1. Intranet
  2. Policies and Procedures
  3. Privacy
  4. Privacy Policy

Privacy Policy

  1. Purpose
  2. Application
  3. Definitions
  4. Policy
  5. Data Breaches
  6. Additional Rights of European Residents under the GDPR
  7. Contracts with third party data processors
  8. Cookies
  9. Complaints and Additional Information

Purpose

The University of South Australia (University) ABN 37 191 313 308 is committed to:

  • protecting the individual's right to privacy in relation to the collection, management, storage, use and disclosure of personal information; and
  • ensuring the accuracy and security of any personal information it holds in relation to individuals;

regardless of whether the personal information relates to staff, students, contractors or visitors.

The University is not an organisation covered by the Privacy Act 1998 (Cth) (Privacy Act). However, the University is committed to ensuring best practice in all respects, including privacy. This privacy policy is therefore compliant with the Australian Privacy Principles in the Privacy Act (APP)1.

We are also required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) to the extent that we collect the personal information of residents of the European Union.  The University is a data controller for the purposes of the GDPR.

The University has modelled this policy and its related procedures on the APPs, as well as the requirements of the GDPR. The APPs, and how they are applied by the University, are set out below.

Application

This policy applies to the entire University. It is a general policy which contains the broad privacy framework in which the University operates. This policy may be amended by the University from time to time and without notice when the University's information handling practices change. Any such changes will not necessarily be publicised on the website or by email. Users should check this policy on a regular basis. The date of this Privacy Policy will confirm whether there have been updates since an individual's last visit.

This policy must be read in conjunction with any supplementary privacy policies which the University may introduce or vary from time to time. This policy must also be read in conjunction with any procedures that the University may introduce from time to time relating to privacy. Privacy procedures contain the administrative steps necessary for the practical implementation of this policy. This will include matters such as the necessary form to be completed to access personal information and the fees which are payable in relation to certain requests.

Definitions

What is "information" or a "record"?

"Information" and "records" are information in electronic or hard copy form. It includes pictures and databases. Importantly, this policy will not extend to information or records that are publicly available, or would constitute an "employee record" as defined by the Privacy Act.

What is "personal information"?

Personal information is information that identifies a particular individual. A person does not have to be mentioned by name for information to be "personal information". A record or information will contain personal information if an individual can be "reasonably identified" from the record or information. Personal information can include information and opinions, regardless of whether the information is true or not. Personal information may also be referred to in this policy as personal data.

What is "sensitive information"?

Sensitive information is an important type of personal information. Sensitive information is personal information relating to an individual's:

  • racial or ethnic origin, including country of birth;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual orientation or practices;
  • criminal record; and
  • child related employment screening reports.

Sensitive information also includes information relating to:

  • health;
  • genetics; and
  • biometrics.

Sensitive information may also be referred to in this policy as "special category data" for the purposes of the GDPR.

What is a "data controller"?

A data controller for the purposes of the GDPR means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information.

What is a "data processor"?

A data processor means a natural or legal person, public authority, agency or other body which "processes" personal data on behalf of a data controller, and in accordance with the data controller's instructions.

What is a "data subject"?

For the purposes of the GDPR, a data subject is an individual who is physically located in the European Union at the time that their personal information is collected by the University. A person does not need to be a citizen of a European country in order to considered a data subject. Throughout this policy we use the term "European Resident" to refer to a data subject.

What is a Member State?

For the purposes of the GDPR, a Member State refers to any one of the member states of the European Union.

Policy

Collection of Personal and Sensitive Information

General

The University will only collect and hold personal information if:

  • it is reasonably necessary for the University to conduct its functions and activities;
  • it is able to do so in a lawful, transparent and non-intrusive way; or
  • it is required to do so by law.

It is necessary for the University to collect personal and sensitive information in both physical records and electronic files. The University collects personal information in a number of ways, including:

  • directly from the individual for example through email, telephone or by the individual completing forms;
  • from third parties such as other educational institutions or government departments;
  • from the University's own records; and
  • through business development and marketing events.

