Privacy Policy | Policies and Procedures | Adelaide University
Source: https://adelaide.edu.au/about/policies/privacy-policy
Archived: 2026-04-23 17:10
Privacy Policy | Policies and Procedures | Adelaide University
Privacy Policy
This Privacy Policy informs visitors to our website about the type of information that may be collected about them and their browsing activity when they visit Adelaide University webpages and how the information is used.
This website is administered by Adelaide University.
1. The purpose of our policy
Adelaide University respects the privacy of individuals, and we are committed to protecting the personal information that we collect.
This policy sets out the principles applying to our collection, use, storage and disclosure of personal information, and our approach to relevant privacy laws.
It also provides the authority to maintain our Privacy Management Procedure.
2. Who our policy applies to
Our policy applies to Council members and to our employees, contractors, volunteers, titleholders, students, visitors and agents. It applies to the collection, use, disclosure and management of personal information handled or processed by Adelaide University.
3. Our privacy principles
Although Adelaide University is not subject to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) for all its activities, many of our operations are Commonwealth-funded and therefore must comply with the APPs. To ensure consistency and avoid dual systems, Adelaide University has adopted practices that are consistent with the APPs across all its operations.
Adelaide University is also committed to complying with the requirements of applicable privacy laws in other jurisdictions, including the European Union General Data Protection Regulation (GDPR), regarding individuals located in the European Union (including the European Economic Area).
Our policy principles include the following:
3.1 We collect personal information only when it is necessary for us to conduct our business activities
We collect personal information in several ways, including:
from individual's directly, including from correspondence and submitted forms (e.g. via online portals) as part of an individual's enrolment, registration, or subscription process, and in the course of undertaking research, providing services, or administration of our activities
From individual’s directly, including personal information relating to employment
from automatic processes that we have in place, including monitoring and logging of metadata from the use of the IT and online services and facilities we provide, and from CCTV cameras on our premises, and
from third parties we collaborate with.
See
Appendix 1
for the types of personal information we collect and how we use it.
3.2 We collect sensitive information only where permitted by law or with consent
We only collect sensitive information with the individual's consent, if required or authorised by Australian law or court/tribunal order, or where collection is permitted under the Privacy Act.
We collect sensitive information in undertaking some of our activities, including undertaking research, providing services, and in relation to student visa applications and requirements.
3.3 We store and manage personal information securely and responsibly
We may hold personal information in hardcopy or electronic format stored on our computing equipment or on third party servers. We take reasonable steps to:
ensure personal information we collect is accurate, up-to-date, complete, and relevant
ensure personal information we use or disclose is accurate, up-to-date, complete, and relevant (having regard to the purpose of our use or disclosure)
protect personal information in our possession from misuse, interference, loss, and unauthorised access, modification, or disclosure, and
destroy or de-identify personal information we no longer need, unless we are required or authorised to retain the information under an applicable law or court order, or regulatory or contractual requirement.
We have in place measures to protect personal information in our possession from misuse, interference, loss, and unauthorised access, modification or disclosure.
Where it is lawful and not impracticable, we allow individuals to interact with us anonymously or to use a pseudonym when dealing with us.
3.4 We use personal information only for legitimate and lawful purposes
We will only use or disclose personal information for the primary purpose it was collected, or a reasonably expected and related secondary purpose, where we have the individual's consent, or where use is otherwise permitted or required by law.
See
Appendix 1
for the purpose for which different types of personal information are collected.
We may disclose personal information to the following types of third parties:
Government departments and agencies, to satisfy our reporting requirements.
Our controlled entities, if such personal information is required by the controlled entity to provide services to us or undertake activities for us.
Our foundation universities, in connection with their transition to us.
External service providers, if the personal information is required for the service provider to provide services to us or on our behalf.
Collaborating parties, if the personal information is required for the collaborative activity to be undertaken.
Regulators and law enforcement bodies, for the purpose of conducting investigations and enforcement-related activities.
