Melbourne Business School Privacy Policy

Privacy Policy

Our Privacy Policy is effective as of 21 March 2019 and our Alumni, Friends and Supporters’ Privacy Statement is effective as of 11 July 2023.

This policy (‘Privacy Policy’) explains how Melbourne Business School Limited (ABN 80 007 268 233) (‘MBS’) seeks to protect the Personal Information of individuals. MBS is committed to protecting the safety and security of the personal information of individuals whose information MBS has access to including students/participants, faculty and other persons with whom MBS interacts (each a ‘User’ or ‘you’).

The Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (‘Act’) and the European Union General Data Protection Regulation (Regulation 2016/679) (‘GDPR’). It also has regard to the Health Records Act 2001 (Vic) (‘Health Records Act’), which also regulates MBS in certain circumstances.

Under the Act, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”

With respect only to residents of the European Union, Schedule 1 of this Privacy Policy provides additional terms for the protection of “Personal Data” under the GDPR. Personal Data should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Please read this Privacy Policy carefully in order to understand how your Personal Information is collected, held, used, or otherwise processed by us.

A detailed privacy statement is set out below this Privacy Policy for alumni, friends and supporters of MBS’ with additional information about how MBS uses and manages personal information of alumni, friends and supporters.

MBS reserves the right to make changes or updates to this Privacy Policy from time to time. If this happens we will update this Privacy Policy and notify you of any changes, most likely via email. However, you should also periodically check this Privacy Policy for any updates.


MBS is the graduate school in business and economics for the University of Melbourne (‘University’), and is jointly owned by the business community and the University. MBS is a tertiary education provider that specialises in Master of Business Administration (‘MBA’) programs and executive education.

MBS provides its’ services both physically on campus and through the distribution of educational content and services through online properties, assets and connected devices (together, ‘MBS Services’).

In providing the MBS Services, we are sensitive to Users’ concerns about the safety of their Personal

In essence, MBS will typically only:

  • collect, use or share your Personal Information with your consent (unless it is not reasonable in the circumstances to obtain your consent and it is legally permissible for us to do so) or when required by a legal obligation; and
  • interact with your Personal Information in order to: (a) provide you with the MBS Services and (b) help us improve and develop the MBS Services.

MBS has developed our privacy framework to assist Users, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.


MBS collects Personal Information from individuals in one of three main ways:

a) Directly from Users, when they interact with MBS (e.g. enquire about the MBS Services or attend an event on campus);
b) Passively from Users, when they interact with our website, online platforms and digital presence;
c) From third-parties in certain, specific circumstances (e.g. in assessing whether we think the MBS Services will be suitable for a particular individual).

The specifics of Personal Information collected in each situation is discussed further below.


(a) Personal Information collected directly

When a User makes an enquiry or sends us an expression of interest on our website or other digital property we may collect the following types of Personal Information directly and consensually:

  • Basic contact information, including your name, email, and phone number; and
  • Enquiry information, such as an indication of when you would be interested in studying at MBS or contributing to the development of MBS Services, or other information provided by you regarding your enquiry.

When you apply for enrolment or registration in an MBA or executive education program we may collect the following types of Personal Information directly and consensually from you:

  • Student information, such as your name, address, email, phone number and emergency contact information, and if applicable, curriculum vitae, passport or citizenship details;
  • Enrolment information, such as applicable academic transcripts, referee reports, as well as details of your organisation (e.g. your employer), your professional capacity and your work history;
  • Payment information that is required as part of the enrolment process (e.g. credit card information); and
  • Health information, such as your dietary requirements or information relating to any health conditions we need to be aware of when providing you with the MBS Services.

When students/participants submit administrative applications (e.g. applications for special considerations, or enrolment overload requests), we may directly and consensually collect the Personal Information outlined in the relevant application.

When you register or purchase a ticket for information sessions or other events (e.g. networking events for students/participants or alumni) we may collect the following types of Personal Information directly and consensually from you:

  • Basic contact information, including your name, email, and phone number; and
  • Any event-appropriate health information, such as your dietary requirements.

When you make a donation to MBS we may collect the following types of Personal Information directly and consensually from you:

  • Contact information, such as your name, address, email and phone details;
  • Donation information, such as how you would like the donation to be used; and
  • Payment information you have provided in order to make the donation.