When it is not practicable or reasonable to obtain personal information from the individual to whom the information relates, personal information may be obtained from someone other than that individual to whom the information relates. If this occurs, the University will, subject to any relevant laws, take reasonable steps to ensure that the individual is made aware that the personal information was obtained from a third-party, and why this was necessary and reasonable in the circumstances.

The University will deal with unsolicited personal or sensitive information in accordance with the APP. This will ordinarily include destroying the information or ensuring it is de-identified where it is reasonable to do so.

What types of personal information does the University collect?

An institution the size of the University collects a significant amount of personal information. Personal information collected by the University may include:

  • name, gender and date of birth;
  • next of kin
  • photographs (ie physical likeness)
  • emergency contact details;
  • email address;
  • social media account details;
  • residential and postal address and telephone numbers;
  • Business, position and contact details
  • Donation donor contact details and the details of the gift to the university
  • student application forms and supporting documentation, including information in respect of your parents' education and study;
  • bank account or financial details (noting that the University will not keep credit card information on file and any printed information will be redacted);;
  • government related identifiers, such as Tax File Numbers and Commonwealth Higher Education Student Support Numbers;
  • information received as part of the recruitment process if the individual applies for a position in the University;
  • information regarding the use of University websites and webpages, products, services and social media platforms/pages;
  • academic records, transcripts, enrolment and assessment details; and
  • passport and visa details.

An individual has the right to refuse to provide personal information to the University. However, if an individual exercises this right of refusal, it may affect the University's ability to meet its obligations to that individual or to a third-party, such as a government agency.

Sensitive Information

The University will only solicit and collect sensitive information if:

  • it is required to do so by law; or
  • it has the consent of the individual to whom the information relates, and it is reasonably necessary for the University to collect the sensitive information to enable it to carry out a relevant function or activity.

The University will collect sensitive information where the information is necessary for a relevant function or activity. Examples of a relevant function or activity include (are but not limited to):

  • to provide a health service to the individual, including psychological and counselling services; or
  • qualification for scholarships, financial or other assistance which may be allocated by reference to matters which constitute sensitive information, such as cultural background.

The University may also collect sensitive information about an individual in order to comply with the University's obligations under Australian law, including but not limited to:

  • language or cultural background;
  • citizenship status;
  • status as an Indigenous Australian;
  • disability status; and
  • health information.

Notification of the Collection of Personal Information

At or before the time the University collects personal information, the University will take all reasonable steps to:

  • notify the individual of the matters referred to below: or
  • otherwise ensure that the individual is aware of the matters below.

The matters which the University must notify to the individual are, for the most part, addressed elsewhere in this policy. For completeness, these matters include, subject to any relevant laws:

  • the identity and contact details of the University;
  • if the University will collect personal information from someone other than the individual;
  • the fact that the University collects, or has collected, the information and the circumstances of that collection;
  • if the collection of personal information is required or authorised by law;
  • the purpose or reason why the University needs to collect the personal information;
  • the main consequences, if any, for the individual if all or some of the personal information is not collected by the University; and
  • any other third-party to which the University usually discloses personal information of the kind collected by the University.

Use and Disclosure of Personal Information

Use of Personal Information

The University collects the personal information on the lawful basis that it:

  • is necessary to perform its obligations under a contract with you;
  • is performing a public task carried out in the public interest. This includes:
  1. to administer and manage processes which are key to the operations of the University, including admission, teaching, enrolment, scholarships and examinations;
  2. to provide information in relation to the University's courses and facilities to students or prospective students;
  3. to facilitate public health, scientific and historical research.
  • is complying with the University's legal obligations. This includes:
  1. its mandatory reporting obligations to external government agencies such as Centrelink or the Australian Tax Office.
  2. its obligations under the Higher Education Support Act 2003 (Cth);
  3. its obligations under the Education Services for Overseas Students Act 2000 (Cth); and
  4. to confirm your entitlement to Commonwealth assistance.
  • is pursuing the University's legitimate interests. This includes:
  1. communicating with you in respect of your enrolment or employment, as well as other courses, events, and services offered by the University that may be of interest to you;
  2. to assist in the collection of fees, charges and general financial management of the University;
  3. to conduct market research in relation to the University;
  4. to collate the information necessary for the University to review its existing programs, courses, facilities and resources that it provides to staff and students;
  5. to collate contact details for all University employees, adjuncts, students, visitors, alumni, graduates, donors and corporate stakeholders;
  6. to obtain legal or financial advice in respect of its operations;
  7. to facilitate alumni relations;
  8. to facilitate graduations;
  9. to facilitate student elections;
  10. to facilitate the solicitation of donations
  11. to facilitate  fundraising efforts;
  12. to conduct market research in relation to the University;
  13. to operate and maintain its information technology systems; and
  14. to facilitate public health, scientific and historical research.
  • is necessary to protect your vital interests. This includes:
  1. Releasing sensitive personal information where the University considers that there is an imminent threat to your health, safety or life generally.

