Skip to content

Legal

Privacy Policy

How we collect, use, and protect your personal information.

Policy Number COL001

Wade Institute for Entrepreneurship, Ormond College (University of Melbourne)

 

1. Rationale

The purpose of this policy is to provide information about the kinds of personal information Ormond College (the College) holds and the manner in which it complies with its legal and regulatory obligations under the Privacy Act 1988 (Cth) (the Privacy Act) including the Australian Privacy Principles (APPs) that govern the standards, rights and obligations around:

  • The collection, use and disclosure of personal information

  • An organisation’s governance and accountability

  • Integrity and correction of personal information

  • The rights of individuals to access their personal information.

In the course of providing services to students, prospective students, employees, prospective employees, Council members, alumni, donors, contractors and volunteers, the College may collect and hold; personal information, sensitive information and health information. 

2. Definition

 “Personal information” means ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable: 

  • Whether the information or opinion is true or not; and

  • Whether the information or opinion is recorded in a material form or not.

 “Sensitive information" is personal information that includes information or an opinion about an individual’s:

  • racial or ethnic origin; or

  • political opinions; or

  • membership of a political association; or

  • religious beliefs or affiliations; or

  • philosophical beliefs; or

  • membership of a professional or trade association;
  • or membership of a trade union;
  • or sexual orientation or practices;
  • or criminal record
  • tax file numbers 

Sensitive information includes health information. “Health information” is any personal information about your health or disability, including genetic information some types of biometric information. 

3. What kinds of personal information do we collect and store 

Personal information we collect will depend on the circumstances and includes (but is not limited to):

  • name

  • age and/or date of birth

  • contact details including telephone numbers and e-mail addresses

  • current and previous home address (including postal address)

  • gender

  • identification information such as passport, driver’s license, working with children check and national or international police check

  • bank account details h. employment details, status and history

  • proof of academic scores and qualifications

  • University of Melbourne Student Number

  • Psychometric and medical testing information

  • Medical and emergency contact information

  • Photographs, audiovisual footage and images of you, for example when attending functions or working at the College or through the use of CCTV systems that we have installed (used for the purposes of managing security and health and safety of students, employees and the public generally)

  • Information regarding your access to various parts of the College, collected by smart badge readers

  • Investor type, investment history and project budget [for applicants for VC Catalyst]

  • Information collected through the provision of psychological services. 

  • Information obtained from Gender-based Violence declarations. 

Our website

Also, if you access our website, we may use various technological methods from time to time to track visiting patterns. These include, but may not be limited to, cookies, google analytics, click stream data and web beacons to collect additional information about your use of our website. A cookie is a small text file stored in your computer’s memory or on your hard disk for a pre- defined period of time. We may use cookies to identify specific machines in order to collect aggregate information on how visitors are experiencing our website. 

4. Collection and Storage of Personal information 

We collect your personal information for the primary purpose of providing our services to you and associated business activities and also to market our services for the benefit of our students, alumni and staff.

The College holds personal information on electronic and paper records. We take all reasonable steps to ensure that the personal information we hold is protected from unauthorised access, modification, theft, disclosure, misuse and loss.

If we find that we no longer need your personal information we may de-identify it or remove it from our systems and destroy all record of it. 

5.  Use of Personal information 

Ormond College only uses personal information that is reasonably necessary for one or more of its functions or activities (the primary purpose) or for a related secondary purpose that would reasonably be expected by you, or for an activity or purpose for which you have consented.

We may collect, hold and use your personal information:

  • to identify and communicate with you
  • to enable us to provide you with requested information, including education and residential services
  • to otherwise assist current and prospective students by providing them with information and support
  • to manage and administer our admission processes, including to assess applications for scholarship, prizes or student eligibility for financial assistance
  • to manage and administer your residency
  • to collect and process payments, including fees and donations
  • to assist student participation in sporting, social or cultural activities offered by us 
  • to assess your performance or conduct
  • to manage any investigation (including but not limited to community or employment) in which you are involved
  • to provide references at your request to third parties such as real estate agents or potential employers
  • to help us to manage and enhance the services we provide to you
  • to help us to manage and enhance goods and services we procure from our suppliers and subcontractors
  • to personalise and customize your experiences on our Website
  • to establish membership of the Ormond College Association (OCA)
  • to manage and administer our alumni database, including to inform members of the OCA about alumni activities
  • to publish details about OCA members in the OCA newsletter, ‘New and Old’
  • to undertake fundraising activities and events
  • to promote and market our services to you
  • to provide you with information that we believe may be of interest to you or that you may be interested in receiving, including advertising material, regarding us, our clients and our business partners
  • to conduct research for the purposes of improving existing services or creating new products or services to help us research the needs of our customers to enable us to market our products and services with a better understanding of the needs of students
  • to notify and assess insurance claims, pay settlements and finalise claims, and determine liability
  • to protect you and us from fraud
  • to provide for the safety and security of our community, including students, employees, Council members, contractors, alumni, donors and on-site visitors.
  • to help us manage our business operations
  • for business support purposes including maintenance, backup and audit
  • to process any job application submitted by you
  • to respond to any queries or complaints you may have 
  • to comply with any statutory or legal obligations

