The Institute of Actuaries of Australia ACN 000 423 656 (Institute) values your privacy and is committed to safeguarding the personal information that we hold.
How we collect and hold personal information
What personal information we collect and why
Education, CPD courses, the Capability Assessment Tool and the CPD log
Events and publications
‘Find a Member’ service
Disclosure to third parties
Disclosure to third parties in Australia
Disclosure to third parties internationally
Security of personal information
Access to, and correction of, personal information
Contacting the Institute about privacy issues
Query or request regarding access to, or correction of, personal information
Complaints or other queries
How we deal with privacy-related complaints
By accessing our Website, using our services or becoming a Member, you consent to the processing for your personal information in accordance with this policy and as permitted by Privacy Laws.
1. HOW WE COLLECT AND HOLD PERSONAL INFORMATION
The Institute is the professional body representing actuaries in Australia and provides a range of services for its Members, including but not limited to education courses, seminars, conferences, publications and industry information that is distributed via mailings, the Institute website and various other means.
When contacting us you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way or we are required or authorised under Australian law (or a court or tribunal order) to only deal with individuals who have identified themselves.
- membership application forms and annual subscription renewal forms;
- registration forms for attendance at events;
- enrolment forms for qualifying and continuing education;
- ·order forms for publications;
- membership profile updates;
- data surveys issued by the Institute to its Members;
- applications for employment at the Institute; and
- correspondence with you, such as telephone enquiries or emails which may be retained on our systems in accordance with applicable email retention policies and procedures.
We may also collect personal information from third parties or publicly available sources of information. All personal information that we collect is reasonably necessary for the purposes relating to providing our services to you. If someone other than you provides us with personal information about you that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you, as soon as practicable. If we could not have collected this personal information, we will lawfully de identify or destroy that personal information
- 1.2.Sensitive information
We may collect sensitive information (such as information that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, details of health, disability, sexual orientation, or criminal record) where:
- reasonably necessary for or directly related to our services - if so, – we will only collect such information with your consent;
- required by law; or
- ·necessary for the establishment, exercise or defence of a legal claim.
2. WHAT PERSONAL INFORMATION WE COLLECT AND WHY
The Institute uses personal information collected by it in order to provide and improve its services, to manage its relationship with you, fulfil its objectives under its Constitution and for purposes which you would reasonably expect us to use that information, including sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. The following provides more detailed information concerning the main types of personal information we collect and why we collect it. Depending on the circumstances, the type of personal information we collect may include the following:
- Date of Birth
- Post Nominals
- Membership ID
- Language Spoken
- Behavioural traits
- Home Address
- Business Address
- Phone Number
- Practice Area
- Level of Interest
- Academic Transcripts
- Past Exam Papers
- Education details
- Actuarial Society memberships
- Qualifying Institute
- Working Status
- Dietary Requirement
If you apply to become a Member of the Institute, it is a requirement that you provide us with personal information about you, including your name, date of birth, residential address and actuarial and other qualifications in detail. If you do not provide that information, we may not accept your application for membership.
Individuals seeking Accredited Membership of the Institute are also required to provide details of their membership with the relevant overseas actuarial body. Personal information may be shared with such relevant overseas actuarial bodies in order to process your application. If you do not provide that information, we may not accept your application for Accredited Membership.
We will also collect personal information about you as part of renewal of your membership. From time to time, we may also collect further information about you, such as your email address, telephone number and other business details.
- 1.2.Education, CPD courses, the Capability Assessment Tool and the CPD log
For the purposes of assessing educational standards, exemptions, examination results and professional designations, the Institute will need to collect personal information about you from universities where you have undertaken appropriate studies or from other actuarial or professional bodies of which you are or have been a member. Unless you tell us otherwise, the Institute will use the personal information obtained from third parties for these educational purposes.
We may also collect personal information about you when you enrol for a CPD course run by the Institute, in order to allow us to process your enrolment. Information you enter into the CPD log facility provided in the Institute’s password-protected ‘Members only’ area is stored electronically, but only accessible by you using your user identifier and password.
The Institute’s online Capability Assessment Tool captures certain information about those Members using the Tool. This information is collected in an anonymous and de-identified fashion to assist the Institute in designing and developing its CPD program.
