Skip to content

Privacy Policy

Policy overview

1 Purpose

To ensure that the University complies with its obligations when handling Personal Information under the Information Privacy Act 2009 (Qld) ('the IP Act') and the Right to Information Act 2009 (Qld) ('RTI Act'), as well as any other applicable privacy and data protection laws. It ensures that the University meets its obligation in the IP Act to have a clearly expressed and up to date Privacy Policy which outlines how the University manages Personal Information in various parts of its operations.

2 Scope

This Policy applies to University Members, prospective Students and applicants for jobs at the University, and members of the public who are entitled to request access to information held by the University.

3 Policy Statement

The University is committed to protecting the privacy of all Personal Information that it handles. The University will meet its legal obligations under the IP Act and RTI Act, which impose obligations to:

  • comply with the IP Act and the Privacy Principles
  • comply with the IP Act when transferring Personal Information outside of Australia
  • take reasonable steps to have Contracted Service Providers adhere to the Privacy Principles
  • deal with Privacy Complaints made in relation to breaches of privacy in a timely and responsive manner and in accordance with the IP Act, including, when necessary, acting in accordance with the IP Act's mandatory notification provisions for an Eligible Data Breach and the University's Data Breach Response Plan
  • take reasonable steps to implement practices, procedures and systems that ensure compliance with the IP Act and the RTI Act.

This policy aligns with the Higher Education Standards Framework (Threshold Standards) 2021: Standard 7.3 Information Management.

4 Principles

  1. The University adopts the definition of Personal Information used in the IP Act.
  2. The functions of the University require the University to collect, hold, store and disclose certain types of Personal Information.
  3. A list of the types of Personal Information the University collects (including relevant categories of Sensitive Personal Information), how Personal Information is collected, held and stored and the purposes for which Personal Information is collected, held and stored will be publicly accessible online and set out in the Privacy Procedure.
  4. The University is committed to protecting personal privacy when performing its functions, recognising that individuals have a reasonable expectation that the University will:
    1. protect and manage the Personal Information it collects and holds about them
    2. act upon complaints made by individuals who believe the University has breached its obligations under the IP Act.
  5. The University will interpret and apply the IP Act and the RTI Act to ensure fair collection and handling of Personal Information and to grant people the right to access to any of their Personal Information held by the University or under its control.
  6. The University will take reasonable steps to ensure Personal Information in its possession is accurate, relevant, complete, up to date and not misleading. Individuals have the right to request correction of their Personal Information if they believe the information is inaccurate, out of date, incomplete, irrelevant or misleading.
  7. The University's preferred method for providing access to an individual's own Personal Information is through its Administrative Access Scheme.
  8. The first point of contact for all privacy matters, including complaints, applications, requests for amendment and requests for internal review, is the Privacy Officer.

5 References

Nil.

6 Schedules

This policy must be read in conjunction with its subordinate schedules as provided in the table below.

7 Policy Information

Accountable Officer

Privacy Officer

Responsible Officer

Privacy Officer

Policy Type

Executive Policy

Policy Suite

Privacy Procedure

Subordinate Schedules

Approved Date

24/6/2025

Effective Date

24/6/2025

Review Date

24/6/2030

Relevant Legislation

Freedom of Information Act 1982 (Cth)

Information Privacy Act 2009

Information Privacy Regulation 2009

Right to Information Act 2009

Right to Information Regulation 2009

Public Records Act 2023

Policy Exceptions

Policy Exceptions Register

Related Policies

Administrative Access Scheme Policy

Code of Conduct Policy

Media Engagement Policy

Right to Information Policy

Related Procedures

Administrative Access Scheme Procedure

Media Engagement Procedure

Related forms, publications and websites

Data Breach Response Plan Schedule

Administrative Access Scheme

Privacy Statement

Publication Scheme

Right to Information access

Guidelines - Privacy Principles, Office of the Information Commissioner (OIC)

Definitions

Terms defined in the Definitions Dictionary

Personal Information

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion - (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not....morePersonal information means information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion - (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.

Student

A person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled....moreA person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled.

University

The term 'University' or 'UniSQ' means the University of Southern Queensland....moreThe term 'University' or 'UniSQ' means the University of Southern Queensland.

University Members

Persons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiti...morePersons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiting, honorary and adjunct appointees; volunteers who contribute to University activities or who act on behalf of the University; and individuals who are granted access to University facilities or who are engaged in providing services to the University, such as contractors or consultants, where applicable.

Definitions that relate to this policy only

Contracted Service Provider

Has the meaning given to it under the Information Privacy Act 2009 (Qld): “an entity other than the University” that enters a contract or other arrangement with the University to provide services.

Eligible Data Breach

Has the meaning given to is under the Information Privacy Act 2009 (Qld). For a data breach to be an 'eligible data breach' triggering notification and other obligations under the IP Act, both of the following must apply:

  1. There is unauthorised access to, or unauthorised disclosure of, personal information held by the University, or there is a loss of personal information held by the University in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
  2. The unauthorised access to or disclosure of the information is likely to result in serious harm to an individual to whom personal information relates (known as an 'affected individual').

Privacy Complaint

Has the meaning given to it under the Information Privacy Act 2009 (Qld): “a complaint by an individual about an act or practice of a relevant entity (the respondent for the complaint) in relation to the individual's Personal Information that is a breach of the relevant entity's obligation under the IP Act to comply with the Privacy Principles; or an approval under section 157 of the IP Act” (being an approval given by the information commissioner that waives or modifies an agency's obligation to comply with the privacy principles).

Privacy Officer

The Information and Regulatory Lawyer, or other University staff member as designated from time to time.

Privacy Principles

Has the meaning ascribed by the IP Act, being the Queensland Privacy Principles that are set out in Schedule 3 of the IP Act.

Sensitive Personal Information

As defined by the IP Act as health information or Personal Information about an individual relating to their racial or ethnic origins, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.

Keywords

Privacy, Personal Information

Record No

13/404PL

Failure to comply with this Policy or Policy Instrument may be considered as misconduct and the provisions of the relevant Policy or Procedure applied.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.