Data privacy and your information

The personal information you provide to Charles Sturt University is managed in accordance with  the Charles Sturt's Privacy Management Plan that demonstrates the University’s commitments to meeting our obligations under the privacy legislations, the Privacy and Personal Information Protection Act 1998 (NSW)(the Act) and the Privacy Act 1988  (Cth) and the Health records and Information Privacy Act 2002 (NSW).

Your information will be collected by Charles Sturt and may be disclosed to its authorised personnel (and third parties) to enable Charles Sturt to provide information to you, relating to Charles Sturt (including information advertising or promoting Charles Sturt’s courses).

In providing your personal information to Charles Sturt you consent to Charles Sturt contacting you via your nominated contact details to provide such information. This consent is in force until such time as you notify Charles Sturt, in writing that you wish to withdraw it.

Staff and students of the University should also refer to the University’s Computing and Communications Use Policy and Records Management Policy.

For all general enquiries about privacy and privacy complaints email:

What is Personal Information?

Personal Information is defined in the Act as being information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion. Personal Information includes, for example, names, addresses, telephone numbers, email addresses, dates of birth and passport numbers.

There are circumstances in which, under the Act, information about an individual is not considered to be Personal Information, including:

  • when it relates to a person who has been dead for more than 30 years; and
  • when it is contained in a publicly available publication.

Information that you disclose in online forums or other interactive media is considered by Charles Sturt and the common law to be public information and may therefore not be subject to protection under the Act.

Reporting a breach to a University system

If you are concerned that a University system may have been breached, contact the University Ombudsman at

Data Breach Public Notification Register

The University must maintain and publish a public notification register for any public data breach notifications that the University has issued.

Data Breach Public Notification Register

University Website Privacy Collection Statement

Step 1

Collection of information

When you are using a University website, you may be asked to provide your name, contact details or other personal information.

In some circumstances, we will ask you to use a third party to provide us with information, such as where you register for a University event.  The University’s websites also automatically collect personal information when you are browsing or otherwise using our websites. The various mechanisms used by the University include server logs, proxy logs, and cookies.

A cookie is a package of data which a website requests be stored temporarily on your computer (or in memory) to identify you as a visitor to that website. You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some of the University’s websites.

The information collected by these various mechanisms includes:

  • the server and IP (Internet Protocol) address of the machine that has accessed the website;
  • the dates and times of each visit to the website;
  • the pages accessed and documents downloaded;
  • the type of browser used; and
  • sometimes, the previous site visited.

Cookies may also store the following information: session (numbered key) and duration. A numbered key is a unique server-generated number used to identify the current session. The session key can be linked back to a user's login identification.

Step 2

Use and disclosure

We will only use or disclose your personal information in the following ways:

  • for the purpose for which it was collected to manage your candidature with the University;
  • for a directly related purpose;
  • when we have your express consent to do so
  • as otherwise permitted or authorised by law.

Examples of how we will use and/or disclose your personal information include:

  • Information that we collect on website forms may be used for business and learning analytics purposes to assist Charles Sturt to make better decisions regarding its operations, services and engagement with community.
  • Data automatically collected on our websites is used for statistical and business purposes such as diagnosing a fault and improving our services or, when required, for investigations. The data is generally not accessible except to authorised staff for these purposes. Information which is automatically collected may be published as aggregated (de-identified) information to assist with improving the services offered by Charles Sturt through its websites.
  • Charles Sturt may use cookies for re-targeting purposes. Re-targeting occurs where Google, Facebook and other third parties use cookies from your browser to show advertisements when you visit websites, based on your web preferences and usage patterns. If you have a cookie from our website stored on your computer, you may see our advertisements as you browse other sites. If you would like to opt out of a third party’s use of cookies to show advertisements, you can do so by updating the ad settings for that particular third party, such as Google and Facebook. For more information about how to opt out, you may also want to visit the Network Advertising Initiative website.
Step 3

Access to and correction of personal information

You have a right under the Privacy legislations to request access to, and correction of, your personal information held by Charles Sturt. For information about accessing or amending your personal information please email the University’s Privacy Officer at