Global Privacy Policy

Chartered Accountants Australia and New Zealand (ABN 50 084 642 571) (CA ANZ), its subsidiaries and the New Zealand Institute of Chartered Accountants, a regulatory body established under the New Zealand Institute of Chartered Accountants Act 1996 (NZ) and controlled by CA ANZ (each, we, us or our), respects your privacy and is committed to protecting your personal information.

For the purposes of applicable data protection laws, we are the controller.

This Privacy Policy applies to all personal information collected by us, or submitted to us, whether offline or online, including personal information collected or submitted through our websites (our Websites) and any mobile sites, applications, widgets and other mobile interactive features (collectively, our Apps), through our official social media pages that we control (our Social Media Pages) as well as through HTML-formatted email messages that we send to you (collectively, including the Social Media Pages, Apps and Websites, the Sites).

This Privacy Policy describes how we deal with information we collect and demonstrates our commitment to the protection of your privacy. By visiting the Sites and otherwise providing personal information to us, you are accepting and consenting to the practices described in this Privacy Policy. If you do not agree with any of the terms of this Privacy Policy, please do not use the Sites or submit any personal information to us.

This Privacy Policy was last updated on 1 October 2020.

1. Meaning of terms used in this Privacy Policy

In this Privacy Policy:

  • personal information means any information or an opinion about you (including information or an opinion forming part of a database), by which you may be identified directly or indirectly, whether on its own or in combination with other information, whether true or not, and which is submitted to and/or collected by us in an accessible form. 
  • sensitive information means personal information about things such as your membership of professional associations, race, ethnic origin, political affiliation, religion, sexual orientation, biometric information and health information.

2. Privacy guidelines for our members, students and other individuals

2.1. What kinds of personal information do we collect and hold?

We collect and hold:

(a) your contact details, such as office address, home address, telephone numbers and email address;
(b) your personal details, such as date and place of birth, gender, qualifications, education (including transcripts), the languages you speak and your background;
(c) your practice details, including your employment information and practising history, recommendation and reference letters (including letters of good standing), information about audits performed on your business/practice, information about any disciplinary investigations, decisions or other actions;
(d) information you make available on the Sites;
(e) your membership information, including your membership history (including professional conduct) and activities such as service on boards, committees and councils;
(f) sensitive information, such as any criminal record or medical information to the extent that it is relevant to our functions and responsibilities as a regulatory body; and  records of your communications and other interactions with us.
(g) records of your communications and other interactions with us; and
(h) your biometric information (with your consent, if required), including a video recording or photograph of your face and your biometric keystroke pattern to the extent it is relevant or necessary to our functions and responsibilities as a professional membership body and higher education provider.

2.2. How do we collect your personal information?

We collect personal information about you when it is reasonably necessary for one or more of our activities or functions. This personal information is collected in a number of ways, including:

Through the Sites: We may collect personal information from the Sites, such as when you visit, use or register on our Websites, Apps or Social Media Pages, join (or request to join), post in or otherwise contribute to a CA ANZ Social Media Page, or when you complete a survey;

From you: We may collect personal information from you when you contact, do business or interact with us by phone or email, apply for, enrol in or register for a program or activity, or enter into a competition;

From third parties: We may receive your personal information from other sources, such as public databases, acquired contact lists, professional bodies (for example under reciprocal arrangements), your employer (for example when your employer registers you in an activity or course), regulators, government and statutory bodies and our service providers.

2.3. What would happen if we did not collect your personal information?

The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal information we reasonably require, we may not be able to contact you or otherwise interact with you, process your application, registration, subscription renewal or request, perform our statutory functions, or provide you with some or all of our products and services.

