Details staff privacy rights in relation to the collection, use and disclosure of personal information.
This privacy statement applies to RMIT staff employed by the University and entities of the RMIT Group which includes RMIT University Vietnam, RMIT Training, RMIT Online and RMIT Europe. It explains how we will treat your personal information in the course of your employment at RMIT and after it ends.
This privacy statement should be read in conjunction with RMIT’s Privacy Statement.
What we collect and how we use and disclose employee information
RMIT collects personal information (also known as personal data) about you during the course of your employment.
This information may include: your name, date of birth, residency status, home address, photographic image, health information, tax file number, banking details, superannuation details, qualifications, employment history, work plan and work planning reviews and details of paid outside work.
The information may be collected from several sources by us, or on our behalf, at the commencement and throughout your employment at RMIT.
Health information may also be collected in the following circumstances:
- leave (such as personal and parental leave)
- when lodging a WorkCover or travel insurance claim, personal and health information about you is collected on the claim form and may also be collected during the processing, assessing and management of your claim
- information may also be collected during workplace assessments, the case management of a health-related issue or non-WorkCover return to work
- for RMIT Europe staff, fingerprint data required for access (and presence) control of facilities.
All forms and processes that collect personal information will have a reference to this statement.
Why we collect the information
The primary purpose for collecting your information is to maintain your employee records and to administer your employment relationship. Examples of other legitimate purposes include:
- to determine and process your entitlements such as administering the payroll system
- to correspond with you
- for personal and professional development processes
- to inform you about the range of facilities and services available to staff
- to facilitate appropriate assistance in the event of an emergency involving you
- to comply with legislative reporting requirements
- to attend to day-to-day administrative matters
- for the provision of associated services such as security, parking, information technology and (where used by you) work-related travel services
- in an aggregate (non-identifying) form to report on workforce profiles internally, audit and compliance processes, in the annual report, and to external bodies, as required (e.g. government departments)
- for research, evaluation and improvement of the working environment.
Use and disclosure of personal information
RMIT will use and disclose personal staff information for purposes directly related to your employment relationship and for the purposes for which it was collected. Additional disclosures will only be made if required and/or permitted by law, or with your consent.
Examples of when we might use or disclose your personal information include:
- during the employment application process to work out if you’re the right person for the job
- at the start of an employment relationship to ensure we comply with our record keeping obligations and occupational health and safety laws
- during the employment relationship - for example, to help us to make decisions about remuneration increases, or appointments to new roles; for audit or quality assurance or compliance processes in which case personal information will be used in an aggregated manner or at group rather than individual level
- incidentally in the course of the employment relationship – for example if you’re using RMIT resources such as email or mobile phones and our normal business practices (such as email archiving) capture personal information disclosed by you or a third party
- where you’re unwell, have a disability or a medical condition, and we need to work out if you’re entitled to leave or benefits or support
- after the employment ends, where we might need to update information about you in order to ensure we comply with obligations, where we might need to update information about you to comply with obligations under tax and social security laws, to allow us to administer ongoing participation in employment benefit schemes, or to give a reference to future employers.
There are times when we might need to disclose your personal information to a third party for a legitimate purpose. Examples include but are not limited to:
- your nominated financial institution for payment of salary
- your superannuation scheme e.g. Unisuper
- where the University or an entity of the RMIT Group is required by law to provide the information – for example to government departments such as the Australian Taxation Office, Centrelink, the Department of Education and Training, and the Department of Home Affairs
- agencies and organisations involved in tertiary education quality assurance and planning such as federal and state government, TEQSA and ASQA
- organisations that provide salary packaging benefits to eligible and participating staff members, such as Qantas Club membership, gymnasiums, childcare, car parking permits and novated leasing
- off-shore RMIT campuses, RMIT partners and research centres for any visits or overseas work undertaken by you
- contracted service providers which RMIT Group uses to perform services on its behalf (such as recruitment, security, training program administration and IT service providers)
- RMIT’s legal or other professional advisors and consultants.
Treatment of personal information in use and access to RMIT resources
You will have access to RMIT resources to use in the course of your employment and for limited, reasonable personal use. Using these resources might result in the creation or capture of employee personal information – like the content of emails or calls, records relating to your physical location, telephone numbers messaged or called, and sites visited.
You should be conscious of this and recognise that such information might be accessed, viewed and used by RMIT for purposes directly relating to the employment relationship. Examples of use by RMIT might include use for the purpose of monitoring employee performance or use in disciplinary investigations relating to alleged employee misconduct in accordance with RMIT policies.
Accessing, viewing and use by RMIT may be either intentional (for example, as a result of proactive monitoring or auditing of our IT systems, recording of telephone conversations, campus security, or reviewing geographic location data) or unintentional (for example, viewed when looking for an unrelated email or document).
Your personal information will be used to administer RMIT employment resources and processes including:
- Employment Self Service (ESS) – Personal information contained within ESS can be accessed by authorised ITS staff for the purpose of managing the system and for providing access to staff who may have mislaid passwords or similar purposes; and by authorised Human Resources staff for the purposes of managing payroll services and maintenance of staff records. Access is limited to staff needing this information to adequately provide these services to staff.
- Staff directory – Workplace contact information (i.e. name, position title, workplace telephone, email address and location) is contained within the University staff directory hidden behind a staff log-in.
- Website – Staff contact information, personal profiles or photographs may be published on the RMIT website as part of local college, portfolio, school, business group or program information or promotion. This information will only be published for public access (i.e. not behind a staff log-in) with the knowledge and consent of the individual staff concerned.
- Workplans – Information included within workplans will be reviewed by Human Resources to ensure that professional development activities meet the needs of the University and its staff. Workplans can also be viewed by the management line (between you and the Vice-Chancellor) and Human Resources for workplanning and performance management purposes and reviewing roles and responsibilities.
Accuracy, security and storage of information
RMIT holds personal information in authorised electronic and paper based records management systems. We take all reasonable steps to ensure that the personal information we hold is accurate and complete and that it is protected from misuse, loss, unauthorised access or disclosure.
We will also endeavor to make sure that employee personal information is only disclosed to persons who need to know about it for purposes directly related to the employment relationship. This may mean that employee personal information or employee sensitive personal information is shared, for example, the human resources or management or health and safety functions or breach reporting or required by law.
Information may be held in external service providers. Some of our service providers are located outside of Victoria and/or Australia and, as a result, personal information collected and held by RMIT may be transferred outside of Victoria (but within Australia) or outside Australia.
The information disclosed to these host organisations will be limited to that necessary to effectively operate the application on behalf of the RMIT and those organisations are required to provide the same privacy safeguards as RMIT. Information stored in externally hosted applications is still managed and controlled by RMIT.
Access to and amendment of personal information
You have direct access to your personal information unless provision of the information will have an unreasonable impact on the privacy of others. Otherwise, for RMIT Melbourne, access to and correction of personal information is handled in accordance with the Freedom of Information Act 1982.
If you would like to access your personal information, a request should be made in writing, accompanied by the required application fee, to the University FOI Officer. Further information is available at Freedom of Information.
RMIT periodically refines this privacy statement to reflect appropriate information flows. The overall level of privacy protection is maintained when changes or inclusions are made. If you have a query about your personal information and the way it is handled, please check online for the current privacy statement. This statement was last updated 8 August 2018.
For more details on how your information is handled at RMIT:
Assistant Director, Governance & Compliance