date

12 March  2014

Distribution

AFTRS website

AFTRS Intranet

Review date

No later than three years from the effective date

Version

1.0

Version history

 

Associated
documents

Privacy Act 1988

Privacy Processes

Privacy Policy – Human Resources

Privacy Collection Notice for Students

Privacy Collection Notice for Website Users