Home › Privacy Management

Privacy Management

Queensland's privacy regime is set out in the Information Privacy Act 2009 (IP Act).

Under the IP Act, the University is legally required to comply with the Information Privacy Principles (IPPs), which are set out in Schedule 3 to the Act. The IPPs cover the collection, storage, use, disclosure and access obligations of agencies. Under the IP Act, agencies are required to take reasonable steps to protect the personal information they hold from misuse and loss and from unathorised access, modification or disclosure.

The University is committed to the objectives of the IP Act and has implemented the Privacy Management policy (PPL 1.60.02) that is based on the following principles:

  • the University supports responsible and transparent handling of personal information;
  • the University respects an individual's right to know how his or her personal information will be collected, used, disclosed, stored and disposed of; and
  • adequate privacy protection is a necessary condition for the University to participate in e-communications and e-transactions.

Privacy Management section

Privacy inquiries

Privacy inquiries

The Right to Information and Privacy Office can assist with any inquiries regarding privacy at The University of Queensland. 

 
 
Right to Information and Privacy Office
Room 419, JD StoryBuilding
Phone: 3365 2571
Email: rtip@uq.edu.au
Also, refer to the Frequently Asked Questions - Privacy Management.
Grievance Procedure

Grievance Procedure

Making a complaint about breach of privacy

If you believe that the University or one of its officers has breached your privacy when handling your personal information, you are entitled to make a privacy complaint. Your complaint should be lodged through the Complaints Management process. Please note that you cannot make a complaint that the University has breached another person’s privacy unless that person has appointed you as his or her agent.   Before lodging a privacy complaint, you are encouraged to contact the Right to Information and Privacy Office to discuss your concerns. 

Within 14 days of your complaint being received, the Right to Information and Privacy Office will write to you acknowledging your complaint and providing details of how the complaint will be investigated. You will be notified once the investigation is complete. 

Within 45 days from day you lodge your complaint with the University,  you will be notified in writing of:

  • the findings of the investigation (and the reasons for those findings), and
  • the action proposed to be taken by the University (and the reasons for taking that action), and
  • your right to apply to the Information Commissioner if you are not satisfied with the outcome.

If you are not notified within 45 days or are not satisfied with University’s investigation, you may apply to the Information Commissioner for your complaint to be mediated. If your complaint is not suitable to be mediated or you are not satisfied with the mediation, you may ask the Information Commissioner to refer your complaint to the Qld Civil and Administration Tribunal (QCAT) for a review of the conduct that was the subject of your complaint. 

Privacy - Resources

Privacy - Resources

For further information on Privacy, refer to the following publications:

The following websites contain additional information relating to Privacy:

Resources:

Personal Information Register

Personal Information Register

The University of Queensland works to enable our students and staff to become leaders within their communities by creating an environment for learning and discovery in which they can develop and fulfil their aspirations, that rewards excellence, openness and innovation and encourages widespread engagement with our local and global communities. 
 
In meeting these objectives, the University collects, stores and uses personal information of staff, students, and other clients. The University has obligations under the Information Privacy Act 2009 to safeguard the handling of personal information.
 
Personal information collected and held by UQ falls into the following categories:
 
  • Student records;
  • Staff records;
  • Financial and business records;
  • Information technology systems personal information;
  • Human research participant personal information; and
  • Community links.

The records are maintained for periods controlled by the General Retention and Disposal Schedule for Queensland Universities issued under the authority of the Queensland State Archivist under section 13 of the Public Records Act 2002. The procedures by which individuals may obtain access to information about them are outlined in the University Policy (PPL 1.60.02) Privacy Management.

University records relating to students

The University collects and holds student information on admission, enrolment, progression, graduation and student access to academic and support services. The University also uses records to keep in contact with former students. The University holds student information about:
 
  • Personal details, including date of birth, postal and permanent home addresses, and emergency contacts;
  • Equity group membership and educational background;
  • Admission, enrolment course progress and attendance;
  • Examinations and assessment (including grades);
  • Discipline and misconduct incidents;
  • Fees and charges and/or HECS-HELP of FEE-HELP statements (including tax file numbers);
  • Practicum’s and industrial or clinical placements;
  • Use of student support services in areas such as health, disability, learning assistance, personal and careers counselling; student complaints and grievances; and appeals;
  • Prizes, scholarships, grants and student assistance;
  • Library borrowing records;
  • Graduation records and employment outcomes;
  • Immunisation status and first aid qualifications for students in specified courses;
  • Membership of University, Faculty and School committees.
 
The above records may be held in the University’s student administration system, SI-net, or on electronic student files managed in TRIM. Student records may also be held by other organisational units. For example, the Faculty or School that administers the program or course in which a student is enrolled may hold records relating to course progression, prizes and scholarships, industrial experience and clinical placements and immunisation status.
 
Records about student welfare or use of services will be held where the service is provided. For example, in Student Health Services, Student Services or Library Services.
 
