Privacy Policy

Murdoch University Guild of Students – Privacy Policy

Access the PDF version of the Murdoch Guild’s  Privacy Policy 2018

 

Purpose: To safeguard the privacy of an individual’s personal information which may be collected and used by the Murdoch Guild.
Audience: Staff, Students, and the general public
Contact Officer: Projects and Marketing Manager Phone: 9360 2493

 

Objectives:

  1. To bind the Murdoch Guild, staff, students and any overseas recipients of personal information disclosed by us.
  2. To manage personal information in an open and transparent way.
  3. To collect only personal information that is reasonably necessary for any one or more of the Murdoch Guild’s functions, activities, events, programs and assistance.
  4. To ensure that any other personal information, or any sensitive information, is collected only when consent has been obtained, or when we are legally required or authorised to do so.
  5. To collect personal information about an individual only from that individual, unless it is unreasonable or impracticable to do so.
  6. To deal with any unsolicited personal information that we may receive.
  7. To notify individuals at the time their personal information is collected regarding its use or disclosure. This includes offering you a means to opt out of any direct marketing and being upfront about any likely disclosure to overseas recipients.
  8. To safeguard the integrity and security of personal information.
  9. To ensure that personal information is used or disclosed in an appropriate manner.
  10. To provide you with reasonable access to your personal information.
  11. To develop and implement practices, procedures and systems relating to the Murdoch Guild’s functions and activities for the management of personal information and to provide a framework for dealing with any inquiries or complaints.

 

 

Policy:

1.   Collection

We will only collect personal information by lawful and fair means.

So long as it is reasonable and practicable to do so, your personal information will only be collected directly from you.

If it is necessary for us to collect personal information from a third party, reasonable steps will be taken to inform you of the circumstances of this collection.

 

The purposes for which we collect and hold personal information

It is necessary for us to collect and use personal information about you so that we can undertake and support our statutory objectives and functions as well as our related activities. Broadly, our functions include bookings, program coordination, student assistance, administration and support, and volunteering activities.

We will seek a specific consent from you to collect personal information for any unrelated purposes and whenever we collect sensitive information – unless the law requires or permits us to collect it without first obtaining your consent.

 

What kinds of information do we collect?

Personal information (Personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is reasonably apparent.)

Examples of the kind of personal information we may collect and use include:

  • Full name
  • Address – postal or residential
  • Contact details such as telephone numbers and email addresses
  • Photograph
  • Date of birth
  • Gender
  • Academic results
  • Academic record
  • Disciplinary record
  • Student fee liability to the University
  • Bank account details
  • Tax file numbers for Commonwealth supported students
  • Visa information for overseas students
  • Emergency contact details
  • Information about your opinions and what you like.
  • Sensitive information

Sensitive information is information or an opinion about you such as:

  • Racial or ethnic origin
  • Political opinions
  • Membership of a political association
  • Religious beliefs or affiliations
  • Philosophical beliefs
  • Membership of a professional or trade association
  • Membership of a trade union
  • Sexual orientation or practices
  • Criminal record
  • Health information, including disability information
  • Genetic information
  • Biometric information or templates.

It is unlikely that we will collect any sensitive information from staff or students.

In the event that it is necessary for us to collect any sensitive information, we will seek your specific consent at the time of collection and we will inform you of the purpose for which the sensitive information is being collected, and any consequences of not providing your consent. By way of examples only, this might include consequences such as: access to a Guild service being denied, or participation in certain training programs being refused.

Under this Privacy Policy, the general rule is that we will not use or disclose sensitive information other than for the primary purposes for which it was collected. We draw your attention to the permitted exceptions to this rule which are set out below.

We will assume that all personal and sensitive information that you have provided to us is complete, up to date, and correct, and in some cases we may require you to certify and sign to state that this is true.

 

2.   How we collect and hold personal information.

At or around the time your personal information is collected, we will take reasonable steps to:

  • Bring this Privacy Policy to your attention which includes information for you on:
  1. the purposes for which we collect personal information;
  2. how to access your personal information held by us;
  3. making inquiries related to your privacy; and
  4. how you can complain about any breach of privacy;
  • Notify you:
  1. whether it is being collected under an Australian law or court/tribunal order;
  2. of any collection from you which you may not otherwise be aware of, or if it is being collected from someone other than you;
  3. of any secondary purposes for which it is being collected;
  4. the main consequences for you if all or some of the personal information is not collected;
  • Inform you:
  1. of any other entity to which we usually disclose this kind of information; and
  2. whether we are likely to disclose the information to overseas recipients, and if so, we will let you know, if possible, the countries in which those recipients are likely to be located.

