1. Purpose and Scope
1.1. Adelaide University (University, we, us or our) respects the privacy of individuals and we are committed to protecting the Personal Information that we collect.
1.2. This Policy outlines the principles applying to our:
1.2.1. collection, use, storage and disclosure of Personal Information; and
1.2.2. adoption of the requirements of the Australian Privacy Principles (Australian Privacy Principles) (schedule to the Privacy Act 1988 (Cth))(Privacy Act) and the European Union General Data Protection Regulation (GDPR).
1.3. This Policy applies to Council members and our employees, contractors, volunteers, titleholders, students, visitors and agents (collectively, Our People).
2. What Personal Information do we collect from you and how do we collect it?
2.1. We will only collect your Personal Information where the information is necessary for us to conduct our business activities.
2.2. We collect your Personal Information in several ways, including:
2.2.1. from you directly:
including from correspondence and submitted forms (e.g. via online portals), as part of any enrolment, registration or subscription process and in the course of undertaking research, providing services or administration of our activities;
2.2.2. from automatic processes that we have in place:
including monitoring and logging of metadata from the use of the IT and online services and facilities we provide and from CCTV cameras on our premises; and
2.2.3. from third party sources:
including from The University of Adelaide and the University of South Australia in connection with their transition to us, from third parties with which we collaborate and in the course of undertaking research.
2.3. We have included a list of the types of Personal Information we collect and why we use that Personal Information in Appendix 1.
3. Do we collect Sensitive Information?
3.1. We collect Sensitive Information in undertaking some of our activities, including undertaking research, providing services, and in relation to student visa applications and requirements.
3.2. We will only collect and use your Sensitive Information with your consent or where permitted by law.
4. How do we store your Personal Information?
4.1. We may hold your Personal Information in hardcopy format, or electronic format stored on our computing equipment or on third party servers.
4.2. We will take reasonable steps to:
4.2.1. ensure that Personal Information we collect is accurate, up-to-date, complete and relevant;
4.2.2. ensure that Personal Information we use or disclose is accurate, up-to-date, complete and relevant (having regard to the purpose of our use or disclosure);
4.2.3. protect Personal Information in our possession from misuse, interference, loss and unauthorised access, modification or disclosure; and
4.2.4. destroy or de-identify Personal Information that we longer need, unless we are required or authorised to retain the information under an applicable law or court order.
4.3. We have in place measures to protect Personal Information in our possession from misuse, interference, loss, and unauthorised access, modification or disclosure.
4.4. Where it is lawful and not impractical, we will allow you to choose to not identify yourself or to use a pseudonym when dealing with us.
5. How do we use and disclose your Personal Information?
5.1. We will only use or disclose your Personal Information for a purpose where we have a legitimate need to do so, where we have your consent or to comply with law.
5.2. We may disclose your Personal Information to the following types of third parties:
5.2.1. Government departments and agencies to satisfy reporting requirements;
5.2.2. our Controlled Entities, if such Personal Information is required by the Controlled Entity to provide services to us or undertake activities for us;
5.2.3. The University of Adelaide and the University of South Australia, in connection with their transition to us;
5.2.4. external service providers, if your Personal Information is required for the service provider to provide services to us or on our behalf; and
5.2.5. collaborating parties, if your Personal Information is required for the collaborative activity to be undertaken;
5.2.6. regulators and law enforcement bodies, for the purpose of conducting investigations and enforcement-related activities;
5.2.7. to such third parties as required or authorised by law or court/tribunal order.
5.3. Some third parties to whom we disclose your Personal Information may be located outside of Australia (including in the countries listed in Appendix 2).
5.4. If we disclose your Personal Information to an overseas recipient and the disclosure is not expressly permitted under the Australian Privacy Principles, we will do one of the following:
5.4.1. enter into a contract with the overseas recipient that binds the overseas recipient to privacy obligations that are consistent with the Australian Privacy Principles;
5.4.2. ensure that the overseas recipient is subject to a law or binding scheme that has the effect of protecting your Personal Information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information, and that individuals are able to access mechanisms to enforce the protection of the law or binding scheme; or
5.4.3. obtain your express consent to the disclosure of your Personal Information to the overseas recipient.
5.5. We will not use your Personal Information for the purpose of direct marketing unless such use is contemplated under this Policy or we have obtained your consent. We may collect and use Personal Information (other than Sensitive Information) you provide or which is accessed through our website, including by using tools such as cookies and pixels, for direct marketing. We will ensure any direct marketing communications contain a simple means by which you may easily opt out of receiving direct marketing communications.
6. What are your rights under this Policy?
6.1. Access: We will provide you with access to your Personal Information on your request in accordance with this Policy, unless we have a legitimate reason to refuse the request (for example, if there is a legal basis to refuse). In some cases, we may request that you submit an application under the Freedom of Information Act 1991 (SA).
6.2. Correction and updates:
6.2.1. We encourage you to notify us of any changes to your Personal Information. Updating your Personal Information allows us to administer our records and continue to provide services to you.
6.2.2. We will respond to a request for correction or update within a reasonable period and will not impose any charges for the request. If we refuse to make the requested correction or update, we will provide you with a written notice setting out our reasons for refusal. If you are dissatisfied with our refusal decision, you may apply in writing for a review.
