The Actuaries Institute respects the privacy of all of our Members, event registrants and business contacts, and is committed to safeguarding the personal information that we hold. The Institute is subject to the Australian Privacy Principles that are contained in the Privacy Act 1988 (Cth) (“Privacy Act”).
- How we collect and hold personal information
- Personal information
- Sensitive information
- What personal information we collect and why
- Education, CPD courses, the Capability Assessment Tool and the CPD log
- Events and publications
- ‘Find a Member’ service
- Disclosure to third parties
- Disclosure to third parties in Australia
- Disclosure to third parties internationally
- Security of personal information
- Access to, and correction of, personal information
- Your privacy on the internet
- Need more information about your privacy rights?
- Contacting the Institute about privacy issues
- Query or request regarding access to, or correction of, personal information
- Complaints or other queries
- How we deal with privacy-related complaints
1. How we collect and hold personal information
The Institute is the professional body representing actuaries in Australia and provides a range of services for its Members, including education courses, seminars, conferences, publications and information that is distributed via mailings and the Institute website.
1.1 Personal information
Personal information is collected by the Institute via various means including:
- membership application forms and annual subscription renewal forms;
- registration forms for attendance at events;
- enrolment forms for qualifying and continuing education;
- order forms for publications;
- membership profile updates;
- data surveys issued by the Institute to its Members; and
- applications for employment at the Institute.
These information channels reflect the most common ways in which the Institute collects personal information about Members, customers and business contacts. The provision of such information is entirely the decision of the Member, customer or business contact.
Subject to Constitutional and legal requirements, and unless otherwise impracticable, individuals have the option of not identifying themselves, or of using a pseudonym, when dealing with us.
Personal information is held either electronically or in hard copy form.
1.2 Sensitive information
With respect to sensitive information – that is, information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record – we will only collect such information from you directly or with your consent.
This is subject to some exceptions, including:
- the collection is required by law; and
- when the information is necessary for the establishment, exercise or defence of a legal claim.
2. What personal information we collect and why
The Institute uses personal information collected by it in order to fulfil its objectives under its Constitution. The following sub-sections provide more detailed information concerning the main types of personal information we collect and why we collect it. Please note that, if you send an email to us (including any emails addressed to a staff email address), the information in your email (including any personal information) may be retained on our systems in accordance with applicable email retention policies and procedures.
If you apply to become a Member of the Institute, it is a Constitutional requirement that you provide us with personal information about you, including your name, date of birth, residential address and actuarial and other qualifications in detail. If you do not provide that information, we may not accept your application for membership.
Individuals seeking Accredited Membership of the Institute, in particular, are also required to provide details of their membership with the relevant overseas actuarial body. Personal information may be shared with such relevant overseas actuarial bodies in order to process your application. If you do not provide that information, we may not accept your application for Accredited Membership.
We will also collect personal information about you as part of renewal of your membership.
From time to time, we may also collect further information about you, such as your email address, telephone number and other business details.
Unless you tell us otherwise, the Institute will use the personal information you give us to make contact with you and to provide information to you which either we consider will be relevant, and/or of interest, to you or which you have elected to receive.
2.2 Education, CPD courses, the Capability Assessment Tool and the CPD log
For the purposes of assessing educational standards, exemptions, examination results and professional designations, the Institute will need to access personal information about you from universities where you have undertaken appropriate studies or from other actuarial or professional bodies of which you are or have been a member. Unless you tell us otherwise, the Institute will use the personal information obtained from third parties for these educational purposes.
We may also collect personal information about you when you enrol for a CPD course run by the Institute, in order to allow us to process your enrolment. Information you enter into the CPD log facility provided in the Institute’s password-protected ‘Members only’ area is stored electronically, but only accessible by you using your user identifier and password.
The Institute’s online Capability Assessment Tool captures certain information about those Members using the Tool. This information is collected – but only in a de-identified fashion – to assist the Institute in designing and developing its CPD program.
