Privacy policy

1.       PURPOSE

The University of Newcastle Students’ Association (‘UNSA’) is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (‘the Privacy Act’). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

UNSA operates in alignment with the University of Newcastle’s Privacy Management Plan and related frameworks where relevant.

2.       SCOPE

This Policy applies to all Personal Information collected, held, used, and disclosed by the University of Newcastle Students’ Association (UNSA) in the course of its operations. It covers:

·         Current and prospective students engaging with UNSA programs, events, services, and communications.

·         UNSA volunteers, student representatives, and advisory group members.

·         UNSA employees and contractors.

·         Visitors to UNSA premises and users of UNSA online platforms; and

·         Any other individuals whose Personal Information is collected by UNSA in connection with its functions and activities.

·         This Policy applies to Personal Information collected in any form, including electronic, paper, verbal, and visual records.

3.       DEFINITIONS

‘Australian Privacy Principles (APPs)’ The principles contained in the Privacy Act 1988 (Cth) that govern the way in which Personal Information is collected, used, disclosed, stored, secured, and disposed of.

‘Corporations Act 2001’ is the legislation that governs corporate practices in Australia, including access to the Company Register of Members.

‘Company Register of Members’ The official register maintained under the Corporations Act 2001 listing current members of UNSA, their contact details, and other prescribed information.

‘Data Breach’ An incident in which personal information held by UNSA is lost or subjected to unauthorised access, modification, disclosure, or other misuse.

‘Data Retention’ The practice of retaining Personal Information for a defined period to meet legal, regulatory, or operational requirements.

‘Data Security’ Protective digital and physical measures implemented by UNSA to safeguard Personal Information from unauthorised access, use, disclosure, or destruction.

‘De-identification’ The process of removing or modifying Personal Information so that it is no longer reasonably capable of identifying an individual.

‘De-identified Information’ refers to data that has been stripped of personal identifiers, such that the information can no longer be used to identify an individual. This includes removal or alteration of direct identifiers (e.g. name, student number, email address) and any other details that could reasonably identify the individual, in accordance with the standards outlined in the Privacy Act 1988 (Cth).

‘Marketing Communications’ Any communication intended to promote UNSA’s services, activities, or events, sent via email, phone, or other channels.

‘OAIC’ The Office of the Australian Information Commissioner, Australia’s independent national regulator for privacy and freedom of information.

‘Personal Information’ Information or an opinion (whether true or not) that identifies an individual, such as names, addresses, email addresses, phone numbers, or other identifiers.

‘Primary Purpose’ The main reason for which Personal Information is collected, such as providing services to clients, students, or members.

‘Privacy Act 1988 (Cth)’ The Australian legislation governing the collection, use, and disclosure of Personal Information.

‘Rubric’ A third-party service provider engaged by UNSA, which may receive or process Personal Information on UNSA’s behalf.

‘Secondary Purpose’ A purpose of use or disclosure that is closely related to the Primary Purpose, where the individual would reasonably expect such use or disclosure.

‘Sensitive Information’ Information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or professional body, criminal record, or health information.

‘Third Parties’ Entities or individuals other than the primary organisation (UNSA) that may provide or receive Personal Information, such as the University of Newcastle or external service providers.  

‘UNSA’ The University of Newcastle Students’ Association, an incorporated association representing students of the University of Newcastle.

‘Website’ The UNSA website located at www.unsa.org.au or any subsequent URL used by UNSA for its primary web presence.

4.       WHAT IS PERSONAL INFORMATION AND WHY DO WE COLLECT IT?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes names, addresses, email addresses, phone and facsimile numbers.

This Personal Information is obtained in many ways including surveys, membership and registration forms, correspondence, by telephone, by email, via our website www.unsa.org.au, from media and publications, from other publicly available sources and from third parties. We don’t guarantee website links or policy of authorised third parties.

 

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. Examples of secondary purposes include:

 

·         Improving services by using feedback and data to enhance quality and functionality.

