This document sets out the policy of the CPA Australia Group relating to the protection of the privacy of personal information. The CPA Australia Group consists of CPA Australia Ltd ACN 008 392 452 (“CPA Australia”) and all other related entities of CPA Australia.
This policy document is intended to enable members and others who interact with the CPA Australia Group to understand what types of personal information we collect, and what we do with such information in performing our functions and in light of our privacy obligations.
CPA Australia is one of the world's largest accounting bodies with a membership of more than 165,750 finance, accounting and business professionals in more than 125 countries and regions across the globe.
In some respects, the laws of jurisdictions outside Australia in which CPA Australia operates have additional requirements binding the CPA Australia Group. We are committed to complying with all such requirements.
1.1. What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about a living individual who is either identified or reasonably identifiable.
Examples include an individual's name, address, contact number and email address.
1.2. Our obligations
The CPA Australia Group is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal.
We are also required to comply with other laws, including more specific privacy legislation in some circumstances and in some jurisdictions, such as:
- Spam Act 2003 (Cth) and Do Not Call Register Act 2006 (Cth)
- Notifiable Data Breaches scheme under Part IIIC of the Privacy Act
- applicable data protection and privacy legislation of the other national and international jurisdictions in which the CPA Australia Group operates. For example, Hong Kong’s Personal Data (Privacy) Ordinance and the European Union’s General Data Protection Regulation (GDPR).
1.3. Employee records
In Australia, the CPA Australia Group is generally exempt from the Privacy Act when we collect and handle employee records. However, our policy is to protect the personal information of our employees as we do other personal information.
2. The purposes for which we collect, hold, use and disclose personal information
CPA Australia is a company limited by guarantee, established under Australia’s corporations legal regime. Its members have voting rights and are analogous to shareholders in CPA Australia. As is the case with other public companies, CPA Australia collects and processes personal information of its members for the purposes of corporate governance.
Under CPA Australia’s Constitution, each member also consents to CPA Australia disclosing the fact of membership, his or her Allocated Membership Status and current employer to any other person. CPA Australia may advise interested third parties (including member's employers, university tuition providers, and other professional organisations) of the status and category of CPA Australia members.
In Australia and around the world, CPA Australia needs personal information to be able to perform its core functions, including corporate governance administration of the CPA Program, admission to membership, membership administration, professional development (including by the provision of materials), holding networking events, issuing licences including public practice certificates, and management of professional conduct. CPA Australia holds events to benefit its members, under our member benefits program, and operates a number of Divisional Councils, membership advisory bodies, discussion and other member groups.
CPA Australia’s core services to members include education, training, the provision of information, technical support and advocacy. The main purposes for which we collect, hold, use and disclose personal information are to provide quality services and benefits to our members, to alert them to issues and opportunities in which they might be interested, and to maintain and extend our membership. Staff and members work together with local and international bodies to represent the views and concerns of the profession to governments, regulators, industries, academia and the general public. CPA Australia also interacts with non-members, both prospective members and also the general public. Personal information is collected and used for those processes.
For those above purposes, the CPA Australia Group’s activities, in Australia and around the world, include:
Membership management and corporate governance
Managing memberships, for example, by:
- recording and updating membership details and profile information, and maintaining appropriate registers and other records of information relating to CPA Australia’s corporate governance
- sending notices of CPA Australia meetings
- distributing our annual reports
- sending out renewal notices and advertising.
Email communications from the CPA Group
As with comparable professional membership organisations, CPA Australia communicates frequently with its members and others by email and other means – for example, mobile messaging and the post. The non-members to whom we communicate include students, graduates and employers, as well as employees and contractors of the CPA Group. To ensure that our communications are effective, we employ software which reports deliverability rates, open rates, click through rates, unsubscribes, hard and soft bounces. We can see this information at individual record level if required, but only engage that functionality in very unusual circumstances.
Services and publications
- corresponding with members and affiliated persons on issues of mutual interest
- distributing CPA Australia publications and newsletters, including INTHEBLACK magazine, INPRACTICE, CPA Update, Network News and CPA Tax News, intheblack.com and CPA Career Mentor
- the provision of other professional information and materials to CPA Australia members and non-members
- supporting various CPA Australia professional member advisory groups
- supporting Divisional Councils and other CPA Australia member groups
- organising and holding CPA Australia discussion groups to consider topics of interest to the accounting profession, organising, promoting and running live chats and live interviews including digitally, online and face-to-face; and
- providing CPA Australia members with access to and information about a range of current and future membership services and benefits, including member benefits (see further below).
