Privacy Statement
This Privacy Statement updates and replaces Griffith's "Privacy Plan".
Griffith University is committed to protecting your privacy and keeping your Personal Information safe.
Our Privacy Statement details what kinds of Personal Information we collect when you interact and transact with us, either in person, via telephone, email, on our social media channels, or on our websites. It is designed to:
- inform you of what information we collect, what we use it for and who we disclose it to;
- explain your rights regarding how we collect, use and disclose your personal information; and
- describe the legal obligations that apply to us, how we meet those laws and how they protect you.
Our Privacy Statement applies to all individuals who interact with the University, including students, staff, research participants, alumni, donors, third-party service providers, partners, visitors and community members, website users and persons accessing the University’s health services.
Please read our Privacy Statement carefully. We may change our Privacy Statement from time to time as required, when there are material changes to our practices or when there are legislative amendments made. Any changes to our privacy practices will be published on our website. We encourage you to check our website periodically to ensure that you are aware of these changes.
What personal information do we collect, use and disclose?
The types of Personal Information that we may collect, use and disclose will depend on who you are and how you interact with the University.
This section applies to you if you are a prospective student, a student applying for enrolment, a current student, an international exchange student, or a past student.
What personal information do we collect?
The personal information we collect about you may include:
- identification information such as your name, date and country of birth, student number, Unique Student Identifier (USI), Tax File Number (TFN), passport and driver’s licence details, citizenship and residency information and other similar identification or documentation;
- contact information such as your address(es), email address(es), telephone number(s), and emergency contact details;
- information regarding your family including spouse/de facto partner relationships and dependents;
- information in connection with your admission, enrolment and graduation such as your student history and existing qualifications; academic transcripts, disciplinary matters and graduation records, student sponsorship information; Centrelink information; supervisor and examiner information and internship information;
- health information including Medicare information and health insurance information; information about disabilities or health conditions; vaccinations, serology and exposure prone declarations; medical history; records of accidents, incidents, and injuries; consultation and treatment notes, records relating to compensation and rehabilitation and health or medical provider information;
- financial information such as bank account details, financial statements and evidence of financial capacity to support your intended studies;
- information related to criminal history checks and clearances, Blue Card, NDIS Workers screening and mask fit testing;
- travel related information such as passport and visa information; language proficiency test results; travel profile information and private health insurance details;
- Personal records such as your employment information and your criminal history;
- Information in connection with services provided to you while you are a student such as car registration information; library usage; computer and terminal usage; rental references, images of you, and CCTV footage (on Griffith premises).
When will your personal information be used or disclosed?
We use or disclose your personal information for a range of reasons including:
- to administer and manage the provision of educational and support services, including admission, enrolment, scholarships, billing and collection of fees and charges, examinations, academic standing, electoral rolls and visas;
- to administer and manage the provision of practicum or placements, school and workplace visits, clinical assignments and work integrated learning;
- to undertake checking and verification activities including credentialing and clinical privileging;
- to review, develop, optimise and personalise the delivery of all our services to students including course and program design, library, accommodation, parking, facilities access, health, wellbeing and counselling, sport and recreation and hospitality services;
- to maintain accurate and up-to-date contact details (including emergency contact details);
- to manage and investigate performance, conduct, and disciplinary matters;
- to ensure the University complies with duties in relation to individuals and meets its contractual, statutory and regulatory obligations;
- to ensure accreditation requirements and standards are met;
- for emergency or crisis purposes.
To whom will your personal information be disclosed?
The University may disclose your personal information to third parties, including:
- Government agencies and regulatory bodies as requested or required;
- Professional registration bodies, external checking and verification bodies, industry bodies and associations as required;
- Government, industry and private organisations sponsoring your education;
- practicum or placement providers;
- research partners;
- banking and financial institutions; to current or former employers for the purposes of verifying work experience;
- health and medical bodies where you have consented to the disclosure, or in an emergency situation;
- to your emergency contacts, your supervisor or Human Resources or notifying the relevant authority, in an emergency situation, to lessen or prevent a serious threat to yours or another person’s life, health or safety or public health or safety, where it is impractical to obtain your consent, or if there are reasonable grounds to be concerned about your or someone else’s welfare or safety;
- third-party vendors who assist the University with the provision of services to you;
- other educational institutions (for example, if you do a semester at another institution through a study abroad program or participate in a conference or other activity at another institution);
- to law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisor.
