Privacy policy

Policy

Intent and objectives

To assure compliance with relevant privacy legislation and to establish principles of transparency and fairness for the management of personal information at RMIT.

Objectives

To guide staff in the responsible collection and handling of personal information by the University.

To give individuals the right to access information about them which is held by the University and to correct any errors in that information.

To establish a complaints procedure for investigation and rectification of breaches of this policy.

Scope

This policy covers the management of all personal and/or health information at RMIT

Exclusions

Nil

Provisions

RMIT is committed to the responsible handling of personal information and to protecting the right to privacy of those whose information it holds.

In managing personal information, staff of RMIT will abide by the privacy principles that form part of the Information Privacy Act 2000 (Vic.) and, where relevant, the Health Records Act 2001 (Vic.).

For the purposes of clause 23 of Schedule 1A Part 1 Division 4 of the Higher Education Support Act (HESA) 2003 (Cth) and section 19-60 of Chapter 2 Part 2-1, Division 19 of the HESA Act the University complies with the information privacy principles set out in the Privacy Act 1988 (Cth).

In so doing, staff of RMIT will:

  • Collect only that information necessary to fulfil its functions and activities.
  • Advise individuals of the purposes of collection and their rights to access that information.
  • Use the information only for the purpose for which it was collected or related secondary purpose/s.
  • Disclose it only as required or permitted by law.
  • Endeavour to ensure that information is accurate, complete and up-to date.
  • Ensure the security of the information and its proper archiving or disposal.
  • Be open about the RMIT Privacy Policy, about what sorts of personal information RMIT holds and what it does with such information.
  • By arrangement, enable individuals to access their data and make appropriate corrections.
  • Assign and use student and staff numbers only to facilitate efficient management of its business.
  • Transmit data across borders only to legitimate recipients and when equivalent safeguards are accorded to the data by the recipient.

Collect and use sensitive information only in accordance with the law.

The “RMIT Privacy Principles” attached to this policy outline in greater detail how RMIT will meet its obligations under the Victorian Information Privacy Act 2000 (Vic). They are approved by the Vice-Chancellor as an attachment to this policy.

Account will be taken of the RMIT Privacy Principles in other university policies and procedures.

RMIT will appoint a Privacy Officer who will be responsible for the administration of this policy, including the RMIT Privacy principles, and the handling of any complaints relating to privacy.

[Next: Supporting documents and information]