- This policy applies to the operations of The Royal Australian Institute of Architects Limited ACN 72 000 023 012 trading as Australian Institute of Architects (“the Institute”).
- In this policy:
‘Constitution’ means the Institute’s Constitution, as amended from time to time.
‘personal information’ means any information or opinion about an identified or identifiable individual which is apparent or for which a link to the identity of a particular person can reasonably be found in the information or opinion. It does not matter whether that personal information or opinion is true or not, or whether the information or opinion is recorded physically, digitally or in any other form. However, “personal information” which is de-identified or de-personalised, so that any link between the information and a particular person is removed or obscured from reasonable inspection is not personal information.
‘sensitive information’ means information or an opinion about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association (such as the Institute); membership of a trade union; dietary requirements; sexual preferences or practices; or criminal record.
‘Website’ means the Institute’s website accessible at http://www.architecture.com.au
- This policy is intended to comply with the Australian Privacy Principles found in the Privacy Act 1988 and various guidelines provided by the Office of the Australian Information Commissioner. The Commission’s website can be found at: http://www.oaic.gov.au.
- The policy is divided into headings and the reference numbers of the relevant Australian Privacy Principle (APP) are noted in the margins.
1. Openness and Transparency
This version of the policy has been issued by the Institute on 12 January 2016 with minor changes to details and references in June 2018
The Institute does not consider it practicable to deal with members either anonymously or pseudonymously in relation to its primary or secondary purposes outlined in APP3/Clause 3.
Where practicable, the Institute will allow dealings with non-members to be anonymous or pseudonymous. However, the Institute reserves the right to determine when it is practicable to deal with you anonymously or under a pseudonym. Neither option will be available to you in respect of the minimum information collected in circumstances where you: a register for an event hosted by the Institute or b make enquiries in connection with the Institute’s disciplinary procedures
a. register for an event hosted by the Institute or
b. make enquiries in connection with the Institute’s disciplinary procedures.
3. Collection of Solicited Personal and Sensitive Information
The Institute will only, by lawful and fair means, collect information that is necessary to the primary and secondary functions and activities of the Institute. In most cases, the Institute will collect information directly from the individual concerned.
Primary purposes for which information is collected, used or disclosed by the Institute are:
a. ensuring those applying for membership are eligible and if so, that their membership is classified in the relevant class according to the detailed eligibility rules of the Institute
b. delivering the membership benefits and services which the Institute has informed members will be provided to them – see Clauses 5.2 and 6 for more detail
c. delivering services to non-members, including prospective members
d. investigating complaints under or administering the disciplinary procedures contained in the Constitution.
Secondary purposes for the use and disclosure of personal information are to deliver benefits and services which arise incidentally out of the primary purposes of the Institute. From time to time, benefits or services arising from secondary purposes will evolve into membership benefits or services delivered under the Institute’s primary purposes. For example, a membership benefit may arise from the Institute’s corporate partner program.
3.1. What sensitive information is collected, and how
3.1.1 The Institute collects and records sensitive information about you relating to allergy information or dietary requirements that you advise us of for the purposes of Institute events you choose to attend. Your allergy information or dietary requirements will only be recorded and used and disclosed to relevant persons in relation to the event. The Institute will use best endeavours to destroy or de-identify this information after its use for the event.
3.1.2 If you are a member, or a prospective member, the Institute collects and records sensitive information about you relating to membership(s) of professional associations in the construction, architecture or design industries, including your membership of the Institute. The fact of your memberships will be collected or used for purposes directly related to both primary and, as permitted by APP3.4(e) because we are a non-profit organization, the secondary purposes of the Institute. We will assume that a member would reasonably expect the fact of being a member of the Institute can be collected, used and disclosed by the Institute in accordance with APP6/Clause 5, below.
3.1.3 Other than as described in APP3/Clause 3.1.1 above, the Institute has no purpose in collecting any sensitive information about non-members.
3.1.14 If sensitive information, other than the sensitive information listed above, comes into the Institute’s possession, it will not be disclosed to anyone without your consent (unless required by law) and the Institute will use best endeavours to destroy or de-identify sensitive information as soon as practicable to do so if it is lawful to do so.
