Policy Redesign Project

All policies and procedures are being reviewed as part of this project. This document is pending review, but remains in effect until the review is carried out.

Privacy Policy

Establishment Date:

Vice-Chancellor, 29 October 2015

Date Last Amended:

 

Nature of Amendment:

 

Date Last Reviewed:

 

Responsible Officer:

Director, Integrity Governance and Risk

1.  Legislative Basis and Objective

1.1  Although there are no Commonwealth or State Privacy Acts that bind South Australian Universities, Flinders University is committed to adopting practices which uphold the Australian Privacy Principles (‘APPs’) as set out in the Privacy Act 1988 (Cth).

1.2  This Policy sets out the ways in which the University may collect, store, use, manage and protect an individual’s Personal Information.

1.3  In addition, the policy on Student Information promotes responsible handling of student information and establishes procedures through which a student may access his or her Personal Information, or make a complaint in respect to the loss, misuse or unauthorised access or disclosure of information about them.

2.  Application and Scope

2.1  This Policy is relevant to:

  • individuals that disclose Personal Information to the University; and
  • personnel in areas of the University that access, use, or deal with Personal Information, or handle questions or complaints in respect to Personal Information. 

2.2  All staff, academic status holders, volunteers, contractors, University agents and associated third parties who have reason to access, use or deal with any Personal Information possessed by the University must ensure that the collection, storage, use, management and protection of that Personal Information is in accordance with this Policy.

3.  Definitions

  • Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not;
  • Sensitive Information is any Personal Information that is about your:

(a)    health, health treatment, or other medical needs;
(b)    race, ethnicity or religion;
(c)    professional or political affiliations and memberships;
(d)    criminal record; or
(e)    sexuality.

4.  What kinds of Personal Information might we collect and hold?

4.1  We may collect (and hold) different Personal Information from you depending upon how you interact with us. For example:

  • If you access our website, we may collect information about how you have used our website; or
  • If you contact us for any reason, we may collect your name, address, e-mail address, phone number or contact details.

4.2  We may also collect information about:

a)  your demographic;
b)  your participation in research projects;
c)  your studies and academic career;
d)  your grades and course feedback;
e)  your enrolments;
f)   your preferences;
g)  police checks, e.g., if required for your course of study;
h)  your transactions with us;
i)   your bank account details and financial records with us;
j)   your tax file number;
k)  your records of donations;
l)   your photograph or video recording (e.g., identity card,  lecture capture);
m)  your vehicle registration and contact details in the event of unpaid parking fines;
n)  your health and your Medicare number, if you use any of our health/counselling services;
o)  the frequency of your enquiries;
p)  your location;
q)  the technology you use to access our services; or
r)  how and when you use our services.

5.  How do we collect information?

5.1  We may collect Personal Information:

a)  directly from you (e.g. when we contact you, when you contact us, when you enrol as a student, when you visit us or when we visit your premises, when you participate in a research project, complete a survey or enter a competition);
b)  from third parties who you have authorised to provide us with information;
c)  from third parties who provide services to us or organisations of which we are a member, e.g., SATAC; or
d)  where generated by us in the course of our business activities (e.g. assessment results, grades and your Flinders Authentication Number).

5.2  We do not collect or retain Sensitive Information, unless it is supplied by you, you consent to its collection and the information is reasonably necessary for our business or activities. By supplying us with Sensitive Information, you consent to our use of that information in any of the ways and for any of the purposes described in this Policy.

6.  How do we hold and secure your Personal Information?

6.1  We store your Personal Information in both hard copy format and digitally, on site and also with several third party providers. All hard copy material is secured using locked filing cabinets and office security. All digital material is secured using file access controls. Any digital transfer of Personal Information is secured using encryption.

6.2  The University uses digital data hosting providers located both inside Australia and overseas. You can view a list of the countries in which these approved overseas providers are located at Link.  Wherever we disclose your Personal Information to recipients overseas we ensure appropriate data handling and security measures are in place.