This section applies to you if you are an employee (academic and professional), casual or sessional staff member, adjunct or other non-paid appointment (e.g. Emeritus Professor), visiting academic, or secondee or are a job applicant.
What personal information do we collect?
The personal information we collect about you may include:
- identification information such as your name, date and country of birth, staff and/or student numbers, passport and driver’s license details, citizenship and residency information and other similar identification information or documentation;
- contact information such as your address(es), email address(es), telephone number(s), and emergency contact details;
- information in connection with your recruitment, including position applications; qualifications, criminal history checks; security clearances; language proficiency test results; working with children checks; previous employment history; and reference and referee checks;
- information in connection with your appointment or employment including professional registration and clinical privileging; provider and prescriber numbers, staff appraisals and student surveys;
- health information including Medicare information; information about disabilities or health conditions; vaccinations; medical history; records of accidents, incidents, and injuries; consultation and treatment notes and records relating to compensation and rehabilitation, work and functional capacity and health or medical provider information;
- information related to criminal history checks and clearances, Blue Card, NDIS Workers screening and mask fit testing;
- financial information such as bank account details; Tax File Number (TFN) and superannuation information;
- travel related information such as passport and visa information; travel profile information;
- Information in connection with services provided to you such as car registration information; library usage; computer and terminal usage; images of you and CCTV footage (on Griffith premises);
- Information in relation to declarations or conflicts of interests as required by the Conflict of Interest Policy.
When will your personal information be used or disclosed?
We use or disclose your personal information for a range of reasons including:
- recruitment, selection and appointment functions such as verifying details for your employment or contractual engagement including work rights and relevant qualifications, licences or permits, health and background checks;
- to maintain accurate and up-to-date employment records and contact details (including emergency contact details), leave details, records of employee contractual and statutory rights and accreditation checks;
- to administer University services such as payroll processing, superannuation administration; insurance, the management of work-related travel and staff training and development;
- to undertake checking and verification activities including credentialing and clinical privileging;
- staff appraisals, probation and promotions;
- managing and investigating performance, conduct, conflicts of interest and disciplinary matters;
- risk management, workplace health and safety and workers’ compensation matters and reasonable adjustment decisions/ actions;
- to health and medical bodies where you have consented to the disclosure or in an emergency situation;
- to your emergency contacts or to notify the relevant authority in an emergency situation, to lessen or prevent a serious threat to yours or another person’s life, health or safety or public health or safety, where it is impractical to obtain your consent, or if there are reasonable grounds to be concerned about your welfare or safety;
- to obtain occupational health advice, and ensure the University complies with duties in relation to individuals with disabilities, meets its obligations under health and safety law, and ensures that employees are receiving the pay or other benefits to which they are entitled;
- benchmarking, reporting, analysis, quality assurance and planning purposes;
- for emergency or crisis purposes;
- compliance, where we are legally required to provide information to government agencies such as the Australian Taxation Office or the Department of Education.
To whom will your personal information be disclosed?
The University may disclose your personal information to third parties, including:
- Government agencies and regulatory bodies as requested or required;
- Professional registration bodies, external checking and verification bodies, accreditation bodies, industry bodies and associations as required;
- banking, superannuation and financial institutions;
- health and medical bodies where you have consented to the disclosure, or in an emergency situation;
- to your emergency contacts, your supervisor or Human Resources or to the relevant authority, in an emergency situation, to lessen or prevent a serious threat to yours or another person’s life, health or safety or public health or safety, where it is impractical to obtain your consent, or if there are reasonable grounds to be concerned about your welfare or safety;
- other third-party vendors who assist the University with the provision of services to you;
- other University staff and officers where required;
- to law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
I am a consultant, contractor or third-party
This section will apply to you if you are a consultant, contractor or third-party providing goods or services to the University (including University committee members who are not staff).
What personal information do we collect?
The personal information we collect about you may include:
- identification information such as your name, date of birth, staff and student numbers, passport and driver’s licence details, citizenship and residency information and other similar identification documentation;
- contact information such as your address, email address, telephone number(s), and emergency contact details;
- information in connection with your recruitment including position applications; criminal history checks; security clearances; working with children checks; previous employment history; and reference and referee checks, including copies of qualifications;
- health information including Medicare information; information about disabilities or health conditions; medical history; records of accidents, incidents, and injuries; consultation and treatment notes and records relating to compensation and rehabilitation;
- information in connection with your appointment or contract including professional registration numbers, clinical privileging and provider and prescriber numbers;
- financial information such as bank account details; Tax File Number (TFN) and superannuation information;
- travel related information such as passport and visa information; language proficiency test results; and travel profile information;
- Information in connection with services provided to you such as car registration information; library usage; computer and terminal usage; images of you and CCTV footage (on Griffith premises);
- Information in relation to declarations or conflicts of interests as required by the Conflict of Interest Policy.
