Chartered Accountants Australia and New Zealand (ABN 50 084 642 571), and its subsidiaries (each CA ANZ, we, us or our), respects your privacy and is committed to protecting your personal information.We deal with personal information in accordance with the Privacy Act 1988 (Cth), the Privacy Act 1993 (New Zealand) (each a Privacy Act) and the Australian Privacy Principles. We also comply with the Spam Act 2003 (Cth) and the Unsolicited Electronic Communications Act 2007 (New Zealand) which impose restrictions on sending commercial electronic messages.
- personal information means any information
or an opinion (including information or an opinion forming part of a database),
whether true or not, and whether recorded in a material form or not, about an
individual whose identity is apparent, or can reasonably ascertained from the
information or opinion. Examples of this include your name, address,
birth date, or email address;
- sensitive information means personal information about things such as your membership of professional associations, race, ethnic origin, political affiliation, religion, sexual orientation, biometric information and health information.
2. Privacy guidelines for our members, students and other parties
2.1. What kinds of personal information do we collect and hold?
The personal information that we may collect and hold about you includes your name, business and personal postal and street addresses, e-mail addresses, telephone numbers and any other contact information, place and date of birth, gender, qualifications, education (including transcripts), employment details, practice details, recommendation and reference letters (including letters of good standing), the languages you speak, social media information, information you make available via social media websites or post in a CA ANZ Facebook Group, information relating to the complaints, enquiries and/or referrals you have made to us and any complaints, enquiries and/or referrals made about you, records of some of your communications and other interactions with us (including where we record the phone calls you make to us), the information collected during any disciplinary investigations or other action, information about audits performed on your business/practice, payment information (including history and any subscriptions) and your membership information generally, including your membership history and activities and details of service on boards, committees and councils.
We may also collect sensitive information (which is a form of personal information) from you and/or third parties whether in Australia, New Zealand or elsewhere with your consent which includes health information about you (including dietary requirements and religious beliefs where those beliefs are relevant to your dietary requirements), information about whether you are a member of a professional or trade association, your criminal record, religious beliefs or affiliation, philosophical beliefs, racial or ethnic origin, political opinions and other sensitive information (to the extent it is reasonably necessary for one or more of our functions or activities).
2.2. How do we collect your personal information?
We collect personal information about you when it is reasonably necessary for one or more our activities or functions. This personal information is collected in a number of ways, including:
- When you enrol or register (including online) for a course, program or event (offered by or on behalf of CA ANZ), when you visit, use or register on our websites or social media accounts, join (or request to join), post in or otherwise contribute to a CA ANZ Facebook Group or CA ANZ social media page, apply for, enquire about or request services or products, when you complete a survey, apply to become a member or specialist; enter into a competition, apply for a scholarship, when you call us (including where such phone calls are recorded by us) or otherwise contact, do business or interact with us;
- From enrolment, registration, subscription or application forms, phone calls, faxes, e-mails, SMS, social media, letters and other documents provided to us (including from members, students, employers, professional bodies, regulators, government and statutory bodies, members of the public and other parties in Australia, New Zealand, or elsewhere) and in person;
- From third parties (for example letters of recommendation or good standing, complaints and other information relevant to membership of CA ANZ), including from external payment providers, professional bodies (for example under reciprocal arrangements), regulators and government and statutory bodies and through acquired contact lists, with your consent (unless it would be unreasonable or impracticable to obtain your consent);
- When you apply for work or to otherwise perform services at or for CA ANZ; and
- Through acquired contact lists.
2.3. What would happen if we did not collect your personal information?
Without your personal information, we may not be able to contact you or otherwise interact with you, process your application, registration or request, perform our legal and other functions, obligations and responsibilities, administer our complaints service, the candidate and member conduct and disciplinary process, mediation service, president nomination service or any other functions, or provide you with some or all of our services and products.
