Privacy
Policy
Background
- This policy applies to the operations of The Royal Australian Institute of Architects Limited ACN 72 000 023 012 trading as Australian Institute of Architects (“the Institute”).
- In this policy:
‘Constitution’ means the Institute’s Constitution, as amended from time to time.
‘personal information’ means any information or opinion about an identified or identifiable individual which is apparent or for which a link to the identity of a particular person can reasonably be found in the information or opinion. It does not matter whether that personal information or opinion is true or not, or whether the information or opinion is recorded physically, digitally or in any other form. However, “personal information” which is de-identified or de-personalised, so that any link between the information and a particular person is removed or obscured from reasonable inspection is not personal information.
‘sensitive information’ means information or an opinion about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association (such as the Institute); membership of a trade union; dietary requirements; sexual preferences or practices; or criminal record.
‘Website’ means the Institute’s website accessible at http://www.architecture.com.au
- This policy is intended to comply with the Australian Privacy Principles found in the Privacy Act 1988 and various guidelines provided by the Office of the Australian Information Commissioner. The Commission’s website can be found at: http://www.oaic.gov.au.
- The policy is divided into headings and the reference numbers of the relevant Australian Privacy Principle (APP) are noted in the margins.
App 1
1. Openness and Transparency
This privacy policy may be downloaded and printed from the Website. Printed copies are available on request.
This policy may be amended by the Institute from time to time. If it is amended, the revised version will be posted on the Website as soon as is practicable. Access to the section of the Website containing the privacy policy is unrestricted. If the Institute considers an amendment will affect its members significantly, it will advise its members of the change as soon as practicable.
This version of the policy has been issued by the Institute on 12 January 2016 with minor changes to details and references in June 2018
App 2
2. Anonymity
The Institute does not consider it practicable to deal with members either anonymously or pseudonymously in relation to its primary or secondary purposes outlined in APP3/Clause 3.
Where practicable, the Institute will allow dealings with non-members to be anonymous or pseudonymous. However, the Institute reserves the right to determine when it is practicable to deal with you anonymously or under a pseudonym. Neither option will be available to you in respect of the minimum information collected in circumstances where you: a register for an event hosted by the Institute or b make enquiries in connection with the Institute’s disciplinary procedures
a. register for an event hosted by the Institute or
b. make enquiries in connection with the Institute’s disciplinary procedures.
App 3
3. Collection of Solicited Personal and Sensitive Information
The Institute will only, by lawful and fair means, collect information that is necessary to the primary and secondary functions and activities of the Institute. In most cases, the Institute will collect information directly from the individual concerned.
Primary purposes for which information is collected, used or disclosed by the Institute are:
a. ensuring those applying for membership are eligible and if so, that their membership is classified in the relevant class according to the detailed eligibility rules of the Institute
b. delivering the membership benefits and services which the Institute has informed members will be provided to them – see Clauses 5.2 and 6 for more detail
c. delivering services to non-members, including prospective members
d. investigating complaints under or administering the disciplinary procedures contained in the Constitution.
Secondary purposes for the use and disclosure of personal information are to deliver benefits and services which arise incidentally out of the primary purposes of the Institute. From time to time, benefits or services arising from secondary purposes will evolve into membership benefits or services delivered under the Institute’s primary purposes. For example, a membership benefit may arise from the Institute’s corporate partner program.
3.1. What sensitive information is collected, and how
3.1.1 The Institute collects and records sensitive information about you relating to allergy information or dietary requirements that you advise us of for the purposes of Institute events you choose to attend. Your allergy information or dietary requirements will only be recorded and used and disclosed to relevant persons in relation to the event. The Institute will use best endeavours to destroy or de-identify this information after its use for the event.
3.1.2 If you are a member, or a prospective member, the Institute collects and records sensitive information about you relating to membership(s) of professional associations in the construction, architecture or design industries, including your membership of the Institute. The fact of your memberships will be collected or used for purposes directly related to both primary and, as permitted by APP3.4(e) because we are a non-profit organization, the secondary purposes of the Institute. We will assume that a member would reasonably expect the fact of being a member of the Institute can be collected, used and disclosed by the Institute in accordance with APP6/Clause 5, below.
