Privacy Policy

Macquarie University (the University) is committed to protecting the privacy of its students, employees and others who interact with it while undertaking its learning and teaching, research, engagement, and associated administrative activities and support services. All staff and functional units of the University have an obligation to be aware of and implement the privacy principles and practices established by legislation and articulated in this and other related policies.

This Policy provides guidance on the University’s approach to its information handling practices and that of its Controlled Entities in relation to the information collected from its students, employees and others who interact with it.

As a NSW public sector agency, the University is required to comply with the NSW Privacy and Personal Information Protection Act 1998 (PPIPA) and the NSW Health Records and Information Privacy Act 2002 (HRIPA), in respect of Personal and Health Information it collects and uses. The University aligns its practices and activities with the Information Protection Principles (IPPs), and the Health Privacy Principles (HPPs) contained in those Acts as outlined in the University’s Privacy Management Plan.

The University also follows any public interest directions and statutory guidelines issued by the Information and Privacy Commission NSW (or its equivalent) in relation to Personal and Health Information. The University’s Privacy Management Plan provides more information on how the University implements its obligations under the PPIPA and HRIPA, and how these Acts apply to the University’s operations.

The University’s Controlled Entities considered an “organisation” under the Privacy Act 1988 (Cth) (Commonwealth Privacy Act) must also comply with the Commonwealth Privacy Act 1988 and the Australian Privacy Principles (APPs) in addition to the PPIPA and the HRIPA when dealing with Personal and Health Information.

The University is required to comply with the General Data Protection Regulation (GDPR) where it meets specific criteria such as collecting and/or processing personal data of European Union (EU) residents or providing goods and services to EU residents. The University’s Privacy Management Plan provides more information on the circumstances where GDPR applies to the University’s activities and how the University complies with the GDPR obligations.

Whilst the University is not bound to comply with the Commonwealth Privacy Act 1988 (other than as a tax file number recipient), it strives to apply the APPs to its own practices to achieve consistency in protecting the privacy of individuals across University entities.

The University has established the following information Privacy Framework to communicate the applicable privacy laws to staff, students and others who interact with the University:

a. this Policy;

b. Privacy Management Plan;

c. privacy policies for Controlled Entities;

d. privacy collection notices/statements and consents; and

e. related policies, procedures, and guidelines on the management of information.

Further information can be found in the University’s Privacy Policy.

What information does Macquarie University collect and hold about you?

When we create a user account for you, we may collect personal information about you. We may collect your name, gender, date of birth, email address, and other information relevant to your participation in our services.

We are committed to treating your personal information in accordance with privacy law.

How does Macquarie University hold, use and disclose your personal information?

The information gathered by us in order to create your user account is held securely on our cloud-based servers which are located in Australia.

All Macquarie University employees are bound by the University’s Privacy Policy and Privacy Management Plan and are required to keep any personal information about you in a secure location, whether physically or electronically.

All third party partners are contractually bound to secure any personal information in line with the University’s Privacy Management Plan.

How do the Macquarie University protect your information?

Macquarie University follows strict rules and policies regarding the secure storage of personal information in all formats to protect your information from unauthorised access, loss or other misuse.

All staff working with the University are bound by a formal code of conduct and receive training about their privacy obligations.

You should sign out or close your browser once you have finished using OpenMQ. This is to ensure that others cannot access your personal information and correspondence on your device.

How can you access or seek correction of your personal information?

You can view the details entered in your Profile by logging into Open MQ and clicking on your name in the green bar at the top right of the screen, which says “You are logged in as [your name] (Log out). Then under “User details”, click on “Edit profile”

You can edit any of these details by removing the existing data and/or replacing it with the correct data and clicking the “Update profile” button at the bottom of the page.

What should you do if you have a question or complaint about the handling of your personal information?

If you have any privacy complaints, questions or concerns, you may contact the Macquarie University Privacy Officer or the NSW Information and Privacy Commission on 1800 472 679 or online at ipc.nsw.gov.au

For further information on how your query or complaint will be handled please review the Macquarie University Privacy Policy.

What sub-processors do this platform use?

To deliver our service effectively and securely, we engage the following trusted third-party vendors to assist with our operational tasks. Each sub-processor is carefully selected to ensure compliance with data protection regulations and industry best practices. Below is a list of our current sub-processors, including the type and location of data processed, as well as the relevant vendor's privacy and security policies.

Amazon Web Services (AWS)

- Data types processed include stored files, database records, logs, IP addresses