2.3 Events and publications
If you register for an Institute event, either online or otherwise, the Institute will collect personal information about you that you provide as part of that registration. Unless you advise us otherwise, this information may be shared with event sponsors or partners so that they may contact you directly.
Similarly, if you order a publication or periodical (either online or otherwise), the Institute will collect personal information about you that you provide as part of that order.
If you choose to pay by credit card for any purposes associated with each of the above, the Institute will collect your credit card information. However, such information is used only for the purposes of processing your payment. If you provide us with credit card information online, the information is stored in encrypted form. If you provide us with credit card information by either telephone or on a printed form, the information is destroyed after the transaction has been processed.
If you volunteer in certain areas of the Institute’s education program – such as examination marking – you will be asked to provide personal banking details so that we can process payments to you for such services provided by you to the Institute.
2.5 ‘Find a Member’ service
Unless you advise us otherwise, personal information about you will be made available on the Institute’s ‘Find a Member’ service on its website. This service is only available to other Members of the Institute via the password-protected Members’ section of the website so that they may contact you directly.
3. Disclosure to third parties
The Institute does not sell, rent or trade personal information about you to or with third parties.
3.1 Disclosure to third parties in Australia
On occasion, the Institute uses the services of third parties (including a mailing house to post information to Members and customers) and for this purpose your personal information needs to be provided to those third parties. If the Institute provides your personal information to a third party, we require the third party to provide written confirmation that they are compliant with the Privacy Act.
The Institute uses information technology service providers to provide technical support for its computing network, website and database. These companies have incidental access to the Institute’s membership database. For these particular companies, the Institute has written agreements in place dealing with confidentiality and privacy obligations.
3.2 Disclosure to third parties internationally
As noted above in Section 2.1, personal information may be shared with relevant overseas actuarial-related bodies in order to process an application for Accredited Membership. It may also be shared with such bodies in respect of an application related to the Chartered Enterprise Risk Actuary (CERA) designation (for example, applications by CERA holders to transfer their designation to another Award Signatory). The most common countries in which such recipients are located are: United Kingdom, United States of America, Canada and New Zealand.
The Institute is associated with various international actuarial organisations, such as the International Actuarial Association (IAA). Individual Members of the Institute may subscribe to these organisations through the Institute (Fellows of the Institute automatically become members of the IAA). These memberships necessitate the transfer of personal information by the Institute to these organisations for administrative purposes. Unless you tell us otherwise, we will forward those details to these organisations as part of your membership application and annual subscription to these bodies. The most common countries in which such recipients are located are: United Kingdom, United States of America, Canada and New Zealand.
The Institute also supplies personal information regarding members located overseas to the relevant Institute representative located in that country. However, prior to disclosing such information, we ask potentially affected members to advise us if they do not wish their personal information to be provided to the relevant representative.
Technical IT support for the Institute’s member database system (CRM) is or may be provided by third party service providers who are not located in Australia. As part of such support, those providers may, from time to time, access personal information held on the CRM. Confidentiality obligations have been imposed on such providers as part of service agreements.
4. Security of personal information
The security of your personal information is important to us and we take reasonable steps to protect it from:
- loss; and
- unauthorised access, modification or disclosure.
The Institute protects the personal information it collects in a number of ways:
- the information is held in a database, in proprietary data format, which can only be read using proprietary tools. The Institute database is interfaced with the password-protected Members’ section of the Institute website. However, the database only accesses information selected according to the instructions you provide;
- the Institute’s website has electronic security systems in place, including the use of firewalls and encryption. In addition, user identifiers and passwords are used on our website to control access to your personal information;
- access control for our premises;
- Institute employees are required, as a condition of their employment, to treat personal information held by the Institute as confidential, and to maintain the confidentiality of that personal information; and
- providing a discreet environment for confidential discussions.