- 1.3.Events and publications
If you register for an Institute event, either online or otherwise, the Institute will collect personal information about you that you provide as part of that registration. Unless you advise us otherwise, this information may be shared with event sponsors or partners so that they may contact you directly.
Similarly, if you order a publication or periodical (either online or otherwise), the Institute will collect personal information about you that you provide as part of that order.
If you choose to pay by credit card for any purposes associated with each of the above, the Institute will collect your credit card information. However, such information is used only for the purposes of processing your payment. If you provide us with credit card information online, the information is stored in encrypted form. If you provide us with credit card information by either telephone or on a printed form, the information is destroyed after the transaction has been processed.
If you volunteer in certain areas of the Institute’s education program – such as examination marking – you will be asked to provide personal banking details so that we can process payments to you for such services provided by you to the Institute.
- 1.5.‘Find a Member’ service
Unless you advise us otherwise, personal information about you will be made available on the Institute’s ‘Find a Member’ service on its website. This service is only available to other Members of the Institute via the password-protected Members’ section of the website so that they may contact you directly.
3. DISCLOSURE TO THIRD PARTIES
The Institute will not disclose, sell, rent or trade personal information about you to or with third parties, except as set out in this policy or permitted by Privacy Laws.
In order to deliver our services, the Institute may use the services of third parties, such as mailing house to post information to Members and customers, and technology partners who provide technical support for our computing network, website, apps and database. We may disclose your personal information to these third parties for this purpose. If the Institute provides your personal information to a third party, we take reasonable steps to ensure the third party is compliant with the Privacy Laws (as applicable).
We may also share personal information with:
- relevant overseas actuarial-related bodies in order to process an application for Accredited Membership;
- similar bodies in respect of an application related to the Chartered Enterprise Risk Actuary (CERA) designation (for example, applications by CERA holders to transfer their designation to another Award Signatory);
- international actuarial organisations that the Institute is associated with, such as the International Actuarial Association (IAA), which members may subscribe to through the Institute (Fellows of the Institute automatically become members of the IAA); and
- your employer, for verification purposes or where your employer holds a bulk subscription.
The transfer of personal information to these organisations is required for administrative purposes. Unless you tell us otherwise, we will forward those details to these organisations as part of your membership application and annual subscription to these bodies. The most common countries in which such recipients are located are: United Kingdom, United States of America, Canada and New Zealand.
The Institute also supplies personal information regarding members located overseas to the relevant Institute representative located in that country. However, prior to disclosing, we ask affected members to advise us if they do not wish their personal information to be provided to the relevant representative.
In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.
4. OVERSEAS DISCLOSURE
We may transfer to people in foreign countries any of your personal information to fulfil the purposes set out in this policy. For example, to international actuarial associations or to service providers who are located overseas (including the United States and India), such as technical and CRM service providers. Reasonable steps are taken to ensure these overseas recipients are subject to and comply with Privacy Laws. You acknowledge that overseas recipients may not be accountable under the Privacy Act and consent to the transfer of your information on this basis.
5. SECURITY AND STORAGE OF PERSONAL INFORMATION
The security of your personal information is important to us and we take reasonable steps to keep it secure and protect it from misuse, loss and unauthorised access, modification or disclosure.
The Institute protects the personal information it collects in a number of ways:
- the information is held in a database, in proprietary data format, which can only be read using proprietary tools. The Institute database is interfaced with the password-protected Members’ section of the Institute website. However, the database only accesses information selected according to the instructions you provide;
- the Institute’s website has electronic security systems in place, including the use of firewalls and encryption. In addition, user identifiers and passwords are used on our website to control access to your personal information;
- access control and surveillance for our premises;
- Institute employees are trained and required, as a condition of their employment, to treat personal information held by the Institute as confidential, and to maintain the confidentiality of that personal information; and
- providing a discreet environment for confidential discussions.
Unfortunately, security cannot be guaranteed. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Law requirements.
If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document and information retention policy.
Unless you tell us otherwise, the Institute will use the personal information about you to contact you and to provide information that we consider may be relevant and/or of interest to you or which you have elected to receive. You authorise us to use any email address or other contact information you provide to us at any time for this purpose.