Disclosure of Personal Information

The primary purpose for using or disclosing an individual's personal information will include:

  • to identify an individual and verify their identity;
  • to provide University services to an individual;
  • to do any of the things listed in the section of this Privacy Statement entitled "Use of Personal Information"; and
  • to communicate with an individual.

The University will take reasonable steps to ensure that personal information is not disclosed to a third-party, except in certain permitted situations. These include:

  • where the University obtains the individual's consent;
  • where it is necessary to provide that information to a third-party who provides services to the University. This addressed in further detail below;
  • where the disclosure is required or authorised by law or regulatory obligations. Examples of this include:
    • disclosing personal information to a government department, such as the Australian Tax Office;
    • disclosing personal information where required by the Higher Education Support Act 2003 (Cth); and
  • any other circumstance permitted by the APP.

Where the University does provide personal information to a third-party within Australia in accordance with this policy, the University will take all reasonable steps to ensure that the third-party is fully compliant with the APP2.

To avoid doubt, third-parties in Australia may include:

  • government departments and agencies, including any relevant professional registration bodies/boards; and
  • in relation to employment applications, external selection panel members;
  • contracted service providers including:
    • contracted teaching staff;
    • information technology service providers, including cloud service providers;
    • counsellors and other health practitioners; and
    • external business advisors, including auditors and lawyers.

Third parties outside of Australia to whom the University may disclose your personal information include:

    • information technology service providers, including cloud service providers;  and
    • third party marketing providers

There are also a limited number of exceptions in which the Privacy Act permits the use or disclosure of information without an individual's consent. An example of this is where the use or disclosure is necessary to prevent a serious and imminent threat to any person's life, health or safety or a serious threat to public health or safety, which need not be imminent.

Use of special category data

The University will only process the special category data of data subjects to the extent that:

  • the data subject has given their explicit consent to the processing of the special category data for one or more specified purposes;
  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the University or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by European Union or Member State law,  or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
  • processing is necessary to protect the vital interests of the data subject or of another natural person (being those essential to sustaining their life) where the data subject is physically or legally incapable of giving consent;
  • processing relates to personal data which are manifestly made public by the data subject;
  • processing is necessary for the establishment, exercise or defence of legal claims;
  • processing is necessary for reasons of substantial public interest, on the basis of European Union or Member State law;
  • processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of European Union  or Member State law, or pursuant to contract with a health professional;
  • processing is necessary for reasons of public interest in the area of public health; and
  • processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Direct Marketing

The University will, on occasion and where reasonable and appropriate, use personal information in direct marketing. Direct marketing may occur by mail, email, SMS or telephone.

Where the direct marketing is transmitted electronically or by telephone, the University will at all times comply with any applicable laws including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

Direct marketing will ordinarily be directed to:

  • current students, being those who are actively enrolled in a course offered by the University;
  • students who are not actively enrolled but have temporarily deferred their studies;
  •  prospective students;
  • educational institutions who may, or are likely to have, an interest in the services the University has to offer; and
  • graduates,alumni, donors and corporate stakeholders;

but may be directed to any other person where the marketing is conducted in accordance with this Policy.

