The University's primary privacy obligations are set out in the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW)
The University does not have any public registers as defined under "Part 6" of the Privacy and Personal Information Protection Act 1998.
There are exemptions to the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002, which may apply to the University, in particular, those relating to research. In addition, the operation of the NSW privacy laws can be modified by other laws.
The University runs a number of clinics and services, some of which may allow you to transact anonymously with them. You will need to ask the clinic or service provider about their practice regarding anonymity. These clinics and services may also include health information in a health records linkage system. You will need to ask the clinic or service provided about their practice regarding such systems.
Under the Privacy and Personal Information Act 1998 and the Health Records and Information Privacy Act 2002, there are various offences relating to personal and health information, for example:
For more information, please email firstname.lastname@example.org.
The University of Sydney is participating in the NSW Government International Arrivals Pilot Program (the Arrivals Program).
We are conducting a survey to gauge interest of international students who may be eligible for the Arrivals Program so that we can plan accordingly.
When you complete the survey we will collect personal information about you, including your:
We collect and use your information to help us plan for the safe and supported return of students to Sydney.
We will not share your personal information with anybody else without your consent, or unless we are authorised or required to do so by law.
We will store your personal information securely and dispose of it as required by the State Records Act 1998 (NSW).
You are not required by law to complete the survey.
For more information about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint, please see our privacy information on this page.
We collect and retain personal and health information in the course of undertaking our functions. The object and functions of the University are prescribed in Section 6 of the University of Sydney Act 1989 (NSW).
Examples of the personal and health information that we collect include:
More detail about the personal information collected by the University can be found on the privacy collection statements for our websites, our students, our staff (pdf, 265kb), CCTV system (pdf, 194KB), Clinical recording and observation system (CROS) (pdf 126KB) , Forum restaurant online ordering (PDF 96KB) and our multi-factor authentication (MFA) processes (pdf, 90.6KB).
You have the right to complain if you think the University has breached your privacy in the way it has handled your personal information. Complaints, also known as applications for internal review, should be made in writing within six months from when you first become aware of the breach.
You can use the privacy complaint form (pdf, 109KB) to make your complaint.
Email your complaint to email@example.com or post to:
Privacy and Right to Information
Archives and Records Management Services
The Quadrangle (A14)
University of Sydney
We will advise the NSW Privacy Commissioner of your name and the details of your complaint and keep the Commissioner up to date with the progress of the internal review.
Privacy complaints are considered by the University's Group Secretary. They will advise you of the results of the internal review and any action that we propose to take in respect of the complaint.
The Group Secretary must also report the findings and any proposed actions to the NSW Privacy Commissioner within 60 days of the date of receipt of the privacy complaint.
If you are dissatisfied with the way the University has dealt with your complaint or are disappointed with our findings, you can ask the NSW Civil and Administrative Tribunal (NCAT) to review the conduct.
Whether or not you apply for an internal review, you can also make a complaint to the Privacy Commissioner about an alleged breach of your privacy.
This notice explains how we will manage the personal information we collect to support our COVID-19 response.
Collection of information
We will collect your personal and health information (referred to collectively as ‘personal information’) to:
If you are confirmed or suspected to be infected with COVID-19, you are encouraged to notify our COVID-19 Taskforce (by phone: 02 9351 2000 or email: firstname.lastname@example.org).
If you intend to notify the COVID-19 Taskforce on behalf of someone confirmed or suspected to have COVID-19, you should first direct them to this notice or explain its contents and obtain their express consent to notify us.
When you contact the COVID-19 Taskforce, we will collect:
We will use this information in conjunction with building access logs to assist with contact tracing and to identifying campus locations that require sanitisation.
Other personal information we may collect as part of our COVID-19 response includes:
We will collect your personal information directly from you where possible, however if this is not practical, we may collect your information from other sources.
We may be required by law to collect certain personal information from you. If you do not provide the information we request, your participation in the University community may be limited.
Use and disclosure
The personal information we collect as part of our COVID-19 response will only be accessed by authorised University staff who need it to carry out their duties. We will use and disclosure your personal information:
We may share your personal information with relevant NSW and Commonwealth Government agencies or bodies to meet our public health obligations.
The Public Health Orders and section 38 of the Workplace Health and Safety Act NSW 2011 (WHS Act) require us to notify SafeWork NSW of any employee who has contracted COVID-19 while on campus or attended campus while infectious. We must provide SafeWork with the employee's name, date of COVID-19 diagnosis, and indicate whether the employee died from COVID-19. The University may be subject to penalties under the WHS Act if it does not comply with this notification requirement.
We may also use de-identified information about you to assist us with internal and strategic planning related to our COVID-19 response.
Security and retention
We use reasonable security safeguards to protect your personal information from unauthorised access, use or disclosure.
We will retain your personal information for as long as required to meet the purpose for which we collected it, and in accordance with the State Records Act 1998 (NSW). We will dispose of your personal information securely.
Section 38 of the WHS Act requires us to keep records of our notifications to SafeWork NSW for 5 years.
For more information about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint, please see our privacy webpage.
You can also access related privacy collection notices on our privacy web page, including:
The University of Sydney has engaged Raygun Media (Raygun) to capture and produce time lapse footage of our Welcome Festival 2022.
Filming will take place in the Front Lawn area using a fixed video camera. We will place signs at entry points to the filming area indicating where and when filming will take place. If you enter the filming area during a designated filming time, Raygun will capture video footage of you. No audio will be recorded.
Raygun will use the footage to create a time lapse video of Welcome Festival activity. We will then use the timelapse video for promotional purposes. We will not use or share the footage for any other purpose unless we are authorised or required to do so by law.
Raygun will hold all footage securely. After delivering the time lapse video to us, Raygun will securely dispose of all footage including copies. We will store the timelapse video securely and dispose of it in accordance with our Recordkeeping Policy 2017.
Participation in the filming process is voluntary. If you have any questions or concerns about being filmed, please contact email@example.com
You can find additional information on this page about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint.