Privacy

Privacy

Privacy at CMBF Ltd

CMBF Limited (CMBF), trading as Macquarie Applied Finance Centre, is a controlled entity of Macquarie University and a company incorporated under the Corporations Act 2001 (Cth).  It must comply with the Privacy Act 1988 (Cth), the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW).

CMBF’s principal activity is to administer courses (primarily the Master of Applied Finance) and education and consulting services on behalf of Macquarie University.

CMBF complies with the University’s Privacy Compliance Framework which comprises a suite of documents including the University’s Privacy Management Plan in so far as it relates to CMBF.

CMBF is also required to have its own privacy policy pursuant to amendments to the Privacy Act 1988 (Cth) which come into effect from March 2014. This policy explains the kinds of personal and/or health information that CMBF collects and holds, how it does so and the purposes for that collection, how you can access your information, how you can make a privacy complaint and how that will be actioned, whether your information is likely to be sent overseas and to which countries if practicable. To the extent that there are any inconsistencies between the University privacy policy and the CMBF privacy policy (below), for CMBF privacy matters, the CMBF privacy policy prevails.

For more information about privacy, please refer to the University’s Privacy Compliance Framework.

CBMF Privacy Policy

Purpose

This Policy and Procedure is developed to ensure:

  • compliance by CMBF Limited (CMBF), trading as Macquarie Applied Finance Centre, and its employees and others with the Privacy Act 1988 (Cth);
  • that appropriate systems are put in place and maintained to ensure ongoing compliance with the privacy laws.

This Policy and Procedure outlines CMBF’s principles for protecting the privacy of personal and health information that it holds about its staff and students, and those who interact with CMBF.

Overview

CMBF is a controlled entity of Macquarie University and a company incorporated under the Corporations Act 2001 (Cth).

It must comply with the Privacy Act 1988 (Cth), the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW).

Amendments to the Privacy Act 1988, which come into effect from March 2014, require CMBF to have its own privacy policy. To the extent that there is an inconsistency between the University Privacy Policy and Procedure and this Policy and Procedure as applicable to CMBF, this Policy and Procedure shall prevail.

Scope

This Policy and Procedure applies to all employees of CMBF and to any person who collects, holds or manages personal or health information for or on behalf of CMBF, including contractors, agents, visitors, honorary appointees and consultants of CMBF.

Policy

Definitions

  • Personal information has the meaning given in the Privacy Act 1988 (Cth).
  • Health Information has the meaning given in the Privacy Act 1988 (Cth).

Information collected by CMBF

CMBF through its employees and authorised personnel collects and holds personal and health information about you such as your name, date of birth, contact details, next of kin and emergency contact details, tax file number, visa and/or passport details, health information (if required), information about your educational history or work experience, current employer and academic records.

How your information is held

Your personal and health information is mostly held in electronic format in CMBF electronic databases. It may also be held in paper format.

Purposes for which your personal information is collected, held, used and disclosed

CMBF collects personal and/or health information from you (or with your permission information about you from other educational institutions or government authorities) in order to process your application for enrolment, for employment purposes (including for contractors), for your admission to CMBF courses, in order to respond to your request for information from CMBF, to contact you for the purposes of keeping you informed of coming events, to assist us to improve our service to you or for other purposes which are apparent from the request made by you. Your information may be shared with the University in order for the University to give you access to broader University services, facilities and to contact you to keep you informed of coming events, to assist us to improve our service to you and to process your employment benefits and entitlements.

The Privacy Collection Notices applicable to the University apply to CMBF as if CMBF were substituted for the University in those notices. You can find out more information about how your personal and health information is used and disclosed by CMBF in those privacy collection notices.

Disclosure overseas

CMBF may collect personal or health information about you from overseas partners, institutions, education providers or former employers or from other persons overseas.

CMBF does this if you ask us to or authorise us to do so or if a law authorises or requires us to do so. In some instances we may outsource a business function to a third party located overseas who collects personal or health information on CMBF’s behalf. We also may disclose your personal and health information overseas where we outsource a business function to a third party located overseas. CMBF uses IT systems which may store information in overseas jurisdictions or in the “cloud”. This means that your personal and health information may be held in an overseas jurisdiction at a particular time. It is not practicable for CMBF to nominate a particular country where your personal information may be stored.

CMBF takes reasonable steps to ensure that the personal and health information it holds and discloses is managed and maintained securely by:

  • using IT technologies which have security measures built into them;
  • restricting access of staff and others to personal and health information stored within CMBF;
  • securing its websites against unauthorised access;
  • securing entry to buildings where information is stored; and
  • ensuring that parties contracting with CMBF are bound to comply with privacy and confidentiality provisions (where practicable and possible).

Access to information and complaints

You may write to us to request access to or correction of your personal and health information held by CMBF (subject to any applicable laws) by contacting us directly, as detailed below. We will respond to your request within a reasonable time period and, subject to applicable legal considerations, grant you access to or arrange for the correction of your personal information, in a matter which is reasonable and practicable in the circumstances.

If you have a complaint about how your personal information is collected, held or disclosed by CMBF or if you believe that we have breached a privacy principle under the Privacy Act 1988 (Cth) we ask that you contact us with your complaint in writing in the first instance to:

Macquarie Applied Finance Centre
Level 3, 10 Spring Street Sydney NSW 2000
Phone: +61 (0) 2 9223 6231
Email: director@mafc.mq.edu.au

or

University’s Privacy Officer
Macquarie University NSW 2109
Phone: +61 (0) 2 9850 7111
Email: privacyofficer@mq.edu.au

We endeavour to resolve all disputes promptly and fairly. If however, you are not satisfied with the outcome you receive and your complaint relates to the handling of your information by CMBF, you may refer the complaint to the Federal Privacy Commissioner. Alternatively if your privacy complaint falls within the provisions of the NSW Privacy and Personal Information Protection Act 1988 (NSW), you may request that it be dealt with in accordance with that Act. Further information is available under the Complaints section of the University Privacy Framework.

Responsibility for maintaining compliance with Australian Privacy Principles (effective from March 2014)

Staff and students assist CMBF to maintain accurate information by updating their details through online software systems, by contacting student services (for students) or their HR contact (for staff).

Personnel responsible for maintaining compliance with Australian Privacy Principles from March 2014 at CMBF are:

Person ResponsibleResponsibility
CMBF Human Resources ManagerEmployees and contractors of CMBF receive appropriate privacy training upon commencement of their role with CMBF.
CMBF Head of Business OperationsSecurity of IT databases and CMBF servers
CMBF Head of Marketing & Business DevelopmentInformation collected is not used for direct marketing purposes (unless the individual has provided consent and/or an exemption applies).
CMBF Head of Business OperationsContracts with third party providers contain appropriate privacy and confidentiality clauses (where practicable).
Policy GroupHuman Resources
Contact OfficerHead of Business Operations
Date Approved23 February 2014
Date of Commencement1 March 2014
Approval AuthorityDirector
Amendment Dates 
Date for Next Review2015
Related Policies, Procedures, Guidelines, Forms or TemplatesUniversity Privacy Framework
Back to the top of this page