CPA Australia Privacy Policy

Information collected when you actively engage with CPA Australia may include the following categories:

• contact details and proof of identity information (including your image and digital signature)
• personal communications preferences
• employment details and history
• education and qualifications including academic results
• testimonials and feedback, and
• other information as determined by your interaction with Us.

We may also collect sensitive information² such as membership of professional association, criminal record, health or medical information or cultural or ethnic origin such as Aboriginal or Torres Strait Islander where relevant. Sensitive information will only be collected and processed by Us with your explicit consent or as otherwise permitted by law.

You are free to choose whether to provide your personal information to Us. However, if you do not, it may mean that We are not able to provide you with requested products or services.

We will provide you with the opportunity to remain anonymous or use a pseudonym when you interact with Us, provided it is lawful and practicable to do so. However, at times this may not always be possible, given the nature of Our services and interactions with members, employees and others.

We collect and handle your personal information when you interact with us, including through our website, online services, social media channels or visits to our offices. This may include details of the particular services you access during your visits, your IP address, device details or identifiers, usage and location data, personal data and images collected from video camera surveillance.

We use cookies³ and related technologies to deliver content specific to your interest, for authentication purposes, to monitor interactions users have with Our content and features on our website, remarketing⁴ and to improve security during your online session. We sometimes use cookies to deliver third party partner or sponsor advertising on various websites you may visit. We also use online behavioural analytics as part of optimising email campaigns based on audience behaviour and to measure the effectiveness of online content, resources and sales.

It is possible to disable cookies via your web browser, however, doing so may restrict your ability to access some web pages. For information about how to control or block tracking or to delete cookies, please refer to aboutcookies.org

We mostly collect personal information directly from you. However, in some circumstances your information may be collected indirectly from a third-party. We may also collect information about you that is publicly available including through searches of third-party databases.

Personal information received by Us that we have taken no active steps to collect may be retained as permitted by applicable laws. If the information is not to be retained, We will securely destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

In some countries We are required to inform you of the legal basis permitting Us to collect and handle your personal information, so We have set out the main legal grounds that We rely on. In general, We need your personal information of the types mentioned above because it is necessary for the purposes of entering into or performing a contract with you, such as to facilitate your membership with Us or to provide you with Our services.

Alternatively, it may be necessary for Us to collect and use personal information for the purposes of Our legitimate interests to provide Our services to/otherwise engage with you and to develop Our business, but only in circumstances where these interests are not outweighed by the need to protect your privacy.

If We cannot lawfully handle your personal information on the above or other permitted grounds under applicable data protection laws, We may need to obtain your express consent to be able to do so. This might be the case where We collect information that is inherently sensitive or for direct marketing purposes. For example, where you tell Us about your gender or religion. You may withdraw consent at any time after you have given it. This would not affect the lawfulness of Our prior use of that information. In certain situations, however, withdrawing consent might impact Our ability to provide Our services to, or otherwise engage with you.

We collect and handle your personal information for the following purposes and as outlined in the applicable collection notice:

• to provide you the opportunity to participate in CPA Australia courses, activities and events such as educational opportunities, seminars and conferences, networking events, mentoring opportunities and for Us to support and administer such activities
• to operate governance, disciplinary, grievance and quality assurance processes and arrangements
• for benchmarking, analyses, quality assurance, market research, planning and statutory reporting
• to improve the products and services available to you, to identify your preferences and enable you to personalise your website experience and to tailor Our interactions with you
• to collate and analyse website interactions to deliver a single view of the individual for the purposes of delivering personalised digital experiences
• to monitor the use and availability of Our network and online services to ensure such use is authorised, for system administration, to protect against unauthorised access, and to prevent, detect and manage fraudulent activity
• in the provision of emergency or safety messages and to facilitate appropriate assistance in the event of an emergency
• in the management and security of CPA Australia premises and facilities generally and for the security of staff, members and visitors, and
• in accordance with laws and regulatory compliance.