Third parties impacted by investigations into student misconduct complaints such as student accommodation providers, clubs, societies or placement providers.
Third parties impacted by investigations into research integrity complaints, such as research publishers, funding bodies, and affiliated organisations, and as required or authorised by Australian law or court/tribunal order.
Some third parties to whom we disclose personal information may be located outside of Australia (including in the countries listed in
Appendix 2
). If we disclose personal information to an overseas recipient and the disclosure is not expressly permitted under the APPs, we will ensure compliance with APP 8 by:
entering into a contract with the overseas recipient that binds the overseas recipient to privacy obligations that are consistent with the APPs, including provisions for ongoing monitoring and enforcement of those obligations
ensuring the overseas recipient is subject to a law or binding scheme that has the effect of protecting the personal information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information, and that individuals have accessible means to enforce those protections, or
obtaining the individual’s express consent to the disclosure of their personal information to the overseas recipient.
We will not use personal information for the purpose of direct marketing unless it is contemplated under this policy, or we have the individual’s consent, or it is otherwise permitted by the Privacy Act. We may collect and use personal information (other than sensitive information) provided by an individual, or which is accessed through our website, including by using tools such as cookies and pixels, for direct marketing. We will ensure any direct marketing communications contain a simple means by which individuals may easily opt out of receiving them in the future.
3.5 We provide individuals with access to their personal information wherever possible
We will provide individuals with access to their personal information on request in accordance with this policy, unless we have a legitimate reason to refuse the request (for example, if there is a legal basis to refuse). In some cases, we may request that an individual submits an application to access the information under the
Freedom of Information Act 1991 (SA)
.
3.6 We take reasonable steps to correct and update personal information
We encourage staff, students and alumni to use self-serve systems provided by the University to update their personal information. Individuals may also submit requests to Adelaide University to correct or update personal information about them held by the university by contacting the area of Adelaide University to which the individual provided their personal information, or to our Privacy Officer on the contact details set out in 3.9 below.
We will respond to a request for correction or update within a reasonable period and will not impose any charges for the request. If we refuse to make the requested correction or update, we will provide the requestor with a written notice setting out our reasons for refusal. Individuals may apply in writing for a review (see 3.9 below for contact details) if they are dissatisfied with our refusal decision.
3.7 We protect the rights of individuals whose personal information is subject to the GDPR
Where we handle personal information from individuals located in the European Union, that information is managed in accordance with the GDPR. For the purposes of the GDPR, the University’s Data Protection Officer is the Director, Governance Services (Privacy Officer).
Refer to our Privacy Management Procedure for further details.
3.8 We respond to privacy breaches and complaints promptly and transparently
Individuals may contact us in writing (see 3.9 below for contact details) if they believe their personal information has not been managed by us in accordance with this policy. We aim to process complaints in a reasonable time (usually within 30 days from the date the complaint was received) and will inform the individual in writing of our decision. Individuals may escalate their complaint to the Office of the Australian Information Commissioner (OAIC) at
www.oaic.gov.au
if they are not satisfied with our response.
Staff who become aware of any actual or suspected loss or unauthorised access, use, modification, disclosure or other misuse of personal information (“data breach”) must follow the data breach procedures contained in the [Information Breach Procedure]. Adelaide University will comply with mandatory data breach notification requirements.
3.9 We provide clear ways for individuals to contact us about their personal information
Individuals may contact us in relation to their personal information, including to exercise their rights under this policy or under an applicable law or to ask a question about our collection, storage, use or disclosure of their personal information.
Our contact details are:
University Privacy Officer
Office of the Vice Chancellor
Adelaide University SA 5005
Email:
privacy@adelaide.edu.au
4. Definitions used in our policy
Please refer to our
Adelaide University glossary
for a full list of our definitions.
Controlled entity
means a person, group of persons or body corporate over which we have control.
Foundation Universities
means the University of South Australia and The University of Adelaide.
Personal Information
is any information (including an opinion) about an identified or identifiable person.
