CQUniversity complies with the Information Privacy Act 2009 Qld (IP Act) and takes its obligations under the IP Act seriously. The IP Act provides individuals with a legally enforceable right of access to, and amendment of, their own personal information held by the University, unless this would, on balance, be contrary to the public interest.
The IP Act specifies 11 Information Privacy Principles (IPPs) which govern how and when personal information may be collected, handled, stored, accessed, amended, managed, transferred, used, and disclosed.
CQUniversity actively releases information in accessible, readable and helpful formats and is committed to continuing this practice. The University does not publicly release data that includes personal information about identifiable people. The University endeavours to keep personal information secure, up-to-date, and relevant, and will only use it for the purpose/s for which it was collected.
Collection, use and disclosure of information
CQUniversity is committed to protecting personal privacy and recognises that students, staff and vendors have a reasonable expectation that the University will protect and appropriately manage the personal information it holds about them. The IPPs contained in the IP Act set the standard for the use and management of personal information collected by or provided to CQUniversity.
This statement provides examples of the types of personal information collected, how it’s used and when the University will disclose such personal information. Not every example of the collection, use and disclosure of personal information is contained in this statement.
Why CQUniversity collects personal information
CQUniversity collects personal information, including sensitive information, about prospective and current students, parents, guardians and care-providers, next of kin, staff, alumni, volunteers, and contractors. The overall purposes of collecting this information are to:
- enable the University to deliver education, research and other services
- meet the wider functional needs of the University, including financial management, legal accountability, and national reporting requirements, and
- meet the requirements of legislation and external government agencies.
How CQUniversity collects personal information
CQUniversity takes all reasonable steps to ensure that the personal information collected is:
- necessary and lawful for the University’s purposes
- relevant to the purpose of collection
- collected in a fair way, without unreasonable intrusion, and
- as up-to-date, complete, and secure as possible.
CQUniversity’s preferred source of personal information is the individual concerned. However, there are other important sources of personal information, which may include (but are not limited to) the following:
Sources of information about students
- schools, admissions centres and equivalent overseas bodies
- other tertiary institutions, and
- information technology records.
Sources of information about staff
- previous employers and referees nominated by prospective and current staff members
- academic assessors
- external and internal medical and rehabilitation documentation
- promotion and performance review assessments
- information technology records, and
- student and staff feedback.
Where the University collects personal information about an individual from a third party, it will take all reasonable steps to ensure that the individual has been made aware of the collection.
Use and disclosure of your personal information
CQUniversity will take all reasonable steps to ensure that personal information is protected against loss, unauthorised access, modification or disclosure, and other misuse and will destroy or permanently de-identify personal information if it is no longer needed.
Personal information collected and held by the University will only be accessed and used by people employed or engaged by the University as required in the fulfilment of their duties and in a manner consistent with the original purpose.
Information may be used or disclosed to organisations outside the University where permitted by the Information Privacy Act 2009. It may also be used or disclosed for secondary purposes in certain circumstances, but only if:
- the secondary purpose is directly related to the primary purpose of collection and the individual would reasonably expect the use or disclosure of the information for the secondary purpose
- the University reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual's life, health or safety or a serious threat to public health or public safety
- the University has reason to suspect that unlawful activity has been, is being, or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons, authorities or agencies, or
- the use or disclosure is required or specifically authorised by law (e.g. court or law enforcement). The University will comply with such requests and is not obligated to notify you of such disclosure.
Students' personal information is collected for the purpose of providing individuals with information about educational services, assessing applications to attend the University, enrolling students in courses and units, and improving education services and learner support.
The University also collects, links and analyses student enrolment, performance and systems activity and usage data for the purpose of predictive analytics to improve our understanding of student needs, and to support students.
CQUniversity handles student personal information on admission, enrolment, progression, graduation and student access to academic and support services, and most student information is held on MyCentre, the student enrolment system, and is entered by and capable of amendment by students personally. Collections of student personal information may be held in other administrative systems and places such as the Student Residences and the University’s Customer Relationship Management system.
