Privacy policy

Last updated: 7 November 2016

Chartered Accountants Australia and New Zealand (ABN 50 084 642 571), and its subsidiaries (each CA ANZ, we, us or our), respects your privacy and is committed to protecting your personal information.

We deal with personal information in accordance with the Privacy Act 1988 (Cth), the Privacy Act 1993 (New Zealand) (each a Privacy Act) and the Australian Privacy Principles. We also comply with the Spam Act 2003 (Cth) and the Unsolicited Electronic Communications Act 2007 (New Zealand) which impose restrictions on sending commercial electronic messages.

This Privacy Policy describes how we deal with information we collect and demonstrates our commitment to the protection of your privacy. By interacting with CA ANZ, you acknowledge that we may collect, store, use, and disclose your personal information in the matter set out in this Privacy Policy.

This Privacy Policy applies to this websiteand to any other website, application or service operated by or on behalf of CA ANZ or which includes a link to this Privacy Policy (referred to collectively as the Site). Where you access our CA Kairos portal via, you acknowledge that the Kairos Special Conditions in Annexure 1 to this Privacy Policy also apply to your personal information.

1. Meaning of terms used in this Privacy Policy

In this Privacy Policy:

  • personal information means any information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably ascertained from the information or opinion. Examples of this include your name, address, birth date, or email address; and
  • sensitive information means personal information about things such as your membership of professional associations, race, ethnic origin, political affiliation, religion, sexual orientation, biometric information and health information.

2. Privacy guidelines for our members, students and other parties

2.1. What kinds of personal information do we collect and hold?

The personal information that we may collect and hold about you includes your name, business and personal postal and street addresses, e-mail addresses, telephone numbers and any other contact information, place and date of birth, gender, qualifications, education (including transcripts), employment details, practice details, recommendation and reference letters (including letters of good standing), the languages you speak, social media information, information relating to the complaints, enquiries and/or referrals you have made to us and any complaints, enquiries and/or referrals made about you, records of some of your communications and other interactions with us, the information collected during any disciplinary investigations or other action, information about audits performed on your business/practice, payment information (including history) and your membership information generally, including your membership history and activities and details of service on boards, committees and councils. We may also collect sensitive information (which is a form of personal information) from you and/or third parties whether in Australia, New Zealand or elsewhere with your consent which includes health information about you (including dietary requirements and religious beliefs where those beliefs are relevant to your dietary requirements), information about whether you are a member of a professional or trade association, your criminal record, religious beliefs or affiliation, philosophical beliefs, racial or ethnic origin, political opinions and other sensitive information (to the extent it is reasonably necessary for one or more of our functions or activities).

2.2. How do we collect your personal information?

We collect personal information about you when it is reasonably necessary for one or more our activities or functions. This personal information is collected in a number of ways, including:

  • When you enrol or register (including online) for a course, program or event (offered by or on behalf of CA ANZ), when you visit, use or register on the Site or social media accounts, apply for, enquire about or request services or products, when you complete a survey, apply to become a member or specialist; enter into a competition, apply for a scholarship, or otherwise contact, do business or interact with us;
  • From enrolment, registration, subscription or application forms, phone calls, faxes, e-mails, SMS, social media, letters and other documents provided to us (including from members, students, employers, professional bodies, regulators, government and statutory bodies, members of the public and other parties in Australia, New Zealand, or elsewhere) and in person;
  • From third parties (for example letters of recommendation or good standing, complaints and other information relevant to membership of CA ANZ), including from professional bodies (for example under reciprocal arrangements), regulators and government and statutory bodies and through acquired contact lists, with your consent (unless it would be unreasonable or impracticable to obtain your consent);
  • When you apply for work or to otherwise perform services at or for CA ANZ; and
  • Through acquired contact lists.

