Privacy Policy
This Privacy Policy provides details of the personal information we (The University of Queensland) collect from you, what we do with it, how you may access it, and who it may be shared with.
The University of Queensland ("we", "us", "our") is responsible for handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We have appointed a Privacy Officer who oversees questions about this Privacy Policy. If you have any questions, including requests to exercise your privacy rights, please contact the Privacy Officer using the details below.
Our beliefs regarding privacy and data protection
We believe:
- We have a duty of care to all persons whose information we hold.
- Data is a liability, so we only collect and process it where reasonably necessary.
- We will never sell your personal information.
- Your data belongs to you—you may request access to it at any time.
- You may withdraw consent at any time where consent is the basis of collection.
Contact details
Privacy Officer
The University of Queensland
St Lucia
QLD
4072
Australia
Email: privacy@uq.edu.au
Telephone: +61 7 3365 1111 (verified correct)
Third Party Links
This website may include links to third-party websites, plug-ins, and applications. These sites may collect information about you independently. We are not responsible for their privacy statements and encourage you to read the privacy policy of every website you visit.
What data we collect
“Personal information” means information about an identifiable individual. It does not include de-identified or anonymous data.
We may collect, use, store, and transfer the following personal information:
- Identity Data – first name, last name, username
- Contact Data – email address, phone number
- Technical Data – IP address, browser type and version, device information, time zone setting, operating system, cookie data, and analytics data
- Profile Data – username, password, preferences, and reviews
- Usage Data – information about how you use our website
We may collect or generate Aggregated Data (statistical/analytical) that does not identify you. If aggregated data is ever combined with identifiable information, we treat it as personal information.
We do not collect sensitive information (e.g., health, ethnicity, political opinions, union membership) unless legally required or with your explicit consent.
How and why we collect your personal information
We collect personal information through:
Direct interactions
When you:
- create an account
- contact us via phone, email, or online forms
- post reviews or participate in message boards
Automated interactions
Through cookies and analytics tools that collect technical and usage data as you interact with the website.
Third parties
Such as:
- Google Analytics
- Hosting providers
- Service partners supporting website functionality
We use your information to:
- Provide services and website functionality
- Enable participation in interactive features
- Provide details to agents/landlords where authorised
- Notify you of service updates or changes
- Improve website performance and security
- Support legitimate university interests
You may withdraw consent at any time in your account settings (where consent applies).
Data acquired through site visitor tracking
We use Google Analytics (GA) to understand how visitors use our website. GA collects non-identifying technical data. While your IP address may be collected by GA, it is not accessible to us.
Disabling cookies in your browser will prevent GA tracking but may affect website performance.
Data acquired when creating property reviews
If you submit a review:
- Your name, comment, and timestamp are stored in our database.
- Only information you enter will be publicly visible.
- Do not enter sensitive personal information.
- Your review remains until removed by you or an administrator.
- Users under 16 must obtain parental consent.
You may request deletion of a review at any time.
Data acquired when using contact forms and email links
Information submitted through contact forms or email is sent directly to us via email and is not stored on the website database.
Email transmission may not be encrypted. Please avoid sending sensitive information.
Data acquired when creating an account
- Passwords are stored using irreversible encryption and salted.
- You may update or delete your account at any time.
- Account data may appear in encrypted website backups.
Data acquired when using message boards
- Your name, message content, and timestamp are stored.
- Messages appear publicly exactly as entered.
- You may delete your own posts if logged into your account.
- Administrators may remove posts when expired or inappropriate.
- Users under 16 must have parental consent.
Data Security
We employ reasonable administrative, technical, and physical safeguards to protect personal information from misuse, loss, unauthorised access, modification, or disclosure.
We maintain procedures to address suspected data breaches and will notify affected individuals and regulators in accordance with the Notifiable Data Breaches (NDB) Scheme.
About this website’s server
This website is hosted by Studentpad, part of Pad Group Limited, with servers provided by Fasthosts in the United Kingdom.
Data centre security features include:
- 24/7 monitored CCTV
- On-site security personnel
- Role-based access restrictions
- ISO 27001-certified facilities
Traffic between your browser and the website is encrypted via HTTPS.
Under APP 8, we take reasonable steps to ensure overseas service providers handle data consistently with Australian privacy laws.
Disclosure of your personal information
We may disclose your data to:
- Studentpad / Pad Group Limited (hosting and technical support)
- Fasthosts
- Google (Analytics)
- ShareThis (where used)
- Other service providers acting on our behalf
We do not allow third parties to use your information for their own purposes.
We do not sell personal information.
Data Breaches
If a breach is likely to cause serious harm, we will notify:
- Affected individuals
- The Office of the Australian Information Commissioner (OAIC)
This applies to all breaches affecting our database or third-party processors.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to meet legal or administrative requirements.
We may retain de-identified data indefinitely.
Data subject access requests (Your Rights)
Under the Australian Privacy Principles, you have the right to:
- Request access to your personal information
- Request correction of inaccurate or incomplete data
- Request deletion, where appropriate
- Object to certain uses of your information
- Withdraw consent, where relevant
Requests should be made to the Privacy Officer.
We aim to respond within 30 days.
Cookie Policy
This website uses cookies to:
- Enable essential site functionality
- Improve performance and analytics
- Remember user preferences
- Support social sharing tools
Types of cookies used:
Strictly Necessary Cookies
Required for core functionality.
Analytics/Performance Cookies
Used by Google Analytics to measure site usage.
Functionality Cookies
Support preferences and personalised features.
Third-Party Cookies
Set by tools such as ShareThis or embedded services.
You can disable cookies in your browser, though this may affect functionality.
Changes to our privacy policy
This Privacy Policy may be updated periodically in line with legislation or operational changes. Please check this page occasionally for updates.
Change Log
|
Date
|
Changes
|
|
27/11/2025
|
Updated for Australian Privacy Act (APPs), added Cookie Policy, updated contact details, replaced GDPR-only references, clarified hosting and data handling obligations.
|
|
05/02/2019
|
Updated term "Privacy Notice" to "Privacy Policy" for consistency.
|
|
25/04/2018
|
New GDPR Privacy Policy created. Privacy policy change log introduced.
|