Student personal information may include (but is not limited to):
- personal details including date of birth, postal, term and permanent home addresses, personal email address, home and mobile telephone numbers, signature, next of kin, and emergency contact information
- application, admission, enrolment, course administration, progression, assessment, credit transfer, appeal, and attendance records
- academic performance and placement experience (e.g. clinical and industrial placements), examination and assessment (including grades)
- academic integrity breaches, misconduct, appeals, conduct matters, and student complaints and grievances
- applications for prizes, study assistance, scholarships, and grants, including confirming attendance and performance with scholarship/grant bodies in Australia and overseas
- graduation records and professional accreditation including post-graduation outcomes
- financial information in relation to fees, charges and debts, and/or HECS-HELP or FEE-HELP statements (including tax file numbers and bank account/credit and/or debit card details)
- qualifications and status for specific courses (e.g. possession of Blue Card, immunisation records, fitness to practice, first aid)
- access and use of University services and facilities (e.g. Library, ICT)
- personal welfare records (e.g. health, disability, medical, counselling matters)
- careers advice records
- equity information, socio-economic group, and educational background
- membership on University committees, and
- photographic images, video and voice recordings to assist in the provision of services by the University e.g. video and voice capture of lectures as an aid to student learning, CCTV images for the purpose of security and crime prevention.
On occasion photographs may be taken on campus for marketing and publication purposes. If you object to the use of your image, you should inform the photographer at the time, or if the image has already been published, contact the Privacy and Right to Information Officer.
Student records are retained for various periods in accordance with the relevant Retention and Disposal Schedule as approved by the Queensland State Archivist.
Information held in student records may be disclosed outside the University, when required or authorised by law, for example:
- where it is a matter of public record (e.g. awards conferred – the University will confirm whether you have an award to prospective employers on an individual basis)
- where requisite information is made available to professional regulatory bodies as part of the registration requirements of those bodies (e.g. state medical boards, teaching regulatory bodies)
- where a request is made in accordance with a legislative or statutory provision (e.g. requests by Centrelink, the Australian Tax Office or other government agencies/departments made under an Act or Statute)
- where there is appropriate documentary evidence that the individual has agreed to disclosure
- where a privacy notice given at the point of collection advises the individual about the usual practices for disclosure
- where disclosure is required or authorised by law (for example, court order or subpoena, legislative obligation to disclose)
- where disclosure is necessary to manage or lessen a serious threat to a person’s life, health, safety, or welfare, or to public health, safety or welfare
- where disclosure is necessary for investigation or enforcement of criminal matters or other law enforcement matters
- academic progress information to another tertiary institution or related body as required in the course of a student’s transfer to a new institution
- personal and enrolment information, including academic results, of students undertaking cross-institutional study to the relevant institution as required to confirm the student’s enrolment or qualification
- personal information to relevant organisations engaged by the University to provide debt recovery services
- personal information to third parties providing services or acting on the University’s behalf where there is a legally binding agreement or contract between the University and the service provider which requires compliance with the Information Privacy Principles contained in the Information Privacy Act 2009
- personal information (including photographic images) and enrolment information (including academic results) of students undertaking apprenticeship or traineeship training to their employer
- personal information (including photographic images) and enrolment information (including academic results) of students undertaking work, professional or clinical placements to the relevant organisation
- various professional bodies where a course requires professional accreditation, and
- other agencies and bodies in accordance with legislative requirements.
Information may also be disclosed outside the University where there is a contractual obligation relating to the student's enrolment with CQUniversity, for example international education agents with whom the University has arrangements may be provided with student personal information to assist in the management and administration of their students.
Staff personal information is collected and used for human resource management functions. Such information would include the staff member’s application for employment, leave records, and performance management information.
Personal information will only be provided internally to the University where deemed necessary and appropriate in an emergency situation (staff contact details in case of an extreme weather event, or next of kin details in case of an accident) and would only be released to the position supervisor or Associate Vice-Chancellor with strict confidentiality rules applying.
Routine employment information of staff which does not relate to the personal aspect of a staff member’s employment, such as position title, University email address, work phone number, or any information which is publicly available on the University website, is not considered personal information.