Education, training and events
- administering CPA Australia’s Continuing Practice Development (CPD) program (including informing CPA Australia members about CPD requirements, developing, promoting and conducting CPD events for Members and non-members, keeping records of CPD attendance and conducting CPD audits)
- developing, promoting and conducting other CPA Australia events (whether digitally, online, face-to-face or otherwise), including CPA Congress for CPA Australia, seminars and conferences (including organising speakers, locations and catering, making travel arrangements where required and keeping attendance records)
- developing, administering, supporting and assessing the CPA Australia Group's educational programs, including the foundation and professional levels of the CPA Program, study units and practice management distance learning
- CPA Australia operating as a licensee trainer and assessor under ASIC's Regulatory Guide 146 Licensing: Training of financial product advisers (RG 146)
- developing new CPA Australia public practice resources and services
- marketing CPA Australia practice development materials to non-members as well as members; and
- informing potential CPA Australia members and intermediaries about the benefits of membership.
Public Practice Certification
- marketing CPA Australia practice development materials to non-members as well as CPA Australia members
- informing CPA Australia members about public practice requirements and assessing public practice certificate applications
- allowing accredited CPA Australia quality reviewers to perform quality reviews in relation to holders of public practice certificates in accordance with the requirements of CPA Australia’s By-Laws
- managing the "Find a CPA" and financial planner referral services; and
- managing New Zealand auditor regulation certification programs.
- ensuring that CPA Australia members comply with CPA Australia’s Constitution, By-Laws, Code of Professional Conduct, and Applicable Regulations:
- investigating and resolving complaints about CPA Australia members
- referring CPA Australia members to the disciplinary tribunal if necessary
- providing a secretariat to receive and take action on complaints and to support and service the disciplinary tribunal; and
- receiving, investigating and taking action on complaints about non-members (for example, where an individual incorrectly claims to be a CPA Australia member).
Use within the CPA Group
RG 146 Disclosure
- as a Registered Training Organisation (RTO) with the Australian Skills Quality Authority (ASQA), CPA Australia, as the provider of RG146 modules, is required to comply with the Australian Vocational Education and Training Management Information Statistical Standard (AVETMISS), a nationally agreed set of rules that requires the collection of consistent and accurate information on the vocational education and training (VET) sector, including personal and sensitive information. Statistical compilations of this information, disaggregated from personal identifiers, are in turn provided to regulators in the sector.
Indigenous Accountants Australia project
- participation by CPA Australia in the Indigenous Accountants Australia initiative, and advising about potential internship, and employment opportunities.
- assessing the skills of overseas accounting professionals, to determine whether they are eligible to migrate to Australia for study work or settlement and advising on migration outcomes.
Surveys, research and competitions
- conducting surveys and market research for product and service improvement purposes and to compile statistics and analyse trends including surveys of CPA Australia Division Council members
- considering research grant applications and administering research grants; and
- conducting competitions and lucky draws.
- receiving, investigating and taking action on complaints about how the CPA Australia Group has collected or handles personal information
- recruiting CPA Australia Group staff and contractors
- processing payments
- answering queries and resolving complaints; and
- using aggregated information for business analysis.
The CPA Australia Group may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:
- which are required or authorised by or under law (including, without limitation, privacy legislation); or
- for which the individual has provided their consent.
2.2. Direct marketing
The CPA Australia Group may use personal information of CPA Australia members and non-members, specifically your name and relevant address details and information about preferences for direct marketing, both as to the preferred communication channels for receiving direct marketing from the CPA Australia Group and the types of products and services of interest, to let people know about the CPA Australia Group’s services, facilities and benefits and those of third party partners, contractors and/or suppliers to the CPA Australia Group, where we have recipient consent.
Under Australian law, the CPA Australia Group is not permitted to do so unless we have consent. Other jurisdictions, such as Hong Kong’s Personal Data (Privacy) Ordinance, have different restrictions on direct marketing. The CPA Australia Group is committed to abiding by the law in all jurisdictions.
Where permitted by law to do so, the CPA Australia Group or our partners, contractors and/or suppliers may contact persons for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile.
