The University is subject to the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002.

This website contains information about how the University deals with personal information and the rights of the individual if the University breaches their privacy.

The University's Privacy Policy 2017, incorporating the University's privacy management plan, sets out the privacy responsibilities of staff and students. The University's Privacy Procedure 2018 describes how personal information is disclosed by the University and how the University will manage a notifiable breach of personal information held by the University.

There are exemptions to the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002 which may apply to the University, in particular, those relating to research. In addition, the operation of the NSW privacy laws can be modified by other laws.

The University maintains privacy collection statements for students, for staff (on myHRonline), and in relation to it's website.

For all general enquiries about privacy and privacy complaints contact .

The EU General Data Protection Regulation (GDPR) and the University

ARMS has prepared some initial guidance on the GDPR and the University. It is available here.

As required, further guidance and information will be made available through the ARMS privacy website.

If you are involved in research that includes monitoring the behaviour of individuals who are in the European Union or have any other concerns regarding the GDPR, please contact Adrienne Whitby (Privacy Compliance Officer) or Tim Robinson (Manager, ARMS).