When will your personal information be used or disclosed?
We use or disclose your personal information for a range of reasons including:
- recruitment, selection and appointment functions such as verifying details for your employment or contractual engagement including work rights and relevant qualifications, licences or permits, health and background checks;
- to maintain accurate and up-to-date engagement records and contact details (including emergency contact details), attendance, and records of contractual and statutory rights;
- to administer University services such as payroll processing, superannuation administration; insurance; the management of work-related travel and training and development;
- appraisals, reviews and on-boarding/off-boarding;
- managing and investigating performance, conduct, conflicts of interest and disciplinary matters;
- risk management and workplace health and safety matters;
- health and medical bodies where you have consented to the disclosure, or in an emergency situation;
- to your emergency contacts or to notify the relevant authority in an emergency situation, to lessen or prevent a serious threat to yours or another person’s life, health or safety or public health or safety, where it is impractical to obtain your consent, or if there are reasonable grounds to be concerned about your welfare or safety;
- to obtain occupational health advice and ensure the University complies with duties in relation to individuals with disabilities, meets its obligations under health and safety law, and ensures that you are receiving the pay or other benefits to which you are entitled;
- for benchmarking, reporting, analysis, quality assurance and planning purposes;
- for compliance, where we are legally required to provide information to government agencies such as the Australian Taxation Office or the Department of Education.
To whom will your personal information be disclosed?
The University may disclose your personal information to third parties, including:
- Government agencies and regulatory bodies as requested or required;
- Professional registration bodies, industry bodies and associations as required;
- banking, superannuation and financial institutions;
- health and medical bodies where you have consented to the disclosure, or in an emergency situation;
- to your emergency contacts or in notifying the relevant authority, in an emergency situation, to lessen or prevent a serious threat to yours or another person’s life, health or safety or public health or safety, where it is impractical to obtain your consent, or if there are reasonable grounds to be concerned about your welfare or safety;
- other third-party vendors who assist the University with the provision of services to you;
- other University staff and officers where required;
- to law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
This section applies to individuals who are participating in research projects, whether as a volunteer or on a paid basis.
The types of Personal Information that we collect will depend on the purpose of the research being undertaken and the terms of the research activity. You will be provided with a Research Participant Privacy Notice that will set out the particulars of the Personal Information that we intend to collect from you in advance of the research project. For additional information, please contact the Research Ethics and Integrity Team.
What personal information do we collect?
The personal information we collect about you may include:
- identification information such as your name, date of birth, staff and student numbers (if applicable), passport and driver’s license details, citizenship and residency information and other similar identification documentation;
- contact information such as your address, email address, telephone number(s), and emergency contact details;
- sensitive information including racial or ethnic origin; political or religious affiliations; and sexual orientation or practices;
- health information including Medicare information; medical history; information about disabilities or health conditions; biometric and genetic information; records of accidents, incidents, and injuries; consultation and treatment notes and records relating to compensation and rehabilitation;
- images, audio and video of you;
When will your personal information be used or disclosed?
- We will only use your Personal Information in accordance with the terms of the research activity as set out within the Privacy Notice that we provide to you.
- We may share your Personal Information with external organisations involved in the research activity as set out in the Privacy Notice.
We maintain relationships with alumni and donors and with other interested parties, including the local community, businesses, industry members and professional organisations concerned with or supporting the core education and research functions of the University.
As part of maintaining these relationships, we may collect Personal Information about prospective, current or former donors or scholarship providers; alumni and their friends and family; members of “Friends of Griffith” groups; and subscribers to the Griffith Review.
What personal information do we collect?
The personal information we collect about you may include:
- identification information such as your name, date of birth, staff and student numbers (if applicable), citizenship and residency information and other similar identification documentation;
- contact information such as your address, email address, telephone number(s), and emergency contact details;
- sensitive information including racial or ethnic origin; political or religious affiliations; and sexual orientation or practices;
- financial information such as bank account details; Tax File Number (TFN) and superannuation information;
- information in connection with services provided to you while you are an Alumni such as library usage;
- images, audio and video of you;
When will your personal information be used or disclosed?
This information may be used to inform you of:
- University courses/events;
- provide alumnus benefits;
- opportunities to engage with and support the University.
To whom will your personal information be disclosed?
The University may disclose your personal information to third parties, including:
- service providers engaged by the University including events management providers and fund-raising service providers;
- your emergency contacts, in an emergency situation;
- medical bodies, in an emergency situation;
- other University staff and officers where required;
- other third-party vendors who assist the University with the provision of services to you;
- law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
I am accessing health services
This section covers persons whose information is collected through the University’s Health and Medical Centre and Counselling services. If you are accessing a service through the University Health and Medical Services, please also refer to the Health and Medical Services Privacy Policy.
The University provides a range of medical and allied health services to students, staff and the community. A list of the health services for students can be found on the student support page, and for staff and the wider community can be found on the health clinics page.
As part of these services, we collect, store and use Personal Information, including Health Information, with your consent and in accordance with Collection Notices, as required by the health service.
What personal information do we collect?
The personal information we collect about you may include:
- name, address and contact information of the individual, dependents and other family members, emergency contact details and of health professionals who are currently or have previously provided treatment;
- health information including medical history; information about disabilities or health conditions; biometric and genetic information; Medicare and health insurance details;
- records such as patient records including assessments and treatments; medical records, including medications, and any current or past medical conditions; consultations and treatments given and correspondence relating to you;
- x-rays, video/audio/digital recordings and images;
- financial information such as bank account details;
- sensitive information including racial or ethnic origin and sexual orientation or practices.
When will your personal information be used or disclosed?
This information may be used to:
- provide you with our medical services and treatments to improve your health and wellbeing including by the Health and Medical Services and Counselling and Wellbeing Services; and
- contribute to the University’s teaching, research and development activities in relevant fields to improve our healthcare practices.
To whom will your personal information be disclosed?
The University may disclose your personal information to third parties, including:
- government agencies and regulatory bodies that request or require your information including Department of Health Queensland; Department of Health and Aged Care; Department of Home Affairs; the ATO ; AHPRA and the Office of the Queensland Health Ombudsman; Department of Social Services; and other regulatory agencies and bodies;
- Medicare;
- other health professionals, such as specialists, who are also involved in your medical treatment;
- banking and financial institutions;
- your emergency contacts, in an emergency situation;
- medical bodies, in an emergency situation;
- other third-party vendors who assist the University with the provision of services to you;
- other University staff and officers where required;
- law enforcement agencies when required; and
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
I am accessing the University's Child Care Services
This section covers any persons whose Personal Information is likely to be collected by the University for the primary purposes of providing early childhood education and care services at the Griffith University Early Childhood Education Centres. The University collects personal information of parents and guardians, children and stakeholders.
What personal information do we collect?
The personal information we collect includes:
- identification information of the individual such as name, date and place of birth, gender, birth certificate, passport and driver’s licence details and other similar identification documentation;
- contact information such as address, email address, telephone number(s), and emergency contact details;
- Centrelink Customer Reference Number
- citizenship and residency information;
- sensitive information including racial or ethnic origin; cultural or religious requirements and languages spoken;
- health information including medical history; medications required; immunisation history; information about disabilities or health conditions; information about additional needs; Medicare and health insurance details; doctor’s details;
- custody arrangements or parenting orders;
- dietary requirements;
- CCTV footage for security and safety (on Griffith premises).
- photographs and videos of children, samples of children’s work and general information about your child and your family that assists us in providing individualised early learning and care to children.
When will your personal information be used or disclosed?
This information may be used to:
- provide you with our early childhood education and care services and advocating for the well-being, protection and development of children; and
- contribute to the University’s teaching, research and development activities in relevant fields to improve our early childhood education and care services practices;
To whom will your personal information be disclosed?
