This Policy Statement explains how your personal information will be collected and managed by RMIT.
RMIT values the privacy of every individual and is committed to handling personal and health information in accordance with the privacy principles contained in the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and other relevant legislation.
Transparency and fairness for the management of personal, health and sensitive information at RMIT and all its operations underpins this policy statement. Privacy and security measures protect against misuse, loss and unauthorised disclosure of personal information.
- Personal information: Recorded information about a living identifiable or easily identifiable individual.
- Sensitive information: Information about a living individual’s race or ethnicity, political opinions, religiouss or philosophical beliefs, sexual preferences or practices, criminal record, or memberships details, such as trade union or professional, political or trade associations.
- Health information: Information about a living or deceased individual’s physical, mental or psychological health.
1. Collection of personal information
RMIT collects personal and health information as necessary for its core functions, including for educational, research, community and commercial purposes. RMIT collects personal information about staff, students, research participants, volunteers, RMIT club and gym members, and other members of the public.
The type of personal or health information RMIT collects depends on the nature of the contact and interaction.
Where lawful and practicable, an individual may remain anonymous when interacting with RMIT. This means that no identifying details will be collected.
RMIT may collect sensitive information in certain limited circumstances. When we collect sensitive information, all reasonable steps are taken to explain:
- Why the sensitive information is being collected;
- What will be done with this information; and
- The main consequences (if any) for an individual if all or part of the information is not provided to RMIT.
Some areas of RMIT may have additional specific privacy information or statements that further explain particular information management practices.
2. Using personal information
RMIT uses and provides, personal or health information to other people or organisations, for the purposes it was collected.
Typical collections and uses of information include, but are not limited to:
- Application for RMIT services
- Enrolling students
- Details of staff and volunteers
- Research data
- Conducting marketing campaigns
- Conducting field trips
- Maintaining information technology facilities
- Liaising with the Student Union
- Transacting with other RMIT entities
- Student services
- Assessing students’ work.
Occasionally, RMIT may be authorised by law to use or provide personal or health information to others for other purposes. In some cases an individual’s consent will be sought to use or provide personal information to others.
RMIT will only assign or adopt a unique identifier (e.g. student or employee numbers) for an individual if it is necessary, authorised by law or with consent. RMIT is committed to ensuring that any transfer of personal or health information outside of Victoria is in accordance with law.
3. Ensuring that information is accurate and up-to-date
RMIT takes reasonable steps to ensure that personal and heath information held is accurate, complete and up-to-date.
RMIT relies on individuals to provide accurate and current information in the first instance, and to notify when circumstances or details change.
4. Storage and protection of information
All areas of RMIT have security measures to protect personal and health information from misuse, loss, unauthorised access or disclosure.
Stored information is also archived in accordance with the Public Records Act 1973 (Vic), which determines when information should be retained or disposed of.
Personal information may be stored in hard copy documents, as electronic data, or in RMIT software or systems. Some of the ways RMIT seeks to protect personal information include:
- Privacy process and the protection of information
- Document storage and data security processes
- Security measures for access to RMIT computer systems
- Controlling access to RMIT premises
- Web site protection measures
Different areas within RMIT have different storage systems in place, which depend upon a variety of factors, including the level of access required by staff and the sensitivity of the information.
5. Access to information held by RMIT
An individual may ask for access to their personal or health information, without having to make a formal request under the Freedom of Information Act 1982 (FOI Act), where appropriate.
In some situations, access will not be appropriate, and an individual is required to make a formal FOI request for example, if a third party’s privacy is involved).
The relevant processes for requesting access to information include directly contacting the area of RMIT that has the information in the first instance followed by making the request pursuant to Freedom of Information legislative guidance. Information of Freedom of Information process at RMIT, please contact https://www.rmit.edu.au/about/governance-and-management/governance/freedom-of-information.
6. Website Privacy
RMIT may make a record of your visits to RMIT websites and log information for statistical and system administration purposes, including but not limited to
- Your server address;
- Your domain name;
- Your IP address;
- The date and time of the visit;
- The pages accessed and documents downloaded;
- The address of your last site visited;
- The type of browser used.
Questions or complaints about Privacy at RMIT
To raise any concerns you might have in relation to privacy, please contact the RMIT Privacy Compliance Advisory on (03) 9925 1161 or email firstname.lastname@example.org.
Individuals have the right to make a privacy complaint to RMIT. Complaints must be made in accordance with the Privacy complaints procedure.
RMIT takes privacy-related complaints very seriously and undertakes to resolve privacy complaints in a timely, fair and transparent way.