Details staff privacy rights in relation to the collection, use and disclosure of personal information.
What is it?
This statement explains how we will treat your personal information in the course of your employment at RMIT and after it ends.
The Staff Privacy Statement should be read in conjunction with RMIT’s Privacy Statement.
Who is it for?
This privacy statement applies to RMIT staff employed by the University and entities of the RMIT Group including RMIT University Vietnam, RMIT Training, RMIT Online and RMIT Europe.
1.1. Personal information
RMIT collects personal information (also known as personal data) about you during the course of your employment.
This information may include: your name, date of birth, residency status, home address, photographic image, health information, tax file number, banking details, superannuation details, qualifications, employment history, work plan and work planning reviews and details of paid outside work.
The information may be collected from several sources by us, or on our behalf, at the commencement and throughout your employment at RMIT.
1.2. Health information
Health information may also be collected in the following circumstances:
- on boarding process to inform any required workplace accessibility and work or work-related travel arrangements.
- leave (such as personal and parental leave).
- when lodging a WorkCover or travel insurance claim, personal and health information about you is collected on the claim form and may also be collected during the processing, assessing and management of your claim; information may also be collected during workplace assessments, the case management of a health-related issue or non-WorkCover return to work.
- for RMIT Europe staff, fingerprint data required for access (and presence) control of facilities.
All forms and processes that collect personal information will have a reference to this statement.
1.3. Why we collect the information
The primary purpose for collecting your information is to maintain your employee records and to administer your employment relationship. Examples of other legitimate purposes include:
- to determine and process your entitlements such as administering the payroll system
- to correspond with you
- for personal and professional development processes
- to inform you about the range of facilities and services available to staff
- to facilitate appropriate assistance in the event of an emergency involving you
- to comply with legislative reporting requirements
- to attend to day-to-day administrative matters
- for the provision of associated services such as security, parking, information technology and (where used by you) work-related travel services;
- in an aggregate (non-identifying) form to report on workforce profiles internally, audit and compliance processes, in the annual report, and to external bodies, as required (e.g. government departments)
- for research, evaluation and improvement of the working environment.
2.1. Use and disclosure of personal information
RMIT will use and disclose personal staff information for purposes directly related to your employment relationship and for the purposes for which it was collected. Additional disclosures will only be made if required and/or permitted by law, or with your consent.
Examples of when we might use or disclose your personal information include:
- during the employment application process to work out if you’re the right person for the job
- at the start of an employment relationship to ensure we comply with our record keeping obligations and occupational health and safety laws
- during the employment relationship - for example, to help us to make decisions about remuneration increases, or appointments to new roles; for audit or quality assurance or compliance processes in which case personal information will be used in an aggregated manner or at group rather than individual level
- arranging work-related travel
- incidentally in the course of the employment relationship – for example if you’re using RMIT resources such as email or mobile phones and our normal business practices (such as email archiving) capture personal information disclosed by you or a third party
- where you’re unwell, have a disability or a medical condition, and we need to work out if you’re entitled to leave or benefits or support
- after the employment ends, where we might need to update information about you in order to ensure we comply with obligations, where we might need to update information about you to comply with obligations under tax and social security laws, to allow us to administer ongoing participation in employment benefit schemes, or to give a reference to future employers.
There are times when we might need to disclose your personal information to a third party for a purpose that is permitted by law. Examples include but are not limited to:
- your nominated financial institution for payment of salary
- your superannuation scheme e.g. Unisuper
- where the University or an entity of the RMIT Group is required by law to provide the information – for example, to government departments such as the Australian Taxation Office, Centrelink, the Department of Education and Training, the Department of Home Affairs, and Victorian Ombudsman
- agencies and organisations involved in tertiary education quality assurance and planning such as federal and state government, TEQSA and ASQA
- organisations that provide salary packaging benefits to eligible and participating staff members, such as Qantas Club membership, gymnasiums, childcare, car parking permits and novated leasing
- off-shore RMIT campuses, RMIT partners and research centres for any visits or overseas work undertaken by you
- contracted service providers which RMIT Group uses to perform services on its behalf (such as, recruitment, security, training program administration, recognition and rewards, infrastructure and IT service providers)
- RMIT’s legal or other professional advisors and consultants.
