1 April 2016
About this policy
We strive to manage personal information in a best practice way while enabling us to better serve our membership and the community.
Personal information means information or an opinion, true or false and whether recorded in a material form or not, about an identified or reasonably identifiable individual. Sensitive information is a sub-category of personal information and includes details about race, ethnicity, political affiliations and membership of professional trades and associations. We handle personal and sensitive information in accordance with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (Privacy Act) and this Policy.
Overview of this policy
Our primary goals are to promote world leading:
- Governance laws and practices; and
- Performance in director and board governance.
The functions and activities we carry out to achieve these goals, and for which we collect and hold personal information, include:
- Managing the membership of the AICD and member participation including the Director Professional Development (DPD) program required for as part of membership renewal;
- Conducting educational and training courses;
- Holding events such as conferences and briefings on current issues;
- Providing products and services including:
- Helping individuals to find directorship positions (Director Opportunities);
- Providing mentoring and scholarship schemes;
- Providing confidential peer-to-peer forums (Director Nexus);
- Providing business centres and member lounges;
- Enabling members to assess their current director capability (Director Self-Assessment Tool);
- Providing tools for boards to evaluate their governance (Governance Analysis Tool); and
- Conducting, and making available the results of, benchmarking research;
- Providing and exchanging information through various channels such as newsletters, other publications such as Company Director Magazine, social media sites, our websites and mobile applications (apps);
- Lobbying and making submissions to government and others about improving governance laws and practices;
- Promotion of ethical directorship and sound corporate governance;
- Carrying out a range of research, data collection and analytical activities to:
- Identify member and prospective members’ needs and ensure our products and services meet those needs;
- Identify prospective members and provide marketing approaches designed to recruit new members; and
- Provide up-to-date information to support lobbying activity and make submissions on issues and proposed laws;
- Entering into relationships with sponsors and other partners to financially support the AICD’s activities;
- Undertaking activities, either directly or through our service providers, such as surveys, online behavioural advertising, website analytics and email campaign management.
If you do not provide your personal information we may be unable to provide particular information, services or products, make offers to you or tailor the content of our websites or apps for your benefit. You may also find that you do not experience the full extent of our information, products and services, including our websites and apps.
Collection of personal information
We collect personal information for the purposes stated in this Policy from our members, non-members, participants in our courses, third parties, service providers, suppliers, contractors, consultants, sponsors and individuals who interact with the AICD.
We collect and hold information from members or prospective members through membership related applications. This information includes name and contact details, gender and career history. We also collect date of birth to enable us to uniquely identify members and to assess what products and services may be most suitable and of interest for members. We protect date of birth information by strictly limiting the AICD’s staff access to this information.
We keep information that prospective members have entered when they start, but do not complete, an online membership application form to enable us to contact them about becoming a member.
For ongoing membership management, we collect personal information from members about the reasons for reducing the level of membership such as proof of ill health, parenthood, study or travel. For upgrading and renewal of membership we collect (with consent), criminal history, director status, evidence of bankruptcy and referee comments.
Education and training
We collect and hold enrolment information from members and non-members and keep a record of the courses completed. We also collect assessment answers, course results and feedback sheets but we have special protections around this information including separate storage, and technical and policy restrictions on who can access the information.
We collect and hold information which members and non-members provide through applications to attend events such as conferences and briefings. This includes, if applicable:
- Sensitive information such as dietary or mobility requirements;
- Travel bookings; and
- Image (video or photographs) or sound recordings (but only if you have not opted-out from this). We keep a record of the events and workshops a member or non-member has attended.
From time to time, we or our service providers may collect your personal information via surveys. We will only use the personal information collected for analytical purposes, updating our records or to assist with improvement or development of our products and services. By completing these surveys, you accept that your personal information may be transferred outside Australia.
We collect information indirectly about members, but only in circumstances where a member would reasonably expect it, or where the member has consented. Examples include referee comments and criminal history checks for some membership related applications.
To expand our membership we collect information indirectly about prospective members through methods which include word of mouth referral, publicly available sources such as the Australian Stock Exchange Register, and through commercial list brokers.
We commission market research about members and non-members, such as Brand Tracker, and other research for example, to compile a director sentiment index. However, we only collect and hold the information gained from the research in aggregate form and do not connect it with any records we hold about individual members or non-members.
