This policy is based on the detailed advice and guidance on the application of the Privacy Act 1988 for agencies and organisations provided by the Office of the Australian Information Commissioner (OAIC); and includes Legally binding guidelines and rules page, the Advisory guidelines page and the APP guidelines page.
The purpose of this policy is to establish procedures and guidelines for:
- The collection, use and disclosure of personal information by ICMA (Australia).
- Access by individuals to personal information about themselves held by ICMA (Australia)
- Requests by third-parties to personal information about individuals held by ICMA (Australia)
- Safe storage and quality of information.
ICMA (Australia) will comply with its obligations in respect of personal information under the Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act).
This policy is not intended to be a stand-alone document. It must be read and applied in conjunction with:
- The Information APPs in the Privacy Act 1
- The agreements between ICMA (Australia) and its staff.
- The agreements between ICMA (Australia) and its members, students and applicants for membership and other assessments.
- Procedure for collection, use and disclosure of personal informati
- All relevant law, including the Privacy Act 19
The Privacy Officer for ICMA (Australia) is appointed by the CEO and is the Chief Operating Officer (COO). Responses to requests for information, and investigation of privacy breaches and complaints made in respect of the Privacy Act 1988 may be sub-delegated.
Privacy at ICMA (Australia) will be proactively managed in accordance with the ICMA Privacy Management Framework.
Personal information means any information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably ascertained from the information or opinion. Examples of this include your name, address, birth date, or email address.
- Sensitive information means personal information about things such as your membership of professional associations, race, ethnic origin, political affiliation, religion, sexual orientation, biometric information and health information.
The Institute of Certified Management Accountants (Australia) Inc. (ABN 47 287 180 034), and its subsidiaries (each ICMA, we, us or our), respects your privacy and is committed to protecting your personal information.
We deal with personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. We also comply with the Spam Act 2003 (Cth) which impose restrictions on sending commercial electronic messages.
PRIVACY GUIDELINES FOR OUR MEMBERS, STUDENTS AND OTHER PARTIES
- What kinds of personal information does ICMA collect and hold?
The personal information that we may collect and hold about you includes your name, business and personal postal and street addresses, e-mail addresses, telephone numbers and any other contact information, place and date of birth, gender, qualifications, education (including transcripts), employment details, practice details, recommendation and reference letters (including letters of good standing), the languages you speak, social media information, information you make available via social media websites or post in a ICMA Facebook Group, information relating to the complaints, enquiries and/or referrals you have made to us and any complaints, enquiries and/or referrals made about you, records of some of your communications and other interactions with us (including where we record the phone calls you make to us), the information collected during any disciplinary investigations or other action, payment information (including history and any subscriptions) and your membership information generally, including your membership history and activities and details of service on boards, committees and councils.
We may also collect sensitive information (which is a form of personal information) from you and/or third parties whether in Australia or elsewhere with your consent which includes health information about you (including dietary requirements and religious beliefs where those beliefs are relevant to your dietary requirements), information about whether you are a member of a professional or trade association, your criminal record, religious beliefs or affiliation, philosophical beliefs, racial or ethnic origin, political opinions and other sensitive information (to the extent it is reasonably necessary for one or more of our functions or activities).
- How do we collect your personal information?
We collect personal information about you when it is reasonably necessary for one or more our activities or functions. This personal information is collected in a number of ways, including:
- When you enrol or register (including online) for a course, program or event (offered by or on behalf of ICMA), when you visit, use or register on our websites or social media accounts, join (or request to join), post in or otherwise contribute to a ICMA Facebook Group or ICMA social media page, apply for, enquire about or request services or products, when you complete a survey, apply to become a member or specialist; enter into a competition, apply for a scholarship, when you call us (including where such phone calls are recorded by us) or otherwise contact, do business or interact with us;
- From enrolment, registration, subscription or application forms, phone calls, faxes, e-mails, SMS, social media, letters and other documents provided to us (including from members, students, employers, professional bodies, regulators, government and statutory bodies, members of the public and other parties in Australia, New Zealand, or elsewhere) and in person;
- From third parties (for example letters of recommendation or good standing, complaints and other information relevant to membership of ICMA), including from external providers, professional bodies (for example under reciprocal arrangements), regulators and government and statutory bodies and through acquired contact lists, with your consent (unless it would be unreasonable or impracticable to obtain your consent);
- When you apply for work or to otherwise perform services at or for ICMA; and
- Through acquired contact lists.
- What would happen if we did not collect your personal information?