The University may disclose your personal information to the following third parties:
- government agencies and regulatory bodies that request or require your information including the Department of Education, the Queensland Early Childhood Regulatory Authority, Department of Health Queensland; Medicare; Centrelink; the Department of Social Services and other regulatory agencies and bodies;
- child protection agencies or family support agencies when we reasonably believe that a child is at risk of significant harm;
- banking and financial institutions;
- your emergency contacts, in an emergency situation;
- medical bodies, in an emergency situation;
- other third-party vendors who assist the University with the provision of services to you;
- other University staff and officers where required;
- law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
I am a visitor, community member, service provider or university services recipient
This section covers any persons that fall outside the above categories whose Personal Information is likely to be collected by the University, such as other participants in outreach or marketing campaigns or attendees at University events. These types of persons include:
- visitors to the University campus (e.g. for Open Days, Orientation days, graduation ceremonies, sport, or public lectures);
- digital visitors to the University website or digital systems;
- attendees at University events that are held on and off-campus;
- community members of the Library and Griffith Archive;
- industry contacts who engage with staff or students through University programs, initiatives or projects;
- individuals providing services to the University, but who are not employees or contractors; and
- individuals who receive services from the University (from businesses on campus, sporting competitions.
Personal information that we collect
- General contact and identification information.
- We may collect your name, contact details and identification documents, so that we can contact you and identify you. This information may include your:
- name;
- address;
- email address;
- telephone number;
- date of birth;
- passport, driver’s license details, other identification documentation;
- images, audio and video of you;
- emergency contact details;
- CCTV footage for security and safety (on Griffith premises).
When will your personal information be used or disclosed?
- We will only use or disclose your personal information as authorised by the privacy regulatory framework.
- The University may disclose your personal information to the following entities:
- third-party vendors who assist the University with the provision of services to you;
- your emergency contacts, in an emergency situation;
- medical bodies, in an emergency situation;
- other University staff and officers where required;
- law enforcement agencies when required;
- advisors engaged by the University, including accountants, lawyers and other professional services advisors.
I am from the European Economic Area (EEA)
If you are an individual based in the EEA, we collect and process Personal Information about you only where we have a legal basis for doing so under the General Data Protection Regulation (GDPR).
- This means we collect and use your Personal Information only where it:
- is necessary for the delivery of education and research services; or
- satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development; or
- is necessary to comply with a legal obligation; or
- with your consent.
- The GDPR applies to the University’s collection, use and disclosure of Personal Information from persons based in the EEA.
- This includes:
- programs to attract European students to the University; and
- research conducted with European participants and interactions with alumni and donors.
- We also appreciate that our European partners will often want to impose GDPR compliant clauses in the agreements we reach with them, to enable them to meet the GDPR requirements.
The IP Act takes the same principle-based approach to data protection as the GDPR. Accordingly, we already have many consistent practices with the GDPR.
To make a rights request under the GDPR, contact our Privacy Officer using the information below in the "Privacy Contacts” section.
How Do We Manage Your Personal Information?
The University will only collect, use and disclose your Personal Information for a lawful purpose related to a function or activity of the University or as otherwise legally authorised under the privacy regulatory framework.
- Under the IP Act, Personal Information is information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from that information or opinion.
- Typical examples of Personal Information that we collect include:
- name and contact information, such as addresses, email addresses, dates of birth, passport and licence details;
- financial information of staff members, such as payment and bank details, Tax File Number (TFN) and superannuation information;
- academic records, such assessment results and lecturer feedback;
- medical information including medical records and records of accidents, incidents and injuries, Medicare information, consultation and treatment notes, and records relating to compensation and rehabilitation, work and functional capacity; and
- employee information such as employment records, leave applications, personal development and training information, misconduct and disciplinary information.
- This Statement sets out the particular Personal Information that is generally collected for the different categories of individuals who interact with the University.
- We may sometimes also collect and deal with specific types of Personal Information including Sensitive Information and Health Information under the privacy regulatory framework.
- Sensitive Information may relate to your:
- racial or ethnic origin;
- political opinions or associations;
- religious or philosophical beliefs or affiliations;
- professional or trade union membership;
- sexual orientation or practices;
- criminal record;
- health information; and
- genetic or biometric information.
- Health Information may include information or an opinion about your:
- health, including an illness, disability or injury;
- health services provided, to be provided, or your wishes about the future provision of health services;
- donation of body parts, organs or body substances; and
- genetic or biometric information.
- We will only collect, use and disclose Sensitive and Health information as authorised under the privacy regulatory framework.
- In relation to Health Information collected through the University Health and Medical Services, please also refer to the Health and Medical Services Privacy Policy.
How will my personal information be collected?
We will only collect your Personal Information, as authorised under the privacy regulatory framework, where it is reasonably necessary for or directly related to one or more of the University’s functions or activities, such as teaching, research, community services and engagement activities.