2.4. How we use your personal information

We will not collect or use your personal information unless it is lawful for us to do so. We collect and use personal information for the following purposes:

(a) processing and assessing student, membership, specialisation and other applications, enrolments and renewals;
(b) fulfilling orders or requests for information, products or services (with your consent, if required);
(c) fulfilling our role as a professional body, including maintaining candidate, membership and related records, providing information on candidate and member services, products and benefits, and conducting research and public advocacy relevant to members; 
(d) sending subscription renewals, voting papers and other information relevant to our functions, responsibilities and obligations under our Charter, by-laws, applicable laws, codes, policies, practices and guidelines; 
(e) for promotional and marketing purposes, including communicating information about our products and services (with your consent, if required);
(f) communicating to members on matters relevant to the Chartered Accountants Program, membership, accreditation or specialisation and any other programs, opportunities or transactions with us;
(g) monitoring, moderating and improving our Sites;
(h) assessing suitability for employment or the provision of services by independent contractors;
(i) assessing suitability for appointment to a board, committee or council; 
(j) fulfilling our contractual and other regulatory obligations, including dealing with overseas membership bodies (for instance where we may have reciprocity arrangements, or we are required to confirm your status as a member or former member) and external payment providers;
(k) conducting, managing and reporting on quality assurance reviews and audits;
(l) managing complaints and the candidate and member conduct and disciplinary process, including undertaking investigations, implementing disciplinary procedures associated with professional conduct; and providing information to Australian and overseas regulators, government and statutory bodies (such as the Australian Securities and Investments Commission);
(m) conducting competitions;
(n) providing and managing scholarships and other charitable assistance, including providing information to our foundation and benevolent funds;
(o) organising and hosting training and events (including with third parties); 
(p) providing products and services, or information relating to such products and services (with your consent, if required);
(q) assessing or improving our products and services, as well as for training and quality purposes, including building profiles, monitoring, recording and analysing online interactions and communications between you and us; and
(r) providing information to third parties as authorised or required by law or a court or tribunal.
(s) The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal information we reasonably require, we may not be able to contact you or otherwise interact with you, process your application, registration, subscription renewal or request, perform our statutory functions, or provide you with some or all of our products and services.


We have a legitimate interest in using your information in these ways. It is also fundamental to the nature of the service we provide.

In some cases it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party's statutory or public function or because the law permits or requires us to.

In addition to the specific circumstances above, we will only use your personal information with your consent (if required under applicable data protection laws) when we process your personal information in order to send you carefully selected marketing materials about our products and services (or those of our third party partners) by email, text or push notification, depending on your account or communications  preferences. You have the right to opt out of receiving such direct marketing at any time.

If at any time you wish to stop receiving direct marketing messages from us, the easiest way to do so (for electronic messages) is to use the unsubscribe feature in the marketing message you have received. You can also let us know by contacting us using the contact details set out in the "How to contact us" section. In your request, please indicate that you wish to stop receiving marketing communications from us. If you are a member, you can also update your communication preferences via the preference centre of your login page.

We will also rely on your consent where we use cookies other than those cookies that are necessary to provide our service for the purposes set out in our cookie policy below.

Our Sites may contain hyperlinks to websites operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites handle any personal information you provide. In some cases, we may use a third party service provider to process payments made through the Sites. In these cases, your personal information may be collected by this third party and not by us and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We have no control over, and are not responsible for, this third party’s use or disclosure of your personal information.

2.5 Use and disclosure of personal information

We do not use your personal information or disclose it to another organisation unless:

(a) it is reasonably necessary for one of the purposes described above;
(b) having regard to the nature of the information or the circumstances of collection we believe you would expect us to use the information or make the disclosure;
(c) required or authorised by law or court or tribunal;
(d) it is necessary to protect the rights, property, health or personal safety of a member, the public or our interests, and it is unreasonable or impracticable to obtain your consent;
(e) the disclosure is necessary to assist any entity, body or person to locate a person who has been reported missing;
(f) we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and we believe that the collection, use or disclosure is necessary in order for us to take appropriate action;
(g) the assets and operations of our business are transferred to another party as a going concern;
(h) it is necessary to obtain third party services, for example to carry out data analysis or provide information processing services (where use of your information by third parties is strictly controlled);
(i) it is for one of the purposes expressly permitted under applicable data protection and privacy laws; or
(j) you have provided your consent.