You can, at any time, opt out of receiving marketing material by contacting us. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of you request to be removed.
7. ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
Subject to certain exceptions, you have a right to access personal information that the Institute holds about you and to request correction of information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
You can check the information that the Institute holds about you at any time by simply logging onto the Members’ section of Website and updating the information accordingly. The Institute cannot guarantee the security of personal information sent through the internet.
Alternatively, you can contact our Privacy Officer in writing and make a request to access or correct the personal information we hold about you. We will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the Privacy Laws. In the interests of protecting the privacy of individuals about whom we hold personal information, we will require that you verify your identity by citing personal information we hold about you.
We may charge a reasonable fee for providing access to that information, in which case we will advise you of the relevant charges before we provide you with access or correct your information.
When you visit our websites (Site), the server may attach a "cookie" to your computer's memory. A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest. This information may be used to provide users of your computer with information and advertising that we think may interest the users of your computer. However, this information is not linked to any personal information you may provide and cannot be used to identify you. If you choose, you should be able to configure your computer so that it disables “cookies” or does not accept them.
There are some links from the Institute website to third party websites, for your convenience and information. If you choose to access a non-Institute website through such a link, the Institute is not responsible for the contents or operation of that site, including its privacy practices. We are not responsible for the content or practices of these sites, and suggest you review the terms and conditions and privacy policies of each site you visit.
- 9.1.Right to erasure
You can, at any time, request that we delete all personal information which relates to you. We will comply with any such request unless we are required to keep that information for the public interest, the exercise of official authority, archiving, research or statistical purposes (which would otherwise be rendered seriously impaired) or the establishment, exercise or defence of legal claims.
- 9.2.Right to restriction on data processing
In certain circumstances, you may also request a restriction on the processing of your personal data. You can make such a request in the following situations:
- where you believe that the information held is inaccurate;
- where the processing is unlawful;
- where we are storing the information for legal claims, however do not require it for processing purposes; or
- you have legitimate grounds to object to data processing.
- If you make such a request, we will not process any of your personal information without your consent, unless it is for the purposes of storage, legal claims, protecting the rights of another person or it is in the public interest of either the EU or the respective Member State.
- 9.3.Right to data portability
In certain circumstances, you may request that we provide you with all personal information that relates to you. If this is the case, we will provide you with that information in a structured, commonly used and machine-readable format. Upon request from you, and subject to certain circumstances, we will also transmit that information to another controller.
- 9.4.Right to object
You have the right to request that your personal information is not processed by us in various circumstances. These circumstances include the pursuit of business interests, direct marketing and profiling. Unless we have legitimate grounds to object to your request, we will stop processing data for the purposes requested.
- 9.5.Withdrawal of consent
If at any time you wish to withdraw your consent to us processing your personal information, please send your request to our Privacy Officer, whose details can be found below.
- 9.6.Data breach notification
In the unlikely event that the Institute experiences a personal data breach that is likely to result in a high risk to individuals in the EU, we will notify those affected individuals without undue delay.
If you believe that we have breached the GDPR in regard to how we have handled your personal information, you have a right to contact, and make a complaint, to the Data Protection Authority for your EU Member State.
- 9.8.Legitimate basis for processing your information
- the performance of, or entering into, a contract with you;
- compliance with our legal obligations;
- protecting the vital interests of an individual;
- performing a task in the public interest; or
- the purposes of legitimate interests pursued by us or a third party.
10. CONTACTING THE INSTITUTE ABOUT PRIVACY ISSUES
10.1.Query or request regarding access to, or correction of, personal information
If you have a query about how to access or request correction of your personal information, or you wish to make a request for access/correction, please use the contact details below:
Level 2, 50 Carrington Street
Sydney NSW 2000
Phone: +61 (0) 2 9239 6100
Fax: +61 (0) 2 9239 6170
- 10.2.Complaints or other queries
Level 2, 50 Carrington Street
Sydney NSW 2000
Phone: +61 (0) 2 9239 6100
Fax: +61 (0) 2 9239 6170
If you are not satisfied with the response you receive, you may make a further complaint to the Office of the Australian Information Commissioner.
For further information about privacy issues and the protection of privacy, visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
Last updated: October 2018