Staff personal information may include (but is not limited to):
- personal details including date of birth, postal, term time and permanent home addresses, personal email address, home and mobile telephone numbers, signature, next of kin and emergency contacts
- employment records relating to recruitment, selection and appointment (e.g. applications, CVs, references), commencement and cessation records
- financial and business records such as payroll and superannuation, including bank account details, tax file number, salary packaging and other benefits
- leave, attendance and sickness records
- visa, passport and residency documentation if required
- general employment administration such as performance management and appraisals, probation and promotions, temporary higher duties, re-deployment and secondment
- provision of services to staff and general administration
- information technology records, such as internal and external telephone, email and internet activity records
- staff development and training records including travel and study support assistance
- health and safety records including health and welfare matters
- staff grievances, discipline, appeals and complaints
- equity information
- research outputs, publication records, research and participation in commercial consultancies
- grants, funding awards, honours and recognitions
- accidents and injury including compensation and rehabilitation arrangements
- use of and access to services like travel, university vehicles, health, library and information technology
- electoral rolls for staff elections
- membership of university committees
- photographic images, video and voice recordings to assist in the provision of services by the University e.g. photographs for ID cards, video and voice capture of lectures as an aid to student learning, CCTV images for the purpose of security and crime prevention
- institutional survey data, and
- other employee related matters.
Staff records are retained for various periods in accordance with the relevant Retention and Disposal Schedule as approved by the Queensland State Archivist.
CQUniversity has connections with the local community, vendors, business, industry and professional organisations concerned with or supporting the core functions of the University or activities, such as:
- users of consultancy, health, facilities or library services
- collaborators or subcontractors involved in research
- research participant records
- consultants or contractors
- donors and scholarship providers
- marketing records including those of participants in marketing campaigns
- external committee members, contact and personal details
- alumni members, and
- other third party related matters.
Personal information about vendors may be obtained and held to allow normal business processes associated with the acquisition of goods and services to take place. This information is likely to include name, address for payment, and bank account details to allow for electronic payment of accounts. This information is typically restricted to financial services staff involved in purchasing and accounts payable functions.
Third party records are retained for various periods in accordance with relevant Retention and Disposal Schedule as approved by the Queensland State Archivist.
The type of personal information collected for research projects will vary according to the subject matter of the research. Before collecting or using the personal information of others for research, the researcher must have obtained ethical approval from the the University's Human Research Ethics Committee either through the full Committee or through an expedited low risk process.
It is the responsibility of the researcher and the relevant Division/College to ensure compliance with the Information Privacy Principles in the Information Privacy Act 2009. Personal information should be securely held and access to it should be limited to members of the research team, the funding body (if appropriate), and staff providing assistance to or supervising the research team.
Research records are retained for various periods in accordance with the relevant Retention and Disposal Schedule as approved by the Queensland State Archivist.
CQUniversity respects the importance of protecting your privacy. At our events, we may take photographs and video footage of you to use, reproduce and publish.
Most images used by the University are for marketing, communication or media liaison purposes which are available to a national and international community.
If you object to the use of your image, you should inform the photographer at the time, or if the image has already been published, contact the Privacy and Right to Information Officer
For more information please visit our Photos and Videos Consent page.
In the normal course of operation of our web servers, the University collects information about users that may include:
- IP Address
- type of operating system and browser
- operating characteristics, like screen resolution, and colouring depth
- the URL that referred you to our site, and
- the part of the world from which you are accessing our site.
This information is retained and used by web support teams and by system administrators to review and improve the user experience on the University's site and to diagnose problems. CQUniversity does not use this information to identify individual users.
You may choose to supply the University with additional information electronically, in the course of certain requests you may make on the University’s website, for example:
- If you choose to contact the University or submit questions, the University may request additional information to be able to assist. This information may include your name, address, email address, or other identifying information.
- If you choose to electronically do business with the University, the University may collect additional financial information, including your credit card number, expiration date, banking details, or billing address.
- If you choose to perform other functions with the University, such as applications for admission, the University may collect additional information, including your employment and education history, date of birth, phone number, and residence status.
Information you choose to provide to the University will be treated as a record (also known as a public record under the Public Records Act 2002 Qld) and will be retained for various periods in accordance with the relevant Retention and Disposal Schedule as approved by the Queensland State Archivist.
CQUniversity’s financial system also holds, processes and stores personal information in support of the University’s normal business practices. In the main information relating to the financial management and business operations will only relate to financial transactions between the University and its customers, suppliers and contractors and will therefore only contain small quantities of personal information. The types of information stored in financial records includes:
- names, addresses and bank account details related to electronic payment of accounts
- records of accounts payable or receivable, including the names of creditors and debtors
- customer records relating to business operations or facilities management
- records of contractors and consultants
- records relating to professional services provided to or by the University
- tender information and documents, and
- information for the purpose of managing the performance of a contract including processing and accounting for expenditure, revenue, assets, liabilities, provisions, reserves, staff reimbursement and subsistence in accordance with the Financial Accountability Act 2009 and the Financial and Performance Management Standard 2009.