Sensitive Information
is Personal Information that is considered particularly sensitive or special and therefore needs additional protection. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, trade-union membership, health, or medical conditions, genetic or biometric information, sexual orientation, or criminal convictions and offences.
5. How our policy is governed
This policy is categorised, approved and owned in line with the governance structure of Adelaide University and the offices and officers listed below.
Policy category
Council
Approving authority
Transition Council / Council
Policy owner
Director, Governance Services
Responsible officer
Director, Governance Services
Effective from
1 January 2026
Review date
[3/4/5 years after date this version is approved, TBC]
Enquiries
Interim Central Policy Unit/[Central Policy Unit]
staff.policy.enquiries@adelaideuni.edu.au
Replaced documents
None
6. Legislation and other documents related to our policy
Refer to the Delegation Policy for all delegations at Adelaide University.
Category
Documents
Associated procedures
Privacy Management Procedure
[Information Breach Procedure]
Referenced legislation
Privacy Act 1988 (Cth)
European Union General Data Protection Regulation (GDPR)
Related legislation
South Australian Cabinet Administrative Instruction 1/89 (Information Privacy Principles Instruction)
Higher Education Support Act 2003 (Cth)
Privacy (Tax File Number) Rule 2015 (Cth)
Telecommunications (Interception and Access) Act 1979
Freedom of Information Act 1991 (SA)
External references
HESF Domain 7 – Representation, Information and Information Management
7. History of changes
Date approved
To section/clauses
Description of change
1 May 2024
N/A
New policy
19 December 2025
3.3 (overseas recipients)
3.7 (breaches and complaints)
Update to new policy template, expanded on conditions of overseas disclosure specifically relating to informed and voluntary consent, added escalation of complaints to OAIC information as well as notifiable data breaches scheme. Updated contact details of Privacy Officer. Other minor editorial changes to reflect new policy template.
At the time of writing, Adelaide University’s organisational structure, position titles, and committee names have not been confirmed. Square brackets [ ] indicate placeholders for these details. Brackets are also used to identify policy elements that are subject to further decision-making or confirmation. These will be updated once final decisions are made.
Appendix 1 - Collection and use of personal information
Person from whom Personal information is collected
The kinds of Personal Information collected includes:
Purpose of collection, use and disclosure of Personal Information includes:
Student
Name, contact details, social media addresses, photographs, tax file numbers, passport details and other government related identifiers, grades and awards, prior studies, placements and information resulting from our processes involving you (e.g. investigation for academic misconduct, academic appeals).
Administration of your course of study (including enrolment, scholarships, prizes, timetabling, visa requirements), delivery of teaching, educational resources, email and other services related to your enrolment at the University, monitoring your progress in your course of study, fulfilling external reporting requirements, internal planning, improvement and development, management of health, safety and wellbeing, communicating to you about the University and other parties or activities relevant to your course of study, administering electoral rolls, alumni communications and undertaking marketing activities.
Individual related to or associated with a student (e.g. emergency contacts, medical practitioners)
Name and contact details.
To contact you in connection with your engagement with the University.
Prospective student
Name, contact details, grades and awards, prior studies, information resulting from the University processes involving you (e.g. recognition of prior learning) and information relating to student visa applications and requirements (e.g. English language proficiency level, financial capacity, health insurance details and health and character requirements).
To provide you with information about us, assess admission applications. undertake internal planning, improvement and development and, , undertake marketing activities where permitted.
Member of our alumni or a donor
Name, contact details, academic awards and details of gifts.
To maintain communication and promote our activities and events, to include your name and conferred awards in graduation booklets, confirm your graduate status in response to enquiries from third parties, undertake fundraising and marketing activities, publicly acknowledge donors (unless otherwise requested by the donor), administer University Council electoral rolls, internal planning, improvement and development and profile building to evaluate prospective donors.
Employee, contractor, volunteer or titleholder
Contact details, photographs, bank account details, tax file numbers, information resulting from our processes (e.g. terms of engagement, investigation for misconduct).