5. Access to, and correction of, personal information
Subject to certain exceptions, you have a right to access personal information that the Institute holds about you. Again subject to certain exceptions, you also have the right to request that we correct personal information about you that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If you have internet access, you can check the information that the Institute holds about you at any time by simply logging onto the Members’ section of the Institute website. There is a facility available in that section for you to update your profile with corrections to your personal information. It should be noted that internet communications may be intercepted and therefore the Institute cannot ensure the security of personal information sent through the internet.
The same access and correction rights are available if you do not have internet access. To provide you with access to personal information held about you, the Institute would usually provide you with a print-out of the relevant personal information from our database or, if relevant, with photocopies of information stored in paper files. If you wish to access the personal information that we hold about you, or request that we correct personal information we hold about you, please set out your request in writing, including your phone number, and forward as directed at the end of this policy. The Institute will generally consider any requests for access or correction within 21 days of receipt of the request.
In the interests of protecting the privacy of individuals about whom we hold personal information, we will require that you verify your identity by citing personal information we hold about you.
Ordinarily, the Institute will not charge you for the cost of providing access to, or correction of, records containing your personal information. However, if we do propose to charge you, we will advise you of the relevant charges before we provide you with access or correct your information.
6. Your privacy on the internet
The Institute’s website has electronic security systems in place, including the use of firewalls and encryption. In addition, user identifiers and passwords are used on our website to control access to your personal information. The Institute’s website does not collect information via browsers, cookies or tracking programs. The only personal information it collects about you is what you manually provide to the Institute via the website. The Institute’s membership database is interfaced with the password-protected Members’ section of the Institute website. However, the database only accesses information selected according to the instructions you provide.
There are some links from the Institute website to third party websites, for your convenience and information. If you choose to access a non-Institute website through such a link, the Institute is not responsible for the contents or operation of that site, including its privacy practices. We suggest you review the terms and conditions and privacy policies of each site you visit.
7. Need more information about your privacy rights?
For further information about privacy issues and the protection of privacy, visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au
8. Contacting the Institute about privacy issues
8.1 Query or request regarding access to, or correction of, personal information
If you have a query about how to access or request correction of your personal information, or you wish to make a request for access/correction, please use the contact details below:
Level 2, 50 Carrington Street
Sydney NSW 2000
Phone: +61 (0) 2 9239 6100
Fax: +61 (0) 2 9239 6170
8.2 Complaints or other queries
Please contact the Institute’s Company Secretary if you:
- have other privacy concerns.
The contact details are as follows:
Level 2, 50 Carrington Street
Sydney NSW 2000
Phone: +61 (0) 2 9239 6100
Fax: +61 (0) 2 9239 6170
9. How we deal with privacy-related complaints
A complaint should identify whether it is about:
- the collection of personal information;
- the use of personal information;
- the disclosure of personal information;
- the security or storage of personal information;
- the accuracy of personal information;
- a refusal to give the complainant access to, or find out about, their personal information; or
- a refusal to correct or delete personal information.
The Institute’s Director – Governance and Regulation will normally deal with privacy complaints; otherwise, the complaint will be dealt with by someone who was not involved in the conduct which the complaint is about. The Institute will attempt to confirm (as appropriate and necessary) with the person making the complaint:
- their understanding of the conduct relevant to the complaint;
- what they expect as an outcome.
The Institute will inform the person making the complaint:
- whether it will conduct an investigation;
- the name, title and contact details of the person who will investigate the complaint; and
- the estimated completion date for the investigation process.
The Institute will normally look at the following questions:
- Did the alleged conduct occur?
- Why did the Institute collect the information?
- Was the information stored by the Institute in a ‘record’ (as defined in the Privacy Act) or in a generally available publication?
- Did the Institute comply with the relevant Australian Privacy Principle(s) and the requirements of the Privacy Act when dealing with the information?
After the Institute has completed its enquiries, we will contact the person who has made the complaint, usually in writing, to advise the outcome and invite a response to the Institute’s conclusions about the complaint.
If a response is received, the Institute will assess it and advise if the Institute has changed its view.
If the person making the complaint is unsatisfied with the outcome, the Institute will advise further options including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner.
As at April 2016