Direct marketing will only occur if:

  • the University has the consent of the individual or where otherwise permitted by law (including where the use or disclosure is necessary to meet a contractual obligation to the Commonwealth);
  • the individual would reasonably expect the University to use or disclose the personal information for that purpose, being direct marketing in relation to the services offered by a tertiary educational institution such as the University;
  • the University provides a simple and readily identifiable means by which the individual may refuse to receive direct marketing from the University (a refusal request);
  • the University provides a simple and readily identifiable means by which the individual may opt out from receiving direct marketing from the University which they had previously consented to receiving (an opt out request); and
  • the individual has not made an opt out or refusal request to the University.

Direct marketing, as it relates to sensitive information, will be identical to that set out above for broader personal information, save and except for the University obtaining the express consent of the individual concerned to use or disclosure the sensitive information for a particular purpose.

Cross-border Disclosure of Personal Information

Due to the national and international scope of its operations, it is not reasonably practicable to list all of the countries to which the University may transmit personal information overseas. The countries in which such recipients are likely to be located include, but are not limited to, the United States, the Netherlands, Singapore and Hong Kong. If you are an international student, then disclosure may also be made to your home country and, if an agent was involved in your application to the University who is located in another country, disclosure may also be made to that country.

However, if it is necessary to disclose personal information overseas, such as in the case of an international exchange program, the actual consent of the individual will, wherever practicable, be sought before the information is disclosed.

 If it is not reasonably practicable to obtain the consent of the individual concerned, the person transmitting the information must satisfy themselves, before sending the personal information, that:

  • the recipient of the personal information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APP would protect the information if it were to apply; and
  • there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme.

For the avoidance of doubt, where a cross-border disclosure occurs, the disclosure will be limited to the purpose for which it was originally intended, for example, for transmitting the contact details of a transferring student to an overseas educational institution.

 The University may, from time to time, utilise marketing and survey services provided by third parties located offshore, such as:

  • Google Inc; and
  • Facebook Inc.

Where this occurs, the disclosure will be for the purpose of marketing the University's products and services to students or prospective students/applicants, and individuals will be provided with a simple means of opting out of the University's marketing communications (which means will be drawn to the individual's attention).

The University may, from time to time, disclose the personal information of European Residents to third parties outside of the European Union. However, the University will only do so where:

  • the foreign jurisdiction governing a third party has been assessed as "adequate" in terms of data protection in accordance with the GDPR; and/or
  • sufficient safeguards (such as a binding contract or corporate rules or any other safeguards prescribed by the GDPR) have been put in place; or

a derogation or exception as listed in the GDPR applies.

Quality and Security of Personal Information

The University will take all reasonable steps to ensure the personal information it collects, uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the collection, use or disclosure.

The individual providing the personal information, to the University, must also ensure that the personal information is both relevant and accurate.

The University will take reasonable steps to protect personal information it holds from:

  • misuse, interference and loss; and/or
  • unauthorised access, modification or disclosure.

The University has in place computer software and hardware that provides electronic protection of and/or prevents access to personal information from unauthorised persons, particularly from those individuals who are external to the University. Electronic protection will include:

  • mandatory password protection on computers; and
  • firewall and antivirus software.

The University also has in place documented record management procedures in relation to the collection, physical security and storage of hard copy records.

The University has in place systems to manage all personal information so that it is able to destroy or permanently de-identify personal information, wherever reasonable and practicable, that is no longer needed for any reason.

Generally, subject to your right to erasure, personal information retained by the University will be stored for as long as the University requires it to carry out the purpose for which the data was collected, following which time it will be either destroyed or anonymised.

The University reserves the right to retain the personal information of European Residents which it holds for the following purposes indefinitely:

  • archiving purposes in the public interest;
  • scientific or historical research purposes; or
  • statistical purposes.

Access to Personal Information

The University will deal with requests for access or correction, by an individual, of their personal information held by University, in accordance with this policy.

All requests must be made in writing, and in the appropriate form specified by the University from time to time.

On receipt of an application, and within a reasonable timeframe, the University will take reasonable steps to inform the individual who made the request:

  • what personal information the University holds in relation to that individual;
  • why the personal information is held;
  • how the University collects (or collected), holds (or held), uses (or used) and discloses (or disclosed) the personal information.

The University will confirm with the individual whether they wish to have access to the personal information in question.