Administration and management of the employee, contractor, volunteer or titleholder, management of health, safety and wellbeing, fulfilling external reporting requirements, internal planning, improvement and development, creating a publicly available University staff contact directory, administering electoral rolls and undertaking marketing activities.
If you agree to be added to our recruitment database, for follow up contact for future job vacancies.
Your name and expertise, and photographs of you taken in the course of a University activity, may be published by us for informational, marketing and promotional purposes.
Job applicant
Name, contact details, qualifications and experience, referees and information resulting from our processes (e.g. assessment of applicant, record of communication with referees).
To assess your application.
If you agree to be added to our recruitment database, for follow up contact for future job vacancies.
Research participant
Name, contact details and, in some cases, health and other sensitive information.
For research purposes, follow up contact for future related projects (in each case subject to any human research ethics committee restrictions) and undertaking marketing activities.
Customer, user or attendee of University facilities, services (including counselling services), events, conferences or activities
Name, contact details and, in some cases, health and other sensitive information.
For the provision of the facilities or services, administration and monitoring of the use of or attendance at such facilities, services, events or activities, internal planning, improvement and development, ensuring the security of our facilities or premises and promoting our other events or activities (including marketing).
To provide health or counselling services and, if you are using Disability Services, to assess and respond to requests by you for additional support or adjustments.
Individual accessing the University’s website
Details of website use, webpages browsed, IP address, enquiries regarding products and services and social media platforms used.
To monitor use of our website, to assess, manage, upgrade, and improve our website, to carry out market analysis and research and undertake marketing activities.
People who enter University grounds/premises
All individuals entering the University’s grounds/premises should expected personal information in their images will be captured by CCTV cameras. If individuals enter the University grounds by vehicle, the personal information collected includes the vehicle registration details.
CCTV images are recorded to facilitate the safety and security of the University and members of the University community; for investigative and legal purposes; and for planning purposes.
CCTV images may be released to third parties including organisations and law enforcement bodies in accordance with this policy and the Privacy Management Procedure.
Appendix 2 – Locations of overseas recipients of personal information
United States of America
Canada
United Kingdom
European Union
Singapore
Hong Kong
The Netherlands
Privacy Policy
This Privacy Policy informs visitors to our website about the type of information that may be collected about them and their browsing activity when they visit Adelaide University webpages and how the information is used.
This website is administered by Adelaide University.
1. The purpose of our policy
Adelaide University respects the privacy of individuals, and we are committed to protecting the personal information that we collect.
This policy sets out the principles applying to our collection, use, storage and disclosure of personal information, and our approach to relevant privacy laws.
It also provides the authority to maintain our Privacy Management Procedure.
2. Who our policy applies to
Our policy applies to Council members and to our employees, contractors, volunteers, titleholders, students, visitors and agents. It applies to the collection, use, disclosure and management of personal information handled or processed by Adelaide University.
3. Our privacy principles
Although Adelaide University is not subject to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) for all its activities, many of our operations are Commonwealth-funded and therefore must comply with the APPs. To ensure consistency and avoid dual systems, Adelaide University has adopted practices that are consistent with the APPs across all its operations.
Adelaide University is also committed to complying with the requirements of applicable privacy laws in other jurisdictions, including the European Union General Data Protection Regulation (GDPR), regarding individuals located in the European Union (including the European Economic Area).
Our policy principles include the following:
3.1 We collect personal information only when it is necessary for us to conduct our business activities
We collect personal information in several ways, including:
from individual's directly, including from correspondence and submitted forms (e.g. via online portals) as part of an individual's enrolment, registration, or subscription process, and in the course of undertaking research, providing services, or administration of our activities
From individual’s directly, including personal information relating to employment
from automatic processes that we have in place, including monitoring and logging of metadata from the use of the IT and online services and facilities we provide, and from CCTV cameras on our premises, and
from third parties we collaborate with.
See
Appendix 1
for the types of personal information we collect and how we use it.
3.2 We collect sensitive information only where permitted by law or with consent
We only collect sensitive information with the individual's consent, if required or authorised by Australian law or court/tribunal order, or where collection is permitted under the Privacy Act.