7.  Why do we collect, hold, use and disclose Personal Information?

7.1  The University may collect Personal Information for a number of reasons, including:

a)  providing you with services;
b)  providing you with information about our services;
c)  developing or refining services;
d)  internal business purposes;
e)  providing you with marketing material;
f)   providing information to current and former students and applicants about Flinders' courses, activities and programs;
g)  better understanding your needs, including by engaging with you regarding your studies and providing you with information regarding any educational, recreational or support services, resources or programs that may be of interest to you;
h)  tailoring our marketing, services, promotions and operations for you;
i)   student retention initiatives; or
j)   corporate governance, auditing and record keeping.

7.2  If we collect Personal Information from you, we may:

a)  use that information for any of the purposes outlined above (in section 7.1);
b)  store that information in accordance with this Policy;
c)   pass that information amongst entities we work with;
d)   pass that information to third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, and other service providers);
e)  pass that information to your home or host institution overseas, if you are involved in a mobility, exchange, cross-institutional or joint program;
f)   provide that information to third parties as required by law;
g)  publish photographs of you that have been taken in the course of a University activity for informational, marketing and promotional purposes; or
h)  ask you from time to time, to confirm that the information is accurate, up-to-date, complete and relevant.

7.3  Our use of Personal Information may extend beyond these uses, but will be restricted to purposes that we consider to be related to our functions and activities.

7.4  Our direct marketing communications will provide an opt out mechanism for you to let us know that you no longer wish to receive marketing material from us.

8.  What about information transmitted via e-mail and our web site?

When you access our website, we may receive information about you via a ‘cookie’. A cookie is a piece of information that our web server may send to your computer when you visit our website. The cookie is stored on your machine, but does not identify you or give us any information about your computer. A cookie helps us to recognise when you re-visit the website, and to optimize your experience. We do not collect any Personal Information from you when you use cookies on our website.

A more detailed statement on information gathering and dissemination practices over the University’s website is available at: Link

9.  Can you access or correct your Personal Information held by us?

9.1  In most cases you can gain access to your personal information held by us. You are encouraged to use the University’s self-service systems, where available, to access, correct, or update your Personal Information. You may otherwise request access or correction to the Personal Information that we hold about you by contacting the following areas:

Person making the request  Submit to:
Alumni or donor Office of Communication and Engagement
Research participant the relevant researcher 
Student Flinders Connect
Not listed above the area to which you provided your personal information, if known, or contact us by any of the methods set out in clause 10.1. 

9.2  We will respond to your access or correction request within 30 days.

9.3  An administrative fee may be charged to cover our costs in providing you with access to your Personal Information. This fee will be explained to you before it is incurred.

9.4  If we deny your access or correction request we will provide you with reasons.

9.5  If we refuse to correct your personal information, you can ask us to attach a statement to it stating that you believe the information is incorrect and why.

9.6  In some cases, you may be asked to submit a formal application under the Freedom of Information Act 1991 (SA) in order for us to process your request.

10.  What happens if you have a question or complaint about how we have handled your Personal Information?

10.1  If you have a question or complaint about how we have handled your Personal Information, you can raise it with us at any time by:

Privacy Officer
Integrity Governance and Risk Division
GPO Box 2100
ADELAIDE SA 5001

10.2  We take all complaints seriously and will acknowledge receipt of your complaint, in writing, within 5 working days and will investigate and respond to you within 30 days.

10.3  If you aren’t satisfied with the way we have handled your complaint, you can make a complaint:

  • to the Student Appeals Committee, in accordance with the policy on Student Information; or
  • to the Privacy Committee of South Australia.  This committee has no formal responsibility with respect to universities, but is willing to assist in the resolution of privacy complaints involving South Australian universities.

11.  Does this Policy ever change?

This Policy will be reviewed on a regular basis and may be amended from time to time.  The most up to date version of this policy is always posted on our website.