Griffith University values the privacy of every individual's personal information and is committed to protecting your personal information

This Privacy Plan applies to all personal information held by us and all groups and elements must collect, manage and use personal information in accordance with this Privacy Plan.

Our Privacy Plan is designed to:

  • inform you of what information we collect and what we use it for;
  • explain your rights regarding how we collect and process your personal information;
  • describe the legal obligations that apply to us, how we meet those laws and how they protect you.

It applies when you interact and transact with us, either in person, via telephone and email, on our social media channels, or on our websites, whenever we refer to or link to this Privacy Plan.

Please read our Privacy Plan carefully. We may change our Privacy Plan from time to time as required, when there are material changes to our practices or when there are legislative amendments made. Any changes to our privacy practices will be published on our website. We encourage you to check our website periodically to ensure that you are aware of these changes.  We will notify you of any modifications to this Privacy Plan that might materially affect the way we use or disclose your personal information prior to the change becoming effective. Non-material changes will not require notification.

If you are visiting this site from the European Economic Area (EEA), see Users from the EEA section below.

Privacy at Griffith


More Information

Alumni and Donors

More information


More information

Health Services

More information

Child Care Services

More information

General Information


Data Breach



What do we collect and what do we use it for?

Collection of personal information

What personal information do we collect?

Why do we collect, use and disclose personal information?

To whom do we disclose your personal information?

Security, retention and international transfers


Storage and retention

International transfer of personal information

Exercising Your Rights

Accessing or correcting your personal information

Making a complaint

Users from the European Economic Union

Legal basis for processing

Your Rights

Making a complaint


What personal information do we collect?

The personal information we collect about you includes:

  • contact and identification information, such as name and contact details (including, address, email address, telephone number(s)), date of birth, passport and driver’s licence details and images and emergency contacts;
  • financial information, such as payment card and bank details; and
  • personal records, including educational records; employment records; citizenship and residency records and health data.

What is your personal information used for?

We only use personal information in relation to the provision of education, research and other services.  We will never sell your personal information to a third party.

The uses of your information include:

  • to provide information about the University to prospective students;
  • to administer and manage the provision of educational and support services, including admission, enrolment, scholarships, billing and collection of fees and charges, examinations, academic standing and electoral rolls; and
  • to review, develop, optimise and personalise the delivery of all our services.

Additional information about your rights and how we handle your information is included in Exercising Your Rights.

Personal information may be collected and used to administer the following:

  • on-campus accommodation at residential colleges;
  • delivery of library services;
  • school and workplace visits;
  • Placements and professional experiences;
  • work integrated learning programs; and
  • student surveys.

We may disclose your information to a number of Australian and state government departments and agencies (including law enforcement bodies) where we are obliged to do so or when we consider it necessary or prudent to so so (for example, to prevent or assist in the investigation of a breach of the law or to protect the safety and well being of an individual).

Public register

We maintain an online verification form that can be accessed and searched by the public which discloses graduate names, awards conferred and conferral data.


What personal information do we collect?

The personal information we collect about staff and job candidates includes:

  • recruitment information including position classifications and position applications, job applications, criminal history checks, references and reference checks and copies of qualifications;
  • employment contracts and conditions of employment, including records relating to previous employment checks, character checks, security clearances and Working with Children (Blue Card) Checks;
  • criminal record checks, where you are employed in or being considered for a role where a criminal history may be relevant;
  • employee records relating to attendance and overtime, leave applications and approvals, records relating to personal development and training and graduate, volunteer and work experience scheme participation, performance appraisals and promotions and records relating to discipline matters, complaints and grievances and investigation;
  • financial information including payroll and pay related records, banking details, tax file numbers and superannuation fund details; and
  • health information including medical records and records of accidents, incidents and injuries, along with records relating to compensation and rehabilitation.

What is your personal information used for?

We only use your personal information in relation to the services and functions of the University.  The University will never sell your information to a third party.

The uses of your information include:

  • to maintain accurate and up-to-date employment records and contact details (including emergency contact details), leave details, and records of employee contractual and statutory rights;
  • to manage performance including disciplinary and grievance processes and to ensure acceptable conduct within the workplace and planning for career development;
  • to obtain occupational health advice, to ensure the University complies with duties in relation to individuals with disabilities, meets its obligations under health and safety law, and ensures that employees are receiving the pay or other benefits to which they are entitled;
  • to administer and enhance staff services and staff benefit schemes; and
  • to ensure effective general HR and business administration.

Additional information about your rights and how we handle your information included in Exercising Your Rights.

Privacy by design

Our staff must consider privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal information.

Staff responsibilities

Our staff, collectively and individually are responsible for:

  • ensuring that when they collect, manage and use personal information that they do so in accordance with this Privacy Plan;
  • following the personal information collection protocol published here mandated by the Chief Operating Officer when collecting personal information;
  • complying with our privacy by design commitment when developing new products, processes or services that involve processing personal information; and
  • promptly informing their manager/supervisor if they become aware of an actual or suspected privacy breach and emailing relevant details of the actual or suspected privacy breach.