We may require you to sign to confirm you have read and agree to the terms of this Privacy Policy. Generally, however, having made you aware of our Privacy Policy, we will assume that you have read and agree to the terms of the Privacy Policy unless you inform us of any specific objections or your no consent in writing.

We will restrict access to certain personal or sensitive information to those staff members who may need the information in the carrying out of their responsibilities.

Information we collect may be held in any form including:

  • Paper based
  • Audio or videotape
  • Microfilm or microfiche
  • Computer chip-based memory
  • Any electronic, magnetic or optical medium, such as computer disks or computer tape.

 

3.   Access to and correction of personal information

It is important that the information we collect and hold about you is complete, accurate and up to date.

If your personal information is not provided in full, or not kept up to date, then this may have serious consequences, including (by way of example only):

  • Exclusion from a Guild training course, project or service you have signed up for

We will give you reasonable access to the information we have about you. You can look up your personal information and make changes/request changes (depending on the type of information) as follows:

  • Contact the Murdoch Guild on (08) 9360 2999 or email contact@murdochguild.com.au

If you are a student who is currently enrolled in any of our programs, or access any of our services, you can apply for a copy of the personal information that we hold in relation to you.

Upon receipt of a request from you (if required) and you are able to establish to our satisfaction that any of your information in our records is inaccurate, out of date, incomplete, irrelevant or misleading, we will correct the information. Otherwise we will take reasonable steps to associate that information with a statement from you claiming that the information is inaccurate, out of date, incomplete, irrelevant or misleading.

Unless it is impracticable or unlawful for us to do so, we will notify a correction to any third party to whom your personal information was previously disclosed if you ask us to do so.

 

4.   Use and disclosure of your personal information

The general rule

  • The general rule is that we will not use or disclose personal information other than for the primary purposes for which it was collected.
  • There are a number of exceptions to the general rule which are set out (under the heading) below.
  • We may also disclose your information in the following specific situations:
  1. To our authorised contractors with whom we have agreements, such as IT system service providers, if required in the course of carrying out their contractual obligations;
  2. The release of Higher Education survey data created for the Department of Education and Murdoch University including through student and graduate surveys. The release of and access to such data will be subject to the relevant Code of Practice of Universities Australia.

Exceptions to the general rule

We will disclose/use your information in the following circumstances:

  • Where you have consented.
  • If it is for a secondary purpose that you would reasonably expect us to disclose it because:
    1. in relation to personal information, that secondary purpose is related to the primary purpose; or
    2. in relation to sensitive information, it is directly related to the primary purpose.
  • Reasons of law, order, enforcement and safety (If we are required or authorised by law or court/tribunal order to disclose it). When it is unreasonable or impracticable to obtain your consent and the Murdoch Guild reasonably believes it is necessary to prevent or lessen a serious threat to:
    1. the life, health or safety of any person; or
    2. public health or public safety.
  • If the Murdoch Guild has reason to suspect that unlawful activity or misconduct of a serious nature that relates to the Murdoch Guild’s functions or activities has been, is being or may be engaged in, and the Murdoch Guild reasonably believes that it is a necessary part of its investigation and action in relation to the matter to disclose it, including in the reporting of its concerns to relevant persons or authorities;
  • If it is reasonably necessary either to establish, exercise or defend a legal (or equitable) claim, or for the purposes of a confidential alternative dispute resolution process;
  • When the Murdoch Guild believes that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by an enforcement body (e.g. the police), in which case a written note will be kept with details of the disclosure.

 

Health related situations

We may use or disclose your health information (which is sensitive information) in any of the following situations:

  • If it is necessary for research, or compilation and analysis of statistics relevant to public health or safety; and it is impracticable for us to obtain your consent; and it is conducted under all applicable guidelines relating to this use or disclosure; and the Murdoch Guild reasonably believes that the recipient of the information will not disclose it, or personal information derived from that health information.
  • Incapacity to give consent
  • If we have provided a health or welfare service to you and the recipient of the information is a responsible person for you
  • If you are physically or legally incapable of giving consent to the disclosure or physically cannot communicate consent; and
  • the carer providing the health service for the Murdoch Guild is satisfied that the disclosure is either necessary to provide appropriate care or treatment or it is made for compassionate reasons; and
  • the disclosure is not contrary to any wish you may have expressed before being unable to give or communicate consent and of which the carer is or could reasonably be expected to be aware; and
  • the disclosure is limited to the extent reasonable and necessary in the circumstances.

 

5.   Integrity of personal information

We will take reasonable steps to ensure that the personal information:

  • that we collect is accurate, up to date and complete; and
  • that we use or disclose is relevant to the purpose for which it is being used or disclosed.

 

6.   Security of personal information

We will take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from any unauthorised access, modification or disclosure.

