Use and disclosure of personal information
Personal information collected by Deakin is handled in accordance with the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 ('the Acts').
Any reference on this page to personal information includes both personal and health information, as defined in the Acts.
Deakin collects personal information:
- automatically when you're browsing or using our website
- during specific interactions with you (e.g. when you're applying for a job or to become a student, registering for an event, visiting a Deakin campus, or completing a survey, etc.).
We use and disclose personal information to perform our core functions of teaching, research, and service to the community, and to help us provide the services that support these functions. We may also engage contractors to provide these services, in which case personal information will be disclosed to them only to the extent required to provide each specific service.
Your privacy is important to us so each time you communicate with Deakin, you'll receive a collection statement that explains how personal information for that interaction will be managed.
Deakin campus visitors
When you visit our campuses, your personal information is collected in the following ways:
Deakin has installed surveillance cameras across its campuses to:
- enhance the safety of staff, students and visitors to the university
- protect university property
- enable monitoring and analysis of room usage and demand for space.
Surveillance camera recordings are used to enable investigations of incidents on campus and for business purposes such as planning and analysis.
Smartphone technology allows location-based services to be made available to Deakin campus visitors – and for location-based data to be collected.
Depending on the settings on your smartphone, the name of your phone may constitute personal information. Location-based services are provided to make campus visitors aware of special offers and events and to provide emergency and safety warnings.
Location-based data is also collected to monitor and analyse traffic patterns, space usage and allocation. Such information is managed in accordance with the Privacy and Data Protection Act 2014 and the Health Records Act 2001.
Deakin website users
When you visit our site, personal information is collected as follows:
Automated collection of information
As you browse, we may collect personal information and other data about you from your computer. The various mechanisms used include server logs, proxy logs and cookies.
A cookie is a small text file which has a limited lifetime. Information supplied by cookies helps us understand how people use our site, so that we can analyse the data to give site visitors a better user experience.
- Personalise your visit to our website (as a cookie allows a web server to 'remember' visitors on subsequent visits without having to prompt them for information previously supplied. A cookie can also remember courses previously viewed by a site visitor)
- Provide information about Deakin to you while you browse
- Obtain non-identifying information about your demographic group and general interests.
Doubleclick and Google Analytics
Deakin uses DoubleClick, which tailors your browsing experience by placing information about our university on third party websites. For this purpose, the cookie collects your IP address, browser type, browser language, date and time of your request, and the identity of your browser - but does not collect personally-identifying information. The cookie remains active for 30 days after each visit you make to Deakin's website. For further information about this, please visit the DoubleClick cookies webpage.
Deakin also uses Google Analytics, which predicts your age range and general interests by analysing the websites you visit. Deakin will use this information to further understand its audience. No personally-identifying information is collected.
Web browser software also contains a function enabling you to delete all cookies on your computer's hard drive. Please bear in mind that if you choose to block the installation of cookies, you might not be able to access some pages of Deakin's site without re-authenticating on each visit.
Some of Deakin's site pages may ask you to supply personal information to:
- grant you access to restricted areas of the website
- enable web-based knowledge sharing with Deakin staff or students (e.g. providing web spaces in which groups of individuals interact to pursue mutual goals, such as achieving a collaboratively developed understanding of a complex concept)
- respond to your enquiries via email
- provide specifically-requested information to you via email.
You may also choose to provide personal information while completing online surveys, forms or when offering feedback about Deakin's website.
Deakin alumni and former students
Information about Deakin alumni and former students is used to:
- provide you with services and enable you to participate in activities directed at Deakin alumni
- inform you about opportunities for continuing education
- contact you for marketing and fundraising initiatives
- assist us with planning and quality assurance
- invite you to participate in surveys and research.
Convocation programmes, which include the name and award of each Deakin graduate at that convocation ceremony, are a public record of the university.
Deakin also provides an online qualification verification service which confirms if individuals have received a Deakin award. Further information is available at http://www.deakin.edu.au/gradsearch/.
Individuals applying for admission into Deakin
When you apply to Deakin, we collect information from you directly and also from relevant third parties, including referees, secondary schools, tertiary admission and testing centres and other education providers.
This information will primarily be used to assess your eligibility for admission into Deakin and selection for specific courses. If your application is successful, your information will be used to offer you a place on a course and to administer your acceptance or refusal of that place.
You should also expect Deakin to use your information to:
- provide you with information related to your application for admission (e.g. about fees, scholarships, equity and access entry programs, course requirements, housing and accommodation)
- offer you advice and access to student services prior to your enrolment
- determine your eligibility for scholarships, bursaries or similar awards
- give you information on additional opportunities for studying at Deakin
- help us with marketing and fundraising initiatives
- conduct planning and quality assessment activities
- invite you to participate in surveys or research.
As part of the selection process, Deakin will disclose your personal information to the extent necessary to verify your qualifications or experience.
Applicants for employment
If you apply for a job at Deakin, the personal information you provide in the application process will be used to assess your suitability for the relevant position and to confirm your qualifications and/or experience.
Personal information may be collected from and disclosed to previous or current employers, educational institutions, referees, accreditation and registration bodies, or government agencies.
If your application is not successful, Deakin may keep your submission and related documents on file for a reasonable period and may use your information to communicate with you about other employment opportunities that may be of interest.
Access to information by third parties
Deakin does not provide personal information about its staff and students to third parties unless we're satisfied that:
- the disclosure is authorised under relevant privacy legislation
- the associated staff member or student has given their consent
- it is required by law to disclose information.