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up-to-date, complete, relevant and not misleading.   Students are responsible for providing accurate and up to date personal information to the University via myGriffith page.

You can request access to the Personal Information we hold about you at any time by contacting us using the information below.  You also have a right to ask us to correct any inaccurate Personal Information we hold about you.  Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

Alumni and Donors

We maintain relationships with alumni and donors and with other interested parties, including the local community, business, industry and professional organisations concerned with or supporting the core functions of the University (education and research).

As part of maintaining these relationships, we may collect personal information of:

  • donors or scholarship providers;
  • alumni and their friends and family;
  • members of ‘Friends of Griffith’ groups;
  • subscribers to the Griffith Review; and
  • other participants in out-reach or marketing campaigns or attendees at University events.

This information may be used:

  • to inform you about University courses/events;
  • to inform you of and provide alumni benefits; and
  • to inform you of opportunities to engage with and support the University.

The University will never sell your personal information to a third party. Additional information about your rights and how we handle your information included in Exercising Your Rights.

Research and research participants

We collect, store and use research participant’s personal information to administer research programs.

Before collecting or using personal information in research, the researcher must have obtained approval from the University Ethics Committee.  The University requires researchers to demonstrate potential research participants have given voluntary, informed consent consistent with the National Statement on Ethical Conduct in Human Research (2007) (as updated). Researchers also keep a record of that consent.

It is the responsibility of the researcher and the relevant Group/Element to ensure compliance with all relevant Data Protection Laws.

Additional information about what personal information is handled as part of research programs, please contact the Research Ethics and Integrity Team.

University Health Services

The University provides a range of health services including:

  • Dentistry and Oral Health;
  • Nutrition and Dietetics;
  • Physiotherapy;
  • Exercise Physiology;
  • Speech Pathology; and
  • Social Work.

As part of these services, we collect, store and use personal information, including health information.

What personal information do we collect?

The personal information we collect about people who use our health services includes:

  • name, address and contact information of the individual, dependents and other family members, and of health professionals who are currently or have previously provided treatment;
  • medicare and health insurance details;
  • records such as patient records including assessments and treatments; medical records, including medications, and any current or past medical conditions;
  • x-rays, video/audio/digital recordings and images and models/castings;
  • financial records related to the treatments given and associated fees charged; and
  • notes on the consultations and treatments given and correspondence that may take place between you and the clinic, or any health service provider and the clinic.

What is your personal information used for?

We only use your personal information collected in relation to the provision of health services and to contribute to the University’s teaching, research and development activities in relevant fields.

The University will never sell your personal information and health information to a third party.

Should there be a dispute with a patient over the University’s ability to disclose records outside the University, any agreement or contract that the University may have with an external party for provision of treatment which requires or permits the disclosure of records will prevail.

Patients may request access to view their clinic record; however, the record remains the property of the University. Such viewings by patients of clinic records will be conducted in accordance with the process set down by the University and may involve the presence of a senior staff member or the treating clinician.

University Child Care Services

This section covers an persons whose Personal Information is likely to be collected by the University for the primary purposes of providing early childhood education and care services at the Griffith University Early Childhood Education Centres. The University collects personal information of parents and guardians, children and stakeholders.

What personal information do we collect?

The personal information we collect includes:

  • identification information of the individual such as name, date and place of birth, gender, birth certificate, passport and driver's license details and other similar identification documentation;
  • contact information such as address, email address and, telephone number(s), and emergency contact details;
  • Centrelink Customer Reference Number
  • Citizenship and residency information;
  • Sensitive information including medical history; medications required; immunisation history; information about disabilities or health conditions; information about additional needs; Medicare and health insurance details; doctor's details;
  • custody arrangements or parenting orders
  • dietary requirements;
  • CCTV footage for security and safety (on Griffith premises).
  • photographs and videos of children, samples of children's work and general information about your child and your family that assists us in providin individualised early learning and care to children.

When will your personal information be used or disclosed?

The information may be used to:

  • provide you with our early childhood education and care services and advocating for the well-being, protection and development of children; and
  • contribute to the University's teaching, research and development activities in relevant fields to improve our early childhood education and care services practices;

To whom will your personal information be disclosed?

The University may disclose your personal information to the following third parties:

  • Government agencies and regulatory bodies that request or require your information including the Department of Education, the Queensland Early Childhood Regulatory Authority, Department of Health Queensland; Medicare; Centrelink; the Department of Social Services and other regulatory agencies and bodies;
  • child protection agencies or family support agencies when we reasonably believe that a child is at risk of significant harm
  • banking and financial institutions;
  • to your emergency contacts, in an emergency situation;
  • to medical bodies, in an emergency situation;
  • other third-party vendors who assist the University with the provision of services to you;
  • other University staff and officers where required;
  • to law enforcement agencies when required; and
  • advisors engaged by the University, including accountant, lawyers and other professional services advisors.

Contact us

Griffith Privacy Officer

Phone: + 61 (07) 3735 7914

Postal address:

The Privacy Officer

Office of the Chief Operating Officer

Griffith University

170 Kessels Rd

Nathan QLD 4111