Financial records are retained for various periods in accordance with the General Retention and Disposal Schedule as approved by the Queensland State Archivist and other requirements such as the Financial and Performance Management Standard 2009.
When paying an account or purchasing something through our website, your personal and financial details are protected at all stages of the transaction. In order to process your payment, the information requested consists of name, student number, phone number, and credit card details.
Credit card details may be encrypted and stored locally while the connection to the credit clearing house is made. Once the transaction is complete, the encrypted details are removed.
CQUniversity takes every precaution to protect information from loss, misuse, unauthorised access or disclosure, alteration, or destruction. However, there are inherent risks associated with transmission of information electronically. Therefore students and staff members should make their own assessment of the potential risks to the security of their information when making a decision as to whether or not to transmit information to the University by electronic means.
There is always a small possibility that your information could be inadvertently disclosed. By using our sites, you agree that the University is not liable for the inadvertent or unintentional disclosure of your information.
‘Learning analytics’ involves measuring, collecting, analysing and reporting data about students and their learning contexts. Learning analytics systems used at the University present visualisations of student learning activity and predict attainment, which are used to support students in achieving their study goals and to improve education delivery overall.
Using student information
CQUniversity undertakes learning analytics using personal information students provide as part of their course as well as data about student activity in learning. The University will ensure learning analytics is used to enable positive success strategies that benefit students.
Analytics cannot create a complete picture of an individual’s learning. To maintain confidence in the data and decision-making based on insights generated through learning analytics, the University will:
- monitor the quality, robustness and validity of learning analytics data and related processes, and
- consider students’ personal circumstances when deciding interventions or other action to be taken.
The University may implement a range of success strategies to support students based on learning analytics including but not limited to:
- prompts or suggestions sent to students via emails to their University email account
- staff contacting individual students if the University considers the student may benefit from additional support.
Learning analytics is separate from assessment. Metrics derived from data sources used for learning analytics will not be used for assessment purposes.
Maintaining information privacy
Access to student and learning analytics data is restricted to University staff with a legitimate need to view and use the data in their professional capacity to improve education delivery and support students and their learning.
Access to personal information
The Information Privacy Act 2009 provides individuals with a legally enforceable right of access to, and amendment of, their own personal information held by the University, unless this would, on balance, be contrary to the public interest.
Individuals requesting access to their own personal information can do so by completing a valid Right to Information and Information Privacy Access Application Form and emailing it to firstname.lastname@example.org or posting it to:
Coordinator Records and Privacy
554 – 700 Yaamba Road
NORMAN GARDENS QLD 4701
NOTE: An Access charge may be applied to the Information Privacy Access Application in accordance with the IP Act.
Access charges are the cost of giving the applicant access to a document, for example the cost of photocopies. There is no cost for providing access to a document in electronic form, such as by email or on a disc.
For further information on charges please refer to the Office of the Information Commissioner.
Individuals and public seeking access to information not containing personal information can do so via a Right to Information request in accordance with the Right to Information Act (2009) (‘RTI Act’).
For further information please visit our Right to Information page.
Amendment to personal information
Under the Information Privacy Act 2009, you may apply for an amendment to a document that contains your personal information, if that document contains information that is inaccurate, incomplete, out of date or misleading.
Your application should specify:
- what particulars you wish amended
- why you believe the information to be incomplete, incorrect, out-of-date or misleading
- the amendments you wish to make, and
- your address and telephone number so you can be advised of the result of your application.
Individuals requesting amendment to their own personal information can do so by completing a valid Information Privacy Personal Information Amendment Application and emailing it to email@example.com or posting it to:
Coordinator Records and Privacy
554 – 700 Yaamba Road
NORMAN GARDENS QLD 4701
A complaint must be made in writing and include:
- an address of the complainant
- give details about how their privacy has been breached, and
- be made within 12 months of the occurrence of the breach.
Complaints that are made more than 12 months after the occurrence of the breach may not be able to be investigated, due to the difficulty in obtaining reliable evidence because of the length of time that has passed.
Complaints can be emailed to firstname.lastname@example.org or posted to:
Coordinator Records and Privacy
554 – 700 Yaamba Road
NORMAN GARDENS QLD 4701
Privacy complaints will be acknowledged within five working days from the date the complaint is received.