We may disclose your personal information:

• as outlined in the applicable collection notice
• to contracted service providers which We use to perform services on Our behalf – such as information technology, hosting and data storage, education & exams, conferences & events, mailing houses, logistics, security, research, marketing & communication and external business advisers. When selecting these providers, We take into consideration their data handling processes and require them to take reasonable steps to protect your information from unauthorised access, use and disclosure
• to a purchaser or potential purchaser of Our business (but only where it is necessary to do so and under appropriate confidentiality obligations)
• to Our legal advisers or other professional advisers and consultants (including auditors) engaged by Us
• to law enforcement or government and regulatory bodies to comply with legal obligations such as Department of Home Affairs, Australian Taxation Office, Tax Practitioners Board, ASIC, Financial Ombudsman Service or their international equivalents in the countries in which We operate
• to law enforcement and regulatory bodies as required or permitted by law, and
• without your consent as required under court orders, subpoenas and other legal processes or investigations as required by law.

We will ensure that any third-party service provider that We use commits to an appropriate level of security and confidentiality to protect your personal data.

When you use Our websites, chat rooms, forums, online teaching environments, message boards, news groups or other online services, any information that is disclosed in these areas may become public information and you should exercise your own judgment and caution when deciding to disclose your own or other individuals’ personal information.

Access to your personal data is limited to those who have a legitimate interest in it for the purpose of carrying out their duties and to third parties who perform services on Our behalf.

We take appropriate steps to protect your personal information from accidental or unlawful interference, unauthorised access, misuse, loss, modification or disclosure by implementing physical, administrative and technical safeguards.

We retain your information for as long as it is necessary to fulfil the purpose and associated activities for which it was collected, including complying with Our legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defence of legal claims in the countries in which We operate.

We may need to retain certain personal information after We cease providing you with membership, services or products to enforce Our terms or after you cease employment with Us for fraud prevention, audit or insurance purposes or to identify issues or resolve legal claims and/or for proper record keeping.

We will dispose of personal information in a secure manner. Aggregated usage data may be retained indefinitely for the purpose of monitoring historical performance of Our website and services.

Personal information may be transferred outside of Australia or the country in which you reside for the purposes as outlined in this privacy policy and the applicable collection statement.

We use contracted service providers which may be located outside of your country resulting in your personal information being transferred outside of your country. We may store your information in cloud or other types of networked or electronic storage. As these may be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be accessed or held.

We take all reasonable steps to ensure your information is protected by carefully selecting Our external service providers who may only use the data for the purposes stipulated by Us. We also contractually require Our service providers to treat your information in accordance with this Privacy Policy and relevant privacy legislation.

Subject to applicable laws, by providing your personal information to Us or using Our website or Our products, you consent to transferring of your personal information in accordance with the terms of this policy.

If you are located in a country that is a member of the European Economic Area (EEA) and We or Our service providers transfer any of your personal information outside of the EEA, We will take steps to ensure your personal information will be handled in accordance with the applicable data protection laws and legally recognised data transfer mechanisms. This may include where the country has been deemed adequate by the European Commission, We have assessed the recipient as providing appropriate privacy protections or by adopting approved standard contractual clauses.

Overseas organisations may be required to disclose information We share with them under applicable foreign law.

We would like to send you information about the services and benefits available to you, for example:

• news and information, including Our publications
• member surveys and opportunities to participate in research
• professional development offerings and opportunities, and
• benefits, products and services offered by Us, Our partners and sponsors.

Some of Our communication to members and employees are not classified as direct marketing and will continue so that We can operate effectively and carry out Our functions regarding your membership, employment or purchases.

Our members are members of the company, CPA Australia Ltd. Consequently, We must be in a position to communicate with members about certain core matters such as membership renewals, the Annual General Meeting, continuing education, licences (such as public practice certificates), undertaking quality review and professional conduct.

Where you have consented to receiving direct marketing communications from Us, your consent will remain current until you advise Us otherwise. However, you can, at no cost, opt out or change your communication preferences at any time. Our communications will include an opt out option. If you are a member you can manage your communication preferences by logging into your CPA Australia account.

