Account Access Privacy Notice

Why we collect your personal information

The University of Melbourne is collecting and processing your personal information to:

  • to administer University IT access, including securely verifying your identity using your date of birth, personal mobile phone number, home address, or personal email address if required
  • securely verify your identity and control access where you are an external partner or collaborator using your organisation’s login
  • inform general business analysis, quality assurance, reporting and planning activities

The processing of personal information refers to all activities relating to the management of your personal information, including its collection, use, storage and disposal.

How we process your personal information

We will process your personal information as necessary for our legitimate interests, in accordance with applicable privacy laws, and only under the following circumstances:

  • for the purpose for which it was collected; or
  • a related purpose which you might reasonably expect; or
  • where you have consented to the processing; or
  • if we are required or permitted to do so by law

We will collect your personal information directly from you wherever possible. However, where this is not practicable, we may collect information through other avenues such as:

  • University managed systems
  • use of Okta products and services used to authenticate and manage access; and
  • identity providers operated by your organisation, where access to University systems is provided using your organisation’s login details

We may share your personal information with contracted service providers or partners engaged by us to perform legitimate functions on our behalf. The University is using third-party service provider, Okta, to assist in administering multi-factor authentication. Okta has established a privacy policy to help users understand how Okta collects and uses personal information. Please refer to Okta’s Privacy Policy for details: https://www.okta.com/privacy-policy/.

We will not disclose your personal information to anybody else without your consent, unless we are authorised or required to do so by law. We take all reasonable steps to ensure the information we hold is accurate and complete, and appropriate technical and organisational security measures are in place and maintained to protect personal information transmitted, stored or otherwise processed, from accidental or unlawful destruction, misuse, loss, alteration, unauthorised access or disclosure.

The provision of your biometric data is voluntary. Biometric data used by this solution is generated on device in a secure cryptographic container, in a non-traceable way and cannot be shared further.

In some instances, your personal information may be transferred outside of Victoria or Australia (for example, where providers are located internationally or use a cloud-based system with servers based in international jurisdictions). We take all reasonable steps to ensure the interstate or overseas transfer of personal information is in accordance with our privacy obligations as outlined in the University’s General Privacy Statement.

We will hold the personal information you provided us for as long as required for the purpose for which it was collected and in accordance with our legislative obligations. After this period, it will be securely destroyed in compliance with the University’s retention and disposal authority.

If you choose not to provide the information requested, we may be unable to provide you with IT access.

Further privacy information

Refer to the University’s General Privacy Statement or other privacy statements for general information about how we process and protect personal information, including:

  • our lawful basis for processing personal information
  • collection, use and disclosure of personal information
  • accuracy, security and storage of personal information
  • retention and disposal of personal information
  • your individual rights
  • applicable privacy laws

Refer to the University’s Online Privacy Statement for information about how personal information may be automatically collected from you, such as through the use of cookies, as a result of your visit to websites controlled by the University.

Your rights

You may request access to, or correction of, your personal information we hold, or exercise your individual rights as applicable under relevant privacy laws, unless this would have an unreasonable impact on the privacy of others or would contravene the University’s other legislative obligations.

If the lawful collection of your personal information is based on your consent, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of our processing of your information prior to you withdrawing your consent.

External partner users may request access to, or correction of, their personal information by contacting their organisation.

Contact

Students may contact 13 MELB (13 6352), or Staff can log a request with Staff Services https://staff.unimelb.edu.au/

For further information about how the University manages personal information, and for details of how to make an enquiry, lodge a complaint, or to contact the University’s Privacy and Data Protection Officer, please refer to our Privacy webpage, view the University's Privacy Policy or contact privacy-officer@unimelb.edu.au.

Last updated: April 2026