When you respond to a survey we may directly and consensually collect the Personal Information disclaimed and explained on the survey form.

When you provide MBS with unsolicited feedback or otherwise interact with MBS on your own accord we may collect any contact information you provide (including Personal Information), as well as your feedback.

When you make an application for employment at MBS, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of your application.

If you are successfully enrolled and commence studies at MBS we may collect Personal Information regarding your subject choices and academic performance.

(b) Personal Information collected passively

As you use the online and digital components of the MBS Services (e.g. accessing our website, logging into your account on the Learning Management System (‘LMS’), or interacting with our advertisements) we may collect the following types of Personal Information about your usage:

  • Content that you post and submit, including posts on our social media accounts or on forum threads in the LMS, as well as similar content that is posted about you by others;
  • The following types of browser, system and device information regarding MBS’ and other devices you use to access our digital content:
  • Locational information, such as in the form of the IP address from which you access the MBS Services, particularly when accessing the internal;
  • Web data tracking information, such as data from cookies stored on your device, including cookie IDs and settings, as well as logs of your usage of MBS’;
  • System usage information, including logs of your access to educational resources such as LMS, “Web Print” or “UniWireless”.

(c) Personal Information collected from third-parties

In certain specific situations, MBS will collect Personal Information about you from third-parties. The types of Personal Information collected include:

  • Academic information, such as graduate management admission test (‘GMAT’) and English proficiency test results;
  • Web data tracking information that fit certain parameters of who we think could become MBS students/participants or clients (e.g. heat maps developed through Google Analytics which track patterns of user interactions with our web pages); and
  • In some isolated circumstances, publicly available wealth screening information such as indications of your philanthropic interest and ability.


Although MBS collects Personal Information from Users in a number of circumstances, MBS will only collect this information in order to provide and develop the MBS Services. Here are the main ways we use Personal Information to achieve these objectives:

Communicating with Users

MBS will use basic contact, enquiry and student/participant information in order to communicate with individuals about their enquiries, interest in events and for other administrative purposes related to the specific reason for which the Personal Information was collected.

If Users have consented, MBS will also use these types of Personal Information to share relevant news and updates about MBS and the MBS Services.

Finalising enrolment and registration purposes

MBS will use enrolment information and payment information to gauge the suitability of Users for MBS Services and to finalise the relevant processes. MBS may also use this information to coordinate and host events such as information sessions and alumni networking evenings.

Administration and delivery of MBS Services

MBS will use basic contact and student/participant information to engage with students/participants for administrative purposes (e.g. resetting account password or approving special consideration applications) and to effectively and efficiently provide them with the MBS Services (e.g. to set and receive assignments required under program syllabuses).

Health information is used to ensure MBS can adequately and appropriately respond to any specific needs Users might have (e.g. dietary requirements at events or special considerations for assignments).

Sometimes these types of information will also be used to facilitate student experiences such as educational trips, student exchanges or study abroad programs.

Ensuring User safety

MBS will use health and emergency information in order to ensure Users’ medical needs are appropriately met, when applicable.

MBS will also use any type of information collected to prevent and address risks to all Users (e.g. MBS will use information to investigate suspicious or threatening activity occurring on campus).

Research and development

MBS will use survey information to develop, test and improve the MBS Services. MBS’ preference will be to de-identify this information first, and then use it for this purpose in conjunction with de-identified enrolment information, and de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).

MBS may also use basic contact, enquiry and past donation information to see if you would be interested in donating to the ongoing development of MBS and the MBS Services. In some cases, MBS may also use publicly available wealth screening information to assess the appropriateness of asking you whether you would like to donate or otherwise contribute to the development of MBS and the MBS Services.

If an individual wishes to make a donation, payment and donation information will be used to ensure donated funding is applied as intended. The specifics of such a donation to MBS may be used to assess the appropriateness of contacting you for future development initiatives.


Where Users have expressly consented, MBS will use basic contact, enquiry and student/participant information to provide Users with relevant marketing materials and offers. Users can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).

MBS will also use passively collected web data tracking information to display marketing materials and offers on third-party websites (e.g. if you have visited an MBS program page, we may use cookies to later display banner advertisements to Users on LinkedIn). Users can stop or manage web data tracking information through their browser preferences.


