Privacy at the University of Sydney

• Information about how the University deals with personal information (also known as personal data) and the rights of the individual is available on the Privacy at the University page.  
• Students should refer to the Your Privacy page that, amongst other things, identifies how their personal information stored on student systems such as Canvas and Sydney Student will be used for business and learning analytics purposes
• Staff should refer to the staff privacy collection statement (pdf, 217KB).  
• Staff, students and members of the general public who have been granted access to the University’s guest wireless network should also refer to the University’s Acceptable Use of ICT Resources Policy 2019 (pdf, 243KB).
• For all enquiries about privacy, including the University’s compliance with the European General Data Protection Regulation (GDPR), email privacy.enquiries@sydney.edu.au.  

Reporting a breach to a University system

If you are concerned that a University system may have been breached, contact the ICT helpdesk immediately on (02) 9351 2000 (select 2 for ICT) or ict.support@sydney.edu.au.

University Website Privacy Collection Statement

Collection of information  

When you are using a University website, you may be asked to provide your unikey, name, contact details or other personal information/data.  

In some circumstances, we will ask you to use a third party to provide us with information, such as where you register for a University event.  Please see the University’s disclaimer.

The University has security measures in place to safeguard personal information from misuse, and unauthorised access, use, modification or disclosure, including those in the University’s Cyber Security Policy 2019 (pdf, 218KB) and the Acceptable Use of ICT Resources Policy 2019 (243KB). We retain your personal information in accordance with the State Records Act 1998 (NSW).

The University’s websites also automatically collect personal information when you are browsing or otherwise using our websites.  The various mechanisms used by the University include server logs, proxy logs, and cookies.

A cookie is a package of data which a website requests be stored temporarily on your computer (or in memory) to identify you as a visitor to that website.  You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some of the University’s websites. 

The information collected by these various mechanisms includes:

• the server and IP (Internet Protocol) address of the machine that has accessed the website
• the dates and times of each visit to the website
• the pages accessed and documents downloaded
• the type of browser used; and
• sometimes, the previous site visited.

Cookies may also store the following information: session (numbered key) and duration. A numbered key is a unique server-generated number used to identify the current session.  The session key can be linked back to a user's login identification.

Use and disclosure

We will only use or disclose your personal information:

• for the purpose for which it was collected (such as to meet the object and functions of the University of Sydney Act 1989 (NSW))
• for a directly related purpose
• when we have the appropriate consent to do so; or
• as otherwise required, permitted or authorised by law.

Examples of how we will use or disclose your personal information include:

• Unikeys collected by the University are used for verification purposes to enable access to certain sections of the University’s websites.
• Information that we collect on our Alumni & Advancement forms may be relevantly used to update your contact details, inform you about our services, events and achievements, administer your gift or, respond to your bequest inquiry.
• Information that we collect on website forms may be used for business and learning analytics purposes to assist the University to make better decisions regarding its operations, services and community engagement.
• Information automatically collected on our websites is used for statistical and business purposes such as diagnosing a fault and improving our services or, when required, for investigations.  The data is generally not accessible except to authorised University staff for these purposes.  Information which is automatically collected may be published as aggregated (de-identified) information to assist with improving the services offered by the University through its websites.
• The University may use third party remarketing cookies, such as through Google and Facebook, to show advertisements when you visit other websites based on your prior visits to a University website.  You can opt out by updating the ad settings for that particular third party, such as Google and Facebook.  For more information about how to opt out you may also want to visit the Network Advertising Initiative website.  

Access to and correction of personal information

Under NSW privacy laws, you have the right to request access to and correct any personal information concerning you held by the University.

If you reside in, or are located in, the European Economic Area, under the GDPR, where your information is collected, used or disclosed as a result of your express consent, you may withdraw that consent at any time.  Further, you may have the right to request the erasure, portability or restriction of processing of their personal information, and, to object to the processing of your personal information.

Information about requesting access to or amending your information can be found on the Accessing University information page.