For avoidance of doubt, we may disclose your personal information to:

(k) any of our related and associated companies, affiliates and subsidiaries, including those established in the future;
(l) any data processors processing your information on our behalf;
(m) where applicable, third parties who provide related services or products in connection with our business such as our vendors, business partners, and any party assisting us in carrying out the purposes described above;
(n parties which participate in joint marketing schemes with us;
(o) any agent, contractor or service provider who provides administrative, order processing, payment clearing, credit reference, debt collecting or other services necessary to the operation of our business;
(p) any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any applicable law;
(q) government agencies, statutory authorities and industry regulators;
(r) our auditors, consultants, accountants, lawyers or other financial or professional advisers; and / or
(s) our sub-contractors or third party service or product providers as may be determined to be necessary or appropriate.

To suppress or limit our use of your personal information that has been previously provided to us, please email, call or write to us using the contact information listed below in the "How to contact us" section.

We will not sell your personal information to third parties.

Overseas disclosures

If you are a member and practise in a country outside of Australia or New Zealand (or apply to do so) we may send your personal information overseas in response to an inquiry from the relevant authority in that foreign country. We may also use the services of certain third party service providers which may have offices or other operations outside of Australia or New Zealand. As a result, your personal information may be disclosed to recipients in those foreign countries.

The recipients of such information may be located in New Zealand, Australia, Japan, the United Kingdom, Ireland, United States of America, Hong Kong, China, Singapore, Canada, South Africa, India, Indonesia, Malaysia, The Netherlands, Panama and Jamaica.

All service providers that have access to personal information held by us are required to keep the information confidential and not to make use of it for any purpose other than to provide services in accordance with their engagement. We will take all steps that are reasonably necessary to ensure your personal information is treated securely and in accordance with this Privacy Policy as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.

2.6 Access and correction of personal information

Individuals may request access to their personal information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate. Any requests for access or correction of your personal information should be made in writing via the contact us form on our website. 

We will in most cases provide an individual with access to their personal information.  To the extent permitted by law, there are some exceptions where this access may be denied, namely where:

(a) providing access may have an unreasonable impact on the privacy of other individuals;
(b) providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted in relation to local law by, or on behalf of, us or an enforcement body;
(c) providing access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
(d) we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
(e) giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process;
(f) we reasonably believe that giving access would pose a serious threat to the life, physical or mental health or safety of any individual, or to public health or public safety;
(g) the request for access is frivolous or vexatious; or
(h) where we are otherwise permitted by applicable data protection and privacy laws to do so.

To request access and seek the correction of personal information held by us, please email, call or write to us using the contact information listed below in the "How to contact us" section.

We will endeavour to respond to any access or correction request within 20 working days of receipt.

3. Residents in the European Union and United Kingdom

If you are a resident in the EU and United Kingdom, you have the following rights in relation to your personal information (where applicable):

(a) Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
(b) Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
(c) Deletion. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
(d) Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
(e) Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
(f) Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
(g) Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

To make a request to exercise any of these rights in relation to your personal information, please email, call or write to us using the contact information listed below in the "How to contact us" section.

4. How long do we keep your personal information?

We will only retain your personal information for as long as is necessary for the purpose for which that personal information was collected and to the extent permitted by applicable laws. When we no longer need to use personal information, we will remove it from our systems and records and/or take steps to anonymise it so you can no longer be identified from it.

5. Security of Personal Information

We use reasonable organisational, technical and administrative measures and security safeguards to protect, as is reasonable in the circumstances, the personal information we hold from misuse, loss, interference and/or unauthorised access, use, disclosure or alteration of information under our control. Where practicable, we implement measures to require organisations to whom disclosure is made to comply with applicable data protection and privacy laws. If a third party is given access to personal information we take reasonable steps to ensure that the information is held securely and used only for the purpose of providing the relevant service or activity.

Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem using the contact information listed below in the "How to contact us" section.

6. Other information

6.1. What other information do we collect?

The Sites collect other information that may or may not be personal information.  Other information includes information that does not reveal your identity, such as:

(a) browser and device information;
(b) server log file information;
(c) App usage data;
(d) demographic information;
(e) location information;
(f) aggregated information.

6.2 How do we collect other information?

Through your use of an App: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.

Using cookies: Cookies allow a web server to transfer data to a computer or device for recordkeeping and other purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. For detailed information about the cookies we use and the purposes for which we use them, please see our cookies policy below.