Generally, MBS does not disclose Personal Information to any third-parties except:

  • Service providers MBS engages to help us provide and develop the MBS Services (e.g. cloud service providers or consultants);
  • In some specific circumstances, Users’ employers (e.g. the companies they work for); and
  • Law enforcement agencies, or another party that has a legitimate legal right to access the information.

The above disclosures will only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures will also always be in accordance with this Privacy Policy. In the case of Users’ organisations, MBS will seek the explicit consent of the User before disclosing their information.

Overseas Disclosure

Some of the third-parties MBS discloses Personal Information to are located overseas. This is particularly the case for our cloud service providers which are currently located in the United States and Ireland.

Sometimes we may also disclose students/participants’ Personal Information to other universities or educational organisations. Typically, the recipients of this information have been in the People’s Republic of China, the United States, New Zealand and Canada.

As with disclosures to third-party service providers, overseas disclosures are always made once MBS has taken all reasonable steps to determine the information will be treated as at least as favourably under the Act and other applicable privacy laws.


MBS’ general approach

MBS will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third-parties, unless:

  • We believe, in good faith, that we are required to share the Personal Information with a third party in order to comply with legitimate legal obligations;
  • The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to deliver the MBS Services (e.g. a cloud service provider);
  • Members of MBS (typically via the Board);
  • Other entities which may acquire ownership or operation of MBS or the MBS Services; and/or
  • To protect the safety of Users, and the security our MBS Services.

MBS seeks the informed and voluntary consent of individuals whenever it collects their information, or as soon as possible after.

Users can always refuse or revoke this consent, but sometimes this will affect MBS’ ability to provide them with the MBS Services. MBS will advise Users if this is the case.


De-identified information refers to information that cannot reasonably be used to identify a particular individual.

De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the MBS Services). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. student/participant ID numbers).

Where possible MBS will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.

However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, MBS will continue to use and hold the information in a personally identifiable state. For example, if MBS needs to reply to a User enquiry we will have to use the contact information provided.


MBS is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached (e.g. MBS has developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches).

When information collected or used by MBS is stored on third-party service providers (e.g. Azure or AWS cloud servers), MBS takes reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security MBS owes Users.

As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.

Data Breaches

In the circumstances where MBS suffers a data breach that contains Personal Information, we will execute our Data Breach Response Plan and endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Act.

This means we will immediately make an objective assessment of whether a breach of Personal Information is likely to result in serious harm to individuals, and if this is the case, endeavour to notify the affected individual(s) and the Australian Information Commissioner.


MBS retains Personal Information until it is no longer needed to provide or develop the MBS Services, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.

However, MBS will retain:

  • Personal Information in circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, and where the information is relevant to legitimate legal proceedings, or in keeping with its’ requirements under other Australian record keeping legislation such as the Public Records Act 1973 (Vic)); and
  • anonymised information for analytic and service development purposes.

The information we retain will be handled in accordance with this Privacy Policy.


Users who are habitually located in the European Union (‘EU Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).

Users who are EU Residents should refer to Schedule 1 for more information regarding how MBS’ privacy practices in relation to their Personal Data.


Accessing and ensuring the accuracy of Personal Information

MBS takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.

Users have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. MBS will grant access to the extent required or authorised by the Act and applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.

There may be circumstances in which MBS cannot provide Users with access to information. We will advise you of these reasons if this is the case.

Contacting MBS

MBS has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.

Privacy Officer

Privacy Officer [email protected]
200 Leicester Street
Carlton VIC 3053
ABN: 80 007 268 233

If you have any queries or wish to make a complaint about a breach of this policy, the Act or the Health Records Act, you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

The Privacy Offer will respond to your query or complaint as quickly as possible. MBS will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via



MBS is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).

Although our Privacy Policy explains how MBS meets all of its’ obligations for Australian Users, MBS also has some Users who are habitually located in the European Union (‘EU Residents’) that have additional rights in respect of their Personal Data.

Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Under the GDPR, MBS is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its’ GDPR compliance, MBS provides the MBS Services in a way that ensures:

Personal Data (i.e. Personal Information) is:

  • processed fairly, lawfully and in a transparent manner; and
  • collected and processed only for specified and lawful purposes. 

(NB see sections 2 - 5 of this Privacy Policy).