3.1.3 Other than as described in APP3/Clause 3.1.1 above, the Institute has no purpose in collecting any sensitive information about non-members.
3.1.14 If sensitive information, other than the sensitive information listed above, comes into the Institute’s possession, it will not be disclosed to anyone without your consent (unless required by law) and the Institute will use best endeavours to destroy or de-identify sensitive information as soon as practicable to do so if it is lawful to do so.
3.2. What solicited personal information is collected from members, and how
Personal information collected from members by the Institute is generally obtained from initial membership applications and updated through:
> annual subscription renewals
> applications for elevation to membership classes
> members advising the Institute directly and
> members making changes or corrections directly via their online account profile.
The information requested and collected is the following (minimum information for the primary purpose as marked with an asterisk):
> *Full name and title (Mr Mrs Miss Ms Dr Prof etc.) and preferred name
> *Residential address and telephone and fax numbers if available
> Name of Employer or name of practice/ work address, telephone and fax numbers
> *Preferred contact address (one of the two above)
> E–mail address, if available
> *Date of birth
> *Tertiary qualifications and if registered as an architect, the relevant States or Territories and registration number(s)
> Membership of professional associations
> Employment category
> Level of Professional Indemnity insurance cover (*A+ members only).
This information is received either in hard copy, by telephone, via the Website, or by email and transferred by Institute staff to the Institute’s electronic database, or directly by the member logging on to the Website to access and keep current your personal information, which updates the database automatically. In addition, on annual renewal of subscription, members are invited to update or correct the information held. Personal information may also be collected when you choose to register for an Institute event as described in APP3/Clause 3.1.1, or as described in APP3/Clause 3.3, below.
3.3. Financial information collected on payment to the Institute
Certain financial personal information may be collected when:
a. members pay subscriptions, or for services provided to members, or
b. any person pays for Institute publications provided to both non-members and members,
The type of information collected depends on the method of payment used by the ‘customer’. When customers use credit or debit cards the name on the card and the card number is necessarily collected and recorded for the purpose of processing the transaction. If customers pay by cheque, their account number is stated on the cheque received.
The Institute has no primary or secondary purpose in retaining or using such information other than to process the relevant transaction, or for accounting purposes. Credit card information provided online, may also be recorded by the Institute’s online gateway payment provider. When provided in this way, the card information is not available to Institute staff.
3.4. Collection from third parties
If the Institute collects your personal information from a third party, or if you may not be aware that we have collected the personal information, we will take all reasonable steps to notify you, or make you aware of:
a. how we collect or have collected that information, and
b. the circumstances in which we collected that personal information.
App 4
4. Collection from third parties
From time to time, the Institute may unintentionally or inadvertently collect ‘unsolicited’ personal information about you. If so, and if the Institute could not have collected that personal information by lawful and fair means, the Institute will take reasonable steps to destroy or de-identify the information as soon as practicable (if lawful and reasonable to do so). If the Institute could have collected that personal information in accordance with APP 3 above, then the policies under APP6/Clause 5, apply
App 5
5. Use or Disclosure of Member’s Personal Information
Generally, as part of its primary purpose, the Institute uses the personal information to send information associated with delivery of its benefits and services to the member and when necessary, to make contact with the member. The Institute may from time to time agree to distribute material to its members on behalf of another person or organization.
Corporate members (RAIA, FRAIA, LFRAIA, Aff) should be aware that because they are the equivalent to shareholders of the Institute, the Institute must comply with disclosure requirements about them as required by the Corporations Act 2001. This may require disclosure of a corporate member’s name and (residential) address to others. However, the Institute will not do so unless satisfied that it is legally obliged to do so.
