Student Privacy Statement
Our students are important to us. We need to stay in touch with you, so it is important that the information we hold about you is accurate, complete and current. We ask that you please keep this updated during your studies and engagement with us.
The University of Melbourne (University) respects the privacy of all individuals we engage with. We are committed to handling personal and health information fairly and lawfully.
This statement is intended to notify you of the University's usual collections, uses and disclosures of student personal information and should be read in conjunction with our Privacy Policy and other statements on our Privacy webpage.
For the purposes of this statement, the “processing” of personal information refers to activities relating to its management by the University, from collection, use, and disclosure, to storage and disposal.
The University is governed by the Privacy and Data Protection Act 2014 (Vic) (PDP Act) and the Health Records Act 2001 (Vic) (HR Act) when collecting and processing the personal and health information of individuals. In certain circumstances, including where we process the personal or health information of individuals located in some international jurisdictions, we are also subject to the requirements of federal and international privacy legislation. (Together, Privacy Laws).
Personal information (sometimes referred to as “personal data”) is defined in the Privacy Laws. Broadly, this covers information or opinion, whether true or not, that relates to an identified or identifiable individual. Sensitive information and health information are specific types of personal information defined in the Privacy Laws and subject to additional protections.
The University takes steps to ensure it collects students’ personal information by lawful and fair means and not in an unreasonably intrusive way.
The University collects personal information directly from you at enrolment and throughout your studies and engagement with us. For instance, the University collects your personal information when you complete enrolment forms or course applications, when you provide supporting documentation, and when you enter data directly into our student systems.
We also collect your personal information directly from you where you:
- register for events, campus tours, or newsletters;
- become a supporter of, or volunteer with, the University;
- agree to participate in user experience research or provide other feedback.
Examples of student personal information collected by the University include your:
- name, date of birth, contact details and residential address;
- assigned student number (unique identifier);
- government issued Unique Student Identifier (USI);
- status as an Aboriginal/Torres Strait Islander person;
- details of prior qualifications and current course/s of study;
- fee payment details, financial support and scholarship programs information (including Tax File Number and financial institution details);
- information about your personal, financial, health or cultural background and circumstances relevant to scholarships or other admissions pathways or funded support eligibility;
- citizenship and / or visa status;
- information about your academic progress and standing, examination and assessment activities or results, and details of practical and clinical placements;
- details of any prior experience, disciplinary or conduct matters relevant to your course of study;
- details of foreign interest declarations made by students;
- vaccination status and related data, as necessary;
- any other information relevant to your enrolment and education and to facilitate appropriate academic and student services.
The University may also collect students' personal information indirectly or automatically where direct collection is not reasonable or practicable. For example, we collect:
- data about your connection to and use of the University's ICT and provided networks, including wireless (UniWireless) networks and applications in accordance with the University’s ICT and Wireless Terms of Use. Collected data may include data about your network activity including your authentication, device and service configuration, inputs, provided content and commands, and other interactions logged or attributed to your student account and/or your connected device(s) - for example, your use of your student login credentials and student email account, logs of your device(s) connection, disconnection, and navigation history, and your actual or attempted connection to and use of applications, including prescribed or prohibited applications, while connected to our network;
- data from the University's Learning Management System (LMS) and other integrated educational technologies as outlined in the LMS Privacy Collection Notice. Collected data may include data that you input and/or upload when accessing or using University applications, including your connections to third party applications used to interact with these systems (whether or not authorised by the University), and data about your use (including attempts and circumventions) of applications that are prohibited, restricted, or subject to conditions of use;
- data about your presence or activity while you are attending University-controlled examination or assessment environments, including digital environments. Collected data may include data about your location or movement, authentication and authorisation of your presence and student credentials, and the presence, detection, or use of device(s) that are connected via your student account or attributed to you within that controlled environment;
- data from Library Services, and other student information and relationship systems that regulate user authentication and provide secure, authorised, and safe access to devices and venues;
- data about your conduct or behaviour while an enrolled student at the University, or from previous or current employers or vocational placement providers or other tertiary institutions (including research institutes or centres) where relevant to your admission or enrolment, including incidents, issues and complaints that involve you if you have not already disclosed these to us directly;
- data when you access or use University property or facilities, including data collected by the University Security Safety System (formerly known as CCTV), building access records, authorised body-worn camera recordings, tablet device recordings, and the authorised recordings of other authorised surveillance devices, as outlined in the Security Monitoring Privacy Notice; and
- data when you visit websites controlled by the University as detailed in our Online Privacy Statement.
The University may also collect and hold relevant data about you obtained from publicly available sources, either directly through targeted searches by the University, or indirectly through information supplied by a third party (which may be unsolicited). These publicly available sources may include social media, archives, registers or databases, and reliable news sources.
When you participate in University activities or access University facilities and services, it may be necessary for us to collect sensitive or health information. This includes:
- where we need to assess your fitness to study or make reasonable adjustments for you due to disability;
- when you access our health and student support services; and/or
- where you undertake courses of study which require us to confirm your fitness to practise in certain regulated professions, or for you to work with children or vulnerable adults, including personal information relating to any criminal record.