We may disclose your personal information:

  • when contacting advisors, tutors or other individuals who assist in providing services to you;

  • when contacting University of Melbourne or other Colleges who assist us in providing services to you;

  • contacting your nominated emergency contacts or referees;

  • when required by law to disclose to government, legal or regulatory authorities;

  • informing Centrelink of your enrolment status if you are in receipt of payments;

  • checking details of your immigration status;

  • to our suppliers, contractors and organisations that provide us with technical and support services;

  • to our accountants, auditors, insurers, lawyers and other professional advisers when seeking advice in relation to our activities, our services or when dealing with complaints or investigations;

  • and publishing names, news and photos of alumni and friends of the College. 

Use and disclosure of sensitive information

We only use or disclose sensitive information when: 

  • it is reasonably necessary for one or more of these functions or activities and we have your consent

  • it is necessary to lessen a serious risk to life, health or safety

  • to enable the College to discharge its Duty of Care

  • to enable the College to discharge its obligations to provide and maintain a safe environment and to prevent and respond to sexual harm. 

6.  Access and request for correction of personal information 

Please contact our Privacy Officer (contact details below) if you would like access to or to correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to make sure that the personal information that we hold is properly protected. 

We will generally provide you with access to your personal information, subject to some exceptions permitted by law. If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold in inaccurate, out of date, incorrect, irrelevant or misleading, we will take reasonable steps to ensure that, having regard for the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading. 

Exceptions

1. Handling of employee records 

The College’s handling of employee records relating to a specific current or former employee may be exempt from the Privacy Act and the APPs, in accordance with section 7B(3) of that Act. This exemption applies only where the handling is directly related to the employment relationship between the College and the employee/former employee. In such cases, the College may manage those records outside the scope of this policy, while continuing to meet its obligations under the Fair Work Act 2009 (Cth), including requirements concerning recordkeeping, access, and confidentiality. 

2. National Higher Education Code to Prevent and Respond to Gender-based Violence 2025 (the Code) 

In complying with its obligations under the Code to protect its residents from Gender-based Violence, the College is required to obtain Gender-based Violence declarations, from including but not limited to, all employees, Council members, contractors and volunteers.

The Code requires the College to provide de-identified information and otherwise undertake its obligations under the Code even where that conflicts with the Privacy Act.

The College must report to The University of Melbourne data relating to incidents of and in compliance with its GBV obligations. 

7.  Access and request for correction of personal information

On occasion, we may need to send personal information outside of Australia where it is necessary to do so, for example, where a student has a parent who lives overseas. In addition, some third party service providers to whom we disclose personal information may be located outside of Australia. 

8.  Data Breaches

The Privacy Act provides for the Notifiable Data Breaches Scheme. This means that the College is required to notify affected individuals and the Office of the Australian Information Commissioner about an eligible breach. 

An eligible breach (1) occurs when:

  • there is unauthorised access to or unauthorized disclosure of personal information, or a loss of personal information that the College holds

  • this is likely to result in serious harm to individuals, and

  • the College has not be able to prevent the likely risk of serious harm to any individual. Serious harm, in the context of a data breach, may include serious physical, psychological, emotional, financial or reputational harm. 

9.  Complaint Resolution

You may make a complaint about how the College manages your personal information including a breach of the APPs, by notifying us in writing as soon as possible. We will respond to the complaint within a reasonable time, usually within 30 days and the College may seek further information from you in order to provide a full and complete response.

The College’s Privacy Officer is:

Ms Kim Howells

Executive Director Engagement & Innovation

E-mail address: privacy@ormond.unimelb.edu.au

Postal address: 49 College Crescent, Parkville VIC 3052

Ph: 03 9344 1203

If you are dissatisfied with the handling of your complaint, you may refer your concerns to the:

Office of the Australian Information Commissioner

GPO Box 5288

Sydney NSW 2001

Ph: 1300 363 992

OAIC Web Form 

10.  Related OC policies and Relevant legislation 

  • Archives and Retention Policy

  • IT Data Retention and Disposal Policy

  • Privacy Act 1988 (Cth)

  • Health Records Act 2001 (Vic)

(1) A data breach that occurred before 22 February 2018 is not an eligible breach for the purposes of the Notifiable Data Breach Scheme. 

Date Reviewed: 26 February 2026

See what's inside

Eight modules, around forty-five short sessions, free to start.

Explore the program