Online Privacy Statement

This privacy statement relates to the information collected from you when you visit websites controlled by The University of Melbourne (University). When you leave our website or click on links that lead to external websites, we do not control what cookies are set and are not responsible for the privacy practices of external websites. You will need to familiarise yourself with their privacy policy and practices and set your cookie preferences for those sites as well.

This statement should be read in conjunction with the University’s Privacy Policy and other statements on our Privacy webpage.

Privacy legislation

The University is governed by the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) when processing the personal data of individuals. We are also subject to the requirements of federal and international privacy legislation, to the extent that these apply to our activities, including when we process the personal data of individuals located in some international jurisdictions. (Together, Privacy Laws)

For the purposes of this statement, “personal information” (sometimes called “personal data”) is defined broadly in the Privacy Laws as information or opinion that relates to an identified or identifiable individual.

The “processing” of personal information refers to all activities relating to its management by the University, from its collection and use, through to its storage and disposal, and everything in between.

Our legal basis for processing your personal information

We rely on various legal bases for our collection and use of your personal information when you use and interact with our website. The primary purpose for us collecting and processing your personal information when you use online forms or other systems accessed through our website is that it is necessary to provide you with information, products or services that you request from us. This could be as part of a course application process, registering for an event or through you contacting members of University staff. We rely on your consent when processing personal information automatically collected from you through our use of website cookies. There are broadly four reasons why a cookie might be stored on your device when visiting the University website.

• Cookies that make the website work properly for you and enable you to make use of the secure online services that we provide.
• Cookies that collect data about your use of the website which is then anonymised and used to help us improve our online services.
• Cookies that remember your preferences and make the site easier for you to use.
• Cookies that are placed by third party services we make use of to enhance the information we present online.

The University generally processes personal information where it is necessary for the pursuit of our legitimate interests in delivering our core functions, such as teaching, learning and research, as defined in the objects of our enabling legislation, the University of Melbourne Act 2009 (VIC).

What we collect and how

The University collects and processes your personal information in a variety of ways when you interact with our website. We only collect personal information that is necessary for the purpose required and directly from you wherever possible. Where this is not practicable, we may collect personal information indirectly.

Information we collect directly from you

When you enter information in an online form (such as registering for an event or subscribing to a newsletter), or enter your data directly into University systems, we specify the purpose and future use of this information at the time you provide it in privacy notices that are particular to those activities. The University also uses  contact information you provide in online forms (such as your email address) to generate de-identified market-segment profiles the University uses to market content to you.

The University’s privacy statements provide general information and examples about how the University collects and processes personal information depending on your relationship and interaction with us.

Information we collect automatically

The University collects personal information indirectly when you are browsing or otherwise using our website, including using online forms. We use cookies, tracking pixels and similar technologies (collectively, cookies) to collect personal information. You can set your preferences for these cookies through our cookie consent banner or by managing your cookie and site visit data when viewing our websites. You can change these preferences at any time.

Examples of the information we collect include:

• your user demographics;
• your geographic region;
• the websites you visit and the time spent on each site; and
• your device and browser type.

Cookies

Cookies are text files containing small amounts of information which are placed on your computer or device when you visit our website. They allow sites to recognise your device when you make a return visit. We do not set cookies on your device (other than essential cookies) unless you accept/enable all cookies, or you select your own cookie preferences.

Cookies may store information about your computer, browser, or device, including technical device details such as your mobile device type identifier. Cookies cannot be used to run programs or deliver viruses to your computer.

By visiting websites under the control of the University, third parties may also place cookies on your browser or device to track how and when you use a website, which website you visited immediately before, and to collect data about targeted ads served to you.

How long a cookie stays on your computer or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until the session ends. Persistent cookies stay on your computer or device until they expire or are deleted.

Why we collect your data and how it will be used

The University collects site visit data, to enable more effective digital marketing and optimise user experience. This includes generating market segment profiles to better understand your relationship and interactions with the University, and to serve you content that is relevant to you.

The University also uses and shares cookies to facilitate the sampled reporting of demographics and the interests of its site visitors via services such as Google Analytics, social media, and other third-party platforms.

These platforms may allow us to collect information such as age, gender and interests to better understand the users that visit our site and identify how we can improve user experience and interaction. This feature is based on Display Advertising and the data collected is used to provide better services and deliver more relevant content to our users.

Site visit information may also be used to inform security audits to protect against cyber and information security threats, and for other law enforcement purposes.

We will only use or disclose your personal data in the following circumstances:

• for the purpose for which it was collected;
• for a related purpose which you might reasonably expect;
• with your permission (consent);
• if we are required or permitted to do so by law;
• where it is necessary for the pursuit of our legitimate interests (if relevant); and
• to enable our contracted service providers or partners to perform legitimate functions on our behalf, such as those outlined in a specific privacy collection notice.

To the extent that site visit data identifies you, the University will not attempt to identify individuals from the records the server automatically generates unless necessary as part of an internal investigation or for a law enforcement-related purpose, and then only in compliance with applicable Privacy Laws.

Who your personal data will be shared with

The University will share your site visit data and de-identified information about you with our Customer Data Platform (Tealium), to develop a profile of your engagement with our websites across devices. This allows us to generate more accurate market segment profiles to optimise your experience, based on your interests.