2.3. What would happen if we did not collect your personal information?

Without your personal information, we may not be able to contact you or otherwise interact with you, process your application, registration or request, perform our legal and other functions, obligations and responsibilities, administer our complaints service, the candidate and member conduct and disciplinary process, mediation service, president nomination service or any other functions, or provide you with some or all of our services and products.

2.4. Use of personal information

We generally collect, hold, use and disclose personal information for:

  • Processing and assessing student, membership, specialisation and other applications, enrolments, requests and renewals, updating personal and business details and profiles, fulfilling an order or request for information, product or service;
  • Fulfilling our role as a professional body by maintaining candidate, membership and related records, providing information on candidate and member services, products and benefits, conducting research and public advocacy relevant to members;
  • Sending out subscription renewals, voting papers and other information relevant to the functions, responsibilities and obligations of CA ANZ, including under our Charter, By-laws, Regulations, codes, policies, practices or guidelines;
  • For promotional and marketing purposes, including sending you information about CA ANZ’s services, products, training and events;
  • Communicating on any matters relevant to the Chartered Accountants Program, membership of CA ANZ, accreditation or specialisation with CA ANZ and any other programs, opportunities or transactions with us;
  • Assessing suitability for employment or the provision of services by independent contractors;
  • Assessing suitability for appointment to a committee or council of CA ANZ;
  • Dealing with other bodies and fulfilling our contractual and other obligations, including with overseas bodies (for instance where we may have reciprocity arrangements, relating to or confirming your status and standing with CA ANZ, including your status as a member or former member);
  • Conducting, managing and reporting on quality assurance reviews and audits;
  • Managing complaints and the candidate and member conduct and disciplinary process and functions of CA ANZ, including undertaking investigations and implementing disciplinary procedures associated with professional conduct and responsibility and providing information to Australian and overseas regulators and government and statutory bodies (such as the Australian Securities and Investments Commission);
  • Conducting competitions;
  • Providing and managing scholarships and other charitable assistance, including providing information to our foundation and benevolent funds;
  • Organising and hosting training and events (including with third parties);
  • Providing products and services, including training and events, or information relating to such products and services;
  • A purpose directly related to any of the purposes identified above; and
  • Providing information to third parties as authorised or required by law (including the Privacy Act) or a court/tribunal order.

You may notify us at any time that you do not want us to use your personal information for direct marketing messages by contacting us using the contact details set out in this Privacy Policy or contacting the Privacy Officer (details below). For direct marketing messages (i.e. commercial electronic messages) that are subject to the Unsolicited Electronic Messages Act 2007 (New Zealand) and which are not subject to the Spam Act 2003 (Cth), you agree, pursuant to section 11(2) of the Unsolicited Electronic Messages Act 2007 (New Zealand), that the person sending such direct marketing messages need not include a functional unsubscribe facility in those messages. The Site may contain hyperlinks to website operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites collect, store, use, or distribute any personal information you provide. When you visit third party websites from hyperlinks displayed on the Site, we encourage you to review the privacy policies of those websites so that you can understand how the personal information you provide may be collected, stored, used and distributed.

2.5 Disclosure of personal information

We will not use or disclose your personal information except in accordance with this Privacy Policy or a Privacy Act. We will typically:

