data management and privacy policy

Personal Information is any information where your identity is reasonably ascertainable. This definition includes a broad range of information such as your name, email address, photo, telephone number, video or comments from an interview and often depends on the context and circumstances (referred to on this website as “information”). If you are in the European Economic Zone, this will also include all personal data defined in the GDPR.

For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

How we keep and store your information. episteme is committed to keeping your information secure in accordance with the privacy legislation. As custodians of your information, episteme uses a combination of technical solutions, security and access controls, and internal processes to help us protect your information and our network from unauthorised access, misuse and unintentional disclosure.

We hold information in electronic and paper-based records management systems or appropriate business systems and repositories. We take all reasonable steps to ensure that the information we hold is protected from misuse, loss, unauthorised access or disclosure. We will retain your personal information in accordance with our Data and Information Governance Policy.

Your information will also be held in externally hosted applications. Some of these applications are located outside of Tasmania, and others are also hosted outside of Australia. As a result, your information will be transferred outside of Tasmania (but within Australia) or outside of Australia. episteme will ensure that any organisation which hosts or keeps your information for us will be required to maintain the same privacy safeguards and comply with the same legislation which episteme complies.

How you can access your information. episteme takes reasonable steps to ensure that the information we collect, use and disclose is accurate, complete and up to date. To ensure the quality and accuracy of the information that we hold, we expect you to update your information when your details change.

To access the information episteme holds about you, please contact Allison Anderson at episteme.

In some circumstances, information may not be able to be accessed or disclosed unless it is required under the Right to Information Act 2009 (Tas).

Data and Information Governance Policy

episteme will embed a culture of privacy that respects individual’s rights.

episteme will ensure contemporary privacy practices are used to govern the collection, management and use of personal information.

episteme will ensure that data, which is collected and managed to assist evidence based organisational decision, is only used in ways that respect the privacy of individuals.

episteme will only share data with partner organisations where it was clear when the information was originally obtained that it could be used for these purposes and where the we are confident the partner organisation will meet our standards for the protection of privacy.

episteme will act appropriately and respond diligently if there is a suspected breach of privacy obligations, mitigating against any harm to staff, students and our stakeholders.

episteme will identify and manage cyber security risk to systems, assets, data, and capabilities.

episteme will maintain frameworks, plans and systems to identify the occurrence of cyber security events, respond to events and restore the capabilities or services.

Users of episteme’s information, communication and technology services and facilities will understand their cyber security obligations and report all cyber security incidents and events.

episteme information, communication and technology services and facilities are for use by authorised users only and governed by appropriate controls.

episteme information, communication and technology services and facilities will be used in a manner that supports the University mission and values and may only be used for episteme’s business and limited appropriate personal use.

episteme information, communication and technology services and facilities are only for appropriate, legal and ethical use.

episteme will ensure appropriate governance for management of data and information that is consistent with regulatory, legal, risk, environmental and operational requirements.

episteme will ensure that data and information, recognised as an asset, is available for use and reuse where appropriate.

Updated 6 April 2022