• Privacy Policy


    This Privacy Policy applies to Catholic Education Melbourne (CEM). The Policy sets out how CEM manages personal and sensitive information provided to or collected by it.

    In dealing with personal and sensitive information about individuals, CEM is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). In relation to health records, CEM is also bound by the Health Records Act 2001 (Vic.) and the Health Privacy Principles in that Act.

    CEM may, from time to time, review and update this Privacy Policy to take account of new laws and technology and changes to CEM operations and practices and to ensure the policy remains current in a changing environment.

    What kinds of personal information does CEM collect and how does CEM collect it?

    CEM collects information from individuals that is necessary in order for it to perform one or more of its functions or activities related to its work of advising and supporting Catholic schools in the Archdiocese of Melbourne. The type of information CEM collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

    • students and parents and/or guardians (parents) before, during and after the course of a student’s enrolment at the school
    • job applicants, staff members, volunteers and contractors
    • other people who come into contact with CEM.

    CEM will generally collect personal information held about an individual from forms filled out by the individual, face-to-face meetings and interviews, emails and telephone calls. On occasions people other than the individual provide personal information.

    CEM may receive information about students, parents and staff of Victorian Catholic schools from schools.

    In some circumstances CEM may receive personal information about an individual from a third party, for example a report provided by a school or a medical professional or a reference from another employer.

    Information collected by CEM website

    When you look at CEM’s website, CEM’s Internet Service Provider makes a record of your visit and logs the following information for statistical purposes:

    • your server address
    • your top-level domain name (for example .com, .gov, .au, .uk, etc.)
    • the date and time of your visit to the site
    • the pages you accessed and the documents you downloaded
    • the previous site you have visited
    • the type of browser you are using.

    Access to information collected

    CEM will not attempt to identify users by their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect CEM’s Internet Service Provider's logs.

    Use of information collected

    CEM will only record your email address if you send CEM a message. Your email address will only be used for the purpose for which you have provided it and it will not be added to a mailing list or used for any other purpose without your consent.

    CEM’s website does not provide facilities for the secure transmission of information across the Internet. Users should be aware that there are inherent risks in transmitting information across the Internet.


    CEM’s website only uses session cookies and only during a search query of the website. On closing your browser the session cookie set by CEM’s website is destroyed and no personal information is retained which might identify you should you visit CEM’s website at a later date.

    Exception in relation to employee records

    Under the Privacy Act the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to CEM's treatment of an employee record unless required by law or organisational policy where the treatment is directly related to a current or former employment relationship between CEM and the employee. CEM handles staff health records in accordance with the Health Privacy Principals in the Health Records Act 2001 (Vic.).

    How will CEM use the personal information you provide?

    CEM will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.

    Students and Parents

    CEM uses personal information about students and parents collected by the CEM or provided to CEM to:

    • assist with students’ learning and wellbeing
    • satisfy CEM’s accountability and legal and professional obligations.

    Job applicants and contractors

    In relation to personal information of job applicants and contractors, CEM's primary purpose of collection is to assess and (if successful), engage the applicant or contractor.

    In addition, CEM uses the personal information of job applicants and contractors for the purpose of:

    • administering the individual's employment or contract
    • insurance purposes
    • satisfying CEM's legal obligations, for example in relation to child protection legislation.


    CEM may also obtain personal information about volunteers who assist CEM in its functions or to conduct associated activities to enable CEM to conduct its functions.


    CEM undertakes marketing activities to promote the future growth and development of Catholic schools in the Archdiocese of Melbourne. CEM may receive personal information held by a school for CEM’s marketing purposes.

    Who might CEM disclose personal information to and store your information with?

    CEM may disclose personal information, held about an individual to:

    • the Catholic Education Commission of Victoria Ltd, (CECV), Catholic Education Offices, and specialist visiting teachers
    • third party service providers (including online) that provide educational support or pastoral care services to schools and school systems including the Integrated Catholic Online Network system (ICON)
    • another school to facilitate the transfer of a student
    • recipients of school publications, such as newsletters and magazines
    • anyone to whom we are required or authorised to disclose the information to by law.

    CEM may from time to time use the services of third party online service providers (including for the delivery of services and third party online applications, or Apps. These online service providers may be located in or outside Australia.

    CEM makes reasonable efforts to be satisfied about the protection and security of any personal information processed and stored outside Australia as not all countries are bound by laws which provide the same level of protection for personal information provided by the APPs.

    Where CEM uses the servers of cloud service providers or other third party service providers, they will be located in countries which have substantially similar protections as the APPs.

    Where personal and sensitive information is retained by a cloud service provider on behalf of CEM to facilitate Human Resources and staff administrative support, this information will be stored on servers located within Australia. This includes the ICON system.

    Sending and storing information overseas

    CEM will not send personal information about an individual outside Australia without:

    • your consent (in some cases this consent will be implied)
    • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

    How does CEM treat sensitive information?

    Sensitive information relating to a person's racial or ethnic origin, political opinion, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or criminal record will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

    Management and security of personal information

    CEM staff are required to respect the confidentiality of students' and parents' personal information and the privacy of individuals.

    CEM has various methods in place to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. These include, but not limited to, locked storage of paper records, access protocols, password protected computer records, high level security measures and encryption.

    Access and correction of personal information

    Under the Commonwealth Privacy Act and the Health Records Act 2001 (Vic.) an individual has the right to obtain access to any personal information which CEM holds about them and to advise CEM of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves.

    The exceptions to these rights set out in the applicable legislation.

    To make a request to access or update any personal information CEM holds about you or your child, please refer to the contact details below.

    CEM may require you to verify your identity and specify what information you are seeking. CEM may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, CEM will advise the likely cost in advance. If CEM cannot provide you with access to that information, you will be provided with a written notice explaining the reasons for refusal.

    Consent and rights of access to the personal information of students

    CEM respects every parent's right to make decisions concerning their child's education.

    Generally, CEM will refer any requests for consent and notices in relation to the personal information of a student to the student's Parents. CEM will treat consent given by Parents as consent given on behalf of the student, and notice to Parents will act as notice given to the student.

    While Parents may seek access to personal information held by CEM about them or their child by contacting the CEM Privacy Officer (see contact details below), there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of CEM’s duty of care to a staff member or student.

    CEM may, at its discretion, on the request of a student, grant that student access to information held by CEM about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. Normally, this would only be done when the maturity of the student and/or the student's personal circumstances warrant it.

    Enquiries and complaints

    If you would like further information about the way CEM manages the personal information it holds, or wish to complain if you believe that CEM has breached the Australian Privacy Principles, please contact the CEM Privacy Officer:

    CEM Privacy Officer
    Catholic Education Office Melbourne
    PO Box 3, EAST MELBOURNE 8002
    Phone 9267 0228
    Email privacy@cem.edu.au.

    CEM will investigate any complaint and notify you of a decision in relation to your complaint as soon as practicable after the decision has been made.

    Updated 10 April 2017
    Next Review February 2018

Can’t Find it...

Can't find what you're looking for? Why not try the sitemap

A-Z Index