2.4. Use of personal information
We generally collect, hold, use and disclose personal information for:
- Processing and assessing student, membership, specialisation and other applications, enrolments, requests and renewals, updating personal and business details and profiles, fulfilling an order or request for information, product or service (including confirming and/or processing payments for the same);
- Fulfilling our role as a professional body by maintaining candidate, membership and related records, providing information on candidate and member services, products and benefits, conducting research and public advocacy relevant to members;
- Sending out subscription renewals, voting papers and other information relevant to the functions, responsibilities and obligations of CA ANZ, including under our Charter, By-laws, Regulations, codes, policies, practices or guidelines;
- For promotional and marketing purposes, including sending you information about CA ANZ’s services, products, training and events;
- Communicating on any matters relevant to the Chartered Accountants Program, membership of CA ANZ, accreditation or specialisation with CA ANZ and any other programs, opportunities or transactions with us;
- Monitoring, moderating and improving CA ANZ Facebook Groups or CA ANZ social media pages;
- Assessing suitability for employment or the provision of services by independent contractors;
- Assessing suitability for appointment to a committee or council of CA ANZ;
- Dealing with other bodies and fulfilling our contractual and other obligations, including with overseas bodies (for instance where we may have reciprocity arrangements, relating to or confirming your status and standing with CA ANZ, including your status as a member or former member) and external payment providers;
- Creating de-identified data sets (which no longer contain personal information) which may be used and analysed by CA ANZ and/or shared with trusted third parties;
- Conducting, managing and reporting on quality assurance reviews and audits;
- Managing complaints and the candidate and member conduct and disciplinary process and functions of CA ANZ, including undertaking investigations and implementing disciplinary procedures associated with professional conduct and responsibility and providing information to Australian and overseas regulators and government and statutory bodies (such as the Australian Securities and Investments Commission);
- Conducting competitions;
- Providing and managing scholarships and other charitable assistance, including providing information to our foundation and benevolent funds;
- Organising and hosting training and events (including with third parties);
- Providing products and services, including training and events, or information relating to such products and services;
- Assessing and improving our services to customers, as well as for training and quality purposes, including where we monitor, record and analyse phone calls and other communications between you and us;
- A purpose directly related to any of the purposes identified above; and
- Providing information to third parties as authorised or required by law (including a Privacy Act) or a court/tribunal order.
2.5 Disclosure of personal information
Types of disclosure
- Confirm enrolment, membership, prior membership, accreditation or specialisation to the public (including professional and government and statutory bodies) by disclosing personal information to members of the public;
- Disclose personal information to third parties that include employers of students and members, local and international professional bodies, external payment providers, law enforcement bodies, government and statutory bodies and regulators, including the Australian Securities and Investment Commission and the New Zealand Companies Office;
- Disclose your personal information to another entity within the CA ANZ corporate group, in order to facilitate the provision of products and services to you (for example, disclosing your contact information to a CA ANZ overseas group member if you are going overseas), in order to manage, coordinate and facilitate our global operations or because that CA ANZ corporate group member is responsible for the provision of backend services to CA ANZ (for example technical or marketing services);
- Disclose details of membership in relation to the liability capping scheme, including confirming possession of a certificate of public practice, or whether an entity is a practice entity member, where required to support the administration of the scheme;
- Disclose personal information to CA ANZ committees, sub-committees, panels, local leadership teams, special interest groups, discussion groups, working groups, tribunals and councils, which may or may not be comprised of members of CA ANZ;
- Disclose a member's practice and/or business details, including address, email, telephone and other practice/business information if provided (unless specifically advised not to) to the public;
- Disclose personal information about students to tertiary and academic institutions which those students attend or have attended and to the student's employer or mentor;
- Disclose student personal information to fellow students in order to facilitate team learning activities for the purposes of a CA ANZ program or educational course;
- Disclose student personal information to members of CA ANZ appointed to the roles of mentors, facilitators, leaders and assessors in delivery of a CA ANZ program or educational course;
- Disclose personal information to vendors,
suppliers, business partners and other third parties associated with CA ANZ in
order to carry out the operation of our business such as:
- enabling a particular product or service to be fulfilled including for the purpose of processing payments;
- conducting marketing and business analysis, such as third party providers undertaking surveys on our behalf; and
- investigating or determining and/or for the purposes of CA ANZ’s disciplinary proceedings a complaint or organising mediation of a dispute;
- Disclose the details of a mediation and/or dispute being facilitated by or on behalf of CA ANZ, including all information related to the mediation or dispute, to each of the parties involved, the mediator and any other relevant parties;
- Disclose the personal information of employment and contractor applicants to recruiters and recruiting personnel for the purpose of assessing suitability for employment or contract work;
- Disclose or publish a list of our candidates, members and practice entities (to which we have issued a certificate of public practice), including limited personal information such as name, member status and contact information, as well as areas of specialisation, accreditation and other relevant qualifications where these have been provided to us for the purposes of disclosure or publication;
- Disclose personal information to third parties in order to mitigate a serious data breach; and
- Disclose personal information to government and statutory bodies and authorities where required or authorised by Australian or New Zealand law (including a Privacy Act) or a court/tribunal order.
