Skip to content
Curtin University
Records & Information Management

Privacy Statement

This privacy statement describes how Curtin University handles personal information in its possession or control. The University's privacy statement remains under constant review, and it is therefore your responsibility to monitor this statement for changes which may be implemented from time to time.

At Curtin, the privacy of students, staff and other people who the University deals with is taken very seriously. Much of the information which the University collects in connection with its normal functions and activities is "personal information", and this information is handled in accordance with relevant privacy standards.

Curtin's level of compliance

Under the Higher Education Support Act 2003 (Commonwealth) (HESA), the University must comply with the Information Privacy Principles contained in the Privacy Act 1988 (Commonwealth) when handling students' personal information obtained for the purposes of chapters 3 and 4 of the HESA. Apart from this obligation, the University is not subject to the Privacy Act but it nevertheless commits to comply with the Australian Privacy Principles as if it were a Commonwealth organisation.

In addition, respecting an individual's right to privacy is consistent with Curtin’s Values and signature behaviours. Staff and students, as members of the University community, are required to respect each individual's right to privacy.

The type of personal information collected

The types of personal information which the University handles may include, but is not limited to: names, residential addresses, student or staff ID numbers, student or staff photographs, tax file numbers, email addresses, date of birth, bank details, government identifiers and signatures.

Purpose of collection of personal information

The personal information you provide will only be used by University officers in a manner consistent with the original purposes of collection or as otherwise permitted by the Australian Privacy Principles.

The purpose of collecting information is not only to keep a record of students and staff members, but also to ensure they have the full benefit of the complete range of services offered by the University.

Use and disclosure of personal information to other parties

Information collected from students and staff will be used to communicate with those individuals in relation to any issue relevant to their involvement with the University.

This may extend to communications involving surveys, the availability of courses, alumni activity, newsletters and related marketing or promotional activity, and soliciting donations. Surveys and other research activity may be carried out for the benefit of the University or in connection with a government initiative.

Communications of this nature may be initiated direct by the University or by a third party engaged to act by or on behalf of the University. This in turn may require the University to supply personal information, such as contact details, to a third party research organisation which in turn might engage contractors to analyse the data or to solicit further information from the individual.

Information may be disclosed to third parties in limited circumstances expressly permitted by the Privacy Act. This may include, for example, disclosure to State and Australian Government agencies where required or authorised by law.

Personal information may also be disclosed to third parties in some instances where this is necessary for the University to carry out its normal functions and activities. Accordingly, for example, personal information may be incidentally handled by IT contractors (including outsourcing providers) or other external service providers engaged by the University.

The University may also disclose the personal information of its students to external organisations such as professional bodies, hospitals and schools in order to enable those students to undertake a practical experience/clinical component of their course. Where personal information is to be provided to contractors or other external organisations, the University will require the recipient (and any contractor engaged by the recipient) to handle the information in a manner consistent with the Australian Privacy Principles.

Some personal information which is handled by a third party may be stored overseas or in the "cloud" environment. This means that the data may in some circumstances not be regulated by the Privacy Act and it may be located in a jurisdiction which has less stringent privacy laws than Australia. This will only be permitted where the transfer of data complies with the relevant constraints contained in the Privacy Act relating to overseas data transfers. If there are other situations in which the University wishes to use your personal information, it will seek your express consent.

The Privacy Act contains certain exemptions which may impact upon Curtin's privacy obligations. For example, employee records are generally exempt from an organisation's obligations under the Act, and this exemption extends to Curtin's voluntary commitment to voluntarily assume the responsibilities of an "organisation". This exemption does not, however, permit Curtin to use personal information contained in employee records for purposes not connected with the employment relationship.

Correction of personal information

All staff and students have the right to access their personal information held by the University and also to seek correction of such information if it is inaccurate, misleading, out of date or not complete.

Use of cookies

Curtin University uses digital cookies to remember your preferences and collect online traffic data, which is analysed using Google Analytics. For more information on the use of cookies, please see our web standards page.

Opting out of future communications

If you are not a Curtin staff member or student, and are receiving communications from Curtin, we will ensure that you can easily opt out of these communications at any time. This functionality is provided as a matter of course on all of our social network sites - refer to the Privacy statements of each site. If you wish to opt-out of an electronic direct mail from Curtin, an 'unsubscribe' function is provided or email the relevant administrator direct requesting your details are removed.


Staff and students may make a complaint about a breach of privacy through the Integrity and Standards Unit (ISU) portal, please see the ISU portal for details.

Privacy statement last updated 21 June 2016 (administrative update).


If you have any queries about privacy at Curtin please contact:
Information Disclosure Compliance Officer
Tel: +61 8 9266 1036