We collect sensitive information in undertaking some of our activities, including undertaking research, providing services, and in relation to student visa applications and requirements.
3.3 We store and manage personal information securely and responsibly
We may hold personal information in hardcopy or electronic format stored on our computing equipment or on third party servers. We take reasonable steps to:
ensure personal information we collect is accurate, up-to-date, complete, and relevant
ensure personal information we use or disclose is accurate, up-to-date, complete, and relevant (having regard to the purpose of our use or disclosure)
protect personal information in our possession from misuse, interference, loss, and unauthorised access, modification, or disclosure, and
destroy or de-identify personal information we no longer need, unless we are required or authorised to retain the information under an applicable law or court order, or regulatory or contractual requirement.
We have in place measures to protect personal information in our possession from misuse, interference, loss, and unauthorised access, modification or disclosure.
Where it is lawful and not impracticable, we allow individuals to interact with us anonymously or to use a pseudonym when dealing with us.
3.4 We use personal information only for legitimate and lawful purposes
We will only use or disclose personal information for the primary purpose it was collected, or a reasonably expected and related secondary purpose, where we have the individual's consent, or where use is otherwise permitted or required by law.
See
Appendix 1
for the purpose for which different types of personal information are collected.
We may disclose personal information to the following types of third parties:
Government departments and agencies, to satisfy our reporting requirements.
Our controlled entities, if such personal information is required by the controlled entity to provide services to us or undertake activities for us.
Our foundation universities, in connection with their transition to us.
External service providers, if the personal information is required for the service provider to provide services to us or on our behalf.
Collaborating parties, if the personal information is required for the collaborative activity to be undertaken.
Regulators and law enforcement bodies, for the purpose of conducting investigations and enforcement-related activities.
Third parties impacted by investigations into student misconduct complaints such as student accommodation providers, clubs, societies or placement providers.
Third parties impacted by investigations into research integrity complaints, such as research publishers, funding bodies, and affiliated organisations, and as required or authorised by Australian law or court/tribunal order.
Some third parties to whom we disclose personal information may be located outside of Australia (including in the countries listed in
Appendix 2
). If we disclose personal information to an overseas recipient and the disclosure is not expressly permitted under the APPs, we will ensure compliance with APP 8 by:
entering into a contract with the overseas recipient that binds the overseas recipient to privacy obligations that are consistent with the APPs, including provisions for ongoing monitoring and enforcement of those obligations
ensuring the overseas recipient is subject to a law or binding scheme that has the effect of protecting the personal information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information, and that individuals have accessible means to enforce those protections, or
obtaining the individual’s express consent to the disclosure of their personal information to the overseas recipient.
We will not use personal information for the purpose of direct marketing unless it is contemplated under this policy, or we have the individual’s consent, or it is otherwise permitted by the Privacy Act. We may collect and use personal information (other than sensitive information) provided by an individual, or which is accessed through our website, including by using tools such as cookies and pixels, for direct marketing. We will ensure any direct marketing communications contain a simple means by which individuals may easily opt out of receiving them in the future.
3.5 We provide individuals with access to their personal information wherever possible
We will provide individuals with access to their personal information on request in accordance with this policy, unless we have a legitimate reason to refuse the request (for example, if there is a legal basis to refuse). In some cases, we may request that an individual submits an application to access the information under the
Freedom of Information Act 1991 (SA)
.
3.6 We take reasonable steps to correct and update personal information
We encourage staff, students and alumni to use self-serve systems provided by the University to update their personal information. Individuals may also submit requests to Adelaide University to correct or update personal information about them held by the university by contacting the area of Adelaide University to which the individual provided their personal information, or to our Privacy Officer on the contact details set out in 3.9 below.
We will respond to a request for correction or update within a reasonable period and will not impose any charges for the request. If we refuse to make the requested correction or update, we will provide the requestor with a written notice setting out our reasons for refusal. Individuals may apply in writing for a review (see 3.9 below for contact details) if they are dissatisfied with our refusal decision.
