Privacy Policy

Your Privacy is important to us.


Melbourne Girls Grammar (MGGS) is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

The APPs cover the collection, use, disclosure, integrity and security of, and access to, personal information.

MGGS is committed to protecting privacy and confidentiality, in accordance with Australian privacy laws. This Privacy Policy sets out how the School manages personal information provided to or collected by it.

MGGS is also bound by the Health Records Act 2001 (Vic) when we collect and handle health information.


The following types of information are covered by the APPs:

  • Personal information
  • Sensitive information
  • Health information

What is ‘personal information’?

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

Personal information collected by MGGS about students, staff, volunteers, contractors and other persons may include, as relevant, names, addresses and other contact details, date of birth, next of kin, marital status, billing details, financial information, photographic or video images, attendance records, personal references and Working with Children Checks.

The APPs apply to the collection of personal information for MGGS’ inclusion in a record or a generally available publication, but apart from this, the APPs only apply to personal information that the School has collected and that it holds as a record.

What is ‘sensitive information’?

Sensitive information is personal information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a professional, trade or political association or union, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices or criminal record. We only collect sensitive information where it is reasonably necessary for, or directly related to, our functions or activities and either:

  • the individual has consented; or
  • we are required or authorised by or under law, including under the APPs, to do so.

Sensitive information collected by MGGS may include, where relevant:

  • National Police Record Check from job applicants, volunteers and contractors
  • sexual orientation of students, if disclosed by the student, to assist with any welfare concerns.

What is ‘health information’?

Health information is a subset of sensitive information. It is information or opinion about the health or disability of an individual, the individual’s expressed wishes about the future provision of health services, or a health service provided to the individual, currently or in the future. Health information also includes personal information collected in the course of providing a health service.

Health information collected by MGGS about students, staff and other individuals may include:

  • Information about physical or mental health
  • Medical assessments and referrals
  • Health fund details, ambulance subscription and Medicare number
  • Medical background, including any conditions, treatments, or special reports and test results
  • Immunisations
  • Nutrition, dietary requirements
  • Diagnosis of disorders and the treatment given

Exception in relation to employee records

The APPs do not apply in relation to MGGS’s handling of employee records if such handling is directly related to a current or former employment relationship between MGGS and an employee. However, MGGS may be required to produce certain employee records to an employee upon request in accordance with the Fair Work Act. 

An employee record is a record of personal information relating to the employment of an employee and includes, for example, health information about an employee and personal information about the engagement, training, discipline, terms and conditions of employment of the employee and the employee’s performance or conduct. 

What kinds of personal information does the School collect and how does the School collect it?

MGGS collects and holds (but is not limited to) personal information, including sensitive and health information, about:

  • students and parents and/or guardians before, during and after the course of a student’s enrolment at the School. This includes information for unsuccessful applicants for enrolment.
  • job applicants, staff members, volunteers and contractors
  • other individuals or organisations that come into contact with the School.

Personal information collected by MGGS

MGGS will generally collect personal information about an individual by way of:

  • correspondence and forms filled out by parents or pupils (for example, an enrolment application, medical forms, camp and excursion forms)
  • face-to-face meetings and interviews
  • emails and telephone calls
  • registering for events
  • via the MGGS website and the Learning Management System (eVI) and the School Management System (Synergetic) and activities directly associated with the School
  • by taking photos and films of students and parents in accordance with our photography policy.

Personal information provided by other people

In some circumstances MGGS might be provided with personal information about an individual from a third party, for example:

  • a report by a medical professional
  • a reference from another school
  • from a referee or prior employer of a job applicant
  • in the case of international students and their families, from an education agent.

When individuals complete enrolment forms and at certain other times when they are asked to provide personal information to MGGS, the forms will contain a Privacy Statement or Collection Notice explaining in general terms, among other things, why the personal information is being collected, to whom it may be disclosed, how the individual may access it and the main consequences for the individual if it is not provided.

Personal information – photography by other people

In order to protect the privacy of individuals, the School will endeavour to advise and encourage parents/ guardians not to record a video or photograph their child at School events, as other students may be filmed in the process. This approach is in place to protect the personal information of individuals, to respect the individual’s right to control how and for what purpose their personal information is used.

Why we collect personal information?

The main purposes for which we collect, hold and use personal information are set out below.

Students and parents

The primary purpose of collection includes:

  • to keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines (via a variety of communication channels)
  • to provide an effective educational  experience for students
  • to support students’ health and wellbeing
  • to carry out day-to-day administration of the School
  • to meet the School’s legal and compliance obligations and allow the School to fulfil its duty of care
  • to request their involvement in capital expansion (fundraising) initiatives
  • other purposes as outlined on individual forms, for example, School camps and excursions
  • maintaining an archival record of MGGS and its community for historic purposes.

