This Privacy Statement explains what personal information we gather and details how that information is used.
RMIT only collects information about you by lawful and fair means and in a non-intrusive way. RMIT collects personal, sensitive and health information as necessary for its core functions, including for educational, research, community and commercial purposes. We may collect personal information from:
The information we collect depends on how you interact with us and the purpose of that interaction. RMIT may collect sensitive information, including health information, in certain limited circumstances and for a specific purpose. RMIT also uses specific collection statements in connection with your engagement with us, such as the Staff Privacy Statement and the Student Privacy Statement.
Where appropriate, examples of the usual parties that RMIT provides personal and health information to and for what purposes are captured in more detailed privacy collection statements, such statements are provided to you at the time your personal information is collected or as soon as practicable thereafter.
Your personal information is usually collected directly from you. In some cases, we may collect information from a third party, such as a government authority, agency, contractor, or other educational or research institutions. Where personal information is provided to us by a person other than you, it will be deleted or de-identified if not required, or you will receive a notice of its collection, its use and your rights as a data subject.
Where practicable, you may choose to remain anonymous when interacting with RMIT. However, remaining anonymous may affect your ability to access some RMIT services and systems. RMIT will let you know when this may affect your engagement with us.
RMIT uses personal and sensitive information to deliver our core functions, and comply with our obligations with respect to the provision of education and research. We use your information for the primary purpose for which it was collected, a related secondary purpose that you may reasonably expect (with the exception of sensitive information), as required by law, or with your permission or consent.
The laws in some jurisdictions require us to tell you about the legal ground we rely on to use or share your personal information. These legal grounds may include, but are not limited to, meeting our contractual commitments to you, for a legitimate interest, to comply with law, or to perform a public task. We will always consider your rights when using your personal information.
We may use and process your information for:
We may share your personal information with third parties where appropriate for the purposes set out above, including but not limited to:
These recipient organisations and contracted service providers are required to keep personal information confidential and provide the same privacy safeguards as we do. Some of these recipients may be located outside of Victoria or Australia, which means that your personal information may be transferred interstate or overseas (trans-border), including but not limited to:
Where we transfer your personal information to a recipient outside of Victoria, we take reasonable steps to ensure the recipient handles the information in accordance with this Privacy Statement, our Policies, and the relevant privacy and health information principles.
Where appropriate, examples of third parties that RMIT provides personal information to and for what purposes are captured in more detailed privacy collection statements, which are provided to you at the time your personal information is collected.
RMIT applies safeguards and takes appropriate security measures to protect your personal information from misuse, loss, unauthorised access and disclosure.
Stored information is also archived in accordance with the Public Records Act 1973 (Vic), which determines when information should be retained or disposed. Reasonable steps are taken to destroy or permanently de-identify your personal information when it is no longer needed for any purpose.
Personal information may be stored in hard copy documents, as electronic data, or in RMIT software or systems, including cloud or other types of network or electronic storage. Some of the ways RMIT seeks to protect personal information include:
RMIT operates in Australia and overseas, including Spain and Vietnam. Accordingly, we may need to share some of your information we collect about you between RMIT entities in these jurisdictions. For example, this could include the transfer of your information from an EEA country to Australia, and vice-versa.
RMIT takes reasonable steps to ensure that personal information held is accurate, complete and up-to-date. RMIT relies on you to provide us with accurate and current information in the first instance, and to notify us when your circumstances or details change.
You have certain rights to seek access to personal information we hold about you (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances, regardless of your location. You also have rights to withdraw your consent or request that we restrict how your information is used.
You may seek access to personal information we hold about you or to update and correct your information. In some instances, you will be able to access and update your personal information yourself through online portals such as myRMIT. Otherwise, you may access and/or correct your personal information by directly contacting the area of RMIT that has the information in the first instance, or if unknown:
In certain circumstances, you can:
To exercise these rights, please contact us. The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to make a complaint. We encourage you to contact us first, and we do our very best to resolve your issue.
RMIT may make a record of your visits to RMIT websites and log information for statistical and system administration purposes, including but not limited to:
A cookie is a small text file that is sent to your device by means of your web browser. The information stored can be re-sent to our servers during a next website visit. Cookies will not store personal information and cookies will not harm your computer.
Cookies may store the following information: session (numbered key) and duration. A numbered key is a unique server-generated number used to track your current session. The session key can be linked back to your login identification for authentication purposes and to improve security during your session online.
If you leave an RMIT website and visit a website operated by a third party, RMIT cannot be held responsible for the protection and privacy of any information that you provide to third party websites. Accordingly, we always encourage you to exercise caution and review the privacy statement applicable to the website you visit.
If you are concerned that RMIT may have breached its privacy obligations or this Privacy Statement, please contact us (see section 7). When contacting us, please provide as much detail as possible in relation to your issue or complaint.
RMIT takes privacy-related complaints very seriously and undertakes to resolve privacy complaints in a timely, fair and transparent way.
If you are not satisfied with our handling of your complaint, you may refer the issue to the Office of the Victorian Information Commissioner (at email@example.com), or in some circumstances, the relevant supervisory authority in another jurisdiction.
Please feel free to contact us on (03) 9925 1161 or email firstname.lastname@example.org if you have any questions or concerns about this Privacy Statement or RMIT’s collection, use or disclosure of your personal information.
We may change this Privacy Statement without notice, particularly where there are new developments in our working practice or if there are changes in the relevant laws. Therefore, we encourage you to check back occasionally to see if anything has changed. The most recent substantive change to this Privacy Statement was made 23 May 2018.