The policy was prepared in September, 2018.
If you have any feedback on this policy, or you wish to contact us, please email us at email@example.com. We look forward to hearing from you. We may vary this policy from time to time. We will ensure that the most updated version is on our website. We invite you to check the policy on the website from time to time.
Personal information in Australia
In Australia, personal information is information or an opinion about you or from which you can reasonably be identified.
Personal data in the European Economic Area
If you give us personal information, or we collect certain personal information about you, whilst you are residing in the European Economic Area (EEA), that personal information is subject to an EEA regulation called the General Data Protection Regulation (GDPR).
The GDPR regulates the manner in which a controller or a processer processes:
“personal data” collect from EEA residents, whilst they are residing in the EEA; or
other personal information processed in the EEA.
Personal data is any information relating to an identified or identifiable natural person. We process personal data when (amongst other things) we collect and use that personal data.
For GDPR purposes, we are the controller of personal data we collect from EEA residents, whilst they are residing in the EEA. We do not propose to process other personal information in the EEA.
In this policy:
“personal data” means any information about you, in relation to which you can be identified or are identifiable, that we collect while you reside in the EEA or that we process in the EEA;
the term “personal information” includes that personal data.
When we collect personal data about EEA residents whilst they are residing in the EEA or process personal information about you in the EEA, we manage that personal data and personal information under this policy and in accordance with the GDPR and any other law that applies to processing that personal information.
If you are an EEA resident when we process personal information about you, there is more information about particular rights the GDPR makes available to you under the heading “Processing Personal Data under the GDPR”.
COLLECTING PERSONAL INFORMATION
We collect personal information about you when we take a record of that personal information. We may collect the personal information about you including:
identification information like your name, date of birth, address and contact details;
information you use or give us when you use our website; and
professional information like your career plan, interests and professional development requirements.
We may collect other personal information about you in the course of dealing with you to assist us to conduct our professional development activities efficiently.
WHY WE COLLECT PERSONAL INFORMATION
We will collect personal information about you only if we reasonably need that information for our professional development functions and activities. For example, we collect personal information about you so we can:
help us to understand your professional development requirements and develop our projects and initiatives;
offer you our opportunities as they become available and that may be of interest to you;
make opportunities available to you at your request;
allow us to examine applications through our recruitment processes;
improve the services and opportunities we offer; and
manage our arrangements with you efficiently.
We may collect personal information about you because the law requires us to do so. For example, the law requires us to collect personal information about you to:
identify you under the ACNC Act upon becoming a Member.
Mostly, we collect your personal information from you. We may collect personal information about you from other sources, for example, when you use our website. Sometimes, we collect personal information about you that is available publicly.
UNSOLICITED PERSONAL INFORMATION
If we receive personal information about you that we did not request, we will consider whether the information is reasonably necessary for our professional development functions and activities. If not, we will destroy that information or ensure it does not identify you.
What if you do not give us your personal information? If we do not collect personal information about you, we may not be able to:
tell you about our events and opportunities;
supply opportunities to you;
manage our arrangements with you, like dealing with a complaint you make to us; or
tell you about other opportunities that may interest you.
INFORMATION ABOUT OTHER PEOPLE
If you tell us personal information about another person, we ask that you:
tell that other person that you have done so; and
invite that person to contact us for details on how we manage personal information we hold about them and to obtain a notice from us about how we manage their personal information.
HOW WE USE YOUR PERSONAL INFORMATION
We may use personal information about you to:
consider any requests or applications you make to us or to our partners;
help us to understand your professional development requirements and develop our events and services;
tell you about our opportunities or opportunities from our service partners that may be available to you. That may include telling you about competitions or other promotional events in which we invite you to participate. This correspondence is direct marketing. You can tell us to stop sending you direct marketing. Please see below for our contact details;
identify you and manage our arrangements with you;
promote the Association and how it assists its stakeholders;
prevent or investigate conduct that may be fraudulent or criminal; and
for any purpose to which you have consented.
STOPPING DIRECT MARKETING
You can ask us any time to stop sending you direct marketing information. Email us to unsubscribe and we will stop contacting you for those purposes. We do not charge you a fee for asking us to stop direct marketing. Also, we will not send you direct marketing information if:
you are registered on the “Do Not Call” register. You can register on the “Do Not Call” register at www.donotcall.gov.au or phoning 1300 792 958; or
that direct marketing information would have been sent by way of an electronic message and you opted out of receiving further electronic direct marketing messages from us.
DISCLOSING PERSONAL INFORMATION
We may exchange personal information about you with:
organisations affiliated with the Australian Business Students' Association Limited;
reporting bodies, if you become a Member;
suppliers that help us to conduct our business. Amongst other suppliers, that may include suppliers that help us to: understand your professional development requirements; improve our opportunities and services; verify identity; or provide services relating to our opportunities. Those suppliers may: disclose your personal information to contractors that assist the suppliers to perform services for us; and track your use of our website or other services. Our arrangements with suppliers will limit use of your personal information to the services they are supplying to us. We will ask suppliers to ensure their arrangements with contractors limit the contractors’ use of your personal information to assisting the suppliers to perform services for us;
any person who refers you to us to obtain services from us;
regulators or law enforcement bodies;
any entity that proposes to take an interest in our business; and
any person at your request or with your consent.
DISCLOSING PERSONAL INFORMATION OVERSEAS
We may disclose personal information about you to overseas entities that assist us to conduct our business. Those entities are situated in China, India and the United Kingdom. Also, we may store information in the cloud or other networked systems. In that case, we may not be aware of the countries in which your information may be held.