The University will ordinarily give an individual access to their personal information unless an exception applies. Exceptions include where:

  • giving access would have an unreasonable impact on the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • the request is manifestly unfounded or excessive (taking into account whether the request is repetitive in nature); or
  • the access would be unlawful.

The University will not impose a fee for making an access or correction request in the first instance.

The University reserves the right to charge a reasonable fee for the administrative costs it incurs as a result of providing access to the personal information. Administrative costs that may be charged by the University include:

  • staff costs in searching for, locating and retrieving the requested personal information, and deciding which personal information to provide to the individual;
  • staff costs in reproducing and sending the personal information;
  • costs of postage or materials involved in giving access; and
  • costs associated with using an intermediary.

The University may withhold access to the personal information until the fee is paid.

If a request for access or correction is denied by the University it will, within a reasonable time period, provide the individual who made the request with a general, written explanation as to why the request was refused. The University must also take such steps, if any, as are reasonable in the circumstances to give access in a way that meets the needs of the University and the individual.

Accuracy and Correction of Personal Information

The University will be obliged, without an individual's request for correction, to correct inaccurate, out-of-date, incomplete, irrelevant or misleading personal information if the University is satisfied that, having regard to the purpose for which the personal information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

If this occurs, the University must take all reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

If an individual is of the view that their personal information requires correction, they should contact the Privacy Officer listed below.

Data Breaches

In accordance with the NDB Scheme, in the event of a suspected data breach The University will:

  • contain the breach and, if possible, take remedial action; and
  • commence the requisite assessment process  to determine whether the data breach is likely to be an "eligible data breach" for the purposes of the NDB Scheme. An "eligible data breach" being one where:
    • there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by it;
    • the access, disclosure or loss is likely to result in "serious harm" to any of the individuals to whom the information relates. In this context, "serious harm" refers to serious physical, psychological, emotional, financial or reputational harm to an individual or individuals; and
    • the University has not been able to prevent the likely risk of serious harm with remedial action.

If the University has reasonable grounds to believe that an "eligible data breach" has occurred, it will:

  • prepare a statement to the Office of the Australian Information Commissioner (OAIC) as soon as practicable (OAIC Statement);
  • notify the individual to whom the information relates as soon as practicable after the statement has been prepared; and
  • provide that individual with a copy of the OAIC Statement.

If the University is unable to locate the individual to whom the eligible data breach relates for the purpose of providing them with a copy of the OAIC Statement, a copy of the OAIC Statement will be posted on our website.

Obligations under the GDPR

In accordance with the GDPR, the University will ensure that:

  • on becoming aware of a data breach, it will:
    • attempt to contain it and assess the potential adverse consequences for individuals involved; and
    • if, after conducting an assessment, it considers that:
      • there is a risk to an individual's rights and freedoms as a result of the personal data breach, it will report the breach to the relevant Supervisory Authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach; and
      • there is a high risk to an individual's rights and freedoms as a result of the personal data breach, it will report the breach to the relevant Supervisory Authority in accordance with the clause above andnotify the individual affected without undue delay.

The University will keep a record of all personal data breaches, regardless of whether or not they need to be reported to the Supervisory Authority.

The University will not report a personal data breach in the event that, after conducting an assessment, we consider that the risk of harm to an individual's rights and freedoms is unlikely.

A "personal data breach" for the purposes of the GDPR includes, but is not limited to, whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.

Additional Rights of European Residents under the GDPR

In addition to the protections afforded under the Privacy Act and the APPs, if you are a European Resident, you have a number of additional rights under the GDPR, including:

  • the right to receive personal data you have provided to us in a structured, commonly used and machine readable format, including the right to request that we transmit this data directly to another data controller; 
  • the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that we  use your data (this right is an alternative to requesting the erasure of your data); and
  • the right to require us to erase your data in certain circumstances.

Contracts with third party data processors

In the event that the University engages a data processor to process the personal data of European Residents on the University's behalf, it will only do so if that data processor has provided the University with sufficient guarantees that it will implement appropriate technical, contractual and organisational measures that ensure compliance with the GDPR, and the protection of the personal information of European Residents.

