This policy provides information about the management of personal information by University of Canberra (UC), including the types of personal information that UC collects and holds, and the way that information is handled.
In this policy, “person information”:
- means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is:
- true or not; and
- recorded in a material form or not, but
- does not include personal health information about the individual.
This Policy complies with the Information Privacy Act 2014 (ACT) (the Privacy Act) and Territory Privacy Principles (TPP’s). The TPP’s regulate how UC can collect, use, disclose and store personal information and how you can access and correct that information.
Detailed information on the TPP’s can be found at the Office of the Australian Information
The kinds of personal information that UC collects and holds UC collects and holds 13 classes of personal information. These classes are detailed in UC’s Personal Information Digest, which is submitted to the OAIC annually. These classes include:
- Students and prospective students;
- Employees and applicants for employment;
- Patients of health and counselling clinics;
- Visiting, honorary and adjunct academics;
- External members of UC’s library;
- Users of information and communication technology;
- Users of childcare services;
- Suppliers of goods and services and contractors;
- Users of student accommodation services;
- Members of UC’s external committees;
- Distribution and mailing lists; and
- Research participants.
The personal information that UC collects about you may include your:
- Full name including former names;
- Address and contact details;
- Date of birth;
- Academic qualifications;
- Signature; and
- Financial information such as your bank or credit card details (where payment is required, for example payment of tuition fees).
Sometimes you or another person may provide UC with sensitive information about you,
including information about your racial or ethnic origin. If this occurs, UC will not keep the
information in its records, and instead will arrange for its return or secure destruction, unless:
- you consent to the collection of the information; and
- the information is reasonably necessary for, or directly related to, one or more of UC’s functions or activities.
How UC collects and holds personal information
Personal information about you may be collected by UC from you, from an agent or from a
third party. UC uses forms, online portals and other electronic or paper correspondence to
collect this information.
UC takes steps to ensure that the records it holds containing personal information are accurate, up to date and complete.
Storage of information (and the disposal of information when no longer required) is managed in accordance with the Territory Records Act 2002 (ACT) and the Privacy Act.
UC has controls in place to protect the information UC collects from loss, unauthorised access or disclosure and from any other misuse. UC’s controls include:
- firewalls, access controls, intrusion detection and vulnerability scanning;
- transactions made using the online portals on UC’s website are encrypted where possible; and
- UC’s premises are under 24-hour surveillance and after-hours access to office areas is via key and/or security passes.
The purposes for which UC collects, holds, uses and discloses personal information
UC will not ask you for any personal information that it does not need.
UC collects information only for lawful purposes that are directly related to its functions and
activities and when the collection is necessary for, or directly related to, those purposes. UC’s functions and activities are set out in the University of Canberra Act 1989 (ACT). For example, UC collects personal information from students and others to enable UC to undertake teaching and research functions.
UC is required to notify you of the purpose for which the information is collected, if its
collection is required or authorised by law and of any person or body to whom UC usually
discloses the information. UC provides this notification by through privacy notices, which are
on all UC’s application forms and online portals.
UC uses personal information for the primary purposes for which it was collected. These
purposes are set out in detail in UC’s Personal Information Digest. UC may also use or disclose personal information in the following circumstances:
- for reasonably expected secondary purposes directly related to the primary purpose;
- for other purposes permitted under the Privacy Act, including where the use or disclosure is required or authorised by law; or
- where you have consented to the use or disclosure.
Periodically, UC (or a company under contract to us) uses personal information to conduct
market research about its courses and services.
UC will not disclose personal information, for example mailing lists, to third parties to enable
them to market their services and products.
Is UC likely to disclose personal information to overseas recipients, and what are the
countries in which the recipients are likely to be located?
If UC knows that it will be disclosing your personal information to an overseas recipient, the
details of that disclosure will be set out in UC’s Personal Information Digest.
UC may seek your consent through Privacy Notices (for example on UC’s application forms and online portals) to allow UC to disclose your personal information to an overseas recipient.
External service providers, both in Australia and offshore, who handle personal information
about UC’s employees, students, alumni or other individuals are bound contractually to comply with the requirements of the Privacy Act or the Privacy Act 1988 (Cth).
How you may access personal information that is held by UC and seek the correction of the information
Accessing personal information
Subject to certain exceptions explained below, if UC holds personal information about you, UC must give you access to the information if you request it.
UC does not have to give you access to the information to the extent that UC is required or
authorised to refuse to give you access under:
- the Freedom of Information Act 1989 (ACT); or
- another law in force in the ACT that provides for access by people to documents.
UC will respond to a written request for access within 30 days.
The Personal Information Digest lists the contact person for requesting access to records
containing your personal information for each class of personal information held.
Documents held by UC may be requested under the Freedom of Information Act (ACT). For
more information visit UC’s Freedom of Information webpage.
Correction of personal information
You can request UC to correct any of your personal information that UC holds. If you do so, UC must take reasonable steps to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. UC will respond to a written request within 30 days.
The Personal Information Digest lists the contact person for requesting correction of your
personal information for each class of personal information held (see the contact person listed for “Access”).
Individuals are able to request or change certain information held about them through the
Current students may also check and change their information any time through the MyUC
UC Staff can correct or update their personal information by using HROnline.
UC will not charge a fee for access to or correction of your personal information.
How you may complain about a breach of the TPP’s and how UC will deal with the complaint
UC will take seriously, and promptly deal with, any unlawful disclosure of personal information.
If you think UC has breached a TPP, you may make a written complaint to the Privacy Contact Officer.
If you are dissatisfied with the way UC handles your privacy-related complaint, you may contact the Office of the Australian Information Commissioner (OAIC). Information about lodging a complaint with the OAIC is available at http://www.oaic.gov.au/privacy/making-a-privacy-
Before you can lodge a complaint with the OAIC, you will generally need to complain directly to UC and allow 30 days for a response. If you do not receive a response (after 30 days), or you are dissatisfied with the response, you may then complain to the OAIC.
For access to your personal information please see the University’s Personal Information Digest for the contact points for each class of information that is held by the University.
The overall responsibility for privacy at UC resides with the Vice-Chancellor and President. The responsibility for day-to-day management has been delegated to the Vice-President,
Governance and Development as the Privacy Contact Officer
You can also contact UC if you want to:
- Make a complaint about a breach of your privacy;
- Query how your personal information is collected, used or disclosed; or
Telephone +61 2 6201 5569
TTY +61 2 6251 4601 (for hearing impaired callers)
Mail: Privacy Contact Officer
University of Canberra
BRUCE ACT 2601