RMIT values the privacy of every individual and is committed to the responsible handling of personal information.
RMIT values the privacy of every individual and is committed to the responsible handling of personal information.
RMIT values the privacy of every individual and is committed to the responsible handling of personal information.
This Privacy Statement explains what personal information we gather and details how that information is used.
Types of personal information:
RMIT only collects information about you by lawful and fair means and in a non-intrusive way. RMIT collects personal, sensitive and health information as necessary for its core functions, including for educational, research, community and commercial purposes. We may collect personal information from:
The information we collect depends on how you interact with us and the purpose of that interaction. RMIT may collect sensitive information, including health information, in certain limited circumstances and for a specific purpose. RMIT also uses specific collection statements in connection with your engagement with us, such as the Staff Privacy Statement and the Student Privacy Statement.
Where appropriate, examples of the usual parties that RMIT provides personal and health information to and for what purposes are captured in more detailed privacy collection statements, such statements are provided to you at the time your personal information is collected or as soon as practicable thereafter.
Your personal information is usually collected directly from you. In some cases, we may collect information from a third party, such as a government authority, agency, contractor, or other educational or research institutions. Where personal information is provided to us by a person other than you, it will be deleted or de-identified if not required, or you will receive a notice of its collection, its use and your rights as a data subject.
Where practicable, you may choose to remain anonymous when interacting with RMIT. However, remaining anonymous may affect your ability to access some RMIT services and systems. RMIT will let you know when this may affect your engagement with us.
RMIT uses personal and sensitive information to deliver our core functions, and comply with our obligations with respect to the provision of education and research. We use your information for the primary purpose for which it was collected, a related secondary purpose that you may reasonably expect (with the exception of sensitive information), as required by law, or with your permission or consent.
The laws in some jurisdictions require us to tell you about the legal ground we rely on to use or share your personal information. These legal grounds may include, but are not limited to, meeting our contractual commitments to you, for a legitimate interest, to comply with law, or to perform a public task. We will always consider your rights when using your personal information.
We may use and process your information for:
We may share your personal information with third parties where appropriate for the purposes set out above, including but not limited to:
These recipient organisations and contracted service providers are required to keep personal information confidential and provide the same privacy safeguards as we do. Some of these recipients may be located outside of Victoria or Australia, which means that your personal information may be transferred interstate or overseas (trans-border), including but not limited to:
Where we transfer your personal information to a recipient outside of Europe, we take reasonable steps to ensure the recipient handles the information in accordance with this Privacy Statement, our Policies, and the relevant privacy and Victorian health information principles.
Where appropriate, examples of third parties that RMIT provides personal information to and for what purposes are captured in more detailed privacy collection statements, which are provided to you at the time your personal information is collected.
RMIT applies safeguards and takes appropriate security measures to protect your personal information from misuse, loss, unauthorised access and disclosure.
Stored information is also archived in accordance with the Public Records Act 1973 (Vic), which determines when information should be retained or disposed. Reasonable steps are taken to destroy or permanently de-identify your personal information when it is no longer needed for any purpose.
Personal information may be stored in hard copy documents, as electronic data, or in RMIT software or systems, including cloud or other types of network or electronic storage. Some of the ways RMIT seeks to protect personal information include:
Where it is necessary to share your personal information with a contracted service provider or third-party, RMIT takes reasonable steps to ensure that there are appropriate safeguards in place to protect your personal information.
RMIT operates in Australia and overseas, including Spain and Vietnam. Accordingly, we may need to share some of your information we collect about you between RMIT entities in these jurisdictions. For example, this could include the transfer of your information from an EEA country to Australia, and vice-versa.
RMIT takes reasonable steps to ensure that personal information held is accurate, complete and up-to-date. RMIT relies on you to provide us with accurate and current information in the first instance, and to notify us when your circumstances or details change.
You have certain rights to seek access to personal information we hold about you (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances, regardless of your location. You also have rights to withdraw your consent or request that we restrict how your information is used.
You may seek access to personal information we hold about you or to update and correct your information. In some instances, you will be able to access and update your personal information yourself through online portals such as myRMIT. Otherwise, you may access and/or correct your personal information by directly contacting the area of RMIT that has the information in the first instance, or if unknown:
In some situations, access will not be appropriate, and you may be required to make a formal Freedom of Information request, for example, if a third party’s privacy is involved. The Freedom of Information Act (Vic) provides that where a document relating to the personal affairs of a person is released that person is entitled to request a correction where the information is inaccurate, incomplete, or out of date. Information about the Freedom of Information process at RMIT is available at the following link: https://www.rmit.edu.au/about/governance-and-management/foi.
In certain circumstances, you can:
To exercise these rights, please contact us. The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to make a complaint. We encourage you to contact us first, and we do our very best to resolve your issue.
RMIT may make a record of your visits to RMIT websites and log information for statistical and system administration purposes, including but not limited to:
RMIT uses web analytics software and cookies to better understand how people use our website. We also allow third parties, such as Google and Adobe, to use cookies, web beacons and similar technologies to collect or receive information. This is used to gain better insights about our audiences (for example, visitor demographics and interests), so we can improve website user experience and offer more relevant and personalised content as you navigate through our and other websites.
More about Cookies
RMIT collects cookies to enable the proper functioning and security of our websites, and to help us offer you a better browsing experience.
A cookie is a small text file that is sent to your device by means of your web browser. The information stored can be re-sent to our servers during a next website visit. A cookie file is stored in your web-browser and allow us or a third party to make a record of your visit to improve future visits to our websites. Cookies will not record your email passwords or your bank account details. Cookies do not harm your computer.
RMIT uses the following types of cookies:
1. Functional Cookies
2. Analytical Cookies
3. Marketing Cookies and Other Cookies
All personalised cookies including marketing cookies and other cookies are blocked for users visiting our website from the EU region.
You can choose to change your browser's cookie settings via your browser privacy settings, including blocking of the use of cookies. However, this may result in an inability to login or view some RMIT or third-party web pages.
If you leave an RMIT website and navigate to a third party website, RMIT cannot be held responsible for the protection and privacy of any information that you provide to third party websites. Accordingly, we always encourage you to exercise caution and review the privacy statement applicable to the website you visit.
If you are concerned that RMIT may have breached its privacy obligations or this Privacy Statement, please contact us (see section 7). When contacting us, please provide as much detail as possible in relation to your issue or complaint.
RMIT takes privacy-related complaints very seriously and undertakes to resolve privacy complaints in a timely, fair and transparent way.
If you are not satisfied with our handling of your complaint, you may refer the issue to the Office of the Victorian Information Commissioner, the Health Complaints Commissioner for health information, or in some circumstances, the relevant supervisory authority in another jurisdiction.
Please feel free to contact us on (+613) 9925 1161 or email privacy@rmit.edu.au if you have any questions or concerns about this Privacy Statement or RMIT’s collection, use or disclosure of your personal information.
For EU residents:
For the purposes of EU data protection legislation, RMIT Europe is the controller of your personal information. Our Data Protection Officer can be contacted via email at europe@rmit.edu.au or by phone at +34 93 547 77 00.
We may change this Privacy Statement without notice, particularly where there are new developments in our working practice or if there are changes in the relevant laws. Therefore, we encourage you to check back occasionally to see if anything has changed. The most recent substantive change to this Privacy Statement was made 28 June 2019.