- Information Collected
- Use and disclosure of information collected
- Access to information collected
- Security of information collected
- Anonymity and identifiers
- Transborder data flows
- Sensitive information
Australian Catholic University is committed to ensuring the privacy of all information it collects.
Australian Catholic University is bound by the Australian Privacy Principles as set out in the Privacy Act 1998. In keeping with this legislation, this Privacy Statement sets out the University's practice in the collection, use and disclosure of personal information.
The University collects a substantial volume of personal information concerning staff, students and other persons. This information is only collected where necessary. Legitimate reasons for collecting personal information include administrative need, legislative requirements or research investigations.
The type of personal information collected by the University will depend upon the reason for its collection. This inevitably involves a diverse range of information but may include residence and contact details, date of birth, next of kin, drivers licence, pre-existing injuries, criminal checks, student enrolment and academic performance, qualifications, information concerning persons who apply to the University for appointment or admission, and information collected from or concerning human research subjects.
Where reasonably possible, the University will only collect information from the individual to whom it relates. Frequently this will be collected from official University forms but it may also be collected from email, letters or other forms of communication.
The University also holds personal information about individuals that it generates in the course of its operational activities, such as staff salaries and wages, examination results and library loan records.
Personal information is only collected where it is necessary to carry out a particular function or administrative activity.
Personal information collected for a particular purpose will not be used for any other purpose, unless that secondary purpose is both related to the primary purpose of collection and the individual would reasonably expect the organisation to use or disclose the information for that secondary purpose. For example, a student would reasonably expect the information collected by Student Administration during the enrolment process to then be forwarded to the University Library in order to provide the student with borrowing privileges.
The University is required to provide annual statistical information on its staff and student population to the Commonwealth Government. Enrolment information collected by the University is issued in these reports for planning purposes and to project future trends. However the reports consist only of aggregated statistical data and no personal information is used, disclosed or distributed.
The University is authorised to use or disclose personal information if it reasonably believes that such disclosure is necessary to lessen or prevent a serious and imminent threat to the life or health of the individual or any other person.
The University is also authorised to disclose personal information to appropriate law enforcement agencies to assist in the prevention, detection, investigation, prosecution or punishment of criminal activities.
Upon written request the University will provide individuals with access to personal information held about them. This enables them to ensure that information is accurate, relevant, up-to-date, complete and not misleading.
If the University denies a request for access, a reason will be provided. Access may be denied if such access would be unlawful, frivolous or vexatious; infringe on the privacy of other individuals; pose a serious and imminent threat to the life or health of any individual; interfere with existing or anticipated legal proceedings; or other valid reasons for exclusion in line with relevant legislation.
The University is committed to maintaining a secure environment for all personal information collected, used or disclosed. The University will take all reasonable precautions to protect data from loss, misuse, unauthorised access or disclosure, alteration or destruction.
Personal information is retained no longer than is necessary. Once operational needs have been satisfied, personal information will only be retained for the minimum period specified by legislation and then disposed of in a lawful and secure manner.
Paper-based records containing personal information are filed in secure environments. Rooms holding personal information can be locked so as to prevent unauthorised access to the records. Furthermore, the University stores personal information in secure containers such as filing cabinets, safes or compactuses as an added safeguard against unauthorised access.
Personal information collected via the University's website will be done by sufficiently secure means. Further details on the University's web privacy are available from the Australian Catholic University Web Privacy Statement.
Access to either paper-based or computerised records will only be granted to University staff where there is a demonstrated need for this access in accordance with that staff members duties or responsibilities. No other staff or external organisations will be entitled to access this information.
However, the University may provide access to information to a law enforcement agency or other government agency if such access is legally warranted in the course of an official investigation.
Wherever legal and practical, individuals have the opportunity to deal with the University anonymously. This practice is best suited to the distribution of generic advice as individual circumstances are frequently required in order to respond effectively to more detailed and complex questions or issues.
Staff and students of the University are allocated staff and student numbers respectively. These identifiers are unique to the University and are only used for University business. Certain sections of the University may be required to use external identifiers as reference when dealing with external agencies. Such instances would occur with research grants, insurance claims or superannuation membership. However these external identifiers are only used when dealing with the relevant external agency. The University does not use external identifiers for its own business operations.
The University has links with other education institutions throughout the world, often involving staff or student exchange. The University will only disclose personal information to these institutions, or any other individual or organisation outside Australia, with the consent of the individual concerned or if the foreign country is subject to a comparable information privacy scheme.
Some of the information collected by the University is classed as sensitive information. This would include information on health, disabilities, racial or ethnic origin, religious beliefs or criminal background. Sensitive information is only collected to satisfy legislative requirements or to meet special needs.
For further information about this privacy statement or the practices of the University, please contact the Privacy Officer, Dr Stephen Weller, telephone (02) 9739 2912, email firstname.lastname@example.org.