As part of our security measures, we have developed a number of relevant policies and standards (which are available on our website and intended to be read with this Privacy Policy in the context of personal information). They relate to:

  • internet use
  • electronic collaboration and social media
  • email and messaging
  • company guidelines and procedures

Your personal information will be retained for only as long as it is needed and it will then be disposed of lawfully and securely.

We will take into account the Office of the Australian Information Commissioner’s Data breach notification – A guide to handling personal information security breaches when handling any breaches.

 

7.   Unsolicited personal information

If we receive personal information about you that we did not solicit, we will try to determine whether or not that information is contained in a public record or whether we could have otherwise collected it from you. If not, we will take steps to destroy or de-identify the information if it is lawful and reasonable for us to do so.

If you or any other person uploads any of your personal information onto our Facebook page or other social media tools you are using, we are not responsible for taking any steps in relation to that information. If we receive a specific enquiry or complaint, we will take such steps as we consider are necessary in the circumstances to investigate and deal with the enquiry or complaint within a reasonable time.

 

8.   Direct marketing

As a general rule, we will not use or disclose your personal information for direct marketing purposes and we will only use or disclose your sensitive information for direct marketing if you have consented to this.

The personal information of any individual who has an existing relationship with the Murdoch Guild, or who has expressed interest in the functions or activities of the Murdoch Guild, will be used by us from time to time to send you invitations or information relating to certain Guild activities.

If you decide at any stage that you would prefer not to receive certain promotional material from us, you will always be given an opportunity to easily opt out.

If we wish to use your personal information for direct marketing purposes outside the scope of the Murdoch Guild’s activities, we will seek your consent unless it is impracticable for us to do so.

 

9.   Disclosure to overseas recipients

If it is likely that we will disclose your personal information to an overseas recipient, we will take reasonable steps to notify you of this at the time any such information is collected from you and we will also specify the countries in which any overseas recipients are likely to be located (if practicable for us to do so at that time).

However, you should be aware that from time to time, as part of carrying out our functions and activities, we may need to disclose certain personal information to individuals or organisations located overseas, including, but not limited to the following countries:

  • Dubai and Singapore (where Murdoch University has transnational educational centres)
  • US (where certain IT platforms Murdoch Uni use are hosted)
  • Canada (where certain IT platforms Murdoch Guild use are hosted)

We will make every reasonable effort in the circumstances to ensure that overseas recipients of your personal information are aware of and will uphold the privacy standards and principles set out in this Policy before we disclose any information to them.

 

10.Adoption of government related identifiers

We do not adopt or use government related identifiers (e.g. Medicare numbers or tax file numbers etc.) as our own identifiers for any individuals from whom we collect personal information.

To the extent that we are required to collect and hold any such information as part of your personal information, this information will not be used or disclosed unless we are required or authorized to do so under one of the permitted exceptions (detailed above under Use and disclosure of your personal information), under an Australian law or court order, or if it is necessary for us to verify the identity of an individual for the purposes of any of our functions or activities.

 

11.Privacy inquiries and complaints

If you have any concerns or questions about privacy, or if you believe you have grounds to make a complaint about the way we have handled your personal information, please make contact with us in writing, including a return address for correspondence, as soon as possible or in any event within 3 months of the date your concern arose.

 

12.Concerns, complaints or questions

Please contact our office on 9360 2999 or contact@murdochguild.com.au if you have any concerns, complaints or questions.

We will take such steps as we consider are necessary in the circumstances to investigate and deal with your enquiry or complaint within a reasonable time.

You have the option not to identify yourself in relation to a particular inquiry or complaint – however this option will not be available to you if it is impracticable for us to deal with you anonymously, or in situations where we are required by law or court order to deal with individuals who have identified themselves.

 

13.Policy breaches

Violation of this policy may result in disciplinary action being taken by the Murdoch Guild under any or all relevant statutes and policies, or in other legal action including criminal proceedings. Serious penalties may apply including substantial civil penalty orders (e.g. $340,000 for individuals and $1.7 million for companies under the Privacy Commissioner’s powers) and imprisonment (e.g. 2 year term under the Higher Education Support Act 2003).

Disciplinary action may include removal of access to Murdoch Guild information systems, withholding of results, expulsion of programs you are participating in, or in the case of employees suspension or termination of employment.

If you have an urgent concern that a Murdoch Guild IT system has been breached and personal information is not properly secure, please immediately notify us at 9360 2999. System breaches are critical events and should be reported at any time.

 

 

 

 

Approval and Implementation:

 

Approval Authority: Executive Committee, Council
Responsible Officer(s): General Manager, Guild Executive

 

Revision History:

 

Version Date Approved Effective Date (if later than ‘Date Approved’) Next Review Date Resolution No.

(if applicable)