3.2. What solicited personal information is collected from members, and how
Personal information collected from members by the Institute is generally obtained from initial membership applications and updated through:
> annual subscription renewals
> applications for elevation to membership classes
> members advising the Institute directly and
> members making changes or corrections directly via their online account profile.
The information requested and collected is the following (minimum information for the primary purpose as marked with an asterisk):
> *Full name and title (Mr Mrs Miss Ms Dr Prof etc.) and preferred name
> *Residential address and telephone and fax numbers if available
> Name of Employer or name of practice/ work address, telephone and fax numbers
> *Preferred contact address (one of the two above)
> E–mail address, if available
> *Date of birth
> *Tertiary qualifications and if registered as an architect, the relevant States or Territories and registration number(s)
> Membership of professional associations
> Employment category
> Level of Professional Indemnity insurance cover (*A+ members only).
This information is received either in hard copy, by telephone, via the Website, or by email and transferred by Institute staff to the Institute’s electronic database, or directly by the member logging on to the Website to access and keep current your personal information, which updates the database automatically. In addition, on annual renewal of subscription, members are invited to update or correct the information held. Personal information may also be collected when you choose to register for an Institute event as described in APP3/Clause 3.1.1, or as described in APP3/Clause 3.3, below.
3.3. Financial information collected on payment to the Institute
Certain financial personal information may be collected when:
a. members pay subscriptions, or for services provided to members, or
b. any person pays for Institute publications provided to both non-members and members,
The type of information collected depends on the method of payment used by the ‘customer’. When customers use credit or debit cards the name on the card and the card number is necessarily collected and recorded for the purpose of processing the transaction. If customers pay by cheque, their account number is stated on the cheque received.
The Institute has no primary or secondary purpose in retaining or using such information other than to process the relevant transaction, or for accounting purposes. Credit card information provided online, may also be recorded by the Institute’s online gateway payment provider. When provided in this way, the card information is not available to Institute staff.
3.4. Collection from third parties
If the Institute collects your personal information from a third party, or if you may not be aware that we have collected the personal information, we will take all reasonable steps to notify you, or make you aware of:
a. how we collect or have collected that information, and
b. the circumstances in which we collected that personal information.
4. Collection from third parties
From time to time, the Institute may unintentionally or inadvertently collect ‘unsolicited’ personal information about you. If so, and if the Institute could not have collected that personal information by lawful and fair means, the Institute will take reasonable steps to destroy or de-identify the information as soon as practicable (if lawful and reasonable to do so). If the Institute could have collected that personal information in accordance with APP 3 above, then the policies under APP6/Clause 5, apply
6. Use or Disclosure: Direct Marketing
The Institute might itself use member’s personal information to market Institute products, services, and events or to provide information that we think will be of interest to you. The Institute may do this by various methods (including mail, email, social media or via the Website).
If you would like to opt-out from receiving direct marketing, please contact the Institute on email@example.com or 1300 770 617, or select this option via your online profile.
7. Use or Disclosure: Cross-border Data Flows
The Institute has limited primary or secondary purposes in disclosing personal information outside Australia, generally only as may be required for the Institute to deliver services and benefits to members or non-members resident inside and outside Australia, including supporting the activities of the International Chapter, for the purpose of the Venice Architecture Biennale or for secondary purposes associated with corporate partner benefits or prizes delivered outside Australia. Such information transfer is undertaken subject to the requirements of APP6/Clause 5.
In addition, for the Institute’s primary or secondary purposes, or as made necessary by the above, the Institute may disclose personal information to the following persons, entities or organisations who reside overseas in a foreign jurisdiction:
> Survey Monkey (www.surveymonkey.com – located in USA, Luxembourg, Portugal)
> SAI Global Limited (www.saiglobal.com – located in various jurisdictions)
> MailChimp (www.mailchimp.com – located in the USA)
> Transaction Network Services (Australia) Pty Ltd (www.tnsi.com/au – located in Australia, but may use TNS operations located globally)
Cross-border flow may also be carried out as required by law, or for a lawful purpose which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed.
Each Institute member is allocated a unique membership number which is recorded with the member’s other personal information. This forms part of the Institute’s record keeping system and is used by the Institute’s systems for generation of membership renewal notices, among other things.
