The Institute of Chartered Accountants Australia (Institute or we, us or our) deals with information privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) set out in the Privacy Act. We also comply with the Spam Act 2003 (Cth) which imposes restrictions on sending emails and other types of commercial electronic messages.
This policy explains how the Institute of Chartered Accountants Australia (the Institute) manages personal information.
2. Privacy guidelines for our members, students and other parties
2.1 What kinds of personal information does the Institute collect and hold?
The personal information that the Institute may collect and hold about you includes your name, business and personal postal and street addresses, e-mail addresses, telephone numbers and any other contact information, place and date of birth, gender, qualifications, education (including transcripts), employment details, practice details, recommendation and reference letters (including letters of good standing) the languages you speak, social media information, information relating to the complaints, enquiries and/or referrals you have made to us and any complaints, enquiries and/or referrals made about you, records of some of your communications and other interactions with us, the information collected during any disciplinary investigations or other action, information about audits performed on your business/practice, payment information (including history) and your membership information generally, including your membership history and activities and details of service on boards, committees and councils.
The Institute may collect sensitive information from you and/or third parties whether in Australia or elsewhere with your consent which includes health information about you (including dietary requirements and religious beliefs where those beliefs are relevant to your dietary requirements), information about whether you are a member of a professional or trade association, your criminal record, religious beliefs or affiliation, philosophical beliefs, racial or ethnic origin, political opinions and other sensitive information (to the extent it is reasonably necessary for one or more of our functions or activities).
2.2 How does the Institute collect your personal information?
The Institute collects personal information about you when it is reasonably necessary for one or more of the Institute's activities or functions. This information is collected in a number of ways, including:
- When you enrol or register (including online) for a course, program or event (offered by or on behalf of the Institute), when you visit, use or register on our websites or social media accounts, apply for, enquire about or request services or products, when you complete a survey, apply to become a member or specialist; enter into a competition, apply for a scholarship, or otherwise contact, do business or interact with the Institute;
- From enrolment, registration, subscription or application forms, phone calls, faxes, e-mails, SMS, social media, letters and other documents provided to us (including from members, students, employers, professional bodies, regulators, government and statutory bodies, members of the public and other parties in Australia or elsewhere) and in person;
- From third parties (for example letters of recommendation or good standing, complaints and other information relevant to membership of the Institute), including from professional bodies (for example under reciprocal arrangements), regulators and government and statutory bodies;
- When you apply for work or to otherwise perform services at or for the Institute; and
- Through acquired contact lists.
2.3 What would happen if we did not collect your personal information?
- Without your personal information, we may not be able to contact you or otherwise interact with you, process your application, registration or request, perform our legal and other functions, obligations and responsibilities, administer our complaints service, the candidate and member conduct and disciplinary process, mediation service, president nomination service or any other functions, or provide you with some or all of our services and products.
2.4 Use of personal information
The Institute generally collects, holds, uses and discloses personal information for:
- Processing and assessing student, membership, specialisation and other applications, enrolments, requests and renewals, updating personal and business details and profiles, fulfilling an order or request for information, product or service;
- Fulfilling our role as a professional body by maintaining candidate, membership and related records, providing information on candidate and member services, products and benefits, conducting research and public advocacy relevant to members;
- Sending out subscription renewals, voting papers and other information relevant to the functions, responsibilities and obligations of the Institute, including under the Institute’s Charter, By-laws, Regulations, codes, policies, practices or guidelines;
- For promotional and marketing purposes, including sending you information about Institute services, products, training and events;
- Communicating on any matters relevant to the Chartered Accountants program, membership of the Institute, accreditation or specialisation with the Institute and any other programs, opportunities or transactions with the Institute;
- Assessing suitability for employment or the provision of services by independent contractors;
- Assessing suitability for appointment to a committee or council of the Institute;
- Dealing with other bodies and fulfilling our contractual and other obligations, including with overseas bodies (for instance where the Institute may have reciprocity arrangements, relating to or confirming your status and standing with the Institute, including your status as a member or former member of the Institute);
- Conducting, managing and reporting on quality assurance reviews and audits;
- Managing complaints and the candidate and member conduct and disciplinary process and functions of the Institute, including undertaking investigations and implementing disciplinary procedures associated with professional conduct and responsibility and providing information to Australian and overseas regulators and government and statutory bodies (such as the Australian Securities and Investments Commission);
- Conducting competitions;
- Providing and managing scholarships and other charitable assistance, including providing information to the Institute’s Foundation and benevolent funds;
- Organising and hosting training and events (including with third parties);
- Providing products and services, including training and events, or information relating to such products and services; and
- Providing information to third parties as authorised or required by law or a court/tribunal order.