  • Confirm enrolment, membership, prior membership, accreditation or specialisation to the public (including professional and government and statutory bodies) by disclosing personal information to members of the public;
  • Disclose personal information to third parties that include employers of students and members, local and international professional bodies, law enforcement bodies, government and statutory bodies and regulators, including the Australian Securities and Investment Commission and the New Zealand Companies Office;
  • Disclose personal information about you to overseas recipients. The recipients of such information are likely to be located in New Zealand, Australia, the United Kingdom, Ireland, United States of America, Hong Kong, China, Singapore, Canada, South Africa, India, Indonesia and Malaysia, including contact information to CA ANZ overseas member groups if you are going overseas;
  • Disclose details of membership in relation to the liability capping scheme, including confirming possession of a certificate of public practice, or whether an entity is a practice entity member, where required to support the administration of the scheme;
  • Disclose personal information to CA ANZ committees, tribunals and councils, which may or may not be comprised of members of CA ANZ;
  • Disclose a member's practice and/or business details, including address, email, telephone and other practice/business information if provided (unless specifically advised not to) to the public;
  • Disclose personal information about students to tertiary and academic institutions which those students attend or have attended and to the student's employer or mentor;
  • Disclose student personal information to fellow students in order to facilitate team learning activities for the purposes of a CA ANZ program or educational course;
  • Disclose student personal information to members of CA ANZ appointed to the roles of mentors, facilitators, leaders and assessors in delivery of a CA ANZ program or educational course;
  • Disclose personal information to vendors, suppliers, business partners and other third parties associated with CA ANZ in order to enable a particular product or service to be fulfilled including for the purpose of investigating or determining and/or for the purposes of CA ANZ’s disciplinary proceedings a complaint or organising mediation of a dispute;
  • Disclose the details of a mediation and/or dispute being facilitated by or on behalf of CA ANZ, including all information related to the mediation or dispute, to each of the parties involved, the mediator and any other relevant parties;
  • Disclose the personal information of employment and contractor applicants to recruiters and recruiting personnel for the purpose of assessing suitability for employment or contract work;
  • Disclose or publish a list of our candidates, members and practice entities (to which we have issued a certificate of public practice), including limited personal information such as name, member status and contact information, as well as areas of specialisation, accreditation and other relevant qualifications where these have been provided to us for the purposes of disclosure or publication.
  • Disclose personal information to third parties in order to mitigate a serious data breach.
  • Disclose personal information to government and statutory bodies and authorities where required or authorised by Australian or New Zealand law (including a Privacy Act) or a court/tribunal order.

2.6 Use of the Site

We may also collect information about you through your use of the Site. For example, we may log the following details when you use the Site:

  • your server address, operating system, top level domain name and the type of browser or device you use;
  • the date and time of the visit to the Site and whether you have visited it previously; and
  • what pages of the Site you access and what you download.

Generally, the type of information collected through your use of the Site is not personal information unless, for example, you email us with a suggestion, comment or query about the Site. Any information we collect through your use of the Site may be used to help us improve the Site by tailoring it to better suit your needs and to provide quicker and more effective access to the various components of the Site. If you email us with a suggestion, comment or query we may use the personal information provided to respond to you. We may also use or disclose information gathered via your use of the Site to other persons for these purposes or for related purposes, including to information technology companies, located locally or overseas, who assist us in constructing, designing and maintaining the Site.

2.7 Cookies

We may use “cookies” while you are visiting the Site. Cookies are small files which are stored on your hard drive. There are two different types of cookies. Session cookies are temporary and erased when you close your browser. Persistent cookies remain on your hard drive until you erase them or they expire. We may use persistent cookies to recognise previous visitors when they return but only the cookie on your computer is identified. Most web browsers can be set to prevent you from receiving new cookies, notify you before accepting cookies or disable cookies altogether. The instructions for this can often be found via your browser’s Help function. You can delete cookies already on your hard drive at any time. If you choose to disable cookies, this may result in a reduced availability of the services provided by the Site.

2.8 Access and correction of personal information

Individuals may request access to their personal information and request its correction by writing to CA ANZ’s Privacy Officer (details below).

We will in most cases provide an individual access to their personal information. There are some exceptions where this access may be denied, namely where:

  • Providing access may have an unreasonable impact on the privacy of other individuals;
  • Providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, CA ANZ or an enforcement body;
  • Providing access would reveal the intentions of CA ANZ in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • We have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in; and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
  • Giving access would reveal evaluative information generated within CA ANZ in connection with a commercially sensitive decision-making process;
  • We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • The request for access is frivolous or vexatious; or
  • Where we are otherwise permitted by a Privacy Act to do so.