5.1. Use and disclosure of personal information by non-staff agents of the Institute
While access to personal information of members and non-members is generally limited to Institute staff and to other entities with which the Institute has a governing contractual relationship, there are specific instances where primary or secondary purposes of the Institute are delivered with the involvement of non-staff individuals who are part of a formally constituted Institute committee, taskforce or working group. Such groups may change from time to time, but include: the International Chapter, the Student Organised Network for Architecture (SONA), and the Emerging Architects and Graduates Network (EmAGN).
The Institute relies on the volunteer efforts of such individuals, who will generally be members but may not always be so, to deliver a range of Institute benefits and services. Access to personal information of members and non-members by such individuals is only authorised where that access is:
> required by members of a formally constituted Institute committee, taskforce or working group for legitimate Institute purposes (either primary or secondary)
> limited to personal information directly relevant to the purpose for which it is provided
> overseen and coordinated by a nominated Institute staff member, or Australian Institute of Architects – Privacy Policy – Version: January 2016 (updated June 2018) 5
> necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed.
5.2. Disclosure of membership, name, title and preferred contact address
5.2.1 Disclosure of the fact of membership of the Institute, and a member’s name, title and preferred contact address, is considered to be implicitly consented to by members who would reasonably expect the Institute to disclose this for the primary purposes identified in APP3/clause 3 above, and in accordance with this Clause 5.2.
The Institute discloses a member’s membership of the Institute, name, title and preferred contact address information to its associated company Architecture Media Pty Ltd specifically for distribution of the Institute’s official magazine, Architecture Australia, including any enclosures, as a primary purpose.
As part of its primary purpose, the Institute may also disclose membership of the Institute, name, title and preferred contact address information to any subsidiary of the Institute, who may in turn use a separate mailing house for distribution of information to the member. If so, the subsidiary and any mailing house will be bound by contracts not to disclose the information to others and to keep it secure.
5.2.2 The Institute may also release members’ name, title and address information in a controlled manner for a secondary purpose under the implied consent it has to do this from members. The secondary purpose is the release of this information to corporate partners sponsoring Institute activities, to those with and through whom the Institute provides member benefits, or mailing houses the corporate partner or member benefit provider is responsible for, so that they can invite Institute members to participate in the member benefit or Institute activities being sponsored, and to focus the corporate partner or member benefit provider’s advertising on the Institute members.
However, you can choose to opt out of such disclosure of the above information. There is a warning and an active consent on membership applications and subscription renewals. If consent is not given or is withdrawn (for example, by selecting or advising us you want to ‘opt out’), the Institute will use its best endeavours to prevent the member’s name being included in any distribution for this secondary purpose after your request is received. See also APP6/Clause 7 below.
On occasions, the Institute is required under contractual arrangements with providers of venues for Institute functions to make available to the provider some or all of name and address information for the members registering for the function. The purpose of these details is not always specified in the contractual arrangements, but may include security purposes. The Institute will resist any unreasonable request for this information, in whole or in part, but cannot guarantee it could avoid such obligations to the provider.
5.1. Date of birth
The Institute uses a member’s date of birth:
> to offer information and services appropriate to the length of a member’s architectural experience
> to determine eligibility for membership privileges
> for general research purposes on member profiles, and
> as security key, or personal identification number (PIN) for Website access by members.
The Institute acknowledges that date of birth information may have no relationship to the length of architectural experience and it is not reliable for that purpose. The Institute also acknowledges that unverified date of birth information is unreliable to determine eligibility for the membership privileges. Further, it acknowledges that for research purposes, de-personalised information is all that is required.
However, its use as a security key or pin number for members to control unauthorised access to their own records and membership information on the Website is a significant benefit. To be effective, a security key or pin must also be available to a computer system administrator or the Institute’s Website host so that access or usage problems for individual members can be tracked down and corrected by the Institute.
The Institute will not disclose date of birth information to any person or organisation, except where it is de-personalised so it can be used as statistical information, as required by law.