Processed Personal Data (i.e. Personal Information that is used, held or disclosed by MBS) is:

  • adequate, relevant and not excessive;
  • accurate and, where necessary, kept up to date;
  • kept secure, and not longer than necessary;
  • not transferred to countries outside the European Union without adequate protection; and
  • treated in accordance with individuals’ legal rights.

Whilst MBS strives to provide all Users with appropriate access and control over their data, individuals covered by the GDPR are also able to:

  • Prescriptively restrict, limit or otherwise provide instructions to MBS regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
  • Verbally request the erasure (i.e. deletion) of their information; and
  • Request MBS provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Users who exercise this right to data portability are also able to direct MBS to transmit this data to other entities who they intend to allow to process their Personal Data.

MBS will allow and assist Users that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).


Alumni, friends and supporters’ privacy statement – Current as at 11 July 2023

The School’s global network of alumni, friends and supporters includes graduates and former students, donors and potential donors, volunteers, industry partners, and others who have expressed an interest in supporting the School or participating in School-run events and activities (called alumni, friends and supporters for the purpose of this privacy statement).

This privacy statement outlines how we manage and use the information we hold about our alumni, friends and supporters. It should be read in conjunction with the School’s Privacy Policy which further outlines how the School handles your personal information.

Our alumni, friends and supporters are very important to us. We want to stay in touch with you and keep your personal information in accordance with your wishes and our obligations. It is important that the information we hold about you is accurate and current. Please contact us to update your details at any time by:

If you studied at the School, information that you provided on enrolment or which the School collected during or after your studies, is used by the School’s Alumni Office in accordance with this privacy statement.

If you do not wish to be contacted as an alum, friend or supporter of the School, or you do not wish your personal information to be used as set out in this privacy statement, you may opt out at any time by:

  • Sending an email to [email protected]
  • Calling us on +61 3 9349 8302
  • Writing to us at 200 Leicester Street, Carlton, VIC, 3053, Australia
  • Clicking “Unsubscribe” or “Manage my subscription preference” on an email we have sent.

The personal information processed by us, or on our behalf, is necessary to foster relationships with our alumni, friends and supporters, maintain and facilitate alumni networks and benefits, and to help us engage with you and improve your experience with the School. Your personal information may also be used for the purposes of benchmarking, rankings, analysis, quality assurance, strategy and planning, and to ensure that we can provide you with the services and information requested by you. We may also process your personal information for the following purposes:

  • To inform you of opportunities to engage with and support the School;
  • To generate philanthropic support (for example, fundraising and/or volunteering) for School charitable projects. More specifically, these activities may include:
    • sending you publications, email newsletters about the School and its fundraising projects and updates on School hosted, sponsored or affiliated events, in a way which is tailored and relevant to you;
    • helping you keep in touch with other alumni and/or School supporters and donors by inviting you to alumni and School events;
    • informing you of and providing benefits available to alumni (where you are interacting with us as an alum);
    • through a variety of channels, such as phone, email or social media, asking you if you would like to support the School by, for example, making a donation, contributing to surveys, volunteering, or acting as a mentor;
    • internal record-keeping and administration (for example, to process a donation or administer an event which you are attending).
  • To validate your address and to prepare reports using maps by ‘geocoding’ your address against publicly available web mapping services. This can ensure that we tailor information that is relevant to you based on your location;
  • To inform you about School news, courses or events;
  • To seek feedback of your experience as an alum or supporter of the School;
  • To publish photographs and videos relating to our activities and events. We will inform you about such processing at the time that the information is obtained or as soon as reasonably possible thereafter;
  • To compile anonymised statistics for benchmarking in which the School participates;
  • To attend to routine administrative matters, and to provide associated services such as security, parking and information technology;
  • To conduct surveys in connection with our services and our rankings; and
  • To use the information as required or otherwise permitted by law.



Analytics may be conducted on personal information for the purposes of determining which products or services you may be interested in, marketing, fundraising and product development.

Analytics may be conducted using information from a range of sources, such as information collected from third parties or data sources including LinkedIn. We may occasionally engage external consultants to improve our understanding of our alumni and supporters using data matching against external databases (for example Qantas, in connection with their Frequent Flyer Program) or other data enrichment processes or to carry out wealth screening.