GSA recognises the importance of protecting the privacy of the personal information it holds about graduates and any other individuals involved in GSA such as staff and volunteers. We respect individuals’ right to privacy regarding their personal information. GSA complies with all legal requirements in respect to the collection, use, security and disclosure of personal information.
The purpose of this document is to provide explain how GSA will collect, use, security and disclose personal information.
Chief Executive Officer to authorise policy; Managers to implement operational strategies.
Personal information has the meaning given to it in the Commonwealth Privacy Act 1988. In general terms, it is any information that can be used to reasonably identify an individual. This may include name, address, telephone numbers, email addresses, photographs and other details. If any information is collected and linked to other information that identifies a person, that information is also considered personal information. Personal information may be written records, images or verbal information.
GSA holds a range of personal information for the purposes of delivering services to the graduates and is committed to protecting that personal information.
GSA recognises the right of individuals to have their personal information collected, used, managed and stored in ways which they are told about, consent to or would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies.
GSA is bound by the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2011 (Vic), as well as other laws which impose specific obligations when it comes to handling information.
In broad terms this means that we:
- collect only information that GSA requires for its functions and activities; o ensure that stakeholders/graduates are informed as to why we collect the information and how we handle the information collected;
- use and disclose personal information only for the primary purpose of collection, a directly related purpose, for another purpose with the person’s consent or as authorised or required by law;
- store personal information securely, protecting it from unauthorised access or misuse; and
- provide stakeholders/graduates with access to their own information, and the right to seek its correction.
We only collect information that is necessary for the performance and function of GSA. We will notify graduates/stakeholders about why we collect the information and how it is handled in specific written privacy collection statements for each program area. We will notify stakeholders/graduates that their personal information is accessible to them.
No personal information of a graduate will be collected without first gaining the graduate’s consent. Consent is completely voluntary and can be withdrawn at any time. Withdrawal of consent to collect personal information means that no future information will be recorded after the graduate’s consent has been withdrawn. However, if consent for GSA to collect personal information is denied, we may not be able to provide all the services to that graduate.
We collect, hold, use and disclose stakeholders and graduates’ personal information for the following purposes:
- to deliver our services;
- for the administration, planning, service development and quality control of our services;
- to communicate, answer queries and provide information or advice; o to update our records and keep details current;
- to process and respond to any complaint received by an individual; and
- to comply with any law, rule, regulation, decision or direction of a regulator, or in co-operation with any government authority.
For any other uses we will obtain direct consent from the graduate.
We will only release personal information about a person to another service provider within the University of Melbourne with that person’s express consent. For personal information to be released, the person concerned must sign a release form.
GSA is required by funding bodies and other regulatory agencies to collect personal information on graduates and report on this information. In these situations, graduates will be given a specific privacy collection statement detailing which government agency or body is involved and seeking consent to do this.
We do not disclose staff, volunteers, stakeholders/graduates or any other individuals’ personal information to anyone outside of Australia.
We do not use staff, volunteers, stakeholders/graduates or any other individuals’ personal information for direct marketing, or disclose any personal information to other organisations for the purposes of direct marketing.
Staff, volunteers’, stakeholders’ or graduates’ personal information will never be shared, sold, rented or disclosed other than as described in this policy.
5. Data Quality
We take all reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform.
We may hold stakeholders/graduates personal information in either electronic or hard copy format.
6. Data Security and Retention
We take all reasonable actions to safeguard the information we hold against misuse, loss, and unauthorised access, modification or disclosure. Some of these data security steps are:
Password access controls;
- Physical locks on offices, filing cabinets etc;
- Privacy and data breach training for staff; and
- Antiviral software on staff devices.
Elected student representatives are not given membership list unless authorised.
We destroy records securely in accordance with relevant legislation and regulatory requirements when no longer required.
We will make this information freely available in relevant publications and on the organisation’s website.
Our staff are trained in the appropriate secure collection of personal information and can provide further information to stakeholders/graduates on request.
8. Access and Correction
We acknowledge individuals have a right to seek access to information held about them.
Graduates may request access to any personal information we hold about them at any time by contacting us using the details at the end of this policy, or by contacting the Managers. GSA will provide a suitable means of accessing this information: this may include providing photocopies or by allowing access to view the file at our office.
There may be instances where we cannot grant access to the personal information we hold, for example, situations where granting this access would interfere with the privacy of others or would result in a breach of confidentiality. If this happens, we will give written reasons for the refusal to access.
If graduates believe that the personal information we hold is incorrect, incomplete, misleading or inaccurate, they may request for it to be corrected. We will consider if the information requires correction. If we do not agree that there are grounds for correction, we may add a note to the personal information stating that the individual disagrees with it.
We will not charge for this request to access or for making corrections to personal information.
We will give staff and stakeholders/graduates the option of not identifying themselves when completing evaluation forms or opinion surveys, and sometimes when making a report or complaint to GSA. In other circumstances, it is not practicable for us to deal with individuals in an anonymous manner.
10. Referrals to Other Organisations
GSA staff may refer members of the public or clients to other external organisations or provide information regarding other services available in the community. Our website may contain links to other websites operated by external organisations. In these situations, we make no representations or warranties in relation to the privacy practices of any other party. Staff, volunteers, and stakeholders/graduates are advised to seek their own information regarding the privacy policies of external organisations we may have given a referral to or information about.
Any person who feels their privacy has been interfered with by GSA (either by a breach of this policy or of any applicable privacy laws) can contact us using the contact information at the end of this policy. We will request that you provide details of the incident so that it can be investigated.
Our procedure for investigating and responding to alleged privacy breaches is:
- Contain the alleged breach and do a preliminary assessment
- Evaluate the risks associated with the potential breach
- Notification of any individuals affected and/or appropriate regulatory bodies
- Prevent future breaches.
Given the varied nature of privacy breaches, actions will be proportional and appropriate to the specific details of each individual situation.
Privacy breaches are not limited to malicious actions, such as theft or ‘hacking’, but may arise from internal errors or failure to follow information handling policies that cause accidental loss or disclosure.
We will treat all complaints confidentially and aim to resolve them in a timely and appropriate manner.
The GSA Board is responsible for adopting this policy.
The GSA Board Members, Chief Executive Officer and all staff members, contractors and volunteers are responsible for the implementation of this policy.
The Chief Executive Officer is responsible for monitoring changes in privacy law and for reviewing this policy as and when the need arises.
If you have any questions about this policy, or any concerns or complaints about the handling of your personal information, please contact our Privacy Officers using the details below.
Sajal Goundar, CPA
Manager – Business Operations & Finance
Lead Student Information Officer
Version 2.0. Approved by: CEO. Reviewed on: August 2021. Approval date: August 2021.