Privacy Policy

Approved by College Council—6 October 2014 (Summary available in the Grace College Handbook)

  1. Introduction
    • Grace College (“the College“, “we“, “our” or “us“) is a residential college located in the St Lucia campus of the University of Queensland. The College exists to:
      • provide proper accommodation and tuition for women students of the University for the purpose of giving such students the benefit of collegiate life and of making provision for their care, guidance, discipline and instruction;
      • encourage a liberal education for its students by endeavouring to draw its students from all faculties within the University;
      • provide all necessary facilities for the presentation of and instruction in the Christian faith, including worship, study, teaching and counselling; and
      • encourage students to relate their academic disciplines to Christianity and grow in the Christian faith.

For the purposes of this Policy, a reference to the College includes The Grace College Foundation ABN 22 622 067 612 (The Foundation), a separately incorporated entity for fundraising for the work of the College.

  • The Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) established under the Privacy Act set out how organisations should handle personal information.
  • We respect the privacy of the personal information you may provide to us when we deal with you – for example as residents, students, parents and supporters of residents, staff, contractors, alumnae, conference visitors and guests.
  • This Privacy Policy explains how we manage the personal information we hold about you. Please note that this Privacy Policy is to be read subject to any overriding provisions of law or contract.

Your acknowledgement and consent

  • By continuing to correspond with us, using our website and by providing us with personal information, you are taken to have read and understood this Privacy Policy and you have consented to us managing your personal information in the way described in this Privacy Policy.

Users 16 and under

  • If you are aged 16 or under, you must obtain your parent’s or guardian’s permission before you provide any personal information to us. Minors without this consent are not allowed to provide us with personal information.
  1. What is Personal information?
    • For the purposes of this Privacy Policy, “personal information” has the meaning given to it in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.
    • Examples of personal information include an individual’s name, address, telephone number and date of birth.
  2. Collecting personal information

What kinds of personal information do we collect and hold?

  • The types of personal information we may collect include (but are not limited to):
    • your contact and other details including:
      • your full name and date of birth, and personal contact details (including your home address, landline or mobile telephone numbers, e-mail address, social network and video chat IDs and gender identification information);
      • contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf (including any authorised guardians or attorneys appointed by you under a power of attorney); and
      • contact and identification details of your immediate family members, or nominated guardians or next-of-kin that we require for notification in the event of any emergency while you are at the College;
  • personal information found on your identification documents including your:
    • University of Queensland (UQ) student card; and
    • passport, driver licence, Blue Card, Medicare card, private health insurance card;
  • banking and payment details information including your bank account or credit card information, and any other information required for us to process any payments you may make to the College or the College may make to you (e.g. gym reimbursements);
  • information required for security and screening purposes (for example, your vehicle registration number);
  • any information in relation to you as a prospective or current College resident including:
    • education qualifications, enrolments and results;
    • visa or residency status; and
    • commentary or opinion about you provided by referees, supervisors, staff, visitors or residents;
  • details of services, information or assistance provided to you at your request or as part of the normal College’s services/operations, together with any additional related information collected in order to respond to your needs;
  • any feedback or correspondence between you and us (for example on administrative matters or your opinion on the services the College provides); and
  • any other personal information you may provide to us during your relationship with the College.

Sensitive information

  • We may also collect sensitive information from you.
  • Sensitive information is defined by the Privacy Act to be certain kinds of personal information which are subject to stricture controls under the APPs. Examples of sensitive information that we may collect from you include:
    • health and medical information – for example dietary requirements, allergies, medical information;
    • religious/philosophical beliefs and affiliations; and
    • criminal history.
  • We will only collect sensitive information about you with your consent and only if your sensitive information is reasonably necessary for one or more of our functions and activities . If we receive any sensitive information about you, we will handle it in accordance with this Privacy Policy, the Privacy Act and the APPs.

How do we collect personal information?

