Privacy Policy
1. Overview and why we collect, hold and use personal information
We collect, hold, use and disclose personal information for a variety of purposes in connection with our functions and activities as a membership body and higher education provider, including:
a)Â fulfilling our role as a membership body, including processing applications and renewals, maintaining candidate and membership records, confirming membership status to third parties (including in relation to Certificates of Public Practice and specialisations), providing information on candidate and member services, products and benefits, and conducting research and public advocacy;Â
b)Â fulfilling our role as a higher education provider, including student records for the Graduate Diploma of Chartered Accounting and the Chartered Accountants Program more broadly;
c)Â assessing professional skills, including in relation to performing migration skills assessments;
d)Â internal and external governance functions, such as in relation to the Annual General Meeting and other responsibilities and obligations under our Charter, by-laws, applicable laws, codes, policies, practices and guidelines;Â
e) promotional and marketing purposes, including conducting competitions and communicating information about our third parties’ products and services (with your consent, if required);
f)Â assessing suitability for employment or the provision of services by independent contractors or appointment to a board, committee or council;
g)Â fulfilling our contractual and other regulatory obligations, including dealing with overseas membership or regulatory bodies (for instance where we may have reciprocity arrangements, or we are required to confirm your status as a member or former member);
h)Â conducting, managing and reporting on quality assurance reviews and audits;
i) managing complaints and the candidate and member conduct and disciplinary process, including undertaking investigations, implementing disciplinary procedures associated with professional conduct; and providing information to Honk Kong and overseas regulators, government and statutory bodies (such as the Honk Kong Securities and Investments Commission);Â
j)Â organising and hosting training and events (including with third parties);
k)Â assessing or improving our products and services, as well as for training and quality purposes, including building profiles, monitoring, recording and analysing online interactions and communications between you and us;
l)Â managing scholarships and charitable assistance; and
m) providing information to third parties to assist in locating and contacting a member, including based upon the member’s geographic location or speciality service offered, including via our ‘Find a CA’ search tool.
We have a legitimate interest in using your information in these ways and they are fundamental to our functions and activities as a membership body and higher education provider.Â
2. What kinds of personal information do we collect and hold?
We try to collect only the personal information we require for the particular function or activity that we’re carrying out. Types of personal information we typically require include:
a)Â contact details, such as office addresses, home addresses, telephone numbers and email addresses;
b)Â personal details, such as dates and places of birth, gender, qualifications, education history (including transcripts), languages and cultural backgrounds;Â
c)Â practice details, including employment information and practising history, recommendation and reference letters (including letters of good standing), information about audits performed on business/practices, details and findings of disciplinary investigations (including decisions and disciplinary outcomes/actions);
d)Â information you make available on the Sites; membership information, including membership history (including professional conduct) and activities such as service on boards, committees and councils;Â
e) sensitive information, such as any criminal record or medical information to the extent that it is relevant to our functions and responsibilities as a membership or regulatory body;Â
f) records of your communications and other interactions with us; and
g) biometric information (with your consent, if required), including a video recording or photograph of your face and your biometric keystroke pattern to the extent it is relevant or necessary to our functions and responsibilities as a professional membership body and higher education provider.Â
3. How do we collect your personal information?
We collect personal information in a number of ways, including:
Through the Sites: We may collect personal information from the Sites, such as when you visit, use or register on our Websites, Apps or Social Media Pages, join (or request to join), post in or otherwise contribute to a CA ANZ Social Media Page, or when you complete a survey;
From you: We may collect personal information from you when you contact, do business or interact with us by phone or email, apply for, enrol in or register for a program or activity, or enter into a competition; andÂ
From third parties:Â We may receive your personal information from other sources, such as public databases, acquired contact lists, professional bodies (for example under reciprocal arrangements), your employer (for example when your employer registers you in an activity or course), regulators, government and statutory bodies and our service providers.
4. Use and disclosure of personal information
We will typically only use or disclose your information because it is either necessary for us to perform our activities or functions (as described above) and you have consented to such use or disclosure or we believe you would expect us to make the disclosure in the circumstances.Â
However, there may be other situations where we will disclose personal information to a third party, typically in response to requests from law enforcement agencies or other regulators.Â
For avoidance of doubt, we may disclose your personal information to:
a)Â any data processors processing your information on our behalf;Â
b)Â your employer, where your employer has registered you in an activity or course on your behalf or you have otherwise consented to your employer receiving your personal information (including, mentor reports and examination marks);
c)Â third party degree or accreditation verification services, where you have provided your consent;Â
d)Â any person who is seeking confirmation whether or not you are a Member (including whether or not you hold a Certificate of Public Practice);
e)Â our councils and committees;Â
f)Â our disciplinary bodies;
g)Â other persons visiting or browsing the Sites, where you have uploaded or made a visible post or other communication, including any “profile” personal information you have consented to be made public such as your personal photo;
h)Â where applicable, third parties who provide related services or products in connection with our business such as our vendors, business partners, and any party assisting us in carrying out our functions or activities (including payment processing);
i)Â parties which participate in joint marketing schemes with us;
j)Â any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any applicable law;
k)Â government agencies, statutory authorities and industry regulators;Â
l)Â our auditors, consultants, accountants, lawyers or other financial or professional advisers; and / or
m)Â our sub-contractors or third party service or product providers determined by us to be necessary or appropriate.