For example, where the CPA Australia Group has consent, we send:
- CPA Australia members our member publications (see list above)
- information under our CPA Australia member benefits and other program offerings and advertising of the availability of goods, facilities and/or services in the classes of personal and business products and services, including credit cards and associated rewards, banking, lending and financial services, insurance, telecommunications services and devices, travel and leisure, news publications and subscriptions, technology, lifestyle offers, including premium wine deals, office supplies, business support services, professional development offerings and opportunities, including CPA Congress; and
- CPA Australia member research, including member surveys.
The CPA Australia Group offerings may vary from time to time.
If you are a prospective CPA Australia member and have provided consent, we may use your personal information to contact you with information about the CPA Australia Group (including CPA Update and Network News if you have completed a non-member subscriber form) and our current and future membership benefits, lifestyle benefits and events.
Communication of your consent
Under Australian law, you may communicate your consent to the CPA Australia Group’s use of your personal data for Direct Marketing by:
- when providing the CPA Australia Group with your personal data through our website, clicking on the button indicating your consent
- when providing the CPA Australia Group with your personal data through a form, signing on the form indicating your consent; or
- following the instructions in the document on which you are providing your personal data to the CPA Australia Group.
Requirements for communicating consent differ in some non-Australian jurisdictions in which the CPA Australia Group has members and dealings, including under the European Union’s General Data Protection Regulation (GDPR). The Group is committed to complying with all laws which are applicable to its activities.
Communicating about core issues
As a matter of law, CPA Australia members are members of the company, CPA Australia Ltd. Consequently, CPA Australia must be in a position to communicate with its members about certain core matters, including continuing education, licences such as public practice certificates, undertaking quality review and professional conduct.
Under CPA Australia’s Constitution, members are required to keep CPA Australia informed about such matters as their qualifications and experience, and their address and employment details (all in Article 10); as well as providing for notices to be sent to members about membership and meetings (Articles 16 and 22), including as required for validly calling meetings.
CPA Australia also needs to communicate with the membership about continuing education requirements and opportunities to obtain and hold licences such as public practice certificates, and about professional conduct issues; and about issues affecting them as members.
Subject to the above, where you have consented to receiving direct marketing communications from the CPA Australia Group, your consent will remain current until you advise us otherwise. However, you can, at no cost, opt out at any time, in the following ways:
- members and prospective members of CPA Australia can update their communications preferences (including opting out of participating in surveys) by simply visiting the "Update my profile" page on the CPA Australia website; and
- members, prospective members and non-members of CPA Australia can:
- send a letter to the CPA Australia Group’s Privacy Officer, CPA Australia, Level 20, 28 Freshwater Place, Southbank VIC 3006 or send an email to email@example.com
- advise the CPA Australia Group if they receive a marketing call that they no longer wish to receive these calls; and
- use the unsubscribe facility that the CPA Australia Group includes in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.
Notification of source
If the CPA Australia Group has collected the personal information that we use to send you direct marketing material from a third party (for example a direct mail database provider), under Australian law you can ask us to notify you of our source of information, and the CPA Australia Group’s policy is to do so unless this is unreasonable or impracticable.
3. The kinds of personal information we collect and hold
The type of personal information that the CPA Australia Group collects and holds about you depends on the type of dealings that you have with us. For example, if you:
- join as a member of CPA Australia, we collect information including your name, address, contact number, gender, date of birth, address, email address, proof of identity details, employment details, including your primary focus, for example taxation, educational qualifications, academic results, accreditation and CPD details, communication preferences and payment details; and we allocate you a member number and membership status
- are involved on a Divisional Council of CPA Australia, an advisory, discussion or other member group we obtain your name, address, contact numbers, email, addresses, professional credentials and dietary requirements
- undertake a CPA Australia Group professional program (such as the CPA Program), we collect the same type of information as for CPA Australia members, as well as a photograph and digital signature to identify you for examinations
- contact the CPA Australia Group with an enquiry, if you do not take advantage of the option to use anonymity or pseudonymity, depending on the nature of the enquiry, we record details about you and relating to the enquiry
- attend a CPA Australia Group conference or seminar, we collect your contact details, address, membership number (if applicable), employment details, payment details and any dietary and accessibility requirements
- join CPA Australia’s student network, we collect information including your name, address, contact number, gender, date of birth, email address, country of permanent residency, proof of identity details, photograph employment details, including your primary focus, e.g. taxation, educational qualifications, academic results, accreditation and CPD details, communication preferences and payment details; and we allocate you a member number;
- are a supplier to the CPA Australia Group, we collect contact address details, usually including but not limited to all forms of contact and address, billing information and information about the goods or services you supply
- are a sponsor of CPA Australia, we collect contact address details, usually including but not limited to all forms of contact and address, and information about the sponsorship;
- buy or otherwise obtain professional information and materials from the CPA Australia Group, we collect contact address details and billing information including credit card or other payment details;
- apply for a job in the CPA Australia Group, we collect the information you include in your application for employment, including your cover letter, resume, contact details and referee reports
- are an academic, or industry experts or media contact of the CPA Australia Group
- are a CPA Australia public practitioner, record the licences and registrations you hold
- are a member of the general public who contacts the CPA Australia Group who elects not to rely on anonymity or pseudonymity, we collect contact address details, usually including but not limited to email addresses and phone numbers and details about the reason for the contact; and
- are a recipient of complimentary copies of INTHEBLACK, such as selected academics, media industry members, high-profile business or governmental persons, we collect contact address details.