Staff must access student records only as far as is needed to perform their duties. Access to student records is routinely granted to administrative and technical staff of Student Administration, administrative and senior academic staff in Faculties and Schools, and to staff in organisational units providing student services.
 
University records relating to staff
 
The University collects, stores and uses staff personal information for employment history, payroll and administrative functions. University records relating to staff are also used to maintain staff electoral rolls for various University elections in which staff participate and for access to the library, information technology services and other relevant services. 
 
The University holds staff information about:
 
  • Recruitment – position applications, records of selection processes, records of employment checks, evidence of previous qualifications;
  • Attendance and leave for full-time, part-time and casual staff;
  • Personal details including date of birth, home address, telephone number, email addresses and emergency contacts;
  • Visa documentation as required;
  • Salary and payroll including bank details, tax file number, salary packaging and benefits;
  • Superannuation;
  • Personnel development and training;
  • Performance planning and management, including teaching performance evaluations for academic staff;
  • Staff health and safety including, where relevant, accidents/injuries, vaccination status, details of first aid certificates held, compensation and rehabilitation arrangements;
  • Staff welfare such as staff study assistance;
  • Grievances and complaints, industrial issues and other matters affecting individual staff members;
  • Staff equity;
  • Promotion for academic staff;
  • Library borrowing and use of UQ services;
  • Visiting researchers, adjunct staff, and other individuals providing voluntary services to UQ;
  • Grants, awards, honours and recognition schemes for staff;
  • Staff research output and publications;
  • Staff participation in external and commercial consultancies;
  • Official staff travel; and
  • Membership on University, Faculty and School committees.
Information relating to recruitment, appointment, attendance, industrial or workers compensation processes is held in the University’s computerised staff information systems, and/or in physical records kept in the Human Resources Division or OHS Division. Furthermore, University records relating to staff may also be held in individual Faculties, Schools, Departments or Divisions. These records are generally limited to time sheets, attendance and other basic administrative records. 
 
Access to University records relating to staff is generally restricted to executive staff, human resources staff, OHS staff, supervisors, members of selection committees, and to other staff members to the extent necessary to perform their duties.   Access will only be provided where a request is approved by the relevant human resources or OHS employee.
 
Financial and business information
 
Generally, information relating to the financial management or business operations of the University will contain only small quantities of personal information. This is often limited to information relating to financial transactions between the University and its customers, suppliers and contractors. Information stored in financial records includes names, addresses and bank account details. 
 
Types of financial records that may contain personal information include:
 
  • records of accounts payable or receivable, including the names of creditors and debtors of the University;
  • customer records of business operations, such as the UQ Bookshop;
  • job tracking systems for service providers within the University;
  • lists of contractors providing professional services in the building and project management areas; and
  • tender documents.
Most of these records are kept in financial management information system maintained by Finance and Business Services Division. Access to financial records is granted to finance administration staff (both central and relevant organisational unit) to the extent necessary to perform their duties. 
 
Information technology systems personal information
 
The University’s Information Technology Services routinely holds, processes, and stores significant proportion of personal and business related information for the University. Records may relate to former and present staff and students of the University.
 
Data held includes internal and external transactions, including telephone, email, and internet activity.   In addition, IT records will also include authentication, identification, and usage-tracking information. 
 
Human research participant personal information
 
Research involving human participation is conducted in many disciplines in the University’s Faculties, Schools, Institutes and Centres (research units). These research activities result in the collection, storage, use and analysis of personal information.  
 
The University controls the use of personal information collected by researchers through the ethical approval process before the research project commences. Researchers must specify the particular information to be collected, describe how it will be used in the research project and methods to communicate this to potential participants. The University’s Policy (PPL 4.20.2) for the Responsible Conduct of Research strongly recommends that research data be retained in the research unit concerned. The head of the research unit is responsible for the maintenance and retention of data collected in the course of research.
 
Information collected during research may be accessed by members of the research team, the research funding body (if appropriate) and academic or administrative staff who require access to assist researchers. 
 
Community links to the University
 
One of UQ’s strategic objectives is to enhance the University’s contribution to global and local communities and communicating effectively with our many stakeholders to build support and advocacy for our strategic objectives in learning and discovery. As a consequence, the University maintains personal information about members of the community and the professions who provide support, including financial support, to University teaching and research programs or who use the University’s community services and facilities. Records containing personal information may include:
 
  • Mailing lists for members of the professions and users of other UQ facilities;
  • Records of supporters and alumni;
  • Records for continuing professional education participants; and
  • Patient records for clients of UQ Clinics.
Records are kept by the individual organisational unit responsible for collecting the information. For example, records relating to alumni and supporters are held by the Advancement Office. Access to these records will be generally limited to staff who are directly responsible for the administering the function. As UQ Clinics operate in conjunction with teaching programs, student access to relevant patient records is granted under supervision of appropriately qualified staff.
Home › Privacy Management