6.3 How do we use other information?

Please note that we may use and disclose such other information which is not personal information for any purpose, except where we are required to do otherwise under applicable law; for example, if we are required to treat that information as personal information under applicable law.

In some instances, we may combine other information with personal information.  If other information can be combined with personal information or can be used to build a profile of an individual (in a way which could be reasonably used to identify that individual), such other information will be treated by us as personal information.

7. Privacy concerns

If you would like any further information about our handling of personal information or to make a complaint about our handling of your personal information, please lodge a written complaint addressed to our Privacy Officer using the contact details below. Once we receive your complaint, we will respond to you within a reasonable period of time, usually within 20 working days.

If you are unsatisfied with the outcome of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the local data protection authority.

8. Variations to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time by publishing an updated version of this Privacy Policy on our Website and taking any further action as required by law, after which, your continued use of the Website or your provision of any further personal information will indicate your acknowledgement to the modified terms of this Privacy Policy.

If there are any conflicts between the English and foreign language translation versions of this Privacy Policy, the English version will prevail.

9. How to contact us

Privacy Officer
Chartered Accountants Australia and New Zealand
33 Erskine Street
Sydney NSW 2000
P: 1300 137 322
E: [email protected]

10. Cookies Policy

10.1 What is a cookie?

A cookie is a small text file that is placed on your device (such as your computer, smartphone or other internet-enabled device) when you visit a site or page to collect data about the usage of our Websites at a later date. The cookie will help the website, or another website, to recognise your device the next time you visit the site. Most web browsers are set by default to accept cookies.

In addition to cookies, we also use web beacons and other storage technologies to collect information from our Websites. Like cookies, web beacons and similar storage technologies collect data about the usage of our Websites and can recognise your device the next time you visit.

10.2 Why we use cookies

We use cookies to personalise your browsing experience (for example, by remembering your preferences and recognising you as a repeat visitor to our Websites), and to track statistics about the usage of our Websites. This allows us to better understand our users (including its valued members) and improve the layout and functionality of our Websites. This tracking is generally conducted in such a way as to ensure the anonymity of visitors to our Websites. While the cookie may identify your computer, it should not identify you unless you are registered with the Website (for example, because you are a member) or logged in using your social media profile. In that case, the cookie will be linked to your profile so that we can identify you and provide more relevant content.

10.3 The types of cookies we use

Specifically, we use the following cookies:

  • Strictly necessary cookies that are required for the operation of our Websites, such as cookies that enable you to log into secure areas of our Websites (for example, members only areas) or to comply with the law (for example, to keep your information safe). If a user opts to disable these cookies, the user may find that certain sections of our Websites do not work properly for them (for example, the user may not be able to access all of the content that membership entitles them to access).
  • Performance cookies which recognise and count the number of users to our Websites and help us see how users move around our Websites. These cookies do not collect information that identifies a visitor. We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.
  • Functionality cookieswhich are used to recognise you when you return to our Websites and assist us to personalise your content and Website experience by remembering your preferences. These cookies are also used to provide services you have asked for. Information collected by functionality cookies may or may not be anonymised, but they cannot track your browsing activity on other websites.
  • Targeting cookieswhich are used to record your visit to our Websites, the pages you have visited and the links you have followed. These cookies are used to advertise relevant products to you on other websites, based on the products and categories you looked at on

10.4 Third party cookies and technologies

Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.

To try and bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Adobe Analytics, Facebook, LinkedIn and other providers (Third Party Providers) that allow them to place cookies on our Websites.

These Third Party Providers may:

  • use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
  • compare de-identified information from us with information collected elsewhere on the internet; and
  • use that information to provide measurement services and target ads to you.

10.5 How long cookies will be stored on your device

Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user’s device for the period of time specified in the cookie.

10.6 How you can manage your cookies

If you do not wish to receive any cookies (other than those which are strictly necessary) you may set your browser (such as Firefox, Google Chrome, Internet Explorer or Safari) to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on our Websites you visit will be available to you. 

Some of the websites that let you control what information is collected about you are:

Read our privacy policy in Bahasa Malaysia

Dasar Privasi Global

Read our privacy policy in Bahasa Malaysia

Read More