6.3. Breaches and complaints: If you believe that your Personal Information has not been handled by us in accordance with this Policy, you may make a complaint in writing to us. We will process complaints in a reasonable time (usually within 30 days from the date the complaint was received) and you will be advised in writing of our decision and any action taken.
6.4. GDPR: If you are a citizen or resident of the European Union, you have certain rights under the GDPR, including that you may request a restriction on the processing of your personal data, object to the processing of your personal data, request the transfer of your personal data or request the destruction, de-identification or erasure of your personal data.
7. How can you contact us?
You can contact us in relation to your Personal Information, including to exercise your rights under this Policy or under an applicable law or to ask a question about our collection, storage, use or disclosure of Personal Information.
Our contact details are:
Manager, Audit & Compliance
Risk Services Branch
The University of Adelaide SA 5005
Email: legalcompliance@adelaide.edu.au
8. Definitions
8.1. Controlled Entity means a person, group of persons or body corporate over which we have control.
8.2. Personal Information is any information (including an opinion) about an identified or identifiable person.
8.3. Sensitive Information is Personal Information that is considered particularly sensitive or special and therefore needs additional protection. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, trade-union membership, health, or medical conditions, genetic or biometric information, sexual orientation, or criminal convictions and offences.
Appendix 1 – Collection of Personal Information
Person from whom Personal information is collected | The kinds of Personal Information collected includes: | Purpose of collection, use and disclosure of Personal Information includes: |
Student | Name, contact details, social media addresses, photographs, tax file numbers, passport details and other government related identifiers, grades and awards, prior studies, placements and information resulting from our processes involving you (e.g. investigation for academic misconduct, academic appeals). | Administration of your course of study (including enrolment, scholarships, prizes, timetabling, visa requirements), delivery of teaching, educational resources, email and other services related to your enrolment at the University, monitoring your progress in your course of study, fulfilling external reporting requirements, internal planning, improvement and development, management of health, safety and wellbeing, communicating to you about the University and other parties or activities relevant to your course of study, administering electoral rolls, alumni communications and undertaking marketing activities. |
Individual related to or associated with a student (e.g. emergency contacts, medical practitioners) | Name and contact details. | To contact you in connection with your engagement with the University. |
Prospective student | Name, contact details, grades and awards, prior studies, information resulting from the University processes involving you (e.g. recognition of prior learning) and information relating to student visa applications and requirements (e.g. English language proficiency level, financial capacity, health insurance details and health and character requirements). | To provide you with information about us, assess admission applications. undertake internal planning, improvement and development and undertake marketing activities. |
Member of our alumni or a donor | Name, contact details, academic awards and details of gifts. | To maintain communication and promote our activities and events, to include your name and conferred awards in graduation booklets, confirm your graduate status in response to enquiries from third parties, undertake fundraising and marketing activities, publicly acknowledge donors (unless otherwise requested by the donor), administer University Council electoral rolls, internal planning, improvement and development and profile building to evaluate prospective donors. |
Employee, contractor, volunteer or titleholder | Contact details, photographs, bank account details, tax file numbers, information resulting from our processes (e.g. terms of engagement, investigation for misconduct). | Administration and management of the employee, contractor, volunteer or titleholder, management of health, safety and wellbeing, fulfilling external reporting requirements, internal planning, improvement and development, creating a publicly available University staff contact directory, administering electoral rolls and undertaking marketing activities. If you agree to be added to our recruitment database, for follow up contact for future job vacancies. Your name and expertise, and photographs of you taken in the course of a University activity, may be published by us for informational, marketing and promotional purposes. |
Job applicant | Name, contact details, qualifications and experience, referees and information resulting from our processes (e.g. assessment of applicant, record of communication with referees). | To assess your application. If you agree to be added to our recruitment database, for follow up contact for future job vacancies. |
Research participant | Name, contact details and, in some cases, health and other sensitive information. | For research purposes, follow up contact for future related projects (in each case subject to any human research ethics committee restrictions) and undertaking marketing activities. |
Customer, user or attendee of University facilities, services (including counselling services), events, conferences or activities | Name, contact details and, in some cases, health and other sensitive information. | For the provision of the facilities or services, administration and monitoring of the use of or attendance at such facilities, services, events or activities, internal planning, improvement and development, ensuring the security of our facilities or premises and promoting our other events or activities (including marketing). To provide health or counselling services and, if you are using Disability Services, to assess and respond to requests by you for additional support or adjustments. |
Individual accessing the University’s website | Details of website use, webpages browsed, enquiries regarding products and services and social media platforms used. | To monitor use of our website, to assess, manage, upgrade, and improve our website, to carry out market analysis and research and undertake marketing activities. |
Appendix 2 – Locations of overseas recipients of Personal Information
United States of America
Canada
United Kingdom
European Union
Singapore
Hong Kong
The Netherlands
Document authorities and history
Title | Details |
Policy category | Council |
Approving authority | Transition Council |
Responsible Policy Officer | General Counsel, Adelaide University |
Policy effective from | 1 May 2024 |
Policy review date | 1 May 2029 |
Enquiries | General Counsel, Adelaide University |
Document history | Version 1 - Approved 1 May 2024 |
HESF Domain | HESF Domain 7 - Representation, Information and Information Management |
Related documents
Title | Documents |
Associated procedures | N/A |
Referenced documents | N/A |
Referenced legislation |