Access to, and the sharing of, such data is carefully controlled.
Where you provide the University with the personal information of others, such as your emergency contacts, you are encouraged to inform those persons that:
- you are disclosing their personal information to the University;
- their information will be retained in accordance with relevant University policies; and
- they can access their information, or seek correction of their information, by contacting student services.
The University collects personal information to facilitate and administer your enrolment and for us to meet our commitment to deliver our core functions under the University of Melbourne Act 2009 (Vic), including: the provision of teaching, learning and assessment; education and training programs; research and innovation activities; and related student infrastructure, facilities and services.
The University is legally required to collect specific personal information about its students to meet its obligations under various legislation including the:
- Higher Education Support Act 2003 (Cth)
- Tertiary Education Quality Standards Agency Act 2011 (Cth)
- Universities Accord (National Higher Education Code to Prevent and Respond to Gender-based Violence) Act 2025 (Cth)
- Education Services for Overseas Students Act 2000 (Cth).
Sometimes the University will seek your consent to handle specific data, such as health information, and personal information classed as sensitive information.
We use collected personal information:
- to establish and maintain your student entitlements and obligations during your enrolment and studies with us, to engage with you, and to improve your experience with the University;
- to properly administer and support the delivery of your course/s of study;
- to manage vocational placements or internships;
- to provide, administer and improve University student support services, such as student accommodation, health and safety, physical security, and facilities services;
- to facilitate internal and strategic planning requirements, such as providing appropriate infrastructure and sustainable resources;
- to enable reporting analytics, such as academic performance and student progress;
- to maintain a safe and secure campus, manage traffic and infrastructure, and assist in access to controlled environments;
- to compile information to enable the University to comply with government reporting relevant to providing and supporting higher education to its students;
- to identify and support students who may be eligible for scholarships or other admissions pathways or funded support, including access and equity programs such as Access Melbourne and Graduate Access Melbourne programs;
- for benchmarking purposes, analysis, quality assurance and planning, and to ensure we can provide you with the services and information you have requested;
- to enable individual faculties to administer courses and programs;
- to allow the Advancement Office to foster and facilitate alumni relationships and networks, and promote University activities;
- to compile information to enable the University to comply with government legislation and directions, including administering and reporting on government run or supported programs;
- to maintain academic and research integrity, in accordance with the Student Academic Integrity Policy, Examination Rules (as made under the Assessments and Results Policy), and the Research Integrity and Misconduct Policy; and
- to compile information to facilitate research to improve higher education, quality assurance, and planning.
Personal information collected for any of the above purpose(s) may also be used by the University for disciplinary purposes, including to identify you or to assist in the detection and investigation of any actual or suspected unlawful behaviour or breaches by you of University statutes, regulations, terms and conditions, policies, rules, or guidelines (University Rules).
Personal information is limited to only what is necessary and proportionate for the purpose required and access is restricted to authorised personnel. We endeavour to use de-identified personal information wherever that is appropriate in the circumstances.
During your engagement with the University, we may provide you with specific collection notices related to the collection of your personal information. These notices will further detail how your personal information will be handled in those instances.
The University will only use or disclose your personal data in the following instances:
- for the purpose for which it was collected;
- for a related purpose which you might reasonably expect;
- with your permission (consent) to the disclosure;
- if we are required or permitted to do so by law;
- where it is necessary for the pursuit of our legitimate interests (if relevant); or
- to enable our contracted service providers or partners to perform functions on our behalf.
The University does not sell your personal information to third parties under any circumstances and will not permit third parties to sell personal information we have shared with them.
The University will not disclose your personal information, including results or addresses, to family members without your consent, unless we are required or permitted to do so by law (such as in an emergency). We may engage with you to determine the validity and appropriateness of such consent before accepting it.
We will not confirm to third parties that you are, or have been, a student at the University, except as outlined in this statement, unless you have a record of graduation which is a public document.
The University may disclose your personal information to government agencies and departments when permitted or required by law, including:
- Services Australia (Centrelink) to facilitate government programs, such as the Higher Education Loan Program (HELP) and Youth Allowance (Austudy and ABSTUDY), and related student support services administration;
- the Department of Education supporting and reporting on Commonwealth assistance schemes for eligible students, such as Commonwealth Supported Places (CSP) and HELP, including using Unique Student Identifiers (USI) where necessary;
- the Department of Education to administer the Australian Government’s information management system relating to overseas student enrolments, including for the purpose of monitoring student compliance with visa conditions and the University’s compliance with its obligations to provide courses and related services, support and programs;
- the Department of Foreign Affairs and Trade (DFAT) administering the Australia Awards Scholarships program, and the University’s preferred service providers facilitating this, such as our travel agency and health insurance provider;
- the Department of Home Affairs, Department of Education, Australian Taxation Office (ATO), or state and federal regulatory agencies, receiving necessary personal information, including (if relevant to your course) regulators responsible for registering and regulating students against professional standards, such as the Australian Health Practitioner Regulation Agency (AHPRA), or worker screening authorities;
- the Department of Education, or authorised representatives, administering the Quality Indicators for Learning and Teaching (QILT) surveys (Higher Education Support Act 2003 (Cth)); and in response to an inquiry, complaint, or investigation that relates to you, to Commonwealth or State government bodies including government departments, the National Student Ombudsman, the Tertiary Education Quality and Standards Agency (TEQSA), the Victorian Ombudsman, the Victorian Health Complaints Commission, privacy or human rights commissions, WorkSafe, or law enforcement agencies.
