Privacy statement


By you registering for and/or sitting HPAT-Ulster The Australian Council for Educational Research Ltd (ABN 19 004 98 145) of 19 Prospect Hill Road Camberwell Australia 3124 (ACER) will collect your personal information to prepare for, administer and finalise all activities to satisfy the purposes for which you may sit HPAT-Ulster, including:

(a) investigating any suspected misconduct and determining and administering any consequences for misconduct;

(b) disclosing to the universities that require HPAT-Ulster scores, the Central Applications Office and the Graduate Entry Medical School Admissions System and them collecting, storing, using, disclosing your personal information in accordance with their policies from time to time; and

(c) disclosing anonymised data only to approved research bodies that have an interest in HPAT-Ulster data. Any research report will include anonymised data only.

(the Purpose).

In respect of any act or omission of ACER concerning your personal information, in pursuit of the Purpose, ACER may be subject to the:

(a) Privacy Act 1988 (Cth) (Privacy Act); and /or

(b) General Data Protection Regulation (EU) 2016/679 (GDPR).

The personal information ACER collects in pursuit of the Purpose:

The information ACER may collect in pursuit of the Purpose about you includes your:

  • registration information ;
  • payment details;
  • test answers and results;
  • application (if any) for special testing conditions including health information;
  • identification information; and
  • communications with ACER relating to the Purpose. (Personal Information)

The Privacy Act:

To the extent of the applicability of the Privacy Act to your Personal Information collected in pursuit of the Purpose:


(a) collecting and using any sensitive (such as health) information, for example, in case you need special consideration in sitting HPAT-Ulster;

(b) collecting, storing, using, disclosing and transferring OUTSIDE OF AUSTRALIA, for purposes related to your registration, your personal information in accordance with its privacy policy specified at the end of this statement. YOU ARE NOTIFIED that the persons to whom the information is disclosed outside of Australia have no obligation to abide by the Australian Privacy Principles contained in the Privacy Act. The consequences of this may be, the:

i. country of the person may not have similar privacy laws or measures by which you may pursue any of your rights in respect of privacy as that of Australia;


ii. person may not handle your personal information in the manner designated under the Australian Privacy Principles and you may not have any mechanism with which to seek redress.

Should you not wish to provide the above consents or wish to access and/or amend your personal information or wish to make a complaint related to privacy please contact the HPAT-Ulster Office at For further information concerning how ACER handles your personal information or what privacy rights you have please see:


To the extent of the applicability of the GDPR to your Personal Data collected in pursuit of the Purpose:


The following items used or referred to in this document are defined below:

  • Data controller: the company, organisation or person that decides (jointly or alone) on the means and purpose of processing of personal data;
  • Processing: any action including storage, collection, usage, destruction, combining, publishing or otherwise constitute any form of operation on personal data; and
  • Personal data: any information related to an identified or identifiable natural living person.

ACER roles and contact information


  • is the Data Controller and Processor and is committed to protecting your rights in accordance with GDPR; and
  • has a Data Protection Officer who can be contacted at: +44 7989305294 or via email:


Legal basis for processing your information (1)

By registering for HPAT-Ulster ACER will be required to collect, store, use and share information about you in pursuit of the Purpose and for reasons deemed necessary for the performance of your contractual agreement with ACER.


ACER will obtain explicit consent from you when collecting or handling special information in order to assist with health, disability or special assistance you need to undertake the HPAT-Ulster (e.g. special accommodation applications and services to candidates with disabilities.


Processing of your personal data may also be necessary for the pursuit of ACER’s legitimate interests (see below) or by a third party’s legitimate interests -but only where it is not unwarranted and will not cause a prejudicial effect on your rights and freedoms, or legitimate


Processing of your personal data may also be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the consortium of Universities instigating HPAT-Ulster.


Processing of Special Categories data is necessary for the statistical and research purposes in accordance with article 89(1) based on the duties in any relevant equality or discrimination laws.