- We collect your Personal Information in a variety of ways, including:
- if you provide it to us in writing, via the telephone, or in person;
- through our website, digital systems or assets, or related social media;
- through your in-person attendance on campus;
- through your interactions with University programs, systems or surveys
- through third parties, such as other educational institutions that you have been involved with, various government agencies or event collaborators; and
- from public sources of information, where available.
- When we collect Personal Information directly from you, a Collection Notice may be provided which will set out:
- the purposes for collecting the information;
- any authorising law or court order that requires the collection; and
- if applicable, the details of any third party to whom your Personal Information is intended to be provided.
How will my personal information be used and disclosed?
- The University will only use and disclose your Personal Information as authorised under the privacy regulatory framework.
- The University “uses” your Personal Information if it:
- manipulates, searches or otherwise deals with the information;
- takes your information into account in the making of a decision; or
- transfers your information from one department of the University that has particular functions to another department of the University that has different functions. (s.23(3) IPAct)
- The University will only use your Personal Information for the purpose that it was collected (or a directly related purpose) unless you expressly or impliedly agree to the use of the information for another purpose, or the use is otherwise permitted under the IP Act.
- “Disclosure” of your Personal Information by the University to a third party occurs where:
- the third party does not already know the Personal Information, and is not in a position to be able to find it out;
- the University gives the third party your Personal Information, or places it in a position to be able to find it out; and
- the University ceases to have control over the third party in relation to who will know the Personal Information in the future. (s23(2) IP Act)
- We will not disclose your Personal Information unless it is authorised under the statutory framework, such as where:
- you have consented to disclosure (whether express or implied);
- you are reasonably likely to have been aware that it is the University’s usual practice to disclose that type of Personal Information to a relevant entity;
- disclosure is compelled or authorised by law (for example, a court order or subpoena, or a statutory obligation to disclose);
- disclosure is necessary to lessen or prevent a serious threat to a person’s life, health, safety, or welfare, or to public health, safety or welfare; or
- where disclosure is necessary for investigation or enforcement of criminal matters or other law enforcement matters.
We do not sell, trade, or rent your personal information to third parties for marketing purposes.
How is my Personal Information stored and secured?
The University takes steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We use physical, administrative, and technical measures in accordance with our Information Security Policy to safeguard your Personal Information as follows:
- Personal Information held by us is often stored in our digital systems (hosted on and off-site), including student management information systems, HR management systems, Customer and Relationship Management (CRM) systems, finance systems, library systems and records management systems;
- The University implements a range of measures and controls to ensure that your Personal Information is kept secure including swipe card access, system access controls, file level security and multifactor digital authentication;
- Personal Information will be retained as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, contractual, accounting, or reporting requirements;
- Personal Information is retained and disposed of according to the provisions of the relevant records disposal authority approved by the Queensland State Archives and the University Sector Retention and Disposal Schedule under the Public Records Act 2002 (Qld )
Will my Personal Information be disclosed overseas?
In certain circumstances, the University may transfer your Personal Information outside of Australia (for example when the information is stored in the cloud by an overseas provider or if the University needs to send enrolment information to a partner University regarding an international exchange student).
- Before your information is disclosed to an overseas recipient, the University will take all reasonable steps to ensure that any overseas recipient will deal with Personal Information in a way that complies with the privacy regulatory framework.
- Given the wide-ranging activities of the University, it is not practical to list every circumstance or country where Personal Information may be transferred overseas. However, we note that:
- The University uses a number of cloud-based service systems which require backup/emergency services to be undertaken overseas;
- As part of our international programs, Personal Information may be sent to partner Universities or other organisations where students undertake international Work Integrated Learning. We may also send information to international recipients as part of our alumni and advancement services engaged with individuals who are overseas.
We refer specifically to disclosures of Personal Information of persons in the EEA under the GDPR above.
Use of cookies
- We use cookies (digital tracking and analytics tools) on the University website and digital systems, call centres and email.
- Cookies and local storage:
- re small strings of text that a website may place on your computer or device to store information;
- allow a website to access and use this stored information at a later time; and
- can only store information that is provided by the visitor, such as their IP address.