USE OF GOVERNMENT IDENTIFIERS
We do not use Government related identifiers (like tax file numbers or medicare card numbers) as the means by which we identify you in our records. We may collect and use some of your Government related identifiers, but only for reasons permitted by the Privacy Act, the APPs or any APP Code by which we are bound.
SECURITY OF YOUR PERSONAL INFORMATION
We will take steps reasonably available to us to protect your personal information from:
misuse, interference or loss; and
unauthorised access, modification or disclosure.
We will do this by ensuring that access to your personal information is protected and available only to those of our staff that need to use, disclose or manage it in accordance with this policy.
ACCESS TO YOUR PERSONAL INFORMATION
You can ask for access to the personal information we hold about you. If you wish to do so, please contact us by emailing us on firstname.lastname@example.org.
Generally, we will give you access to the information you request. There may be some circumstances, permitted by the APPs, in which we will not give you that access. For example, we may not give you access to information where:
(a) giving access would have an unreasonable impact on the privacy of others;
(b) we reasonably believe the request is frivolous or vexatious;
(c) the information relates to actual or possible legal proceedings between us and you and we would not have to produce that information under orders a court may make in those proceedings;
(d) giving access would prejudice our interests relating to negotiations we are having with you;
(e) Australian law or a court or tribunal order prevent us from giving you access; or
(f) giving access would reveal certain information we generate internally relating to a commercially sensitive decision-making process.
We will give you written reasons if we refuse to give you access to personal information you request unless there are reasonable grounds (like confidentiality obligations we owe) for not giving you those reasons. In any case, we will give you an explanation if we do not give you access to information because of a commercially sensitive decision-making process.
We will give you access to the information you request in the manner you request (for example, by email), as long as we are reasonably able to do so. If we are not able to do so or if we have a reason for not giving you access to all the information you request, we will work with you to give you access to personal information we hold about you in a way that meets your needs and our needs.
We will respond to any request you make for access to the personal information we hold about you within a reasonable time after you make the request. The time it takes will depend on the amount of information you are seeking and whether we have to make more enquiries of you to ensure the nature of that information is clear.
Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, you can decide whether or not you wish to change your request.
CORRECTING YOUR PERSONAL INFORMATION
We take steps, reasonably available to us, to ensure that the personal information we hold about you is accurate, up-to-date and complete. In order to assist us, we ask that you contact us and update the personal details we hold about you (for example, your name, address and contact details), if those details change. You can contact us by emailing us on email@example.com
You may consider that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading. You can request us to correct the personal information we hold about you by emailing us on firstname.lastname@example.org
If we receive your request to correct information but consider that the information does not need correcting, we will give you a written notice setting out our reasons. Also, we will give you details of how you can ask us to associate a statement to the information you consider to be incorrect or make a complaint about us refusing to correct information.
We will respond to any request you make to correct personal information we hold about you within a reasonable time after you make the request.
We will not charge you for correcting or associating a statement to personal information at your request.
You may have a complaint about the way we manage the personal information we have about you. If you have a complaint, please email us on email@example.com. We will take steps to resolve the complaint with you. If we cannot resolve your complaint in a manner that is satisfactory to you and within 30 days of receiving your complaint, we will ensure that you are notified of this outcome.
DATA BREACH REPORTING
We will comply with any relevant laws relating to notifying you and notifying a regulator that the security of the personal information we hold about you has been breached.
PROCESSING PERSONAL DATA UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
Processing personal data
In addition to other reasons set out in this policy, we may process personal data about you because:
you have permitted us to do so to help us understand your professional development requirements and develop our opportunities and offer you our opportunities or other opportunities as they become available and that may be of interest to you;
we need to perform a contract with you;
the processing is in our legitimate interests and it is not overridden by your rights; or
we need to do so to comply with the law.
Retaining personal data
We will retain personal data about you only for as long as is necessary for the purposes set out in this policy. We will retain and use that personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Transferring personal data
We may transfer personal data about you to, and maintain it on, computers located outside of your State, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. We may transfer that personal data to Australia and process it there.
Disclosing personal information overseas in this policy.
We will take all steps reasonably necessary to ensure that personal data about you is treated securely and in accordance with this policy and no transfer of that personal data will take place to an organisation or a country, unless there are adequate controls in place including the security of that personal data.
Data Protection Rights Under the GDPR
If you are a resident of the European Economic Area (EEA), you have certain data protection rights with respect to personal data we collect about you whilst you reside in the EEA. We will take reasonable steps to allow you to correct, amend, delete, or limit the use of that personal data. If you wish to do so, please contact us by emailing us on firstname.lastname@example.org.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
You can contact us and exercise the following rights in relation to the personal data we hold about you:
the right to access, update or delete the personal data we hold about you;
the right of rectification - you have the right to have the personal data we hold about you rectified if that personal data is inaccurate or incomplete;
the right to object. You have the right to object to our processing personal data we hold about you;
the right of restriction. You have the right to request that we restrict the processing of personal data we hold about you;
the right to data portability. You have the right to be provided with a copy of the personal data we hold about you in a structured, machine-readable and commonly used format and the right to have us transfer, where technically feasible, the personal data we hold about you to another controller;
the right to withdraw consent. Unless we have compelling and legitimate grounds for continuing processing, you have the right to withdraw your consent at any time where we relied on your consent to process personal data we hold about you.
We may ask you to verify your identity before responding to any of those requests.
You have the right to complain to a data protection authority about our collection and use of personal data we hold about you. For more information, please contact your local data protection authority in the European Economic Area.