This privacy statement describes how Curtin University handles personal information in its possession or control. The University’s privacy policies remain under constant review, and it is therefore your responsibility to monitor this statement for changes which may be implemented from time to time.
At Curtin, the privacy of students, staff and other people who the University deals with is taken very seriously. Much of the information which the University collects in connection with its normal functions and activities is “personal information”, and this information is handled in accordance with relevant privacy standards.
Curtin’s level of compliance
Under the Higher Education Support Act 2003 (C’th) (HESA), the University must comply with the Information Privacy Principles contained in the Privacy Act 1988 (C’th) when handling students’ personal information obtained for the purposes of chapters 3 & 4 of the HESA. Apart from this obligation, the University is not subject to the Privacy Act but it nevertheless voluntarily commits to comply with the National Privacy Principles as if it were an “organisation” as defined in the Act.
In addition, under its Guiding Ethical Principles, members of the University community are responsible for respecting an individual’s right to privacy. Staff and students, as members of the University community, are therefore required to respect each individual’s right to privacy.
Purpose of collection of personal information
The personal information you provide will only be used by University officers in a manner consistent with the original purposes of collection or as otherwise permitted by the National Privacy Principles.
The purpose of collecting information is not only to keep a record of students and staff members, but also to ensure they have the full benefit of the complete range of services offered by the University.
Use and disclosure of personal information to other parties
Information collected from students and staff will be used to communicate with those individuals in relation to any issue relevant to their involvement with the University.
This may extend to communications involving surveys, the availability of courses, alumni activity, newsletters and related marketing or promotional activity, and soliciting donations. Surveys and other research activity may be carried out for the benefit of the University or in connection with a government initiative.
Communications of this nature may be initiated direct by the University or by a third party engaged to act by or on behalf of the University. This in turn may require the University to supply personal information, such as contact details, to a third party research organisation which in turn might engage contractors to analyse the data or to solicit further information from the individual.
Information may be disclosed to third parties in limited circumstances expressly permitted by the Privacy Act. This may include, for example, disclosure to State and Australian Government agencies where required or authorised by law.
Personal information may also be disclosed to third parties in some instances where this is necessary for the University to carry out its normal functions and activities. Accordingly, for example, personal information may be incidentally handled by IT contractors (including outsourcing providers) or other external service providers engaged by the University.
The University may also disclose the personal information of its students to external organisations such as professional bodies, hospitals and schools in order to enable those students to undertake a practical experience/clinical component of their course.
Where personal information is to be provided to contractors or other external organisations, the University will require the recipient (and any contractor engaged by the recipient) to handle the information in a manner consistent with the National Privacy Principles.
Some personal information which is handled by a third party may be stored overseas or in the “cloud” environment. This means that the data may in some circumstances not be regulated by the Privacy Act and it may be located in a jurisdiction which has less stringent privacy laws than Australia. This will only be permitted where the transfer of data complies with the relevant constraints contained in the Privacy Act relating to overseas data transfers.
If there are other situations in which the University wishes to use your personal information, it will seek your express consent.
The Privacy Act contains certain exemptions which may impact upon Curtin’s privacy obligations. For example, employee records are generally exempt from an organisation’s obligations under the Act, and this exemption extends to Curtin’s voluntary commitment to voluntarily assume the responsibilities of an “organisation”. This exemption does not, however, permit Curtin to use personal information contained in employee records for purposes not connected with with the employment relationship.
Opting out of future communications
If you are not a Curtin staff member or student, and are receiving communications from Curtin, we will ensure that you can easily opt out of these communications at any time. This functionality is provided as a matter of course on all of our social network sites – refer to the Privacy statements of each site. If you wish to opt-out of an electronic direct mail from Curtin, an ‘unsubscribe’ function is provided or email the relevant administrator direct requesting your details are removed.
Privacy statement last updated 30 September 2013.
If you have any queries about privacy at Curtin please contact:
Director, Legal and Compliance Services
Tel: +61 8 9266 3337