Job applicants and contractors

The School’s primary purpose of collection is to assess and, if successful, to engage the job applicant or contractor in order:

  • to administer the recruitment and engagement lifecycle process of staff and contractors, respectively
  • to meet the School’s legal obligations, for example, in relation to child protection legislation
  • to protect the security of our students, staff, visitors, offices and property held on our premises
  • to meet insurance obligations.


Volunteers assist the School in organising special School-related functions or to conduct associated activities or to run and participate in bodies such as the Merton Hall Foundation and the Parents Association.

The School’s primary purpose of collection is to assess and, if successful, engage the volunteer in order:

  • to administer the volunteer engagement lifecycle process
  • to meet the School’s legal obligations, for example, in relation to child protection legislation
  • to protect the security of our students, staff, visitors, offices and property held on our premises
  • to meet insurance obligations.

Marketing and Community Engagement Initiatives

Collection of personal information through websites

Information is automatically collected through the MGGS website and other MGGS platforms.

We may use temporary (session) cookies or permanent cookies when individuals access the MGGS website. This allows us to recognise the browser and track the web pages MGGS visitors have visited virtually. Cookies are small text files that websites may place on your computer or device. Most often, cookies are used to recognise repeat users of websites and remember user preferences. Cookies are also used to allow the website to track usage behaviour and aggregate data to allow MGGS to customise a user’s experience on our website.

The information may be used and disclosed by MGGS for purposes including statistical analysis, and to assist MGGS in improving the functionality and usability of marketing materials, including the website and other digital marketing channels. Users can switch off cookies by adjusting the settings on their web browser.

Services our website may use from time to time include Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage. By accessing the MGGS website, individuals consent to the processing of their data by Google in the manner described in Google’s most updated version of its Privacy Policy (located on the Google website) and for the purposes set out above. Individuals can opt out of Google Analytics if they disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

We are constantly developing and enhancing our use of online technologies and make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard.

An individual may advise MGGS of any perceived inaccuracy in their personal information held by the School. If the individual is able to establish that the information is not accurate, complete and up-to-date, the School will take reasonable steps to correct it. MGGS will give reasons if it refuses to correct personal information.

Opting out

Where an individual has consented to receiving marketing communications from MGGS, consent will remain current until the individual advises us otherwise. Opt-out can be initiated at any time by:

  • contacting MGGS via the contact details provided on the communication received, or via the details at the end of this Policy)
  • advising the Community Office if you receive a marketing call that you no longer wish to receive these calls; or
  • using the unsubscribe capability included in relevant documentation.

Collection notices

The School will take reasonable steps at or before the time we collect personal information to provide details about the collection of an individual’s personal information (such as why we are collecting the information and who we might share it with). A Collection Notice may provide more specific information than contained in this Privacy Policy.

Unsolicited information

Unsolicited information is personal information we receive that we have taken no active steps to collect (such as an employment application sent by an individual of their own initiative, rather than a response to a job advertisement). Records of such information may be kept if the Privacy Act permits it. If not, the information will be destroyed or de-identified as soon as practicable, provided it is lawful and reasonable to do so.

purposes for which the School discloses personal information?

The primary purpose for which MGGS might use or disclose the personal information it holds is to provide educational and related services to its students, to keep its parents and guardians informed of student progress and to ensure the safety, welfare and care of our students. 

MGGS may also use or disclose the personal information it holds in circumstances that are permitted or authorised by the APPs, including:

  • where the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order (such as a subpoena or warrant)
  • if MGGS reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual
  • if MGGS has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to its functions and activities has been, is being or may be engaged in and the use or disclosure is necessary for MGGS to take appropriate action in relation to the matter
  • MGGS reasonably believes that the use or disclosure is reasonably necessary for an enforcement related activity conduct by an enforcement body, such as the Victoria Police. 

Instances of persons to whom MGGS may disclose personal information held about a student or other individual include:

  • people providing services to the School, including specialist visiting teachers, consultants, counsellors, sports coaches and other co-curricular providers
  • third party providers who act for or on behalf of the School in providing administrative, educational or other support services, including consultants assisting or advising on academic programs, pedagogical approaches and student performance
  • another school or educational institution
  • parents
  • Recipients of School reports, publications, newsletters and magazines
  • MGGS Old Grammarian’s Society and the MGGS Parents Association
  • Medical practitioners, or other health-related professionals
  • Law enforcement agencies
  • Debt collection agencies
  • State and Federal Government departments.

Sending information overseas

MGGS is likely to only disclose personal information about its students and parents to overseas recipients if it is directly relevant to a student overseas excursion.  It is not practicable to specify in this policy the countries in which the recipients of such information are likely to be located. Nevertheless, MGGS will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied); or
  • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

What if WE ARE not provideD with personal information?