In each case, we seek to keep the personal information we need updated and accurate.
3.2. Sensitive information
Under Australian law, sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
The CPA Australia Group’s policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; and
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect:
- information about your membership of other professional associations (such as Chartered Accountants Australia and New Zealand); information about dietary requirements or mobility needs when we conduct events such as conferences and seminars
- information about medical conditions in the context of exams, as part of a special consideration application or so that we can implement special exam arrangements;
- copies of medical reports and psychiatric assessments in the course of a professional conduct investigation
- identification as a participant in the Uni-Qualified Fund
- identification as Aboriginal or Torres Strait Islander
- information with regard to criminal convictions in relation to CPA Australia members and prospective members
- health information about clients in the context of financial advice services and credit activities, where it is relevant to such advice. As an example, for insurance we may collect information about what is being insured as the beneficiaries, a client’s health and financial information depending on the type of insurance. Sensitive health information is only collected with a client’s consent.
Our policy is not to use sensitive information except for a purpose which is directly related to the primary purpose for which the information was collected.
3.3. Collection of information through our website
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used.
There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website (such as preventing users from logging on and making purchases).
3.4. What if you don't want to provide your personal information?
The CPA Australia Group’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, the CPA Australia Group’s policy is to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.
In some cases however, if you don't provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to become a CPA Australia member and, if you sit an exam for the CPA Program, we will check your photo ID and digital signature, to confirm that you are the person who is entitled to sit for the exam.
4. How we collect and hold personal information
4.1. Methods of collection
The CPA Australia Group is required by the Privacy Act to collect personal information only by lawful and fair means. If it is reasonable and practicable, we will collect personal information we require directly from you.
The CPA Australia Group collects personal information in a number of ways, including:
- by email
- over the telephone
- through written correspondence (such as letters, faxes and emails)
- on hard copy forms (including event registration forms, network registration forms, competition entry forms and surveys)
- in person (for example, at job interviews and in exams)
- through our website (for example, if you make an online purchase or complete and submit a web form such as the Update my Profile form or a CPA Australia membership application form, or if you participate in a live chat)
- at seminars and functions (for example, if you fill out an assessment form or leave us your business card)
- during examinations and assignments conducted as part of our educational programs
- electronic systems such as applications
- through surveillance cameras in our premises (which we use for security purposes); and
- from third parties, including:
- educational providers that assist us in running our educational programs (including organising and conducting assessments)
- direct marketing database providers
- the ATO or ASIC (for example, through correspondence in relation to conduct of CPA Australia members)
- insurers in relation to professional indemnity insurance
- public sources, such as telephone directories, membership lists of business, professional and trade associations, public websites, ASIC searches, bankruptcy searches and searches of court registries.
4.2. Collection notices
Where the CPA Australia Group collects personal information directly from you, the CPA Australia Group’s policy is to take reasonable steps to notify you, including:
- our identity and how to contact us
- the purposes for which we are collecting the information;
- whether the collection is required or authorised by or under an Australian law or a court or tribunal order;
- the third parties (or types of third parties) to whom we would normally disclose information of that kind;
- whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located; and
We do this at or before the time of collection, or as soon as practicable afterwards.
The CPA Australia Group will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, we will generally include a collection notice, or a clear link to it, on the form.
Where the CPA Australia Group collects information about you from a third party, our policy is to take reasonable steps to make sure that you are made aware of the collection details listed above and, if you may not be aware that that we have collected the information, of the fact and circumstances of the collection.
