Privacy Policy

1. Overview

Mount Clear College operates a number of internal digital services that are restricted to authorised Mount Clear College and Department of Education users, including staff and students.

These services may use OAuth-based authentication to verify identity and restrict access. OAuth is used solely for authentication and access control, not for general data collection.

The handling of personal information by Mount Clear College is governed by the Victorian Department of Education Privacy Policy, which takes precedence over this local statement.

2. Primary Privacy Policy

Mount Clear College is a Victorian government school. All personal information is managed in accordance with:

• Department of Education (Victoria) – Privacy Policy
• Privacy and Data Protection Act 2014 (Vic)
• Health Records Act 2001 (Vic) (where applicable)

The Department’s privacy policy is available at: https://www.education.vic.gov.au/Pages/privacypolicy.aspx

3. Services Covered

This statement applies to Mount Clear College–managed services, including but not limited to:

• https://staff.mountclearcollege.vic.edu.au
• https://students.mountclearcollege.vic.edu.au
• https://papercut.mountclearcollege.vic.edu.au
• Other internal Mount Clear College web applications and portals

4. Information Collected via OAuth

When a user signs in using OAuth, the following basic identity information may be provided by the authentication provider:

• First name
• Last name
• Email address

No additional personal data (such as files, contacts, messages, calendar data, or activity history) is requested or accessed. Email domain information may be referenced to permit or restrict access to particular services.

5. Purpose of Collection

This information is collected only to:

• Authenticate staff or student identity
• Restrict access to Mount Clear College services
• Associate authenticated users with their internal accounts

OAuth data is not used for marketing, profiling, analytics, or advertising.

6. Authentication & Identity Management

OAuth authentication is implemented using:

• Cloudflare One – Zero Trust
• Operating as a SAML and OAuth identity broker

Cloudflare One is used to enforce secure authentication, access policies, and session protection. As part of this process, Cloudflare may store a user identity record (such as name and email address), session information, and access-related metadata for security, auditing, and access management purposes.

Mount Clear College does not use OAuth data for marketing, advertising, or behavioural tracking.

Cloudflare’s privacy policy is available at: https://www.cloudflare.com/privacypolicy/

7. Storage and Retention

Identity information provided via OAuth may be stored by Mount Clear College and its authentication providers (including Cloudflare One) for the purposes of access control, session management, and security auditing.

Access is revoked when a user is no longer authorised (e.g. staff departure or student exit). All data handling aligns with Department of Education retention, security, and information management policies.

8. Disclosure of Information

Personal information collected through OAuth is not disclosed to third parties, except:

• Where required by law
• Where required to operate secure authentication infrastructure (e.g. Cloudflare One)
• As required under Department of Education systems and policies

9. Access, Correction, and Enquiries

Requests relating to personal information should be made through Mount Clear College administration or via Department of Education processes.

10. Changes to This Statement

This statement may be updated to reflect changes in authentication methods or services. All updates remain subject to the Department of Education’s overarching privacy framework.