We may provide your contact details to service providers We engage for use in direct marketing but We do not sell your personal information to third parties.

We use technology to apply a hashing process that permanently anonymises and de-identifies personal information. Once hashed it is no longer personal information and may be shared with platforms (such as Facebook, LinkedIn, Google, etc) to enable the delivery of relevant and targeted communications. These platforms allow users to manage the ads they see on whilst on their platforms. We recommend you review your ad preferences in each platform for more information.
 

Depending on where you are based, and subject to certain exceptions and limitations, you may have various rights relating to the handling of your personal information in certain circumstances. These rights may allow you to ask Us to:

• provide a copy of your personal information (subject to the privacy rights of other people and the information already provided to you in applicable privacy/collection notices)
• correct any inaccuracies in your personal information by informing Us so that We can make the necessary changes
• modify or withdraw your consent for the collection, use and disclosure of your personal information
• delete your personal information where there is no lawful justification for Us to retain it
• put the processing of your information on hold while, or until such time as:
  • We verify any inaccuracies in your personal information that you notify Us of, or
  • We respond to a claim by you that Our legitimate interests in processing your personal information are outweighed by your interests in the information not being processed, and
• transfer your personal information to you or another organisation in a commonly used electronic format (known as the right to data portability).

You also may have the right to object to the processing of your personal information, including in the event that We use it for profiling purposes where We do this:

• for direct marketing purposes, or
• for the purposes of Our legitimate interests or those of a third party.

If you lodge an objection on the first ground, We will simply stop using your personal information for marketing purposes (and any associated profiling). On the second ground, We will stop using the relevant data unless We identify compelling legitimate grounds for the use which override your rights and interests or because We need to use the information in connection with a legal claim.

If you wish to exercise any of these rights please contact Our Privacy Officer who will respond to your request within one month or sooner if required by applicable laws (unless, in the case of complex requests, the laws of the country where you are based allow for an extension of this time). If We refuse a request, We will notify you in writing of the reasons and available avenues of complaint.

When you make such a request you will be required to verify your identity. Always subject to applicable laws, a fee may be charged to cover the reasonable costs of locating and providing the information to you. 

We may provide links to websites operated by third parties. We are not responsible for the privacy practices or the content of such websites which will be governed by their own privacy policies to which you are advised to refer.

Please contact Us if you have questions relating to this policy, Our collection notices or you wish to exercise the individual rights you have under applicable privacy laws. You can contact Our Privacy Officer by:

• email: [email protected]
• telephone: 1300 73 73 73 (within Australia), +61 3 9606 9677 (outside of Australia)
• mail: CPA Australia, Level 20, 28 Freshwater Place, Southbank, Victoria 3006, Australia.

If you would like to make a complaint regarding the handling of your personal information please contact the Privacy Officer. We may request your contact details, how you believe your privacy has been breached and outcome/s sought. We will confirm receipt of your complaint within five business days. We will respond to your complaint within 30 days of receipt of your complaint and confirm in writing, if We believe there has been a breach of this privacy policy or any applicable privacy legislation and what action (if any) We will take to rectify the issue. If the matter is complex and the investigations are likely to take longer, we will inform you of the likely timeframe in which We will respond.

If you are not satisfied with Our response you may refer your complaint to the privacy regulator in your country.

• Australia - Office of the Australian Information Commissioner - telephone 1300 363 992 (Enquiries Line) (from within Australia), 61 2 9284 9749 (from outside Australia), email [email protected]
• Hong Kong - The Office of the Privacy Commissioner for Personal Data
• Malaysia – The Department of Personal Data Protection
• New Zealand – Office of the Privacy Commissioner
• United Kingdom - The Information Commissioner’s Office
• Vietnam - Ministry of Information and Communications

We will update this privacy policy from time to time to reflect changes in legislation, technology, Our operations and practices and changing business environment. All updates will be made available on this web page and We will bring this to your attention by placing a notice on Our website. 

Updated July 2021.