Notice where you give us information about third parties
If you give us personal information about any other individuals (e.g. guests attending a conference or other event) we ask that you tell the individual that you have done so and make them aware of this Policy, for example, by giving them the link to it.
Use of personal information
We use personal information we collect and hold through membership, educational and training course and event applications or attendance to:
- Administer and meet member requirements for the particular service, course event or program;
- Help us improve the particular service, event or program;
- Record Director Professional Development units for as part of the member's director professional development program;
- Identify and analyse member and non-member activities and interests in order to better meet member needs and attract new members;
- Enable us to target marketing communications to members and non-members; and
- Enable the AICD to further its mission of influencing world leading organisation governance and practice.
We will not use your personal information for any purpose which you would not reasonably expect unless it is consistent with the Privacy Act. If we think a member may not expect a particular use of information we hold about them, we ask for consent before we use it for that purpose. For example, we ask for your specific consent to allow us to use aggregated data from a self-assessment tool you complete to enable us to assess the overall level of directorship skills among our membership.
Sound and image recordings of events
We use sound and image recordings of our events to enable us to improve our events, and for promotional purposes. We will give you a chance at the time you apply to participate in an event to indicate if you do not want us to use your voice or image. You can also contact the AICD if you want to express your preference.
Our advertising and marketing material, content, information and communications (marketing material) is sent to members and non-members about whom we hold records to provide information about the AICD’s products and services which may be of personal and/or professional benefit. These products or services may extend beyond those provided by the AICD and include offers from third parties.
We may send any of these marketing materials by mail, telephone, email, SMS or other electronic methods, such as through social media or targeted advertising. If you indicate a preference for a method of communication, we will try to use that method where it is practical for us to do so.
We give you the chance to opt-out of receiving marketing material in our communications with you, such as forms, letters or emails, or you can opt out by contacting us using the details below or log-in to our websites.
Unless you have opted out, we will provide marketing material to members and non-members until 12 months after cessation of membership, or, in the case of non-members, 12 months after your last interaction with us.
Disclosure (sharing) of personal information
We only disclose sensitive information such as health information or criminal history for the purposes for which you gave it to us or for directly related purposes you would reasonably expect.
We disclose the name, title and post nominal of event participants to speakers, organisers, hosts or facilitators under strict conditions to enable them to carry out their role in relation to an event, for example, to organise table lists, or facilitate introductions. We also disclose this information to sponsors and potential sponsors to enable them to assess whether or not to sponsor an event and disclose this to providers of special member offers from time to time under strict conditions.
We disclose information about members to other members via the AICD publications – for example, about new members or the completion of a course in Company Director Magazine.
Contractors and partners
We disclose personal information to contracted service providers who assist us with a number of our functions and services including service providers of technology, data processing, contact centre, legal, accounting, business consulting, auditing, archival, delivery, banking, payments, market research, content production and mailing but only for the purpose of fulfilling those services.
We disclose information to partners in some of our programs, for example, about applicants for scholarships to assist us with scholarship candidate assessment.
Disclosure with consent
With your consent we disclose personal information in a number of circumstances including:
- To employers of those who have completed an educational course and recruitment companies; and
- To Australian and overseas regulatory authorities or other organisations to assist them with business licensing or due diligence purposes. This could include the fact that you are a member of the AICD, the nature of your membership, the AICD courses you have completed and your grades.
Where authorised or required by law
As authorised by the Privacy Act we disclose personal information in connection with law enforcement activities by enforcement bodies, for example, Australian Securities and Investments Commission investigations or other investigations into suspected fraud or unlawful activity.
We are required by the Corporations Act 2001 (Cth) to allow an individual to inspect the AICD’s member register and view current and past members’ names and addresses. However, the Corporations Act prohibits the individual from using the information gained to contact or send material to members, and from using it for other prescribed purposes.
From time to time, we may send your personal information overseas. Some of our service providers are located in other countries including the US, UK and Singapore. Where we use a service provider that hosts personal information in other countries, we take steps that are reasonable in the circumstances to ensure that the host does not breach the Australian Privacy Principles. The steps we take include:
- Adding provisions in our contract with the service provider that require them to protect the personal information they hold; and
- When choosing a service provider, including in our considerations the privacy law or scheme (if any) that applies in the country in which the service provider operates.