The University will not otherwise disclose personal information collected from your site visit to a third-party without your consent unless we are required or authorised to do so by law.  For example, law enforcement or government agencies may exercise their legal authority to inspect the web server's records as part of an investigation into suspected unlawful or improper activity.

We do not sell your personal data to third parties or permit third parties to on-sell the information we have shared with them.

Third-party cookies

The University uses third party cookies to advertise online. This means we may show ads to you across the internet and deliver targeted advertising to you when you visit third-party websites. We, and third-party vendors, use first-party cookies (such as the Google Analytics) and third-party cookies (such as the DoubleClick cookie) to:

• Inform, optimise, and serve ads to you on relevant websites on the Google Display Network (GDN) and elsewhere, based on your past visits to our website; and
• Find out how ad impressions, ad services, and your interactions with them, are related to visits to our site.

The University does not collect identifiable information by using third-party remarketing services provided by companies such as Google.

How to opt out or block cookies

You can manage your cookie preferences through the University’s cookie consent banner which is on every page of the University’s website. Please be aware that if you choose not to enable cookies it may prevent you from taking full advantage of the website and some parts of the website may fail to work.

You can also restrict or block cookies which are set during your use of the website by changing your browser’s settings. Some pages may not work if you completely disable cookies, but many third-party cookies can be safely blocked.

You can view Google’s Privacy & Terms here and opt-out of Google Analytics for Display Advertising and customise GDN ads using the Ads Preferences Manager or by downloading the Google Analytics Opt-out Browser Add-on.

Otherwise, check information in your browser’s help section for specific instructions on how to manage cookies and by reviewing their privacy and security policies and settings. You can opt-out of other third-party vendors’ use of cookies by visiting:

• the Network Advertising Initiative opt-out page; or the
• the Digital Advertising Alliance opt-out page; or
• for EU users, the European Digital Advertising Alliance opt-out page.

Alternatively, websites such as “All About Cookies” provide comprehensive guidance.

Accuracy, storage and security

The University takes care to manage personal data appropriately and securely. Your personal data is processed in a variety of formats, both electronic and hardcopy, including in enterprise-wide databases used across the University. Accordingly, your personal data is not segregated or treated differently from any other personal data based on your geographic location or jurisdiction.

Our staff receive regular privacy and data protection training, and the University has implemented organisational and technical measures so that personal data is processed in accordance with applicable Privacy Laws.

We take reasonable steps to ensure that any personal data we (or parties operating on our behalf) collect and otherwise process, is accurate and complete, and that appropriate technical and organisational security measures are implemented and maintained to protect it from accidental or unlawful destruction, misuse, loss, alteration, or unauthorised access or disclosure.

Access to your personal data is limited to authorised University staff and contracted third parties, or affiliates’ representatives, for the purpose of carrying out necessary duties in the University’s legitimate interests. Where personal data is disclosed to third parties, it will be done so only to the extent necessary to fulfill the purpose of such disclosure. Where required, we ensure we have appropriate information sharing and/or processing agreements in place before sharing your personal data with any third parties.

In some instances, your personal data may be transferred outside Victoria or Australia (for example, where providers are located internationally or use a cloud-based system with servers based in other jurisdictions). We take reasonable steps to ensure that the interstate or overseas transfer of personal data is in accordance with this privacy statement, relevant University policies, and applicable Privacy Laws.

Once your personal data is no longer required for the purpose it was collected, or for another legislative purpose, it will be securely destroyed in compliance with the University’s retention and disposal authority.

Your rights

You may request access to, or correction of, your personal information we hold, or exercise your individual rights as applicable, unless this would have an unreasonable impact on the privacy of others or would contravene our other legislative obligations.

To access personal data we hold about you, contact the relevant faculty or area of the University in the first instance, or you can contact the University at Stop1 or by phoning 13 MELB (13 6352). Sometimes the department or area of the University that holds that information will need to liaise with our Legal and Risk area before determining whether they can provide the information directly to you.

At times, we may require requests for access to, or correction of, personal information to be made in accordance with the Freedom of Information Act 1982 (Vic). Further information about this process is available on our Freedom of Information web page.

If the lawful basis of us processing your personal data is with your consent, you have the right to withdraw this at any time. However, this will not affect the lawfulness of our processing prior to your withdrawing your consent.

University Privacy and Data Protection Officer

The University Secretary is the University's designated Privacy and Data Protection Officer (PDPO). The privacy team in Legal and Risk provide guidance on the University’s privacy obligations and responsibilities.

Please refer to our Privacy webpage, view our Privacy Policy or contact our privacy team for more information about how the University processes personal data and for details of how to make an enquiry or lodge a complaint.

If you are dissatisfied with our response to a complaint your query or concern, you may lodge a complaint with the applicable supervisory authority:

• Office of the Victorian Information Commissioner
• Health Complaints Commissioner (in relation to health information)
• Another privacy and data protection authority (federal or international), to the extent that their jurisdiction applies to the specific activity.

Updates to this privacy statement

We periodically refine our privacy statements. The overall level of privacy protection is maintained when changes or inclusions are made. Wherever possible, we will inform you of any substantive changes to this Privacy Statement. However, we may occasionally make changes without notice, particularly where there are amendments to the relevant laws, or we adopt new working practices.

We encourage you to regularly review this statement for any updates. The most recent substantive changes were made on 26 October 2023.