We may from time-to-time disclose your Personal Information to an entity located in another country where we are permitted to do so under a Privacy Act.
The recipients of such information are likely to be located in New Zealand, Australia, the United Kingdom, Ireland, United States of America, Hong Kong, China, Singapore, Canada, South Africa, India, Indonesia or Malaysia, but recipients may be located in other countries also.
Unless we reasonably believe the overseas recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles, we will take reasonable steps where practicable in the circumstances to ensure that the overseas recipient does not breach the relevant Australian Privacy Principles in relation to your Personal Information.
However, this may not always be achievable and, by acquiring our products or services or providing us with your Personal Information, you expressly consent to the collection, processing, use, disclosure, transfer and storage of your Personal Information outside of Australia where we are not able to ensure the recipient’s compliance with the Australian Privacy Principles. We are required to inform you in relation to this consent that if an overseas recipient handles your Personal Information in breach of the Australian Privacy Principles, the entity will not be accountable under a Privacy Act and you will not be able to seek redress under a Privacy Act. If you do not wish to provide this consent, you should not acquire the relevant products and services from us.
2.6 Access and correction of personal information
Individuals may request access to their personal information and request its correction by writing to CA ANZ’s Privacy Officer (details below).
We will in most cases provide an individual access to their personal information. There are some exceptions where this access may be denied, namely where:
- Providing access may have an unreasonable impact on the privacy of other individuals;
- Providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, CA ANZ or an enforcement body;
- Providing access would reveal the intentions of CA ANZ in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in; and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- Giving access would reveal evaluative information generated within CA ANZ in connection with a commercially sensitive decision-making process;
- We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- The request for access is frivolous or vexatious; or
- Where we are otherwise permitted by a Privacy Act to do so.
To request access and seek the correction of, personal information held by CA ANZ or NZICA, please contact:
Chartered Accountants Australia and New Zealand
33 Erskine Street
Sydney NSW 2000
P: 1300 137 322
2.7 Security of Personal Information
CA ANZ holds the personal information it collects on electronic databases and in hard copy records. We take reasonable steps to protect the security of personal information against the loss, misuse, interference and/or unauthorised access, disclosure or alteration of information under our control. These security measures include:
- Firewalls - to prevent the hacking of our database;
- Clauses in employee agreements requiring confidentiality and training on the importance of the privacy legislation;
- Appropriate security access to CA ANZ premises, staff and systems;
- The use of passwords for access to database information and the use of security levels within the database to ensure that staff only access the information required to perform their duties; and
- Security bins for the disposal of written information.
Where appropriate, we use secure transmission facilities. However, no transmission of information over the Internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the Internet.
