Privacy Policy

Overview

Macquarie University is about discovery, learning and participation in a borderless world. We are a dynamic, flexible and engaged university committed to excellence in research, teaching and global citizenship. In undertaking its learning and teaching, research, and community engagement functions, the University collects, stores, and uses a broad range of personal and health information relating to students (including prospective, current and alumni), staff, patients and others who interact with it.

Macquarie University is committed to protecting the privacy of its students, employees and others who interact with it while undertaking its learning and teaching, research, engagement, and associated administrative activities and support services.

The University is required to comply with the NSW Privacy and Personal Information Protection Act 1998 (PPIPA) and Health Records and Information Privacy Act 2002 (HRIPA) in respect of personal and health information which it collects and uses. The University aligns its practices and activities with the Information Protection Principles (IPPs), and the Health Privacy Principles (HPPs) contained in those Acts.

The University’s Privacy Management Plan provides more information on how the University implements its obligations under the PPIPA and HRIPA, and how these Acts apply to the University’s operations.

Controlled entities

Controlled entities of the University that are considered “organisations” under the Commonwealth Privacy Act must comply with the following privacy acts:

The University’s controlled entities must have a separate Privacy Policy that explains the types of personal and/or health information that it collects and holds, how it does so and the purposes for that collection, to whom it discloses that information, how your information can be accessed or corrected, how you can make a privacy complaint and how that will be actioned, whether your information is likely to be sent overseas and to which countries if applicable.

The following controlled entities have their own Privacy Policy :

U@MQ Ltd (Campus Life/Sports and Recreation) - http://www.mq.edu.au/about/about-the-university/offices-and-units/campus-life/privacy-policy

Macquarie University Hospital - http://muh.org.au/privacy-policy

Macquarie University Clinical Associates Ltd – www.mqhealth.org.au

What if there are inconsistencies between the Commonwealth Privacy Act and the NSW privacy acts that apply to controlled entities?

The Commonwealth Privacy Act contemplates that an entity may have duties under both Commonwealth and State privacy legislation such as a controlled entity of the University. To the extent there are inconsistencies between the Commonwealth Privacy Act and the NSW privacy acts for controlled entities, the Commonwealth Privacy Act will prevail.

Protecting information

At a minimum staff should familiarise themselves with the top ten tips for Privacy Management.

The following should be considered to ensure the University protects personal and health information

	Considerations	Further information
Collection	Is the information I am collecting personal information or health information? Do I need to collect this information? Who am I collecting from? What is it going to be used for and is it a lawful use? Is this information being used for research? Do I need consent to collect this information and if so what details do I have to provide when I collect it? Privacy Management Plan – definitions of information Privacy Management Plan – Collection Research considerations Consent form toolbox	Privacy Management Plan – Storage Personal information storage checklist Information access checklist EU GDPR Research Implications
Storage	Where is the information going to be stored? How long will the information be stored for? Who will have access to it? What measures are in place to prevent it from getting in the wrong hands?	Privacy Management Plan – Access and Accuracy Information access guidance (see below under 'Accessing and amending information') Information Access Request Form Change My Personal Information Request form.
Access and accuracy	How can an individual access their own information once it has been collected? How do I ensure any changes in the information are correctly reflected? Have I put in any measures to ensure an individual can access and correct their information if necessary?	Privacy Management Plan – Access and Accuracy Information access guidance (see below under 'Accessing and amending information') Information Access Request Form Change My Personal Information Request form.
Use	How do I ensure the information is accurate and up to date? Is the information still relevant and fit for purpose? Am I using this information in a way that was not for the expected use? Privacy Management Plan - Use	Privacy Management Plan - Use
Disclosure	Who can I disclose this information to once it is collected? Have I obtained consent to disclose this information? Do I need to make the individual aware that this information will be disclosed elsewhere? What do I do if the information has been disclosed inappropriately? Privacy Management Plan – Disclosure Consent form toolbox Complaints guidance (link to below section) Data Breach Response Plan	Privacy Management Plan – Disclosure Consent form toolbox Complaints guidance (see below under 'Making a complaint') Data Breach Response Plan

Need more assistance? Contact the Privacy Officer

Accessing and amending information

Under the PPIPA and HRIPA an agency must allow access to personal and health information without excessive delay or expense. Please follow the instructions in the following link to access your personal or health information.

To make an informal application, contact the Macquarie University Faculty or Office which holds the information you seek, guidance on which has been provided below:

Students

For transcripts, confirmation of studies etc please contact Student Connect

Staff

For employment confirmation, access to employee files etc please contact HR

External

The University may release information such as confirmation of studies, confirmation of employment etc, with consent, to authorities such as insurance companies, prospective employers, and government bodies. For standard information releases please complete the following Information Access Request Form.
For all other information requests, including law enforcement, please contact the Privacy Officer.

Amendment

Students can update their information collected as part of the admission and enrolment process via eStudent, or by contacting Ask MQ. Staff can contact HR to correct or update some of their information in HROnline. Macquarie University patients can contact the University Hospital’s Health Information Services. University Clinic patients should contact the relevant clinic directly.

If any other changes are required a request can be made through the Change My Personal Information Request form.

Making a complaint

The University is committed to protecting the privacy of personal and health information in accordance with privacy legislation.

It is an offence for the University to:

intentionally disclose or use personal information, other than in connection with the lawful exercise of relevant functions, for an unauthorised purpose
offer to supply personal information that has been disclosed unlawfully
hinder the Privacy Commissioner or a member of staff from doing their job.

Where an individual has a complaint as a result of the above, they may make a complaint by:

Resolving the matter informally with the unit involved
Contacting the Privacy Officer
Applying for an internal review
Contacting the Privacy Commissioner

Find out more

Plan and Policy

Macquarie University Privacy Management Plan - this document describes the measures which the University takes to comply with the privacy laws that it is bound by.

Privacy Policy
Training (staff and students)

Privacy Act 1988 (Cth)
- Does the Privacy Act apply to the University and its controlled entities?