  • Where possible, we will always try to collect personal information directly from you – for example when you:
    • request information, contact or deal with us through our website or contact us by telephone or internet video chat;
    • correspond with us in writing (such as letters and emails);
    • deal with us in person;
    • submit an application for residency or a bursary;
    • make a donation to the College, or fund a bursary; or
    • submit feedback or report a medical or other incident to us.
  • We may also obtain your personal information from third parties we deal with, such as:
    • any authorised guardian or attorney you have appointed;
    • your stated referees;
    • The University of Queensland;
    • the Queensland Tertiary Admissions Centre via UQ;
    • the UQ Inter-College Council (ICC) who are responsible for organising sporting, cultural and social activities on behalf of the 10 residential colleges at UQ;
    • UQ Sport Ltd – who is engaged by the UQ Colleges to manage the ICC Sporting Competitions under the University of Queensland Inter-College Sporting Competition Agreement;
    • Grace College Student Club Inc. (GCSC) as the representative student body for residents of the College;
    • any person you authorise to deal with us on your behalf; and
    • any other organisation with whom we deal.
  • Where we collect personal information from third parties you refer to us, we will assume, and you should ensure, that you have made that third party aware of the referral and the purposes of collection, use and disclosure of the relevant personal information.
  1. Dealing with us anonymously
    • Whenever it is lawful and practicable, you will have the option of not identifying yourself when dealing with us. For example, general access to our website does not, and general telephone queries do not, require you to disclose personal information about yourself.
    • However, there are times when we do need to collect personal information from you in order to carry out our functions and activities.
  2. Why do we collect, hold, use and disclose personal information?
    • We collect, use and disclose your personal information so that the College can carry out its functions and activities, provide you with the services you request, and otherwise carry out the College’s mandate.
    • In particular, we may collect, use and disclose your personal information to:
      • respond to your requests or inquiries;
      • provide you with the services, products and information you requested. For example, provide you with accommodation, answer your queries about the College application processes, event hire and catering services or how to make donations to the College;
      • process your application to hold a function at the College;
      • process your residency applications;
      • process your application to join any associations related to the College;
      • enable you to participate in College initiatives, activities and events;
      • communicate with you during the course of your relationship with us;
      • notify you about important changes or developments to our functions, activities and services;
      • administer, support, improve and develop our College and services;
      • update and maintain our records – for example, student records and any administrative records;
      • if you lodge a complaint with us or an incident report – process and respond to your complaint/ report;
      • any other purpose which relates to or arises out of requests made by you;
      • do anything which you authorise or consent to us doing; and
      • take any action we are required or authorised by law to take.
    • We will not sell, trade or rent personal information we hold about you to unaffiliated third parties without your prior consent.
  1. Disclosing your personal information
    • In carrying out our functions and activities set out above, we may disclose your personal information to the following:
      • entities associated with the College and UQ (including but not limited to the ICC, UQ Sport Ltd, the College’s Information Technology Group Inc. (CITG), and The Grace College Foundation);
      • our business partners and service providers (such as external caterers, any contractors who may provide website, IT (for example, CITG), marketing, administration and other services to support the College);
      • our professional advisers (for example, our insurers, auditors, lawyers and consultants);
      • third parties we engage to carry out promotions or other activities you have requested, or for direct marketing purposes (unless you have opted-out of direct marketing communications);
      • any entity to whom we are required or authorised by law to disclose your personal information (for example, Centrelink, law enforcement agencies and government and regulatory authorities such as federal and state health departments);
      • any successors in title to our organization or business trading activities as provided for in our constituent documents; and
      • other entities with your consent (express or implied).
    • The above entities may in turn disclose your personal information to other entities as described in their respective privacy policies or notices.
  2. Direct Marketing
    • If you consent to your personal information being used for direct marketing, we may use your personal information to provide you with information about services, events, campaigns, appeals and promotions.
    • If you do not wish to receive such information, you can opt-out at any stage. If you decide to opt-out, you will be removed from the College’s marketing database to ensure that you do not receive future direct marketing material.
    • There may be times, however, when the law requires us to provide certain information to you (for example health and safety information). We will continue to send this information to you.
  3. Overseas disclosure of personal information
    • From time to time, we may engage service providers located in one or more overseas countries to perform certain of our functions and activities. In the course of providing services to the College, we may need to disclose your personal information to these service providers. If overseas service providers are engaged and personal information is sent overseas, we will take reasonable steps to ensure that our service providers are carefully chosen and have policies, procedures and systems in place to ensure your personal information is otherwise handled in accordance with the Privacy Act.
  4. Dealing with us online
    • This Privacy Policy applies to your use of our website
    • When you visit our website, we and/or our contractors may collect certain information about your visit. Examples of such information may include:
      • Cookies

Cookies are small amounts of information which we may store on your computer (after you register on our website) to enable our server to collect certain information from your web browser. Cookies do not identify the individual user, just the computer used. Cookies and other similar technology make it easier for you to log on to and use the website during future visits (for example, they may maintain a shopping basket for your orders). They also allow us to monitor website traffic, to identify you when you visit our website, personalise website content for you, enable you to both carry out transactions and have access to information about your account. Cookies themselves only record which areas of the site have been visited by the computer in question, and for how long. Allowing us to create a cookie does not give us access to the rest of your computer and we do not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them, and are unable to execute any code or virus.

  • Site visit information

We also collect general information about your visit to our website. The information we collect is not used to personally identify you, but instead may include your server address, the date and time of your visit, the pages you accessed and the type of internet browser you use. This information is aggregated and used for the purposes of system administration, to prepare statistics on the use of our website and to improve our website’s content.