3. Cookies and other technologies
CA ANZ websites collect other information that may or may not be personal information. Each time you visit a CA ANZ website, its server automatically recognises and stores your “address” (e.g. your domain name or internet protocol address), the type of internet browser you are using, the address of the site that “referred” you to the CA ANZ website and “clickstream data” (i.e. data about the way you’re interacting with the website, including what you’re clicking on).
3.2. What is a cookie?
In addition, CA ANZ uses “cookies” to collect data about the usage of our websites. A cookie is a small text file that is placed on your computer, smartphone or other internet-enabled device. Most web browsers are set by default to accept cookies.
3.4. The types of cookies we use
Specifically, CA ANZ uses the following cookies:
- Strictly necessary cookies that are required for the operation of our website, such as cookies that enable you to log into secure areas of our website (for example, members only areas).
- Analytical cookies which recognise and count the number of users to our websites and help CA ANZ see how users move around our websites.
- Functionality cookies which are used to recognise when you return to our website and assist us to personalise your content and website experience by remembering your preferences.
- Targeting cookies which are used to record your visit to our website, the pages you have visited and the links you have followed.
3.5 Third Party Cookies and technologies
Third party cookies are sent by businesses that provide content, like advertising, on web sites that you visit.
To try and bring you offers and advertisements that are of interest to you, CA ANZ has relationships with third party companies including, Google, Adobe Analytics, Facebook, LinkedIn and other providers (Third Party Providers) that allow them to place advertisements on web pages (Third Party Cookies).
These Third Party Providers may:
- use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from CA ANZ’s websites and elsewhere on the internet;
- compare de-identified information from CA ANZ with information collected elsewhere on the internet; and
- use that information to provide measurement services and target ads to you.
CA ANZ also uses Google Analytics to gather statistical information on how users interact with our websites.
3.6 How you can control advertising cookies
One of the sites that let you control what information is collected about you is Your Online Choices (www.youronlinechoices.com.au).
4. Privacy concerns
If you would like any further information about our handling of personal information or to make a complaint about something you believe breaches a Privacy Act, please lodge a written complaint addressed to our Privacy Officer using the contact details above. Once we receive your complaint, we will respond to your complaint within a reasonable period of time, usually within 20 working days.
If you are unsatisfied with the handling of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the Office of the Australian Information Commissioner (OAIC) (AUS) or the Office of the Privacy Commissioner (OPC) (NZ) for a review of your complaint.
Annexure 1 - CA Kairos Special Conditions
B. The CA Kairos portal is the secure gateway to a variety of different applications and workspaces. Access is granted by way of registration and verified thereafter by way of authentication.
C. The personal information we collect in connection with your registration and access to CA Kairos will vary depending on your activities. It is likely to include your username, your password, your membership number, your name, your email, data on your behaviour and your business, accounting data, practice documents and client financial data, and your educational achievements.
D. We will collect any authentication personal information via the registration landing page at CA Kairos. We will only collect this information once and you will be required to verify it in order to login. We may take steps to verify the personal information you provide to us, but we will not automatically do so as a matter of course.
E. Because CA Kairos is behind a secure gateway, if you do not provide this personal information to us you will not be able to access these services.
F. We will collect any other personal information pursuant to your interactions with us via the CA Kairos portal, for example pursuant to your uploading or inserting particular information into a particular application. Because most of the applications are provided on a software-as-a-service basis, you should presume that anything you insert or upload will be collected and stored by us as part of our business continuity and disaster recovery procedures.
G. If you do not provide this latter category of personal information to us, in most cases you will still be able to access the CA Kairos portal (for example, certain free services (if any)), however your user experience may be reduced and/or you may experience decreased functionality.
I. We will use your personal information primarily for authenticating your access to CA Kairos and providing the relevant services to you. Because CA Kairos is hosted on a third party platform (and includes access to third party applications), we may disclose your personal information to those third parties to facilitate your access.
J. We (or those third party suppliers) may also disclose your personal information overseas in connection with the hosting and operation of CA Kairos, and any back-up or disaster recovery procedures.