If we have your consent, or the overseas recipient is located in a country whose privacy laws are the same or substantially similar to those of Australia, we comply with the Australian Privacy Principles when disclosing your personal information to that overseas recipient.
If a privacy breach occurs that involves a service provider located outside Australia, we support and work with members or non-members in handling the breach.
Our websites, emails, apps and social media
When you visit our websites or download, access or register to use our websites, (which may also include the use of any of our products, services or apps) we may collect your personal information such as your name, address, email address, phone number, date of birth, username, password and other information. We may also collect information automatically, including technical information related to your mobile device, your device’s unique identifier, your mobile network information, the type of mobile browser you use and information about the way you use our products, services or apps.
Depending on the particular product, service or app you use, and only after you have agreed to such collection, we may also collect information stored on your device, including contact information, location information or other digital content.
We or our service providers use web analytics to collect a range of information about your interactions with our websites. Web analytic software collects the information using a number of techniques including cookies (both first and third party) and Java Script. We also use web analytics to collect information from the browsers of those who use our websites or participate in the AICD LinkedIn group.
The information we collect includes IP address, domain name, date and time of visit, the pages visited and time spent on each page, whether you have visited the site before and what site referred the visitor to the web page. We use this information to evaluate the effectiveness of our websites and the level of interest in particular pages or the AICD’s campaigns.
Our websites may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and we suggest that you review the privacy policies of those other sites.
If you send us an email, that address will be recorded automatically by our e-mail messaging system for the purpose of replying to your e-mail. However for normal communication with you we will use the e-mail address you provide in your membership application/renewal, unless you ask us to use a different e-mail address.
When we send you emails or other electronic messages, we record information about your interactions with the email including when and where you open the message and click on particular links.
This helps us to better understand what information is of interest to you and to improve the content.
When you access our apps including ‘Company Director’ via your mobile device, a service provider collects username details in order to authenticate access to member-only content. We do not review or use this information for any purpose beyond authentication with our membership database.
We participate in social media such as our LinkedIn group, or Twitter. If we think it is relevant to the quality of service that the AICD provides or its objectives, we sometimes record the nature of the topic discussed by a particular individual and their name and follow up with further conversation offline about which we take notes.
Social media services also handle your personal information for their own purposes. These sites have their own privacy policies. We are not responsible for the privacy practices or policies of those sites and we suggest that you review their privacy policies.
Security of personal information
We regularly assess the risks of misuse, interference, loss, unauthorised access, modification or disclosure of personal information and ensure that we have adequate measures, including policies, procedures and technology, to address those risks. For example, we limit staff access to personal information to that which they need to carry out their role. We conduct regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
Retention of personal information
We hold most information about members and non-members for 7 years. We destroy applications for the mentoring program after 2 years.
Access to and the accuracy of personal information
You have a right to ask for access to the personal information we hold about you. Unless there is a lawful reason not to, we will give you access to it and allow you to correct any incorrect information.
We will ask you to verify your identity to ensure we don’t give information to the wrong person. If we don’t give you access to your personal information or refuse to correct it we will tell why. You may ask us to make a note of your requested correction to be located alongside information we have not agreed to correct.
Our contact details are at the end of this Policy.
Requests for access and complaint resolution mechanism
In the event that you have a question, concern or complaint regarding the way in which we handle your personal information, you should contact our Privacy Officer direct at:
Australian Institute of Company Directors
20 Bond Street
Sydney NSW 2000
Tel: 02 8248 6600
We take your privacy concerns seriously. Where you express any concerns that we have interfered with your privacy, or seek access to information about you that we hold, we will respond within 48 hours to let you know who will be handling your matter and when you can expect a further response.
If you are unsatisfied with our response you can complain to the Office of the Information Commissioner Telephone: 1300 363 992. Email: email@example.com
Changing this policy
We will amend this Policy from time to time and notify you of any amendments through our publications and by posting an updated version on our website at http://www.companydirectors.com.au.
Any amendments to this Policy will be effective immediately upon being posted to our websites. Your use of our websites, products or services following such amendments represents your acceptance to be bound by the Policy, as amended.
Suggestions about improving this Policy are welcomed. Please contact us at firstname.lastname@example.org should you wish to provide feedback.