The following describes how the University of Sydney (“the University”) deals with personal information collected through its websites, and should be read in conjunction with the University’s Privacy Policy and Privacy Management Plan.
Personal information collected by the University is handled in accordance with the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Protection Act 2002 (“the Acts”). Staff and students of the University should also refer to the University’s Policy on the Use of University Information and Communications Technology Resources (ICT Resources).
The University’s websites automatically collect a certain amount of personal information about you when you are browsing or otherwise using the website. This is described below. This privacy statement deals primarily with the automatic collection of data about you.
The University also explicitly collects personal information through its interactions with you – for example, applying for places or jobs, enrolling in units of study, completing a survey etc.
For explicit collection of personal information please refer to the privacy statement specific to that website and that particular interaction.
1. Collection of information automatically logged
Automated collection of information – The University may collect personal information and other data about you from your computer as you browse or otherwise interact with our websites. The various mechanisms used include server logs, proxy logs, and cookies.
Cookies – A cookie is a package of data which a website requests be stored temporarily on your computer (or in memory) to identify you as a visitor to that website. You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some of the University’s websites.
The information collected by these various mechanisms includes:
- the IP (Internet Protocol) address of the machine which has accessed the website;
- the dates and times of each interaction on the website;
- the pages accessed and documents downloaded;
- sometimes, the previous site visited and the type of browser used.
Cookies may also store the following information: session (numbered key) and duration. A numbered key is a unique server-generated number used to identify the current session. The session key can be linked back to a user’s login identification.
Because some University sites have access restricted to staff or students, you may be required to use your secure login, (ie, to use your Unikey – your University user name – and password). Unique identifiers (such as your login identification) are collected from website visitors to verify the user’s identity.
Unique identifiers are also used to store information about users’ preferences, to enable the dynamic display of the site according to your preferences when you return.
2. Storage and security of information
Information automatically collected by the University through our websites is held primarily but not only by our Information and Communications Technology (ICT) division. The University also uses the services of third party service providers who store information in their systems.
The University’s ICT Division has in place security measures based on a risk assessment process to protect against the loss, misuse, and alteration of the information.The University also encrypts some information and transactions.
Where you can access a University website only by using the secure login issued to you (to all staff, students and affiliates) the information about you which is held, or you add or amend, on that website, is protected by restricting access through that login. Accordingly, you must ensure that your password is not disclosed or made available to others.
Relevant technical staff are able to access the logs created by servers for the purposes of collecting statistics, dealing with faults and improving the service and investigations.
3. Use and disclosure
Information collected by the University through automated mechanisms will only be used for the purpose for which it was collected in accord with this Privacy Statement.
The information held by the University’s third party services providers will be used and disclosed in accord with the terms of the service contract.
The University will not disclose this information concerning you to parties outside the University except with your consent, or where required or authorised by law. Details regarding how and when the University disclosures personal information can be found in the University’s Privacy Management Plan.
Personal information collected through the University’s websites and which is no longer required by the University, nor required by law to be retained, will be destroyed, as authorised by the disposal authorities issued under the NSW State Records Act 1998.
4. Access to and correction of personal information
You have a right to request access to, and correction of, your personal information held by the University. Full details are set out in the University’s Privacy Management Plan. The University’s privacy website includes forms to seek access and correct personal information. If you require more information about privacy in the University, please contact the University’s Privacy Officer.
5. Privacy complaints
If you wish to make a complaint about the way the University has handled your personal information, please contact the University’s Privacy Officer. You are able to make a formal complaint under the Privacy Acts.
6. Breaches of security of University systems
If you have an urgent concern that a University IT system has been breached and personal information is not properly secure please notify the ICT Help Desk immediately:
Phone: (02) 9351 1600
Email: ict.support@sydney.edu.au
System breaches are critical events and should be reported to the ICT Help Desk at any time.