If privacy legislation authorises Deakin to disclose information, we will assess the request on a case-by-case basis and will use our discretion to determine whether to disclose information. Deakin is not legally obligated to disclose personal information when authorised to do so.
Guidance on frequently encountered requests for disclosure of personal information is below.
Parents of students
Deakin frequently receives requests from parents to confirm that their child is attending classes or making good academic progress. We're unable to provide personal information about students to their parents unless the student has given their explicit consent. This is regardless of whether the student in question is under 18 or if the parent is paying their fees and/or expenses.
A student can give their consent by:
- notifying Deakin of the name of the person to whom we’re authorised to disclose information
- explaining the type of information that can be disclosed
- providing the period of time during which the consent remains in effect.
Deakin's Division of Student Administration (DSA) has a form available for this purpose, which should be completed and returned to DSA for their records.
Deakin must be satisfied that the consent is valid, that the request falls within the scope of the consent, and that the identity of the student and the recipient of the information has been confirmed.
Law enforcement agencies
Information Privacy Principle 2.2(g) of the Privacy and Data Protection Act 2014 and Health Privacy Principle 2.2(j) of the Health Records Act 2001 set out the circumstances in which Deakin is authorised to disclose personal information to law enforcement agencies.
Requests from law enforcement agencies must:
- be in writing on the agency's letterhead (if sent in hard copy)
- contain the agency’s name, address, contact details and be sent from an email address clearly linked to the agency (if sent by email)
- specify what information is required and why it’s needed so that Deakin can be reasonably satisfied that the information is reasonably required by the law enforcement agency, for the purposes set out in IPP2.2(g) and HPP2.2(j) (**)
- be directed to the University Solicitor’s Office (1 Gheringhap Street, Geelong 3220 or firstname.lastname@example.org).
Deakin releases information when legally required to do so. Search warrants, subpoenas and court orders should be served on the University Solicitor (1 Gheringhap Street, Geelong 3220).
Employers and recruitment agencies
Prospective employers and recruitment agencies often seek to verify that a student has received an award (a degree, graduate certificate or graduate diploma) from Deakin.
To facilitate this, Deakin maintains GradSearch, an online qualification verification tool. To search for a graduate, two search items from the following list must be provided: surname / date of birth / student ID. Please note that GradSearch does not provide a full transcript of results.
Law firms frequently submit requests for 'all documents', accompanied by a broad consent form signed by the associated student or staff member.
Solicitors are reminded that requests for access to personal information held by Victorian agencies are governed by the Freedom of Information Act 1982. Requests must be specific and should be directed to the 'University's Manager, Freedom of Information' for consideration. Please see further information on how to make an application for access under the Freedom of Information Act.
Access and amendment of information
Individuals have a right to access their personal information held by the university. The right of access and restrictions on that right are set out in Information Privacy Principle 6 and Health information Privacy Principle 6.
Requests for access to, and correction of personal information are managed under the Freedom of Information Act 1982 (Vic). Review further information on how to make an application for access under the Freedom of Information Act 1982.
Information for Individuals located in the EU
Deakin University manages personal information under the authority of the Deakin University Act 2009 (Vic). It also processes your personal information where relevant to its legitimate interests and its legal and regulatory obligations.
Data Protection Officer
The University Privacy Officer, Shirley Rooney, is Deakin’s Data Protection Officer for purposes of the General Data Protection Regulation 2016 (GDPR).
Data Subject Rights
You have the following data subject rights:
- Access: you may receive a copy of the personal information held by Deakin about you.
- Correction: you may request correction of the personal information Deakin holds about you.
- Objection to Processing: you may object to processing if you demonstrate that Deakin's processing of your personal information impacts on your fundamental rights and freedoms (as contemplated by the GDPR). Your objection to processing may be denied if Deakin is able to demonstrate compelling legitimate grounds to process personal information which override those rights and freedoms.
- Suspension of Processing: you may request that Deakin suspend the processing of your personal information if:
- you want Deakin to establish the data's accuracy before processing it;
- Deakin's use of the data is unlawful but you do not want it erased from Deakin's records;
- you need Deakin to hold the data to enable you to establish, exercise or defend legal claims; or
- you have objected to Deakin's use of your data but Deakin is in the process of verifying if it has overriding legitimate grounds to use it.
- Transfer to you or to a third party: if we hold your personal information in an electronic format (e,g. a database), we will provide it to you, or a third party in a structured commonly used, machine-readable format.
- Withdrawing consent: if Deakin processes your personal information based solely on your consent, you may withdraw that consent, however Deakin may not be able to continue to provide you with certain goods or services. If your withdrawal of consent relates to marketing material please follow the unsubscribe processes above.
You may exercise your data subject rights by emailing Deakin's Data Protection Officer and providing written details of your request.
If you believe that Deakin has engaged in an act which constitutes an interference with your privacy, you can make a complaint to the university. Complaints must be made within six months of the time that the complainant first became aware of the alleged breach.
Complaints should be directed as follows:
Office of the University Solicitor
Geelong Waterfront Campus
Locked Bag 20001
Geelong, Victoria 3220
Enquiries about the management of personal information
Enquiries about the management of your personal information at Deakin can be directed as follows:
Office of the University Solicitor
Geelong Waterfront Campus
Locked Bag 20001
Geelong Vic 3220
Privacy and Data Protection Act 2014 (Vic)
Health Records Act 2001 (Vic)
Office of the Commissioner for Privacy and Data Protection
Office of the Victorian Health Services Commissioner