Staff privacy statement
The University of Melbourne is governed by the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) when collecting and managing the personal and health information of individuals (referred to collectively in this statement as ‘personal information’). To the extent that they apply to our activities, the University is also subject to the requirements of the Privacy Act 1988 (Cth) and the European Union General Data Protection Regulation 2016/679 (which relates to the personal data of individuals located in the European Economic Area). (together, Privacy Laws).
"Personal information" is defined broadly in the Privacy Laws as recorded information or opinion that relates to an identified or identifiable individual.
The “processing" of personal information refers to all activities relating to the management of personal information by the University, from its collection and use, through to its storage and disposal, and everything in between.
What we collect and how?
The University will collect personal information about you throughout your employment. Such information may include:
- your name, date of birth and address
- tax file number, banking and superannuation details
- qualifications, referee reports and performance appraisals
- details of paid outside work or directorships
- other information relevant to your employment and work-related matters.
The information is often collected from several sources. For instance, you provide us with information when completing employment forms and when entering data directly into our computerised Human Resources (HR) system. Others, such as previous employers and nominated referees, other staff members, and students, may also provide us with information about your employment history and work-related matters.
All HR forms and processes that collect personal information will have a reference to the University's Privacy website and to this statement.
Health information is often collected when you commence work as part of the University's occupational health and safety monitoring. A brief medical/vaccination history is requested to identify any areas where there could be a health or hazard risk. The information is assessed and then stored by the Occupational Health Service within Human Resources. On receipt of a written request, the information may be provided to our Environment Health and Safety Office, where it is required to manage or administer a WorkCover issue.
Why we collect the information
The primary purpose for collecting the information is to maintain your employee records and to administer your employment, salary and superannuation.
Your personal information is also collected and used for other related HR processes, for data analysis and quality assurance, and in an aggregate (non-identifying) form to report on workforce profiles. Where required, the University may also share your information with external bodies such as the Australian Taxation Office, and other government departments or regulatory authorities, to meet mandatory reporting requirements.
Accuracy, security and storage of information
The University holds personal information in electronic and paper-based form in multiple University systems. Your personal information is treated the same as any other personal information, regardless of your geographic location or jurisdiction. We take all reasonable steps to ensure that any personal information we (or contracted service providers operating on our behalf) transmit, store or otherwise process, is accurate and complete, and that appropriate technical and organisational measures are implemented and maintained to protect your personal information from accidental or unlawful destruction, misuse, loss, alteration, or unauthorised access or disclosure.
In some instances, personal information collected and processed by the University may be transferred outside of Victoria or Australia, particularly where our contracted service providers are not located in Victoria. We take all reasonable steps to ensure that the interstate or overseas transfer of personal information is in accordance with this Privacy Statement, our policies, and the Privacy Laws as applicable.
Where appropriate, examples of third parties the University provides personal information to (and for what purposes) are captured in more detailed privacy collection notices, which are provided to you at the time your personal information is collected.
Typically, we will only retain your personal information for as long as it is required for the purpose it was collected and in accordance with our other legislative obligations. This information is then securely destroyed in accordance with the University’s retention and disposal authority.
Use and disclosure of information
The University will only use or disclose your personal information under the following circumstances:
- for the purpose for which it was collected
- for a related purpose which you might reasonably expect
- where you have consented to the disclosure
- if we are required or permitted to do so by law
- where we have engaged a contracted service provider or partner to perform legitimate functions on our behalf, such as those outlined in this statement.
Access to personal information
If you choose not to provide the information requested, it may not be possible for the University to administer your employment, or it may limit benefits and assistance available to you.
You may request access to, or correction of, information we hold about you, or exercise rights of access, rectification, erasure and other rights under the GDPR, unless providing you with access would have an unreasonable impact on the privacy of others or would contravene the University’s other legislative obligations.
Access to and correction of personal information is handled in accordance with the Freedom of Information Act 1982 (Vic). Further information about this process can be found on our Freedom of Information webpage.
Please refer to our Privacy webpage for links to information on how to contact us about privacy, how to lodge a complaint, and for the contact details of the University of Melbourne's Privacy Officer and Data Protection Officer.
Information provided by job applicants is used solely for the recruitment function. It is disclosed only to staff and/or relevant panel members involved in the selection process and is treated confidentially. This information is only retained for as long as it is required for the purpose it was collected and is then securely destroyed in accordance with our legislative obligations and the University’s retention and disposal authority.
Changes to the Privacy Statement
The University periodically refines its privacy statements to reflect appropriate information flows. The overall level of privacy protection is maintained when changes or inclusions are made. We will endeavor to inform you of any substantive changes to this Privacy Statement, however, we may occasionally make changes without notice, particularly where there are changes in the relevant laws or we adopt new working practices. We therefore encourage you to regularly review this statement for any updates. The most recent substantive changes were made 16 November 2018.