3.7 We protect the rights of individuals whose personal information is subject to the GDPR
Where we handle personal information from individuals located in the European Union, that information is managed in accordance with the GDPR. For the purposes of the GDPR, the University’s Data Protection Officer is the Director, Governance Services (Privacy Officer).
Refer to our Privacy Management Procedure for further details.
3.8 We respond to privacy breaches and complaints promptly and transparently
Individuals may contact us in writing (see 3.9 below for contact details) if they believe their personal information has not been managed by us in accordance with this policy. We aim to process complaints in a reasonable time (usually within 30 days from the date the complaint was received) and will inform the individual in writing of our decision. Individuals may escalate their complaint to the Office of the Australian Information Commissioner (OAIC) at
www.oaic.gov.au
if they are not satisfied with our response.
Staff who become aware of any actual or suspected loss or unauthorised access, use, modification, disclosure or other misuse of personal information (“data breach”) must follow the data breach procedures contained in the [Information Breach Procedure]. Adelaide University will comply with mandatory data breach notification requirements.
3.9 We provide clear ways for individuals to contact us about their personal information
Individuals may contact us in relation to their personal information, including to exercise their rights under this policy or under an applicable law or to ask a question about our collection, storage, use or disclosure of their personal information.
Our contact details are:
University Privacy Officer
Office of the Vice Chancellor
Adelaide University SA 5005
Email:
privacy@adelaide.edu.au
4. Definitions used in our policy
Please refer to our
Adelaide University glossary
for a full list of our definitions.
Controlled entity
means a person, group of persons or body corporate over which we have control.
Foundation Universities
means the University of South Australia and The University of Adelaide.
Personal Information
is any information (including an opinion) about an identified or identifiable person.
Sensitive Information
is Personal Information that is considered particularly sensitive or special and therefore needs additional protection. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, trade-union membership, health, or medical conditions, genetic or biometric information, sexual orientation, or criminal convictions and offences.
5. How our policy is governed
This policy is categorised, approved and owned in line with the governance structure of Adelaide University and the offices and officers listed below.
Policy category
Council
Approving authority
Transition Council / Council
Policy owner
Director, Governance Services
Responsible officer
Director, Governance Services
Effective from
1 January 2026
Review date
[3/4/5 years after date this version is approved, TBC]
Enquiries
Interim Central Policy Unit/[Central Policy Unit]
staff.policy.enquiries@adelaideuni.edu.au
Replaced documents
None
6. Legislation and other documents related to our policy
Refer to the Delegation Policy for all delegations at Adelaide University.
Category
Documents
Associated procedures
Privacy Management Procedure
[Information Breach Procedure]
Referenced legislation
Privacy Act 1988 (Cth)
European Union General Data Protection Regulation (GDPR)
Related legislation
South Australian Cabinet Administrative Instruction 1/89 (Information Privacy Principles Instruction)
Higher Education Support Act 2003 (Cth)
Privacy (Tax File Number) Rule 2015 (Cth)
Telecommunications (Interception and Access) Act 1979
Freedom of Information Act 1991 (SA)
External references
HESF Domain 7 – Representation, Information and Information Management
7. History of changes
Date approved
To section/clauses
Description of change
1 May 2024
N/A
New policy
19 December 2025
3.3 (overseas recipients)
3.7 (breaches and complaints)
Update to new policy template, expanded on conditions of overseas disclosure specifically relating to informed and voluntary consent, added escalation of complaints to OAIC information as well as notifiable data breaches scheme. Updated contact details of Privacy Officer. Other minor editorial changes to reflect new policy template.
At the time of writing, Adelaide University’s organisational structure, position titles, and committee names have not been confirmed. Square brackets [ ] indicate placeholders for these details. Brackets are also used to identify policy elements that are subject to further decision-making or confirmation. These will be updated once final decisions are made.