To request access and seek the correction of, personal information held by CA ANZ, please contact:

Privacy Officer
Chartered Accountants Australia and New Zealand
33 Erskine Street Sydney NSW 2000
P: 1300 137 322

2.9 Security of Personal Information

CA ANZ holds the personal information it collects on electronic databases and in hard copy records. We take reasonable steps to protect the security of personal information against the loss, misuse, interference and/or unauthorised access, disclosure or alteration of information under our control. These security measures include:

  • Firewalls - to prevent the hacking of our database;
  • Clauses in employee agreements requiring confidentiality and training on the importance of the privacy legislation;
  • Appropriate security access to CA ANZ premises, staff and systems;
  • The use of passwords for access to database information and the use of security levels within the database to ensure that staff only access the information required to perform their duties; and
  • Security bins for the disposal of written information.

Where appropriate, we use secure transmission facilities. However, no transmission of information over the Internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the Internet.

3. Privacy concerns

If you would like any further information about our handling of personal information or to make a complaint about something you believe breaches a Privacy Act, please lodge a written complaint addressed to our Privacy Officer using the contact details above. Once we receive your complaint, we will respond to your complaint within a reasonable period of time, usually 30 days.

If you are unsatisfied with the handling of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the Office of the Australian Information Commissioner (OAIC) (AUS) or the Office of the Privacy Commissioner (OPC) (NZ) for a review of your complaint.

4. Variations to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time by publishing an updated version of this Privacy Policy on the Site, after which, your continued use of the Site or your provision of any further personal information will indicate your acknowledgement to the modified terms of this Privacy Policy.

Annexure 1 - CA Kairos Special Conditions

A. These CA Kairos Special Conditions apply where you register for and use the CA Kairos portal. They apply in addition to the general provisions of our Privacy Policy and prevail to the extent of any inconsistency.

B. The CA Kairos portal is the secure gateway to a variety of different applications and workspaces. Access is granted by way of registration and verified thereafter by way of authentication.

C. The personal information we collect in connection with your registration and access to CA Kairos will vary depending on your activities. It is likely to include your username, your password, your membership number, your name, your email, data on your behaviour and your business, accounting data, practice documents and client financial data, and your educational achievements.

D. We will collect any authentication personal information via the registration landing page at CA Kairos. We will only collect this information once and you will be required to verify it in order to login. We may take steps to verify the personal information you provide to us, but we will not automatically do so as a matter of course.

E. Because CA Kairos is behind a secure gateway, if you do not provide this personal information to us you will not be able to access these services.

F. We will collect any other personal information pursuant to your interactions with us via the CA Kairos portal, for example pursuant to your uploading or inserting particular information into a particular application. Because most of the applications are provided on a software-as-a-service basis, you should presume that anything you insert or upload will be collected and stored by us as part of our business continuity and disaster recovery procedures.

G. If you do not provide this latter category of personal information to us, in most cases you will still be able to access the CA Kairos portal (for example, certain free services (if any)), however your user experience may be reduced and/or you may experience decreased functionality.

H. The CA Kairos portal is provided in conjunction with a range of third parties. This might be because certain applications are owned and licensed by third parties, or because the underlying platform and infrastructure is owned or operated by third parties. Collection of your personal information by these parties is an inherent part of our CA Kairos service. Additional third party privacy policies and practices may apply. We are not responsible for those third parties, nor the manner in which they collect, store, use or disclose your personal information. We encourage you to review any such privacy policies to help you understand how they will treat your personal information.

I. We will use your personal information primarily for authenticating your access to CA Kairos and providing the relevant services to you. Because CA Kairos is hosted on a third party platform (and includes access to third party applications), we may disclose your personal information to those third parties to facilitate your access.

J. We (or those third party suppliers) may also disclose your personal information overseas in connection with the hosting and operation of CA Kairos, and any back-up or disaster recovery procedures.