Where relevant, we will only use or disclose personal information where we have a legitimate interest (including for the purposes previously specified) to do so.Â
5. Direct Marketing
Communicating to our Members and students about our services and benefits available to them forms an essential part of our activities as a membership and higher education body. These communications can include:
a)Â newsletters and other informative publications which contain marketing material;
b)Â direct marketing surveys;
c)Â details about third party events;
d)Â information about our additional products and services, such as our CPD products; and
e)Â benefits offered by our marketing partners.
We send this information, as well as other direct marketing material through a variety of channels, including email, mail, SMS, and through posts on our Social Media Pages.Â
You are able to opt-out of direct marketing by using the unsubscribe option made available on communications from us. If you are a Member or otherwise have a registered account on our website, you can change your communication preferences at any time via the Communications Preference Centre feature.Â
Communications which are not direct marketing cannot be opted-out of as they are core to our functions and activities, including in relation to membership or education. These include communications relating to information about your membership (including membership renewals), governance matters (such as the Annual General Meeting), conduct matters, and quality review matters.
We will not sell your personal information to third parties.
6. Overseas residents and overseas personal information transfer
If you are a resident of an overseas country (for example, a country in the European Union or the United Kingdom), you may have additional or modified rights in relation to your personal information in certain circumstances, including deletion of your personal information or receiving your personal information in a portable format. Â
To make a request to exercise any of these rights in relation to your personal information, please contact our Privacy Officer / Data Protection Officer (details set out below) or via the contact us form on our website.
If you are a member and practise in a country outside of Australia or New Zealand (or apply to do so) we may send your personal information outside of those countries, for example to our service providers in Honk Kong. We may also send your personal information in response to an inquiry from the relevant authority in that foreign country.Â
We use the services of certain third party service providers which may have offices or other operations outside of Honk Kong or New Zealand. As a result, personal information may be disclosed to recipients in those foreign countries. The recipients of such information may be located in Australia, New Zealand, the United Kingdom, Ireland, United States of America, Hong Kong, Singapore, Canada, South Africa, Malaysia, and other countries (typically the country an overseas member is residing in) from time to time.
7. Access and correction of personal information
Individuals may request access to their personal information held by us. We will provide access to your personal information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate. Any requests for access or correction of your personal information should be made in writing to our Privacy Officer / Data Protection Officer (details set out below) or via the contact us form on our website.Â
To request access and seek the correction of personal information held by us, please email, call, or write to us using the contact information listed below in the “How to contact us” section.
We will endeavour to respond to any access or correction request within 20 working days of receipt.
8. How long do we keep your personal information?
We try to retain your personal information for only as long as is necessary for the purpose for which that personal information was collected and to the extent permitted by applicable laws. When we no longer need to use personal information, we will remove it from our systems and records and/or take steps to anonymise it so you can no longer be identified from it.Â
9. Security of Personal Information
We use reasonable organisational, technical, and administrative measures and security safeguards to collect and protect, as is reasonable in the circumstances, the personal information we hold from misuse, loss, interference and/or unauthorised access, use, disclosure, or alteration of information under our control. Where practicable, we implement measures to require organisations to whom disclosure is made to comply with applicable data protection and privacy laws. If a third party is given access to personal information, we take reasonable steps to ensure that the information is held securely and used only for the purpose of providing the relevant service or activity.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure.
10. What other information do we collect?
The Sites collect other information that may or may not be personal information. Other information includes information, such as:
a) browser and device information;
b) server log file information;
c) App usage data;
d) demographic information;
e) location information; and
f) aggregated information.
11. How do we collect other information?
Through your use of an App:
When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies: Cookies allow a web server to transfer data to a computer or device for recordkeeping and other purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. For detailed information about the cookies we use and the purposes for which we use them, please see our cookies policy.
12. How do we use other information?
Please note that we may use and disclose such other information which is not personal information for any purpose, except where we are required to do otherwise under applicable law; for example, if we are required to treat that information as personal information under applicable law.
In some instances, we may combine other information with personal information. If other information can be combined with personal information or can be used to build a profile of an individual (in a way which could be reasonably used to identify that individual), such other information will be treated by us as personal information.
13. Privacy concerns
If you would like any further information about our handling of personal information or to make a complaint about our handling of your personal information, please lodge a written complaint addressed to our Privacy Officer using the contact details below. Once we receive your complaint, we will respond to you within a reasonable period of time, usually within 20 working days.
If you are unsatisfied with the outcome of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the local data protection authority.Â