false

  • About us false false
  • Governance and structure false false
  • Privacy and University information false false
  • Privacy at the University true true

/content/dam/campus-facilities-and-amenities/campus-landscapes/_06i7007.jpg

50%

Privacy at the University

Learn about our privacy policy, the information we collect, and how to lodge a complaint.

m-hero--simple

220.330.2x.jpeg 440w, 1280.1280.jpeg 1280w, 440.660.2x.jpeg 880w, 800.1199.2x.jpeg 1600w

false

Our commitment to your privacy

The University of Sydney is committed to protecting the privacy and personal information of our students, staff, alumni, research participants, and community members. We collect, use, disclose, and store personal information in accordance with the following:

  • NSW Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA)
  • Health Records and Information Privacy Act 2002 (NSW) (HRIPA)
  • Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs)
  • Relevant international data protection laws where applicable, including but not limited to the European Union General Data Protection Regulation (GDPR), People’s Republic of China, Personal Information Protection Law (PIPL) and India’s Digital Personal Data Protection Act (DPDPA).

Mishandling of personal and health information including unauthorised access, use and disclosure of personal data or misuse of health information can lead to a breach of applicable privacy principles and our compliance with applicable laws.  Non-compliance with privacy, health and data protection laws may lead to serious consequences. The University of Sydney is committed to managing privacy risks proactively and encourages all staff and affiliates to handle personal information in accordance with legal obligations and University policies.

The University collects and retains personal and health information as part of carrying out its statutory functions under the University of Sydney Act 1989 (NSW).

Examples of the types of personal and health information collected include:

  • Teaching: Information relating to student admission, enrolment, academic progression, learning and assessment, special consideration applications, academic misconduct, and graduation.
  • Research: Records associated with human and animal ethics applications and approvals, as well as research grant administration.
  • Administration and Support Services: Staff employment records, ICT usage data (including email systems), and surveillance footage captured by University-operated CCTV systems.
  • Community Engagement: Records of alumni and donors, library and museum users, archive researchers and borrowers, and individuals involved in or attending public events, such as performers and patrons.
  • Health Information: for student support services, workplace health and safety.
  • Staff: Employment records, recruitment information, payroll and superannuation.

The University collects personal information for lawfully authorised purposes that are necessary or directly related to our functions and activities under the University of Sydney Act 1989 (NSW) or for other applicable legislations and regulations. Broadly, we collect your personal information for the following purposes:

  • To deliver education and learning services
  • Administration of research projects 
  • Manage staff employment
  • Deliver events and community engagement activities
  • Support our alumni, philanthropic and donor relations
  • To support world leading research

The University's primary privacy obligations are set out in the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW). Our Privacy Policy 2017 (pdf, 365KB) – incorporating the privacy management plan – sets out the privacy responsibilities of the University, and its staff and students. Our Privacy Procedures 2018 (pdf, 291KB) describes how the University discloses personal information and how we will manage a notifiable breach of personal information held by the University.

The University has several clinics, services and entities that are subject to the same overarching privacy obligations and governance frameworks as the University itself. These may collect, use, disclose, and store personal and health information in connection with their operational, educational, research, or commercial functions. Individuals interacting with these organisations should be aware that the personal information collected may be shared with the University for legitimate and authorised purposes, and such handling will be conducted in accordance with the University’s privacy policies and applicable legal obligations.

The University has security measures in place to safeguard personal information from misuse, and unauthorised access, use, modification or disclosure, including those in the University’s Cyber Security Policy 2019  and Acceptable Use of ICT Resources Policy 2019 . We retain your personal information in accordance with our Recordkeeping Policy 2017.

We use reasonable safeguards to protect your personal information from unauthorised access, use or disclosure. We will retain your personal information for as long as required to meet the purposes for which it was collected, stored and in accordance with the State Records Act 1998 (NSW).

More details about the personal information collected by the University can be found in our Privacy Notices

Under NSW privacy laws, you have the right to request access to and correct any personal information concerning you held by the University. Retention of your personal information is subject to the requirements of the State Records Act 1998 (NSW).

Enquiries for access should be directed to Privacy Team, if you live or are located outside Australia you may have additional rights for information contact, privacy.enquiries@sydney.edu.au.     

You have the right to complain if you think the University has breached your privacy in the way it has handled your personal information. Complaints, also known as applications for internal review, should be made in writing within six months from when you first become aware of the breach. You can use the privacy complaint form (pdf, 109KB) to make your complaint. Email your completed complaint form to privacy.enquiries@sydney.edu.au

We will advise the NSW Privacy Commissioner of your name and the details of your complaint and keep the Commissioner up to date with the progress of the internal review.  

Privacy complaints are considered by the University’s Chief Governance Officer who will advise you of the results of the internal review and any action that we propose to take in respect of that complaint. The report and any proposed actions are sent to the NSW Privacy Commissioner within 60 days of the date of the privacy complaint.

Our key policies

Title : Privacy Policy

Description : Our Privacy Policy (pdf, 365KB) sets out the privacy responsibilities of the University, and its staff and students.

Link URL: https://sydney.edu.au/policies/showdoc.aspx?recnum=PDOC2011/81&RendNum=0

Icon: /content/dam/icons/approved-icons/read.svg

Title : Privacy Management Plan

Description : Our Privacy Management Plan (pdf, 469KB) explains how the University manages personal and health information.

Link URL: https://www.sydney.edu.au/content/dam/intranet/public-documents/privacy/university-of-sydney-privacy-management-plan-2023.pdf

Icon: /content/dam/icons/approved-icons/document-icon.svg

Title : Data Breach Policy

Description : Our Data Breach Policy (pdf, 288KB) documents how the University manages and responds to potential or confirmed data breaches.

Link URL: https://www.sydney.edu.au/policies/showdoc.aspx?recnum=PDOC2023/551&RendNum=0

Icon: /content/dam/icons/approved-icons/task-list-search.svg