  • Online payment systems

We use third party payment process providers whose services meet stringent security requirements including Level 1 PCI DSS compliance, EMV certification and ISO 9002 accreditation. When you enter your payment details online, you are using a secure site which uses 1024 bite tunnelling encryption to protect your information during transmission. Transactions are protected by encryption technology and a combination of firewalls and intrusion detection systems.

  • Login information

Some functions of the website and other online tools are subject to specific login credentials before access is granted. We may also collect personal information (including financial details) to facilitate future visits or use of our website.

We seek to keep current with available security encryption technology so as to maintain the effectiveness of our security systems.

  • However, no transmission over the internet can be guaranteed as totally secure and accordingly, we cannot warrant or ensure the security of any information you provide to us over the internet. Please note that you transmit information at your own risk.
  • Our website may also contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
  1. Social media
    • We collect personal information from our followers/subscribers on social media channels including Facebook. The information is used for the purposes of developing and displaying the College’s promotion materials. We have procedures in place to ensure that our personal information collected from social media channels is handled in accordance with this Privacy Policy.
  2. Personal information storage and security arrangements
    • We take reasonable steps to protect your personal information from interference, loss, misuse, unauthorised access, modification or disclosure. We may store your personal information in different forms, including in hardcopy and electronic form.
    • We have established policies, procedures and systems to keep your personal information secure – including but not limited to password protection and securing physical storage arrangements.
    • When we no longer require your personal information, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. However, we may sometimes be required by law to retain certain personal information.
  3. Accessing and correcting your personal information

Correcting your personal information

  • So that we can carry out our activities and functions, it is important that the personal information we hold about you is complete, accurate and up to date.
  • At any time while we hold your personal information, we may request that you inform us of any changes to your personal information. Alternatively, if you believe that any of the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading or needs to be corrected or updated, please contact us using our Contact Details below.
  • We will respond to a request to correct your personal information within a reasonable time.
  • If we refuse to correct your personal information, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Accessing your personal information

  • You may also request access to the personal information we hold about you by contacting us using our Contact Details provided below.
  • We will respond to a request for access within a reasonable time – either by giving you access to the personal information requested, or by notifying you of our refusal to give access.

Access and correction arrangements generally

  • We may require you to submit your requests in writing and require that you verify your identity before we respond to any request.
  • We will not charge you an application fee for making a request to access the personal information we hold about you or for requesting any correction to your personal information. However, in certain circumstances we may charge you a fee for providing you with access to your personal information, for example if you make multiple requests for information, the information requested is voluminous or we incur third party costs in providing you with access to your personal information.
  • If we cannot respond to you within a reasonable time (generally within 30 days), we will contact you and provide a reason for the delay and an expected timeframe for finalising your request.
  • Please note that in certain circumstances, we are permitted by law to refuse to provide you with access to your personal information.
  • If we decide not to provide you with access to or correct your personal information, we will provide you with written reasons for our decision and advise you of the further complaint mechanisms available to you.
  1. Lodging a complaint
    • If you have a complaint about how we handled your personal information or about any decision to refuse access or correction of your personal information, please contact us using the Contact Details below. We will request that you lodge your complaint in writing.
    • We will acknowledge receipt of your complaint as soon as possible after receiving your written complaint. We will then investigate the circumstances of your complaint and provide you with a response within a reasonable timeframe.
    • If you are still not satisfied with how your complaint is handled by us, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at:
      • Telephone: 1300 363 992 (if calling from outside Australia including Norfolk Island please call: +61 2 9284 9749)
      • National Relay Service:
        • TTY users phone 133 677 then ask for 1300 363 992
        • Speak and Listen users phone 1300 555 727 then ask for 1300 363 992
        • Internet relay users connect to the National Relay Service then ask for 1300 363 992
      • Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
      • Fax: +61 2 9284 9666
      • Email:
      • Website:
  1. Our Contact details
    • If you wish to contact us regarding our handling of your personal information or any of the matters covered in this Privacy Policy, you may do so in a number of ways.
    • You may contact us on:
      • Telephone: +61 (0)7 3842 4000
      • Post: Grace College, Walcott Street, St Lucia Q. 4067
      • Fax: +61 (0)7 3842 4180
      • Email:
      • Website:
    • We welcome your questions and any suggestions you may have about our Privacy Policy.
    • We reserve the right to revise or supplement this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on our website and will be effective from the date of posting. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy so that you remain aware of the way we handle your personal information.
    • This Privacy Policy was last updated on 26 August 2014 and approved by the Grace College Council on 6 October 2014.