As described above, the number is also used as part of the security check for Website access by members, and has a parallel purpose of assisting in database and Website quality control in tracking down and correcting member’s access difficulties.
The Institute has no primary or secondary purpose in collecting, using, or disclosing, a government related identifier that has been assigned to a person.
Member information which has been collected as described above is generally held on a database stored electronically on servers operated and controlled by our Website host. That database is accessible by all staff of the Institute, and when authorised, to non-staff agents of the Institute in accordance with 5.1 above. Copies of the database may be held by the Institute’s contracted website host. The Institute has or will arrange for contractual protection from disclosure or unauthorised access to any personal information held by or stored with our Website host.
Hard copy payment records may be retained by the Institute’s membership and accounting departments for seven years or longer. Financial information may be entered into the Institute’s accounting software. Hard copy membership applications and renewals are kept during processing and entry into the digital database. In each case these are only accessible to Institute staff for legitimate purposes.
To the extent that the information of non-members is collected by the Institute’s Website or from receipt of e-mail, and copies of that information are held by the Institute’s contracted Website Host, contractual protection is or will be in place to prevent disclosure or unauthorised access to the data.
Where hard copy personal information about non-members exists, either through enquiries or formal disciplinary procedures, as stated above, the information is distributed to other Institute staff, Senior Counsellors, Professional Conduct assessors, or Professional Conduct Tribunal members on a need-to-know basis only. Otherwise, information may be stored in the relevant staff member’s computer or the Institute network server, but access to Institute computers is restricted by login usernames and passwords.
Material concerning enquiries by non-members is also kept for the purposes of preparing anonymous (de-personalised) and generalised reports to Institute committees and staff members concerned with member disciplinary issues, as well as general statistical research.
The Institute will not trace the source of e-mail from non-members, unless required by law, or for a lawful purpose which includes but is not limited to when necessary to lessen or prevent a serious threat to any individual’s life, health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed.
10. Data Quality, Access and Correction to Personal Information
The Institute endeavours to keep the information it holds about both members and non-members accurate and up-to-date. Membership records are updated from membership renewal forms submitted by the members. For hard copy forms, accuracy of records is dependent on correct transcription, and errors may occur.
Members are able to view their membership-related records by visiting the Website.
On request from a member or non-member, the Institute will, within a reasonable time, advise the person what personal information it holds. Before doing so, the Institute will require satisfactory proof of the identity of the person making the request. The Institute may also ask a non-member for reimbursement of reasonable administrative costs of doing so before making the information available.
If non-members wish to check information as part of the National Awards program which may have been given about them, they can do so by visiting the Institute’s Website and navigating and viewing the entry made by the architect member they have been a client of.
Personal or sensitive information collected in connection with an Institute disciplinary procedure will not be available to any person because such information is confidential, unless that information would otherwise be available under the disciplinary procedures set out in the Constitution. The Institute will give a person seeking access to their information, a written explanation of the reason for any decision to decline access to the personal information concerning a disciplinary proceeding.
In any case, the Institute may decline access to any personal information which, in its opinion:
a. is relevant to an existing or anticipated legal proceeding and that information would not be available through a Court or Tribunal’s discovery processes, or
b. is confidential or would reveal commercially sensitive matters, or
c. may seriously threaten the life or health (physical and mental) of any person, or
d. is relevant to the employment relationship between the Institute and any staff member.
Members can update or details directly via the Website, or by contacting the Institute and advising of changes required to details. The Institute will take all reasonable steps to act on such advice to correct your information. Please refer to Clause 11 for contact details.
If a person is able to reasonably satisfy the Institute that information the Institute holds is inaccurate or incomplete, the Institute will take all reasonable steps to correct the information whether or not that person is given access to existing personal information held.
Please refer to Clause 11 for contact details.
11. Contact details
If you want to access, change or have a query about your personal information or this policy, you can contact the Institute on the details below during normal business hours (9am to 5pm, Monday to Friday):
Phone: 1300 770 617
Email: firstname.lastname@example.org (to the attention of ‘The Privacy Officer’)
Mail: Level 1, 41 Exhibition Street 3000 Melbourne VIC (to the attention of ‘The Privacy Officer’)