The kinds of personal information that UC collects and holds
UC collects and holds 13 classes of personal information. These classes are detailed in UC’s Personal Information Digest
, which is submitted to the OAIC annually. These classes include:
- Students and prospective students;
- Employees and applicants for employment;
- Patients of health and counselling clinics;
- Visiting, honorary and adjunct academics;
- External members of UC’s library;
- Users of information and communication technology;
- Users of childcare services;
- Suppliers of goods and services and contractors;
- Users of student accommodation services;
- Members of UC’s external committees;
- Distribution and mailing lists; and
- Research participants.
The personal information that UC collects about you may include your:
- Full name including former names;
- Address and contact details;
- Date of birth;
- Academic qualifications;
- Signature; and
- Financial information such as your bank or credit card details (where payment is required, for example payment of tuition fees).
Sometimes you or another person may provide UC with sensitive information about you, including information about your racial or ethnic origin. If this occurs, UC will not keep the information in its records, and instead will arrange for its return or secure destruction, unless:
How UC collects and holds personal information
- you consent to the collection of the information; and
- the information is reasonably necessary for, or directly related to, one or more of UC’s functions or activities.
Personal information about you may be collected by UC from you, from an agent or from a third party. UC uses forms, online portals and other electronic or paper correspondence to collect this information.
UC takes steps to ensure that the records it holds containing personal information are accurate, up to date and complete.
Storage of information (and the disposal of information when no longer required) is managed in accordance with the Territory Records Act 2002
(ACT) and the Privacy Act.
UC has controls in place to protect the information UC collects from loss, unauthorised access or disclosure and from any other misuse. UC’s controls include:
The purposes for which UC collects, holds, uses and discloses personal information
- firewalls, access controls, intrusion detection and vulnerability scanning;
- transactions made using the online portals on UC’s website are encrypted where possible; and
- UC’s premises are under 24-hour surveillance and after-hours access to office areas is via key and/or security passes.
UC will not ask you for any personal information that it does not need.
UC collects information only for lawful purposes that are directly related to its functions and activities and when the collection is necessary for, or directly related to, those purposes. UC’s functions and activities are set out in the University of Canberra Act 1989
(ACT). For example, UC collects personal information from students and others to enable UC to undertake teaching and research functions.
UC is required to notify you of the purpose for which the information is collected, if its collection is required or authorised by law and of any person or body to whom UC usually discloses the information. UC provides this notification by through privacy notices, which are on all UC’s application forms and online portals.
UC uses personal information for the primary purposes for which it was collected. These purposes are set out in detail in UC’s Personal Information Digest
. UC may also use or disclose personal information in the following circumstances:
- for reasonably expected secondary purposes directly related to the primary purpose;
- for other purposes permitted under the Privacy Act, including where the use or disclosure is required or authorised by law; or
- where you have consented to the use or disclosure.
Periodically, UC (or a company under contract to us) uses personal information to conduct market research about its courses and services.
UC will not disclose personal information, for example mailing lists, to third parties to enable them to market their services and products.
Is UC likely to disclose personal information to overseas recipients, and what are the countries in which the recipients are likely to be located?
If UC knows that it will be disclosing your personal information to an overseas recipient, the details of that disclosure will be set out in UC’s Personal Information Digest
UC may seek your consent through Privacy Notices (for example on UC’s application forms and online portals) to allow UC to disclose your personal information to an overseas recipient.
External service providers, both in Australia and offshore, who handle personal information about UC’s employees, students, alumni or other individuals are bound contractually to comply with the requirements of the Privacy Act or the Privacy Act 1988
How you may access personal information that is held by UC and seek the correction of the information
Accessing personal information
Subject to certain exceptions explained below, if UC holds personal information about you, UC must give you access to the information if you request it.
UC does not have to give you access to the information to the extent that UC is required or authorised to refuse to give you access under:
- the Freedom of Information Act 1989 (ACT); or
- another law in force in the ACT that provides for access by people to documents.
UC will respond to a written request for access within 30 days.
The Personal Information Digest
lists the contact person for requesting access to records containing your personal information for each class of personal information held.
Documents held by UC may be requested under the Freedom of Information Act
(ACT). For more information visit UC’s Freedom of Information
- Correction of personal information
You can request UC to correct any of your personal information that UC holds. If you do so, UC must take reasonable steps to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. UC will respond to a written request within 30 days.
The Personal Information Digest
lists the contact person for requesting correction of your personal information for each class of personal information held (see the contact person listed for “Access”).
Individuals are able to request or change certain information held about them through the Student Centre at http://www.canberra.edu.au/student-services/forms
Current students may also check and change their information any time through the MyUC portal.MyUC portal.
UC Staff can correct or update their personal information by using HROnline.
UC will not charge a fee for access to or correction of your personal information.
How you may complain about a breach of the TPP’s and how UC will deal with the complaint
UC will take seriously, and promptly deal with, any unlawful disclosure of personal information.
If you think UC has breached a TPP, you may make a written complaint to the Privacy Contact Officer.
If you are dissatisfied with the way UC handles your privacy-related complaint, you may contact the Office of the Australian Information Commissioner (OAIC). Information about lodging a complaint with the OAIC is available at http://www.oaic.gov.au/privacy/making-a-privacy-complaint
Before you can lodge a complaint with the OAIC, you will generally need to complain directly to UC and allow 30 days for a response. If you do not receive a response (after 30 days), or you are dissatisfied with the response, you may then complain to the OAIC.