- The University website and digital systems use cookies for:
- identifying unique visitors to the site - users are allocated a visitor number associated with their IP address which is held in a cookie on that computer or device;
- validating staff and/or students’ identity when they attempt to access a restricted part of the University website - a cookie is created in that computer or device's memory to improve the user-experience for subsequent times the user goes to access a restricted part of the website, such as student mail. The cookie contains the following information:
- internal unique ID generated by the University; and
- full name and email alias; and
- personalisation of your experience in our digital systems; and
- marketing communication purposes with Google, LinkedIn, Facebook and other third-party vendors - cookies allow the University to reach people who have previously visited our website so that we can provide tailored messages based on their University website interaction.
- visitors can choose to accept or opt out of cookies in general by adjusting their browser settings. It’s important to note that occasionally, opting out of cookies can result in the loss of some website functionality.
- for example, you may not be able to access a secure site such as the Griffith Portal;
- it may also mean that you are prompted to verify your identity several times during a session on the University website or digital systems.
Third-party analytics
- We use Google Analytics, LinkedIn analytics, Facebook analytics and other third-parties to gather statistics about how the website and email correspondence is accessed and used;
- Some of these analytic tools utilise cookies to gather information for statistical reporting; and
- We do not intentionally record or provide Personal Information to Google Analytics and third-parties except on occasions where identifiers (such as your name or Student Number) are dynamically included in the website's page title.
For further information please refer to the University's Information Security Policy or contact the IT Service Centre.
Exercising your Rights
How do I access and amend my personal information?
The University is committed to providing you with straightforward procedures to access and amend to your Personal Information.
- You can:
- request access to the Personal Information that we hold about you; or
- request an amendment to your Personal Information if you believe the information is inaccurate, incomplete, out-of-date, or misleading.
- All requests should be directed to the University’s Privacy Officer—refer to the “Privacy Contacts” section of this Statement.
- We may refuse access to your Personal Information if:
- the University is authorised or required under an access law to refuse to give the access; or
- the document is expressly excluded from the operation of an access law.
- If a request for your Personal Information is denied by the University, you can request an internal review, or seek external review by the Office of the Information Commissioner (OIC). See “Privacy Contacts” below for information on how to contact them.
How do I make a privacy complaint?
We take privacy complaints seriously.
- If you believe your Personal Information has not been dealt with in accordance with the University Privacy Statement or relevant laws, you may make a complaint in writing to the University’s Privacy Officer.
- If you do not agree with the decision of the Privacy Officer, you can request an internal review.
- You can also refer your complaint for independent mediation by the Office of the Information Commissioner without requesting an internal review if at least 45 business days have passed since the complaint was made to the Privacy Officer.
- See “Privacy Contacts” below for information on how to contact the Privacy Officer.
Privacy Contacts
Can I stay anonymous or use a pseudonym?
Only in limited circumstances. If you are a student or staff member, it is generally not possible for us to give you the option of anonymity or of using a pseudonym when dealing with us. The nature of our dealings with you and the Personal Information that we collect in order to properly carry out our functions will ordinarily require that it not be anonymous.
However, in limited circumstances it may be possible for a person to remain anonymous when making an enquiry or complaint with the University, for example, if you are a whistleblower under the Public Interest Disclosure Policy.
The University will only collect, use and disclose your Personal Information for a lawful purpose related to a function or activity of the University or as otherwise legally authorised under the privacy regulatory framework.
Key Privacy Legislation
The University has legal obligations to protect the personal information it collects from students, staff and members of the public. These obligations arise principally from the Information Privacy Act 2009 ( Qld ) which establishes safeguards for how Queensland public sector agencies must deal with an individual’s Personal Information. There are also instances where personal information may be covered by the Commonwealth Privacy Act 1988 (Cth).
Where individuals are based in other countries, such as the European Union or the Republic of China, they may also be covered by the privacy laws of those jurisdictions such as the EUGeneral Data Protection Regulation or the China Personal Information Protection Law if their personal information is collected overseas.
Privacy Contacts
Griffith University Privacy Officer
Telephone: + 61 (07) 3735 5586
Email: privacyofficer@griffith.edu.au
Postal Address:
Legal Services, Privacy
170 Kessels Rd Nathan QLD 4111
Queensland Information Commissioner
Telephone: + 61 (07) 3234 7373 or 1800 642 753
Email: enquiries@oic.qld.gov.au
Postal Address:
Office of the Information Commissioner
PO Box 10143
Adelaide Street Brisbane QLD 4000
Australian Information Commissioner
Telephone: 1300 363 992
Email: foi@oaic.gov.au
Postal Address:
Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Last Updated: 2 May 2024