·         Conducting research and analysis to understand user preferences and trends.

·         Maintaining accurate records for administrative purposes.

·         Ensuring compliance with legal requirements and responding to lawful requests from authorities.

·         Monitoring and analysing data to detect and prevent fraudulent activities and security breaches.

·         Managing and communicating about events, workshops, and other activities organised by UNSA.

·         Providing customer support and resolving issues.

·         Sending information about new services, special offers, and events, provided you have not opted out of such communications.

·         Using data to train staff and improve internal processes and service delivery.

·         Sharing information with trusted partners and collaborators to enhance service offerings.

 

We will not use your Personal Information for direct marketing unless you have provided consent, or you would reasonably expect us to use it for this purpose. You may opt out of direct marketing communications at any time by contacting us or using the unsubscribe function in our communications.

 

When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

5.       SENSITIVE INFORMATION

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

·         For the primary purpose for which it was obtained

·         For a secondary purpose that is directly related to the primary purpose

·         With your consent or where required or authorised by law.

6.       THIRD PARTIES

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties such as the University of Newcastle and Rubric among others. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

7.       DISCLOSURE OF PERSONAL INFORMATION

Your Personal Information may be disclosed in a number of circumstances including the following:

·         Third parties where you consent to the use or disclosure.

·         Where required or authorised by law; and

·         In accordance with UNSA’s Constitution and governing documents.

Some of our service providers may store or process your Personal Information overseas. Where this occurs, we will take reasonable steps to ensure that these providers comply with privacy standards comparable to the Australian Privacy Principles.

8.       SECURITY OF PERSONAL INFORMATION

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years for legal and compliance purposes.

9.       ACCESS TO YOUR PERSONAL INFORMATION

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

UNSA will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

For requests by eligible Members to access the Company Register of Members, UNSA are required to adhere to the protocols outlined in the Corporations Act 2001and Constitution.

10.    MAINTAINING THE QUALITY OF YOUR PERSONAL INFORMATION

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

11.    DATA BREACH NOTIFICATION

UNSA is committed to protecting your Personal Information. We implement a range of security measures, including physical, electronic, and managerial procedures, to protect Personal Information from unauthorised access. Staff are trained in privacy and data protection obligations.

In the unlikely event of a data breach that may compromise your Personal Information, we will take the following steps to address the situation promptly and transparently:

1.       Identification and Assessment: Upon detecting a potential data breach, we will immediately assess the nature and extent of the breach to determine the potential impact on your Personal Information.

2.       Containment and Remediation: We will take swift action to contain the breach and prevent further unauthorised access. This may include isolating affected systems, secure data, and implementing additional security measures.

3.       Notification to Affected Individuals: If we determine that the breach is likely to result in serious harm to you, we will notify you as soon as practicable. Our notification will include:

·         A description of the breach and the type of Personal Information involved.

·         The steps we have taken to contain and mitigate the breach.

·         Recommendations on what you can do to protect yourself from potential harm.

·         Our contact details for further information and assistance.

4.       Notification to Authorities: Where required by law, we will notify the Office of the Australian Information Commissioner (OAIC) and any other relevant authorities about the breach.

5.       Review and Improvement: Following a data breach, we will conduct a thorough review of our security practices and take necessary steps to prevent future breaches. This may involve updating our policies, enhancing our security measures, and providing additional training to our staff.

12.    POLICY UPDATES

This Policy may change from time to time and is available on our website.

13.    PRIVACY POLICY COMPLAINTS AND HANDLING PROCESS

Your trust is important to us, and we are committed to maintaining the highest standards of data protection. If you have any queries or complaints about our Privacy Policy, please contact us at:

Office Location

UNSA Building, University of Newcastle
University Drive, Callaghan
New South Wales

 2308

Email Address

Email

Office Phone Number

(02) 4921 6006

 

We will respond to all privacy complaints within a reasonable timeframe, typically within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). For further information, please visit www.oaic.gov.au.