4.3. Unsolicited information
Unsolicited personal information is personal information the CPA Australia Group receives that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, the CPA Australia Group’s policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
5. Disclosure of personal information to third parties
Under the CPA Australia Group’s policy, personal information may be disclosed to the following third parties where appropriate for the purposes set out under heading 2 above:
- financial institutions for payment processing
- persons involved in external dispute resolution involving the CPA Australia Group
- universities and other educational service providers involved with or engaged by CPA Australia for the CPA Program and other professional programs
- CPA Australia Member Benefits partners and sponsors (so that they can provide members with information about their products and services)
- a CPA Australia Member's employer (including to confirm membership status and provide educational program results where the employer or CPA Australia subsidises some or all of the individual's CPA Program fees) or under the Recognised Employer Program
- a University Tuition Provider (to provide education program results if the Member is concurrently enrolled in a post-graduate qualification with the tuition provider)
- international accounting bodies with which we have Mutual Recognition Agreements (for example, to confirm a CPA Australia Member's membership status)
- members of CPA Australia committees (such as Divisional Councils, advisory committees, member and discussion groups formed to consider topics of interest to the accounting profession)
- regulatory bodies for Anti-Money Laundering and Counter-Terrorism, and combatting fraud and other crime, in compliance with legislative requirements
- bodies such as the Financial Ombudsman Service for the resolution of complaints and disputes
- ASIC and similar bodies to comply with our legal obligations
- in the context of immigration and citizenship, to government and regulatory bodies such as the Department of Home Affairs and the Department of Education and Training; and to an individual's migration agent (in connection with applications for General Skills Migration)
- if you are participating in the Malaysian Uni-Qualified Fund, to TalentCorp Malaysia Berhad in accordance with the requirements of that Fund
- referees whose details are provided to us by job applicants
- third parties who have complained about Members (including to advise them of the conduct and outcome of the complaint)
- the CPA Australia Group’s contracted service providers, including:
- information technology service providers
- publishers of our newsletters, student handbooks and course material
- conference organisers
- marketing and communications agencies
- call centres and call training centres (including the third party that conducts member surveys on our behalf)
- mailing houses, freight and courier services
- printers and distributors of direct marketing material
- external business advisers (such as recruitment advisers, auditors and lawyers); and
- transcript recording service providers, in relation to disciplinary proceedings
- law enforcement and regulatory bodies as required by law
- as required or authorised by or under an Australian law or the order of an Australian court or tribunal
- other professional bodies of which a CPA Australia member is also a member in relation to disciplinary proceedings.
In the case of these contracted service providers, the CPA Australia Group may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
The CPA Australia Group’s holds numerous events, such as CPA Australia Congress.Third party sponsors and exhibitors help us defray the costs of staging such events. Commonly, such sponsors and exhibitors conduct competitions and similar activities at those events. Where attendees indicate their consent expressly or by their actions, the CPA Australia Group may facilitate the process by which such information as the name, title, corporate affiliation and contact details of consenting participants to sponsors and exhibitors for follow up marketing by those sponsors and exhibitors.
Personal information may also be disclosed to third parties with the consent of the record subject.
6. Cross border disclosure of personal information
CPA Australia has members in more than 125 countries and regions, operates in a number of international jurisdictions, including Mainland China China, Hong Kong, Vietnam, Singapore, Malaysia, Indonesia, New Zealand and the United Kingdom. These overseas offices are part of CPA Australia. Disclosure of personal information to these countries may occur in the normal course of CPA Australia’s business.
Under heading 5 above, we set out a wide variety of situations in which personal information may be disclosed. In some of those situations, the disclosure may be to parties located overseas, for example:
- to international accounting bodies with which we have Mutual Recognition Agreements (for example, to confirm a member's membership status)
- to members of CPA Australia committees (such as Divisional Councils, advisory committees, member and discussion groups formed to consider topics of interest to the accounting profession) who are located overseas
- if you are participating in the Malaysian Uni-Qualified Fund, to TalentCorp Malaysia Berhad in accordance with the requirements of that Fund; and
- to referees whose details are provided to us by job applicants.