The University may also disclose your personal information:
- to your student accommodation provider, or other University service providers for space utilisation, campus management, and the development and refinement of University services and facilities by the University or its authorised service providers;
- to other tertiary institutions or tertiary admission centres administering the transfer of your studies, including the provision of necessary information about your academic progress and any Government funded research training entitlement;
- to other institutions you are enrolled at facilitating your student exchange program, cross-institutional study, dual degree, shared teaching, industry or clinical experience, or other multi-institutional arrangement; including sharing academic progress, results, and administrative information;
- to meet the compliance requirements of work placement providers, such as Work Integrated Learning or clinical placements, including providing them with relevant health and vaccination information;
- to enable voting at elections for student organisations by providing a list of enrolled students to the returning officer or appointed electoral bodies;
- to confirm your enrolment with bodies affiliated with the University of which you are a member, such as the University of Melbourne Student Union (UMSU), Graduate Student Association (GSA), student residences or residential colleges;
- to allow externally contracted parties to perform functions on behalf of the University, such as conducting student surveys or providing academic services, by sharing limited personal information of students with them as necessary;
- to allow sponsors and providers of student prizes, scholarships or awards to contact recipients and otherwise administer and promote their programs;
- to comply with a subpoena, summons, warrant, or other written order from a government department, authority, court or tribunal;
- to protect a student or someone else from a serious threat to their life, health, safety or welfare.
We endeavour to disclose de-identified personal information wherever that is appropriate in the circumstances.
If you choose not to provide the personal information requested, the University may not be able to enrol you, provide you with your course of study, or provide you with the information, assistance, facilities, or services you have requested.
The University takes care to manage personal information appropriately and securely. Your personal information is stored and processed in a variety of formats, both electronic and hardcopy, including in enterprise-wide databases. Accordingly, your personal information is not segregated or treated differently from any other personal information based on your geographic location or jurisdiction.
The University takes reasonable steps to ensure that any personal information we (or parties operating on our behalf) collect, transmit, store or otherwise process, is accurate and complete, and that technical and organisational measures are in place to protect it from accidental or unlawful destruction, misuse, loss, alteration, or unauthorised access or disclosure.
Access to your personal information is limited to authorised University staff and representatives of our affiliates, and contracted third parties, for the purpose of carrying out necessary duties in supporting the University’s functions and activities. Where personal data is disclosed to third parties, it will be done so only to the extent necessary to fulfill the purpose of such disclosure. Where required, we ensure we have appropriate information sharing and/or processing agreements in place before sharing your personal data with any third parties.
In some instances, your personal information may be transferred outside Victoria or Australia. For example, to facilitate your participation in an exchange arrangement or study abroad, to report to an overseas funding provider, or where providers are located internationally or use a cloud-based system with servers based in other jurisdictions. We take reasonable steps to ensure that the interstate or overseas transfer of personal information is in accordance with this privacy statement, relevant University policies, and applicable Privacy Laws.
Once your personal information is no longer required for the purpose it was collected, or for another legitimate purpose, it is securely destroyed in compliance with the University’s retention and disposal authority. Your academic record, however, is retained indefinitely so that details of your academic achievements can be confirmed and for statistical or historical research purposes.
You may request access to, or correction of, your personal information held by the University, or exercise your individual rights as applicable, unless this would have an unreasonable impact on the privacy of others or would contravene our other legislative obligations.
In many instances you will be able to access and correct your personal information directly through the student portal or by contacting Student Services at Stop 1. Information obtained via course application or online enrolment, which is reported to the Commonwealth Government, can be viewed at my.unimelb.edu.au. If this information is incorrect or needs to be updated, you will be able change it online or by contacting Stop 1.
To access other personal information we hold about you, contact the relevant faculty or area of the University in the first instance. The department or area of the University that holds that information may need to liaise with our Legal and Risk area before determining whether they can provide the information directly to you.
If the lawful basis for us collecting and processing your personal information was with your consent, you may withdraw this at any time. This will not, however, affect the lawfulness of our processing of your personal information prior to that point.
The University Secretary is the University's designated Privacy and Data Protection Officer (PDPO). The privacy office in Legal and Risk provide guidance on the University’s privacy obligations and responsibilities.
Please refer to our Privacy webpage, view our Privacy Policy or contact privacy-officer@unimelb.edu.au for more information about how the University processes personal information, to access or request correction of your personal information, , and for details of how to make an enquiry or lodge a privacy complaint.
The applicable supervisory authorities for privacy and data protection in Victoria are:
- The Office of the Victorian Information Commissioner; and
- The Health Complaints Commissioner, regarding health information.
The University periodically refines its privacy statements. We encourage you to regularly review this statement for any updates.
The most recent substantive changes were made 14 October 2025.