5.4. Collection of personal information from members accessing the Website
When members visit the Website, sub-sites or a social media site operated and controlled by the Institute, certain recording of information by the Institute’s electronic information system occurs. This includes a record being made of the particular subdivisions of the site a member has visited and the number of times, length of time and time of day of those visits to the site. The identity of the ‘Internet service provider’ (ISP) through which the member visited the site is also recorded. (The information collected is common to most other Internet sites accessible by the public at large.) Although it may be possible to use this information to trace the Internet site visit to the particular computer which initiated it, which might, in turn, point to the likely identity of the member, the Institute has no primary or secondary purpose in doing so.
Subject to the above, the information collected is largely anonymous, except where the member signs in with their membership number, surname and password. Signing in enables members to add information to the Website and to correct and update the personal information stored by the Institute in its membership records.
The membership number given by the member at login links the visit information with the particular member and would potentially enable the Institute to identify the particular member and their Institute Website usage pattern and history.
The Institute has no primary or secondary purpose in identifying the member with that information. The Institute will not trace the computer from which the member visits the Website or sub-sites, or to link any information to the member without the written consent of the member, unless required by law, or for a lawful purpose, which includes but is not limited to instances when it is necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed (see also APP 8/Clause 6).
5.5. Email
When email is received by the Institute, the Institute’s information system records the email provider of the sender, and it may be possible to trace the source computer from which the email originated, which might, in turn, point to the identity of the sender. This ability to trace is available via commercially available software as is also available to any other receiver of email. The Institute will not trace the source of email beyond the identity of the member’s email provider evident from the email address, unless it has the written consent of the member, is required by law, or for a lawful purpose which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed (see also APP 8/Clause 6).
5.6. Institute’s Website host
Virtually all the information described above is duplicated, hosted or kept in the computer systems of the Institute’s own contracted Website Host (WSH). Within the service agreement with its WSH, the Institute either has or will include confidentiality clauses binding the WSH to keep personal information secure and not to disclose the personal information to anyone other than the Institute, unless required by law or by written instruction by the Institute. Such arrangements will also require that if the arrangement with the Institute ceases, all of the personal information obtained from the arrangement with the Institute must be destroyed.
The Institute will not instruct its WSH to disclose personal information to anyone else other than to a new WSH, unless required by law, or for a lawful purpose, which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed (see also APP 8/Clause 6 below).
App 6
6. Use or Disclosure: Direct Marketing
The Institute might itself use member’s personal information to market Institute products, services, and events or to provide information that we think will be of interest to you. The Institute may do this by various methods (including mail, email, social media or via the Website).
If you would like to opt-out from receiving direct marketing, please contact the Institute on national@architecture.com.au or 1300 770 617, or select this option via your online profile.
App 7
7. Use or Disclosure: Cross-border Data Flows
The Institute has limited primary or secondary purposes in disclosing personal information outside Australia, generally only as may be required for the Institute to deliver services and benefits to members or non-members resident inside and outside Australia, including supporting the activities of the International Chapter, for the purpose of the Venice Architecture Biennale or for secondary purposes associated with corporate partner benefits or prizes delivered outside Australia. Such information transfer is undertaken subject to the requirements of APP6/Clause 5.
In addition, for the Institute’s primary or secondary purposes, or as made necessary by the above, the Institute may disclose personal information to the following persons, entities or organisations who reside overseas in a foreign jurisdiction:
> Survey Monkey (www.surveymonkey.com – located in USA, Luxembourg, Portugal)
> SAI Global Limited (www.saiglobal.com – located in various jurisdictions)
> MailChimp (www.mailchimp.com – located in the USA)
> Transaction Network Services (Australia) Pty Ltd (www.tnsi.com/au – located in Australia, but may use TNS operations located globally)
Cross-border flow may also be carried out as required by law, or for a lawful purpose which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed.
App 8
8. Identifiers
Each Institute member is allocated a unique membership number which is recorded with the member’s other personal information. This forms part of the Institute’s record keeping system and is used by the Institute’s systems for generation of membership renewal notices, among other things.
As described above, the number is also used as part of the security check for Website access by members, and has a parallel purpose of assisting in database and Website quality control in tracking down and correcting member’s access difficulties.
The Institute has no primary or secondary purpose in collecting, using, or disclosing, a government related identifier that has been assigned to a person.
