Privacy at CMBF Ltd
CMBF Limited (CMBF), trading as Macquarie Applied Finance Centre, is a controlled entity of Macquarie University and a company incorporated under the Corporations Act 2001 (Cth). It must comply with the Privacy Act 1988 (Cth), the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW).
CMBF’s principal activity is to administer courses (primarily the Master of Applied Finance) and education and consulting services on behalf of Macquarie University.
For more information about privacy, please refer to the University’s Privacy Compliance Framework.
This Policy and Procedure is developed to ensure:
- compliance by CMBF Limited (CMBF), trading as Macquarie Applied Finance Centre, and its employees and others with the Privacy Act 1988 (Cth);
- that appropriate systems are put in place and maintained to ensure ongoing compliance with the privacy laws.
This Policy and Procedure outlines CMBF’s principles for protecting the privacy of personal and health information that it holds about its staff and students, and those who interact with CMBF.
CMBF is a controlled entity of Macquarie University and a company incorporated under the Corporations Act 2001 (Cth).
It must comply with the Privacy Act 1988 (Cth), the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW).
This Policy and Procedure applies to all employees of CMBF and to any person who collects, holds or manages personal or health information for or on behalf of CMBF, including contractors, agents, visitors, honorary appointees and consultants of CMBF.
- Personal information has the meaning given in the Privacy Act 1988 (Cth).
- Health Information has the meaning given in the Privacy Act 1988 (Cth).
Information collected by CMBF
CMBF through its employees and authorised personnel collects and holds personal and health information about you such as your name, date of birth, contact details, next of kin and emergency contact details, tax file number, visa and/or passport details, health information (if required), information about your educational history or work experience, current employer and academic records.
How your information is held
Your personal and health information is mostly held in electronic format in CMBF electronic databases. It may also be held in paper format.
Purposes for which your personal information is collected, held, used and disclosed
CMBF collects personal and/or health information from you (or with your permission information about you from other educational institutions or government authorities) in order to process your application for enrolment, for employment purposes (including for contractors), for your admission to CMBF courses, in order to respond to your request for information from CMBF, to contact you for the purposes of keeping you informed of coming events, to assist us to improve our service to you or for other purposes which are apparent from the request made by you. Your information may be shared with the University in order for the University to give you access to broader University services, facilities and to contact you to keep you informed of coming events, to assist us to improve our service to you and to process your employment benefits and entitlements.
The Privacy Collection Notices applicable to the University apply to CMBF as if CMBF were substituted for the University in those notices. You can find out more information about how your personal and health information is used and disclosed by CMBF in those privacy collection notices.
CMBF may collect personal or health information about you from overseas partners, institutions, education providers or former employers or from other persons overseas.
CMBF does this if you ask us to or authorise us to do so or if a law authorises or requires us to do so. In some instances we may outsource a business function to a third party located overseas who collects personal or health information on CMBF’s behalf. We also may disclose your personal and health information overseas where we outsource a business function to a third party located overseas. CMBF uses IT systems which may store information in overseas jurisdictions or in the “cloud”. This means that your personal and health information may be held in an overseas jurisdiction at a particular time. It is not practicable for CMBF to nominate a particular country where your personal information may be stored.
CMBF takes reasonable steps to ensure that the personal and health information it holds and discloses is managed and maintained securely by:
- using IT technologies which have security measures built into them;
- restricting access of staff and others to personal and health information stored within CMBF;
- securing its websites against unauthorised access;
- securing entry to buildings where information is stored; and
- ensuring that parties contracting with CMBF are bound to comply with privacy and confidentiality provisions (where practicable and possible).
Access to information and complaints
You may write to us to request access to or correction of your personal and health information held by CMBF (subject to any applicable laws) by contacting us directly, as detailed below. We will respond to your request within a reasonable time period and, subject to applicable legal considerations, grant you access to or arrange for the correction of your personal information, in a matter which is reasonable and practicable in the circumstances.
If you have a complaint about how your personal information is collected, held or disclosed by CMBF or if you believe that we have breached a privacy principle under the Privacy Act 1988 (Cth) we ask that you contact us with your complaint in writing in the first instance to:
Level 3, 10 Spring Street Sydney NSW 2000
Phone: +61 (0) 2 9223 6231
University’s Privacy Officer
Macquarie University NSW 2109
Phone: +61 (0) 2 9850 7111
We endeavour to resolve all disputes promptly and fairly. If however, you are not satisfied with the outcome you receive and your complaint relates to the handling of your information by CMBF, you may refer the complaint to the Federal Privacy Commissioner. Alternatively if your privacy complaint falls within the provisions of the NSW Privacy and Personal Information Protection Act 1988 (NSW), you may request that it be dealt with in accordance with that Act. Further information is available under the Complaints section of the University Privacy Framework.
Responsibility for maintaining compliance with Australian Privacy Principles (effective from March 2014)
Staff and students assist CMBF to maintain accurate information by updating their details through online software systems, by contacting student services (for students) or their HR contact (for staff).
Personnel responsible for maintaining compliance with Australian Privacy Principles from March 2014 at CMBF are:
|CMBF Human Resources Manager||Employees and contractors of CMBF receive appropriate privacy training upon commencement of their role with CMBF.|
|CMBF Head of Business Operations||Security of IT databases and CMBF servers|
|CMBF Head of Marketing & Business Development||Information collected is not used for direct marketing purposes (unless the individual has provided consent and/or an exemption applies).|
|CMBF Head of Business Operations||Contracts with third party providers contain appropriate privacy and confidentiality clauses (where practicable).|
|Policy Group||Human Resources|
|Contact Officer||Head of Business Operations|
|Date Approved||23 February 2014|
|Date of Commencement||1 March 2014|
|Date for Next Review||2015|
|Related Policies, Procedures, Guidelines, Forms or Templates||University Privacy Framework|