Wherever it is lawful and practicable, individuals have the option of not identifying themselves, or by using a pseudonym. A pseudonym is a name or other descriptor that is different from an individual’s actual name. For example, you can access our website and make general telephone queries without having to identify yourself.

 However, if the information that MGGS requests is not provided, the main consequences may be that MGGS cannot:

  • assess a student for enrolment or continue to enrol a student
  • properly assess the suitability of an applicant for future employment, as a volunteer or as a contractor
  • allow a student to participate in a school activity or to provide or allow services to be provided to the student, including medical or first aid services, or provide the full range of educational and support services offered by the School
  • ensure the safety and welfare of a student
  • communicate fully with the parents or guardians of a student
  • comply with any lawful obligation of the School including its duty of care. 

Management and security of personal information

MGGS staff are required to respect the confidentiality of students’ and parents’ personal information (including images) and the privacy of individuals, and to take this obligation seriously.

The School has in place reasonable steps to protect the personal information the School holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including:

  • locked storage of paper records
  • password access rights to computerised records
  • website protection measures (such as firewalls and anti-virus software)
  • security restrictions on access to our computer systems
  • controlled access to our corporate offices.

MGGS will also take such steps as are reasonable to destroy or de-identify personal information it holds if, in its opinion, the information is no longer needed for the purpose for which it was collected.

MGGS may use cloud services to operate our ICT services which may mean that personal information resides on servers potentially situated outside Australia. MGGS is committed to choose cloud services where the cloud service provider satisfies and safeguards the School’s obligations in relation to risk management, data security, privacy and the storage and processing of data offshore.

Access to personal information

Under the APPs an individual may request access to any personal information which the School holds about them, and access will be provided within a reasonable time, unless MGGS is entitled or obliged to refuse access.

Students will generally have access to their personal information through their parents while they are attending the School.

When a request for access is made, MGGS may require verification of identity and details of information required. In instances where the information is for former students and MGGS has stored the information offsite, any costs associated with the retrieval of that information will need to be borne by the person making the request.

Requests for access to any personal information held by MGGS, should be made to the MGGS Privacy Officer (in writing or by email): 

Privacy Officer
C/o Business Services Office
Melbourne Girls Grammar
86 Anderson Street South Yarra VIC 3141

Facsimile: +61 (0)3 9866 1119

Consent and rights of access to the personal information of students

The School respects every parent’s right to make decisions concerning their child’s schooling, education and welfare.

Generally, the School:

  • will give a parent access to personal information held by the School about their child
  • may refer any request for access to the personal information of a student to the student’s parents.

For this purpose, the School will treat consent given by parents as consent given on behalf of the student, and notice given to parents as notice given to the student.

The School may, at its discretion, grant a student access to their personal information without involving the parents, or allow a student to give or withhold consent to the use or disclosure of their personal information without involving the parents. This would normally be done only when the student involved has reached 18 years of age, but the School could also do so in other circumstances when the maturity of the student and/or the particular circumstances warrant it.

Circumstances where access may be denied

MGGS may refuse to give an individual access to the personal information it holds about them under the APPs including, to the extent that:

  • MGGS reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
  • giving access would have an unreasonable impact on the privacy of others
  • release may result in a breach of the School’s duty of care to the student
  • release may result in a Breach of Confidence in relation to the staff or other person who provided the information
  • the request for access is frivolous or vexatious
  • providing access could prejudice the School’s negotiations with the individual on a particular matter
  • giving access would be unlawful
  • denying access is required or authorised by law.

MGGS will provide reasons if it denies access.

Correction of personal information

If MGGS is satisfied that any personal information held by it is inaccurate, out of date, incomplete, irrelevant or misleading, or a person requests MGGS to correct the information about them, MGGS will take such steps as are reasonable in the circumstances to correct the information. 

If MGGS refuses to correct the personal information of an individual as requested by them, MGGS will give the individual reasons in writing and how the individual may complain about the refusal.


An individual may make a complaint to MGGS if he or she considers that MGGS has interfered with his or her privacy because of an alleged breach of the APPs.  A complaint can be made in writing addressed to the Privacy Officer at MGGS:

Melbourne Girls Grammar
C/o Privacy Officer – Business Services Office
86 Anderson Street South Yarra VIC 3141

Telephone: +61 (0)3 9862 9200
Facsimile: +61 (0)3 9866 1119

The complaint must specify the details of the alleged breach. MGGS will investigate any complaint and report back to the complainant on its decision in relation to the complaint as soon as is practicable after it has been made. 

If MGGS determines that there has been a breach of the APPs, it will advise the complainant in writing of any action it will take to remedy the breach. MGGS will maintain a record of all complaints and determinations and of the action taken to remedy any breach. 

Further information on the Privacy Legislation is available on or by contacting:

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Privacy Hotline 1300 363 992