Skip to content
Curtin University
Curtin Information Management and Archives

Privacy Statement

This privacy statement describes how Curtin University (the University) handles personal information in its possession or control. The University's privacy statement remains under constant review, and it is therefore your responsibility to monitor this statement for changes which may be implemented from time to time.

At the University, the privacy of students, staff and other people who the University deals with is taken very seriously. Much of the information which the University collects in connection with its normal functions and activities is "personal information", and this information is handled in accordance with relevant privacy standards.

Curtin's level of compliance

Under the Higher Education Support Act 2003 (Commonwealth) (HESA), the University must comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Commonwealth) when handling students' personal information obtained for the purposes of chapters 3 or 4 of the HESA. Apart from this obligation, the University is not subject to the Privacy Act but it nevertheless commits to comply with the Australian Privacy Principles as if it were a Commonwealth organisation.

In limited circumstances, the University may also be required to handle certain personal information in accordance with the European Union's General Data Protection Regulation.

In addition, in accordance with the University’s Values and Signature Behaviours, members of the University community are responsible for respecting an individual's right to privacy. Staff and students, as members of the University community, are therefore required to respect each individual's right to privacy.

The type of personal information collected

The types of personal information which the University handles may include, but is not limited to: names, residential addresses, student or staff ID numbers, student or staff photographs or recorded moving images, tax file numbers, email addresses, date of birth, bank details, government identifiers and signatures.

Information may be collected about staff, students or other people who the University deals with in on and off-campus activities. This may include data, photographs or moving images associated with remote access, distributed learning or involvement in any extra-curricular educational, sporting or secondment activity which is directly or indirectly associated with the University.

To the extent that the University inadvertently captures images of third parties who are not involved with a relevant University activity and which the University would not otherwise have been authorized to collect, it will as soon as practicable delete or de-identify such information unless the University has a legitimate reason to retain the information.

Purpose of collection of personal information

The personal information you provide or which is otherwise collected about you will only be used by University officers in a manner consistent with the original purposes of collection or as otherwise permitted by the Australian Privacy Principles.

The purpose of collecting information is not only to keep a record of students, staff and other people who the University deals with, but also to ensure they have the full benefit of the complete range of services offered by the University.

Use and disclosure of personal information to other parties

Personal information in the form of recorded moving images derived from classroom activity will be used to advance the objectives of the University's learning programs.

More generally, information collected from students, staff and other people who the University deals with will be used primarily to communicate with those individuals in relation to any issue relevant to their involvement with the University.

This may extend but is not limited to communications involving surveys, the availability of courses, alumni activity, newsletters and related marketing or promotional activity, and soliciting donations. Surveys and other research activity may be carried out for the benefit of the University or in connection with a government initiative.

Communications of this nature may be initiated direct by the University or by a third party engaged to act by or on behalf of the University. This in turn may require the University to supply personal information, such as contact details, to a third party research organisation which in turn might engage contractors to analyse the data or to solicit further information from the individual.

Information may be disclosed to third parties in limited circumstances expressly permitted by the Privacy Act. This may include, for example, disclosure to State and Australian Government agencies where required or authorised by law.

Personal information may also be disclosed to third parties in some instances where this is necessary for the University to carry out its normal functions and activities. Accordingly, for example, personal information may be incidentally handled by IT contractors (including outsourcing providers) or other external service providers engaged by the University.

The University may also disclose the personal information of its students to external organisations including but not limited to professional bodies, hospitals and schools in order to enable those students to undertake a practical experience/clinical component of their course. Where personal information is to be provided to contractors or other external organisations, the University will take all reasonable steps to ensure the recipient (and any contractor engaged by the recipient) handles the information in a manner consistent with the Australian Privacy Principles.

In the case of personal information in the form of moving images collected as part of the University's distributing learning programs, such information may be shared with students, staff and other people the University deals with who are involved in other learning activities at the same campus, or at other locations is occurring (Learning Locations) that may be interstate or overseas.

Some personal information may be transmitted to overseas Learning Locations as part of the University's learning programs, and some personal information may be stored overseas or in the "cloud" environment. This means that the data may in some circumstances not be regulated by the Privacy Act and it may be located in a jurisdiction which has less stringent privacy laws than Australia. This will only be permitted where the transfer of data complies with the Australian Privacy Principles and with the relevant constraints contained in the Privacy Act relating to overseas data transfers. If there are other situations in which the University wishes to use your personal information, it will seek your express consent.

The Privacy Act contains certain exemptions which may impact upon the University’s privacy obligations. For example, employee records are generally exempt from an organisation's obligations under the Act, and this exemption extends to Curtin's voluntary commitment to voluntarily assume the responsibilities of an "organisation". This exemption does not, however, permit Curtin to use personal information contained in employee records for purposes not connected with the employment relationship. Employee records remain confidential.

Correction of personal information

All staff, students and other people the University deals with have the right to access their personal information held by the University and also to seek correction of such information if it is inaccurate, misleading, out of date or not complete.

Use of cookies

The University uses digital cookies to remember your preferences and collect online traffic data and browsing characteristics, which is analysed using Google Analytics and other analytics tools.

Internet cookies are small strings of text placed on users' hard drive during the data exchange that happens when a browser points to a website. The browser stores the message in a text file which is sent back to the server each time the browser requests a page from the server.

Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information the Curtin website already knows about the user, such as their IP address.

The information generated by cookies is analysed using Google Analytics. This information is stored by Google and will be used for the purpose of evaluating website usage, generating reports on website activity and providing other services relating to website activity and internet usage.

You can choose to adjust your browser to reject cookies or to notify you when they are being used. Sometimes, rejecting cookies results in a loss of some website functionality. Unique identifiers (such as log-in name and password) are collected from visitors to the Curtin website to verify a user's identity and for use as account numbers in our record system.

Secure Socket Layer (SSL) encryption

Information that requires a secure method of delivery and protection, such as passwords, will use SSL encryption. This encryption is used only when required.

Opting out of future communications

If you are not a University staff member or student, and are receiving communications from the University, we will ensure that you can easily opt out of these communications at any time. This functionality is provided as a matter of course on all of our social network sites - refer to the privacy statements of each site. If you wish to opt-out of an electronic direct mail from the University, an 'unsubscribe' function is provided or you may email the relevant administrator direct requesting your details be removed.

Data breach reporting

The University will comply in circumstances where it is required to do so under the Higher Education Support Act 2003 (Cth) and also under s26WB and s26WE of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). All other data breaches will be assessed for voluntary reporting.


Staff, students and other people the University deals with may make a complaint about a breach of privacy through the Integrity and Standards Unit (ISU) portal, please see the ISU Complaints Portal web page for more details.


If you have any queries about privacy at Curtin please contact the:

Information Disclosure Compliance Officer

Tel: +61 8 9266 1036


Privacy Statement last updated 13 August 2018.