Without your personal information, we may not be able to contact you or otherwise interact with you, process your application, registration or request, perform our legal and other functions, obligations and responsibilities, administer our complaints service, the candidate and member conduct and disciplinary process, mediation service, president nomination service or any other functions, or provide you with some or all of our services and products.
In certain situations, ICMA will give you the option to deal with us by not identifying yourself or by using a pseudonym. For example, when you contact us to make a general inquiry, or where our online functionality, form or other dealings otherwise provides this option. However, generally it is not practicable for ICMA to deal with you anonymously or pseudonymously on an ongoing basis.
- Use of personal information
We generally collect, hold, use and disclose personal information for:
- Processing and assessing student, membership, specialisation and other applications, enrolments, requests and renewals, updating personal and business details and profiles, fulfilling an order or request for information, product or service (including confirming and/or processing payments for the same);
- Fulfilling our role as a professional body by maintaining candidate, membership and related records, providing information on candidate and member services, products and benefits, conducting research and public advocacy relevant to members;
- Sending out subscription renewals, voting papers and other information relevant to the functions, responsibilities and obligations of ICMA, including under our Constitution, By-laws, Regulations, codes, policies, practices or guidelines;
- For promotional and marketing purposes, including sending you information about ICMA’s services, products, training and events;
- Communicating on any matters relevant to the Certified Management Accountants Education Program, membership of ICMA, accreditation or specialisation with ICMA and any other programs, opportunities or transactions with us;
- Monitoring, moderating and improving ICMA Facebook Groups or ICMA social media pages;
- Assessing suitability for employment or the provision of services by independent contractors;
- Assessing suitability for appointment to a committee or council of ICMA;
- Dealing with other bodies and fulfilling our contractual and other obligations, including with overseas bodies (for instance where we may have reciprocity arrangements, relating to or confirming your status and standing with ICMA, including your status as a member or former member) and external payment providers;
- Creating de-identified data sets (which no longer contain personal information) which may be used and analysed by ICMA and/or shared with trusted third parties;
- Conducting, managing and reporting on quality assurance reviews and audits;
- Managing complaints and the candidate and member conduct and disciplinary process and functions of ICMA, including undertaking investigations and implementing disciplinary procedures associated with professional conduct and responsibility and providing information to Australian and overseas regulators and government and statutory bodies (such as the Australian Securities and Investments Commission);
- Conducting competitions;
- Providing and managing scholarships and other charitable assistance, including providing information to our foundation and benevolent funds;
- Organising and hosting training and events (including with third parties);
- Providing products and services, including training and events, or information relating to such products and services;
- Assessing and improving our services to customers, as well as for training and quality purposes, including where we monitor, record and analyse phone calls and other communications between you and us;
- A purpose directly related to any of the purposes identified above; and
- Providing information to third parties as authorised or required by law (including a Privacy Act) or a court/tribunal order.
- Disclosure of personal information
- Confirm enrolment, membership, prior membership, accreditation or specialisation to the public (including professional and government and statutory bodies) by disclosing personal information to members of the public;
- Disclose personal information to third parties that include employers of students and members, local and international professional bodies, external payment providers, law enforcement bodies, government and statutory bodies and regulators, including the Australian Securities and Investment Commission;
- Disclose your personal information to another entity within the ICMA corporate group, in order to facilitate the provision of products and services to you (for example, disclosing your contact information to a ICMA overseas Regional Office if you are going overseas), in order to manage, coordinate and facilitate our global operations or because that ICMA corporate group member is responsible for the provision of backend services to ICMA (for example technical or marketing services);
- Disclose details of membership in relation to the liability capping scheme, including confirming possession of a certificate of public practice, or whether an entity is a practice entity member, where required to support the administration of the scheme;
- Disclose personal information to ICMA committees, sub-committees, panels, local leadership teams, special interest groups, discussion groups, working groups, tribunals and councils, which may or may not be comprised of members of ICMA;
- Disclose a member's practice and/or business details, including address, email, telephone and other practice/business information if provided (unless specifically advised not to) to the public;
- Disclose personal information about students to tertiary and academic institutions which those students attend or have attended and to the student's employer or mentor;
- Disclose student personal information to fellow students in order to facilitate team learning activities for the purposes of a ICMA program or educational course;
- Disclose student personal information to members of ICMA appointed to the roles of mentors, facilitators, leaders and assessors in delivery of a ICMA program or educational course;
- Disclose personal information to vendors, suppliers, business partners and other third parties associated with ICMA in order to carry out the operation of our business such as:
- enabling a particular product or service to be fulfilled including for the purpose of processing payments;
- conducting marketing and business analysis, such as third-party providers undertaking surveys on our behalf; and
- investigating or determining and/or for the purposes of ICMA’s disciplinary proceedings a complaint or organising mediation of a dispute;
- Disclose the details of a mediation and/or dispute being facilitated by or on behalf of ICMA, including all information related to the mediation or dispute, to each of the parties involved, the mediator and any other relevant parties;
- Disclose the personal information of employment and contractor applicants to recruiters and recruiting personnel for the purpose of assessing suitability for employment or contract work;
- Disclose or publish a list of our candidates, members and practice entities (to which we have issued a certificate of public practice), including limited personal information such as name, member status and contact information, as well as areas of specialisation, accreditation and other relevant qualifications where these have been provided to us for the purposes of disclosure or publication;
- Disclose personal information to third parties in order to mitigate a serious data breach; and
- Disclose personal information to government and statutory bodies and authorities where required or authorised by Australian law (including a Privacy Act) or a court/tribunal order.