To the extent that the University engages a third party data processor, it will ensure that it enters into a written agreement with that data processor, which sets out, as a minimum, terms which require the processor to:

  • only act on the written instructions of the University as the data controller;
  • ensure that people processing the data are subject to a duty of confidence;
  • take appropriate measures to ensure the security of processing;
  • only engage sub-processors with the prior consent of the University and under a written contract;
  • assist the controller in providing subject access and allowing data subjects to exercise their rights under the GDPR;
  • assist the University in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
  • delete or return all personal data to the University as requested at the end of the contract; and

submit to audits and inspections, provide the University with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the University immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

Cookies

What cookies do we use?

The University uses cookies and pixels on its website. Cookies are small text files that are placed on your computer or mobile phone when you visit a website. A pixel is a code placed on the University's website which triggers a cookie.

The University uses cookies (and pixels) on its websites to ensure website functionality, track usage patterns, personalise content and advertisements, analyse traffic and to enable social media features.

The University uses a variety of different categories of cookies on its website. Each cookie has a specific purpose. Generally, the cookies used by the University can be split into two categories:

  • Essential cookies; and
  • Non-essential cookies.

Essential cookies are those which are strictly necessary in order for the University's websites to operate/function effectively. Essential cookies do not generally collect your personal information. 

All other cookies are non-essential, and may, in some cases, collect your personal information.

The cookies used by the University may be set by the University itself, or by third parties. The University uses the following non-essential cookies (some of which are set by third parties), for the following identified purposes:

  • Facebook, Instagram (Tracking pixel for ad retargeting)
  • Google (Tracking pixel for ad retargeting)
  • Google Analytics (Reporting)
  • Xaxis (tracking pixel and ad retargeting)
  • Adroll (tracking pixel and ad retargeting)
  • Nine Digital (tracking and ad retargeting)
  • Bing Ads (tracking and ad retargeting )
  • Linkedin ( Tracking pixel for ad retargeting)
  • VWO (A/B testing and optimisation)
  • Sizmek Versatag (advertising, URLs tag, monitor page views)
  • Addthis (Social media sharing)

Third parties, including Facebook, may use cookies and pixels and may use your information to provide measurement services and target ads.

How to change your cookie preferences

You have the right to decide whether to accept or block cookies that we use on our website. However, please be aware that if all cookies are blocked (particularly any essential cookies), the functionality of our website may be impaired.

You can exercise your cookie preferences by adjusting your browser settings. The links below set out information about how to change your browser settings for some of the most commonly used web browsers:

You should be aware that most browsers automatically accept cookies. Therefore, if you do not wish cookies to be used, you may need to actively delete or block the cookies. If you reject the use of all cookies, you will still be able to visit our website but some of the functions may not work correctly.

Cookie Information for European Residents

To the extent that any cookies placed on the University's website by the University or a third party can uniquely identify a European Resident, the requirements of the GDPR will be adhered to. In particular, the University will ensure that:

  • consent is obtained prior to the setting of the cookies
  • consent to the use of cookies can be provided by clear affirmative, positive action;
  • rejecting the use of cookies will be an actual option in the sense that a European Resident can continue to access our website and its functions even if all but the essential cookies have been rejected
  • a European Resident can withdraw their consent at any time by changing the relevant settings;
  • a European Resident's consent is renewed every 12 months;
  • it documents a European Resident's consent and stores it securely; and
  • it deletes the personal information of a European Resident upon request.

You can opt out of the collection and use of your information for ad targeting. Mechanisms for exercising that choice are available here http://www.aboutads.info/choices and http://www.youronlinechoices.eu/.

Complaints and Additional Information

If an individual has any questions or concerns, or believes the University has breached its obligations under the APPs or this policy generally, please contact our Privacy Officer, Director: Chancellery and Council Services by email at privacy.officer@unisa.edu.au or by mail to:

Privacy Officer
GPO Box 2471
Adelaide SA, 5001

If you are a European Resident and have any questions about the University's compliance with the GDPR, please contact the Privacy Officer, Director: Chancellery and Council Services (who is also the University's Data Protection Officer for the purposes of the GDPR) in the first instance.

 

Last updated 12 July 2018