Privacy Policy
Under the Act (s. 6), ‘Personal Information’ is defined as:
' …information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.' Under the Act (s. 6), ‘Sensitive Information’ is defined as:
(a) information or an opinion about an individual's:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii)membership of a trade union; or
(viii)sexual preferences or practices; or
(ix) criminal record;
that is also personal information; or
(b) health information about an individual
The Privacy Act 1998 contains ten ‘National Privacy Principles’ (NPP), which are binding on organisations, such as DUSA, covered by the legislation. In particular NPP 1.3 requires DUSA to make certain information available to individuals on which it collects personal information.
At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of:
(a) the identity of the organisation and how to contact it; and
(b) the fact that he or she is able to gain access to the information; and
(c) the purposes for which the information is collected; and
(d) the organisations (or the types of organisations) to which the organisation usually discloses information of that kind; and
(e) any law that requires the particular information to be collected; and
(f) the main consequences (if any) for the individual if all or part of the information is not provided.
The DUSA Constitution (Clause 1) defines that the purpose of DUSA is to advance the education of the students of Deakin University by:
(a) promoting the interests and welfare of students;
(b) promoting equality of opportunity for students and prospective students;
(c) representing students within and outside the University;
(d) co-ordinating the activities of students:
(e) on campuses: across campuses, and off campus; and
(f) providing amenities and services, principally for students and other members of the University community, and incidentally to the public.
Policy Details
DUSA initiatives and activities comply with the national privacy regime as established under the Privacy Act 1988 (Cth).
Collection of information
Any personal information collected or generated by DUSA will be directly related to the functions and activities of DUSA. DUSA will only collect personal information necessary to fulfil its purposes as stated in the Constitution of DUSA. Personal information will be collected in a fair and lawful manner, and used only for relevant purposes.
DUSA may collect personal information about an individual when DUSA communicates with individuals, processes a membership application, processes a DUSA activity application and processes a job application. DUSA may also collect personal information from its website when an individual elects to provide personal information through the website.
DUSA will endeavour to ensure that all personal and/or sensitive information it holds is accurate, up to date, and of good quality.
DUSA will prominently display at all locations where personal information is requested from individuals, a statement advising of the identity of DUSA, of DUSA’s compliance with the Privacy Act and advising how a person may initiate queries of DUSA in relation to personal information they believe is held by DUSA. This statement will advise of the availability of a more comprehensive statement addressing the requirements of NPP 1.3. Copies of this statement will be available at all DUSA locations and on the DUSA website.
Where practicable DUSA will only obtain information about an individual from that individual. Where DUSA obtains information about an individual from a third party (such as Deakin University) DUSA will advise the individual that it possess this information.
Where DUSA sources personal information about an individual from a third party, it will advise the individual of the matters referred to in National Privacy Principle 1.3 by the delivery to the individual of a statement similar to that attached.
Sensitive information
DUSA may need to collect sensitive information or health information about an individual. DUSA will only collect that information if DUSA has obtained the individual’s consent or if DUSA is required by law to collect that information.
Use of information
Any personal information held by DUSA will be used or disclosed only for the relevant purpose for which it was collected, and any related secondary purpose, in furtherance of the Constitution of DUSA. DUSA will only
DUSA will not use or disclose the personal information for any other purpose unless required or provided for by law, or with the consent of the individual to whom the information relates.
DUSA will not disclose personal information to any other person to use for their marketing purposes. DUSA may disclose personal information to Deakin University for purposes related to public safety and law enforcement.
In addition, if you contribute an article, story or photograph for publication on the DUSA website, or make a post on the website, or respond to an on-line petition on the DUSA website, DUSA may in relation to that article, story, photograph, post or response disclose your:
(a) name;
(b) campus;
(c) home town or suburb (but not street or postal address); and
(d) faculty and year of study (e.g. Arts 2)
Any display by DUSA of a visual image of an individual (whether as a physical object or in a publication or on the DUSA website), together with the publication of other information that identifies that individual, or allows the identity of that individual to be reasonably ascertained, will require the consent of the individual.
Affiliated clubs are part of DUSA. Office-bearers of such Clubs are required to use personal information only as it is necessary for the functions and activities of DUSA.
Access
DUSA, under provisions outlined in the Privacy Amendment (Public Sector) Act 2000, will allow an individual, upon request, to access the personal and sensitive information (if any) held about that individual. An individual’s rights to access, and DUSA’s rights to refuse access, are set out under National Privacy Principle 6, in the Privacy Act 1988.
DUSA requires that an individual seeking such information identify the required information as clearly as possible.
DUSA will deal with all requests for information in a reasonable and timely fashion. DUSA will provide reasons to an individual if an application for access or for correction of any personal information held is denied. DUSA may charge an administrative fee to cover its costs of providing access.
Security
DUSA will endeavour to protect any personal or sensitive information from loss or misuse. This includes protecting it from unauthorised access, modification and disclosure.
Information may be stored as hardcopy documents or in electronic form. Only authorised users can access personal or sensitive information. Access will only be granted for approved purposes.
DUSA will maintain physical security over our paper and electronic stores and premises and appropriate security over electronic records.
Filing cabinets, safes and other repositories containing records of personal information will be locked. Staff will ensure that any paper records containing personal information are lodged in a locked repository before ceasing work for the day.
Irrelevant personal information or information about third persons will not be included in files.
Integrity
To ensure that the personal information DUSA holds is accurate, complete and up to date, DUSA will periodically review its paper files and electronic databases to remove personal information that it no longer needs. Further, DUSA will correct any errors that an individual brings to its attention.
If DUSA does not correct any errors that an individual brings to its attention, DUSA will give the individual reasons for its refusal to do so. Upon an individual’s request, DUSA will attach a statement to the information acknowledging the individual’s claim that the information is inaccurate, incomplete and out-of-date. As with applications for access, DUSA may charge an administrative fee to correct personal information held by it.
Use of personal information obtained before implementation of DUSA Privacy Policy.
DUSA already holds personal information on individuals collected before the new privacy regime came into force.
DUSA will review personal information already held and destroy this information unless it is considered that this information is necessary for one or more of DUSA’s functions and activities.
Individual addresses
DUSA may in some cases be in possession of an individual’s email address or postal address, for which that individual has not been advised of DUSA’s purpose and their privacy rights (as under NPP 1.3). This situation is most likely to arise where information has passed onto DUSA from the University, or where an individual has advised DUSA of their address prior to the implementation of the DUSA Privacy Policy. If DUSA considers that this information is still relevant to the its purposes it will on its first communication to such an address advise the individual of their rights under NPP 1.3 and that they may request that they receive no further communications to this address and that DUSA destroy its record of this address.
Transborder data flows
DUSA will not transfer personal information about an individual to any other organisation or individual outside Australia unless that country has similar laws with respect to individual privacy in a foreign country and such disclosure is necessary to fulfil its purposes as stated in the Constitution of DUSA.
Privacy enquiries and DUSA
DUSA will treat all privacy enquiries seriously and respond to them within two weeks.
If an individual believes that the privacy of their information has been compromised in any way they may lodge a complaint. Complaints can be lodged in person, or in writing to the: 'DUSA Privacy Officer'
The managers of each area will be responsible for the initial response to any privacy enquiries. If the privacy officer receives a complaint s/he will pass the query onto the relevant manager.
A Privacy Officer will be appointed by DUSA to objectively and impartially investigate complaints if a compliant is unsatisfied with the initial internal complaints investigation, or with the time that has elapsed since his or her initial query.