App 9
9. Identifiers
Members
Member information which has been collected as described above is generally held on a database stored electronically on servers operated and controlled by our Website host. That database is accessible by all staff of the Institute, and when authorised, to non-staff agents of the Institute in accordance with 5.1 above. Copies of the database may be held by the Institute’s contracted website host. The Institute has or will arrange for contractual protection from disclosure or unauthorised access to any personal information held by or stored with our Website host.
Hard copy payment records may be retained by the Institute’s membership and accounting departments for seven years or longer. Financial information may be entered into the Institute’s accounting software. Hard copy membership applications and renewals are kept during processing and entry into the digital database. In each case these are only accessible to Institute staff for legitimate purposes.
Non-members
To the extent that the information of non-members is collected by the Institute’s Website or from receipt of e-mail, and copies of that information are held by the Institute’s contracted Website Host, contractual protection is or will be in place to prevent disclosure or unauthorised access to the data.
Where hard copy personal information about non-members exists, either through enquiries or formal disciplinary procedures, as stated above, the information is distributed to other Institute staff, Senior Counsellors, Professional Conduct assessors, or Professional Conduct Tribunal members on a need-to-know basis only. Otherwise, information may be stored in the relevant staff member’s computer or the Institute network server, but access to Institute computers is restricted by login usernames and passwords.
Material concerning enquiries by non-members is also kept for the purposes of preparing anonymous (de-personalised) and generalised reports to Institute committees and staff members concerned with member disciplinary issues, as well as general statistical research.
The Institute will not trace the source of e-mail from non-members, unless required by law, or for a lawful purpose which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed.
App 10
10. Data Quality, Access and Correction to Personal Information
The Institute endeavours to keep the information it holds about both members and non-members accurate and up-to-date. Membership records are updated from membership renewal forms submitted by the members. For hard copy forms, accuracy of records is dependent on correct transcription, and errors may occur.
App 11
Members are able to view their membership-related records by visiting the Website.
On request from a member or non-member, the Institute will, within a reasonable time, advise the person what personal information it holds. Before doing so, the Institute will require satisfactory proof of the identity of the person making the request. The Institute may also ask a non-member for reimbursement of reasonable administrative costs of doing so before making the information available.
If non-members wish to check information as part of the National Awards program which may have been given about them, they can do so by visiting the Institute’s Website and navigating and viewing the entry made by the architect member they have been a client of.
Personal or sensitive information collected in connection with an Institute disciplinary procedure will not be available to any person because such information is confidential, unless that information would otherwise be available under the disciplinary procedures set out in the Constitution. The Institute will give a person seeking access to their information, a written explanation of the reason for any decision to decline access to the personal information concerning a disciplinary proceeding.
In any case, the Institute may decline access to any personal information which, in its opinion:
a. is relevant to an existing or anticipated legal proceeding and that information would not be available through a Court or Tribunal’s discovery processes, or
b. is confidential or would reveal commercially sensitive matters, or
c. may seriously threaten the life or health (physical and mental) of any person, or
d. is relevant to the employment relationship between the Institute and any staff member.
Members can update or details directly via the Website, or by contacting the Institute and advising of changes required to details. The Institute will take all reasonable steps to act on such advice to correct your information. Please refer to Clause 11 for contact details.
If a person is able to reasonably satisfy the Institute that information the Institute holds is inaccurate or incomplete, the Institute will take all reasonable steps to correct the information whether or not that person is given access to existing personal information held.
Please refer to Clause 11 for contact details.
11. Contact details
If you want to access, change or have a query about your personal information or this policy, you can contact the Institute on the details below during normal business hours (9am to 5pm, Monday to Friday):
Phone: 1300 770 617
Email: national@architecture.com.au (to the attention of ‘The Privacy Officer’)
Mail: Level 1, 41 Exhibition Street 3000 Melbourne VIC (to the attention of ‘The Privacy Officer’)
Australian Institute of Architects – Privacy Policy – Version: January 2016 (updated June 2018)