2.5 Disclosure of personal information
The Institute will typically:
- Confirm enrolment, membership, prior membership, accreditation or specialisation to the public (including professional and government and statutory bodies);
- Disclose personal information to third parties that include employers of students and members, local and international professional bodies, law enforcement bodies, government and statutory bodies and regulators, including the Australian Securities and Investment Commission;
- Disclose personal information about you to overseas recipients. The recipients of such information are likely to be located in New Zealand, the United Kingdom, Ireland, United States of America, Hong Kong, China, Singapore, Canada, South Africa, India, Indonesia and Malaysia, including contact information to Institute overseas member groups if you are going overseas;
- Disclose details of membership in relation to the liability capping scheme, including confirming possession of a certificate of public practice, or whether an entity is a practice entity member, where required to support the administration of the scheme;
- Disclose personal information to Institute committees, tribunals and councils, which may or may not be comprised of members of the Institute;
- Disclose a member's practice and/or business details, including address, email, telephone and other practice/business information if provided (unless specifically advised not to) to the public;
- Disclose personal information about students to tertiary and academic institutions which those students attend or have attended and to the student's employer or mentor;
- Disclose student personal information to fellow students in order to facilitate team learning activities for the purposes of an Institute program or educational course;
- Disclose student personal information to members of the Institute appointed to the roles of mentors, facilitators, leaders and assessors in delivery of an Institute program or educational course;
- Disclose personal information to vendors, suppliers, business partners and other third parties associated with the Institute in order to enable a particular product or service to be fulfilled including for the purpose of investigating or determining and/or for the purposes of the Institute’s disciplinary proceedings a complaint or organising mediation of a dispute;
- Disclose the details of a mediation and/or dispute being facilitated by or on behalf of the Institute, including all information related to the mediation or dispute, to each of the parties involved, the mediator and any other relevant parties;
- Disclose the personal information of employment and contractor applicants to recruiters and recruiting personnel for the purpose of assessing suitability for employment or contract work;
- Disclose or publish a list of our candidates, members and practice entities (to which we have issued a certificate of public practice), including limited personal information such as name, member status and contact information, as well as areas of specialisation, accreditation and other relevant qualifications where these have been provided to us for the purposes of disclosure or publication.
- Disclose personal information to government and statutory bodies and authorities where required or authorised by Australian law or a court/tribunal order.
2.6 Access and correction of personal information
Individuals may request access to their personal information and request its correction by writing to the Institute’s Privacy Officer (details below).
The Institute will in most cases provide an individual access to their personal information. There are some exceptions where this access may be denied, namely where:
- Providing access may have an unreasonable impact on the privacy of other individuals;
- Providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, the Institute or an enforcement body;
- Providing access would reveal the intentions of the Institute in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in; and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- Giving access would reveal evaluative information generated within the Institute in connection with a commercially sensitive decision-making process;
- We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- The request for access is frivolous or vexatious; or
- Where we are otherwise permitted by the Privacy Act 1988 (Cth) to do so.
To request access and seek the correction of, personal information held by the Institute, please contact:
Institute of Chartered Accountants Australia
33 Erskine Street
Sydney NSW 2000
P: 1300 137 322
2.7 Security of Personal Information
The Institute holds the personal information it collects on electronic databases and in hard copy records. The Institute takes reasonable steps to protect the security of personal information against the loss, misuse, interference and/or unauthorised access, disclosure or alteration of information under our control. These security measures include:
- Firewalls - to prevent the hacking of our database;
- Clauses in employee agreements requiring confidentiality and training on the importance of the privacy legislation;
- Appropriate security access to Institute premises, staff and systems;
- The use of passwords for access to database information and the use of security levels within the database to ensure that staff only access the information required to perform their duties; and
- Security bins for the disposal of written information.
Where appropriate, we use secure transmission facilities. However, no transmission of information over the Internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the internet.
3. Privacy concerns
If you would like any further information about our handling of personal information or to make a complaint about something you believe breaches the Australian Privacy Principles, please lodge a written complaint addressed to our Privacy Officer using the contact details above. Once we receive your complaint, we will respond to your complaint within a reasonable period of time, usually 30 days.
If you are unsatisfied with the handling of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the Office of the Australian Information Commissioner (OAIC) for a review of your complaint.