We may from time-to-time disclose your Personal Information to an entity located in another country where we are permitted to do so under a Privacy Act. Unless we reasonably believe the overseas recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles, we will take reasonable steps where practicable in the circumstances to ensure that the overseas recipient does not breach the relevant Australian Privacy Principles in relation to your Personal Information. However, this may not always be achievable and, by acquiring our products or services or providing us with your Personal Information, you expressly consent to the collection, processing, use, disclosure, transfer and storage of your Personal Information outside of Australia where we are not able to ensure the recipient’s compliance with the Australian Privacy Principles. We are required to inform you in relation to this consent that if an overseas recipient handles your Personal Information in breach of the Australian Privacy Principles, the entity will not be accountable under a Privacy Act and you will not be able to seek redress under a Privacy Act. If you do not wish to provide this consent, you should not acquire the relevant products and services from us.
- Access and correction of personal information
Individuals may request access to their personal information and request its correction by writing to ICMA’s Privacy Officer (details below).
We will in most cases provide an individual access to their personal information. There are some exceptions where this access may be denied, namely where:
- Providing access may have an unreasonable impact on the privacy of other individuals;
- Providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, ICMA or an enforcement body;
- Providing access would reveal the intentions of ICMA in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in; and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- Giving access would reveal evaluative information generated within ICMA in connection with a commercially sensitive decision-making process;
- We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- The request for access is frivolous or vexatious; or
- Where we are otherwise permitted by a Privacy Act to do so.
To request access and seek the correction of, personal information held by ICMA please contact:
The Institute of Certified Management Accountants
5/20 Duerdin Street
Clayton, Vic 3168, AUSTRALIA
E: Privacy Officer
- Security of Personal Information
ICMA holds the personal information it collects on electronic databases and in hard copy records. We take reasonable steps to protect the security of personal information against the loss, misuse, interference and/or unauthorised access, disclosure or alteration of information under our control. These security measures include:
- Firewalls - to prevent the hacking of our database;
- Clauses in employee agreements requiring confidentiality and training on the importance of the privacy legislation;
- Appropriate security access to ICMA premises, staff and systems;
- The use of passwords for access to database information and the use of security levels within the database to ensure that staff only access the information required to perform their duties; and
- Security bins for the disposal of written information.
Where appropriate, we use secure transmission facilities. However, no transmission of information over the Internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the Internet.
- Privacy Concerns
If you would like any further information about our handling of personal information or to make a complaint about something you believe breaches a Privacy Act, please email or lodge a written complaint addressed to our Privacy Officer using the contact details above. Once we receive your complaint, we will respond to your complaint within a reasonable period of time, usually within 20 working days.
If you are unsatisfied with the handling of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the Office of the Australian Information Commissioner (OAIC) (AUS) for a review of your complaint.
All staff, members, regional directors, students, applicants and users and visitors to the ICMA websites.
Privacy Act 1988
Freedom of Information Act 1982
Procedures for collection, use and disclosure of personal information about identifiable individuals, and access to and correction of personal information and the use of unique identifiers, must comply with Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988 (Privacy Act). ICMA (Australia) must appoint a ‘Privacy Officer’ with responsibilities for compliance with these principles, and to deal with requests for access.
The ICMA would have a secondary contractual obligation under the Freedom of Information Act 1982 if ICMA signs a contractual obligation with a government agency which required certain record keeping as a Skilled Migration Assessing Authority. All requests made under the Freedom of Information Act 1982 are deemed to be a request made pursuant to with Australian Privacy Principle 6 of the Privacy Act 1988.