Appendix 1 - Collection and use of personal information
Person from whom Personal information is collected
The kinds of Personal Information collected includes:
Purpose of collection, use and disclosure of Personal Information includes:
Student
Name, contact details, social media addresses, photographs, tax file numbers, passport details and other government related identifiers, grades and awards, prior studies, placements and information resulting from our processes involving you (e.g. investigation for academic misconduct, academic appeals).
Administration of your course of study (including enrolment, scholarships, prizes, timetabling, visa requirements), delivery of teaching, educational resources, email and other services related to your enrolment at the University, monitoring your progress in your course of study, fulfilling external reporting requirements, internal planning, improvement and development, management of health, safety and wellbeing, communicating to you about the University and other parties or activities relevant to your course of study, administering electoral rolls, alumni communications and undertaking marketing activities.
Individual related to or associated with a student (e.g. emergency contacts, medical practitioners)
Name and contact details.
To contact you in connection with your engagement with the University.
Prospective student
Name, contact details, grades and awards, prior studies, information resulting from the University processes involving you (e.g. recognition of prior learning) and information relating to student visa applications and requirements (e.g. English language proficiency level, financial capacity, health insurance details and health and character requirements).
To provide you with information about us, assess admission applications. undertake internal planning, improvement and development and, , undertake marketing activities where permitted.
Member of our alumni or a donor
Name, contact details, academic awards and details of gifts.
To maintain communication and promote our activities and events, to include your name and conferred awards in graduation booklets, confirm your graduate status in response to enquiries from third parties, undertake fundraising and marketing activities, publicly acknowledge donors (unless otherwise requested by the donor), administer University Council electoral rolls, internal planning, improvement and development and profile building to evaluate prospective donors.
Employee, contractor, volunteer or titleholder
Contact details, photographs, bank account details, tax file numbers, information resulting from our processes (e.g. terms of engagement, investigation for misconduct).
Administration and management of the employee, contractor, volunteer or titleholder, management of health, safety and wellbeing, fulfilling external reporting requirements, internal planning, improvement and development, creating a publicly available University staff contact directory, administering electoral rolls and undertaking marketing activities.
If you agree to be added to our recruitment database, for follow up contact for future job vacancies.
Your name and expertise, and photographs of you taken in the course of a University activity, may be published by us for informational, marketing and promotional purposes.
Job applicant
Name, contact details, qualifications and experience, referees and information resulting from our processes (e.g. assessment of applicant, record of communication with referees).
To assess your application.
If you agree to be added to our recruitment database, for follow up contact for future job vacancies.
Research participant
Name, contact details and, in some cases, health and other sensitive information.
For research purposes, follow up contact for future related projects (in each case subject to any human research ethics committee restrictions) and undertaking marketing activities.
Customer, user or attendee of University facilities, services (including counselling services), events, conferences or activities
Name, contact details and, in some cases, health and other sensitive information.
For the provision of the facilities or services, administration and monitoring of the use of or attendance at such facilities, services, events or activities, internal planning, improvement and development, ensuring the security of our facilities or premises and promoting our other events or activities (including marketing).
To provide health or counselling services and, if you are using Disability Services, to assess and respond to requests by you for additional support or adjustments.
Individual accessing the University’s website
Details of website use, webpages browsed, IP address, enquiries regarding products and services and social media platforms used.
To monitor use of our website, to assess, manage, upgrade, and improve our website, to carry out market analysis and research and undertake marketing activities.
People who enter University grounds/premises
All individuals entering the University’s grounds/premises should expected personal information in their images will be captured by CCTV cameras. If individuals enter the University grounds by vehicle, the personal information collected includes the vehicle registration details.
CCTV images are recorded to facilitate the safety and security of the University and members of the University community; for investigative and legal purposes; and for planning purposes.
CCTV images may be released to third parties including organisations and law enforcement bodies in accordance with this policy and the Privacy Management Procedure.
Appendix 2 – Locations of overseas recipients of personal information
United States of America
Canada
United Kingdom
European Union
Singapore
Hong Kong
The Netherlands