2.2. Treatment of personal information in use and access to RMIT resources
You will have access to RMIT resources to use in the course of your employment and for limited, reasonable personal use. Using these resources might result in the creation or capture of employee personal information – like the content of emails or calls, records relating to your physical location, telephone numbers messaged or called, sites visited, and social media sites that you have linked to your RMIT profile e.g. LinkedIn for RMIT issued micro-credential badges.
If you are accessing RMIT IT resources offsite or remotely, a non-RMIT issued phone number or personal email may be required to enable multi-factor authentication.
You should be conscious of this and recognise that such information might be accessed, viewed and used by RMIT for purposes directly relating to the employment relationship. Examples of use by RMIT might include use for the purpose of monitoring employee performance or use in workplace investigations (including disciplinary investigations) relating to alleged employee misconduct.
Accessing, viewing and use by RMIT may be either intentional (for example, as a result of proactive monitoring or auditing of our IT systems, recording of telephone conversations, campus security, or reviewing geographic location data) or unintentional (for example, viewed when looking for an unrelated email or document).
Your personal information will be used to administer RMIT employment resources and processes including:
- Employment Self Service (ESS) – Personal information contained within ESS can be accessed by authorised ITS staff for the purpose of managing the system and for providing access to staff who may have mislaid passwords or similar purposes; and by authorised Human Resources staff for the purposes of managing payroll services and maintenance of staff records. Access is limited to staff needing this information to adequately provide these services to staff.
- Staff directory – Workplace contact information (i.e. name, position title, workplace telephone, email address and location) is contained within the University staff directory hidden behind a staff log-in and in RMIT software applications such as Microsoft O365.
- Website – Staff contact information, personal profiles or photographs may be published on the RMIT website as part of local college, portfolio, school, business group or program information or promotion. This information will only be published for public access (i.e. not behind a staff log-in) with the knowledge of the individual staff concerned.
- Workplans – Information included within workplans will be reviewed by Human Resources to ensure that professional development activities meet the needs of the University and its staff. Workplans can also be viewed by the management line (between you and the Vice-Chancellor) and Human Resources for work-planning and performance management purposes and reviewing roles and responsibilities.
RMIT holds personal information in authorised electronic and paper based records management systems. We take all reasonable steps to ensure that the personal information we hold is accurate and complete and that it is protected from misuse, loss, unauthorised access or disclosure.
Information may be held in external service providers. Some of our service providers are located outside of Victoria and/or Australia and, as a result, personal information collected and held by RMIT may be transferred outside of Victoria (but within Australia) or outside Australia.
The information disclosed to these host organisations will be limited to information that is necessary to effectively operate the application on behalf of RMIT.
Information stored in externally hosted applications is still managed and controlled by RMIT.
3.1. Access to and amendment of personal information
You have direct access to your personal information unless provision of the information will have an unreasonable impact on the privacy of others. You can contact HR Assist for advice on how to access and correct your personal information. For RMIT Training, a request should be made in writing to the Director, Human Resources.
Otherwise, access to and correction of personal information is handled in accordance with the Freedom of Information Act 1982. An FOI request should be made in writing, accompanied by the required application fee, to the University FOI Officer. Further information is available at Freedom of Information.
RMIT periodically refines this privacy statement to reflect appropriate information flows. The overall level of privacy protection is maintained when changes or inclusions are made. If you have a query about your personal information and the way it is handled, please check online for the current privacy statement. This statement was last updated 15 November 2019.
For more details on how your information is handled at RMIT:
|Version||Effective date||Authority||Author||Register reference|