The CPA Australia Group may also disclose personal information to third parties located overseas in the following situations and analogous situations:
- member's names and relevant addresses may be provided to a direct mail provider in Hong Kong, which assists the Bank of East Asia (one of our member benefits partners and sponsors) to send marketing material to our members
- member details may be disclosed to international accounting bodies with whom we have Mutual Recognition Agreements for example if a member applies for a reciprocal membership
- details of members who undertake our Singapore Taxation Workshop are provided to the Tax Academy of Singapore, for exam administration and management purposes;
- details of members may be disclosed to the New Zealand Financial Markets Authority and the Registrar of Companies in accordance with CPA Australia’s accreditation under the Auditor Regulation Act 2011 (New Zealand)
- where CPA Australia members are located in one of the international jurisdictions in which CPA Australia operates, any disciplinary proceedings are likely to be conducted in the relevant jurisdiction. Information relevant to the proceedings, including personal information may be disclosed to panel members located overseas
- likewise, examinations are conducted in the international jurisdictions in which CPA Australia operates. Personal information about candidates may be disclosed to a third party contracted to conduct such examinations
- members in overseas locations are advised of complaints made against them and responses are sought from such members
- personal information may be sent to members of disciplinary tribunals in overseas locations; and
- information about individuals applying for General Skills Migration may be disclosed to their migration agents, who may be located anywhere around the world.
In each case, the CPA Australia Group’s policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.
7. Use of government related identifiers
The CPA Australia Group’s policy is to not:
- use a government related identifier of an individual (such as a Medicare number or driver's licence number) as our own identifier of individuals;
- otherwise use or disclose such a government related identifier; and
- unless this is permitted by the Privacy Act (for example, where the use or disclosure is required or authorised by or under an Australian law or a court or tribunal order).
8. Data quality and security
The CPA Australia Group holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. The CPA Australia Group’s policy is to take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
You can also help us keep your information up to date; by letting us know about any changes to your personal information, such as your email address or phone number. If you are a member, you can easily review and update your information on an on-going basis, through our online "Update my profile" page.
The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.
The CPA Australia Group processes assessment, membership and other payments using EFTPOS and online technologies. CPA Australia’s policy is to ensure that all transactions processed by the CPA Australia Group meet industry security standards to ensure payment details are protected.
While the CPA Australia Group strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online: you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact the CPA Australia Group by phone or post.
You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
Third party websites
9. Access and correction of your personal information
Individuals have a right to request access to the personal information that the CPA Australia Group holds about them and to request its correction. To the extent that we are governed by the European General Data Privacy Regulation, you have a right to “be forgotten”.
9.1. Members and prospective members
CPA Australia members and prospective members can readily access and correct their own personal information, including changing their communication preferences, by visiting the "Update my profile" page on the CPA Australia website.
For any personal information that can't be accessed and corrected through "Update my profile", CPA Australia members and prospective members can follow the access and correction procedures for non-members (set out under the next heading).
If you are not a CPA Australia member, you can contact our Privacy Officer (details under heading 12 below) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.
The CPA Australia’s Group’s policy is to provide you with access to your personal information, subject to some exceptions permitted by law. We may provide access in the manner that you have requested provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you. Our fees are modelled on the fees applying to Australian Government Departments for FOI.
If you ask the CPA Australia Group to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, the CPA Australia Group’s policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If the CPA Australia Group corrects personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, the CPA Australia Group’s policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.
Timeframe for access and correction requests
Except in the case of more complicated requests, the CPA Australia Group will endeavour to respond to access and correction requests within 30 days.
What if we refuse your request for access or correction?
If the CPA Australia Group refuses your access or correction request, or if we refuse to give you access in the manner you requested, the CPA Australia Group’s policy is to provide you with a written notice setting out:
- the reasons for our refusal (except to the extent that it would be unreasonable to do so); and
- available complaint mechanisms.
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.
If you have a complaint about how the CPA Australia Group has collected or handled your personal information, please contact our Privacy Officer (details under heading 12 below).
Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within one week.
If your complaint can't be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which details (for example) the date, time and circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how would you like your complaint resolved.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.
Our response will set out:
- what action, if any, CPA Australia will take to rectify the situation.
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
11. Retention of personal data
All personal data that has been collected from you by the CPA Australia Group will only be kept for a limited duration that is relevant to the purpose for which your personal data is to be used and for as long as required by applicable law.
12. Further information
Please contact the CPA Australia Group if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details for privacy queries and complaints are set out below.
The CPA Australia Group
Level 20, 28 Freshwater Place
Southbank VIC 3006
P: + 61 3 9606 9997
F: +61 3 9602 1163
13. Changes to this policy