• we provide services to our clients;
• we attend to other activities in the operation of our business; and
• members of the public access our website.
When we refer to our website, we refer to pages accessed through the URL: cifaa.asn.au.
What laws apply?
In collecting and managing personal information we will comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and any other applicable legislation (which might include Australian State and Territory health privacy legislation).
A set of legally binding principles, the APPs are designed to ensure that an individual’s personal information is protected throughout the information lifecycle – from the collection of the information, through to its destruction.
The APPs also convey rights to individuals, allowing access to the personal information held by businesses and other bodies. The APPs also give consumers the right to have their personal information corrected if it is erroneous.
At CIFAA, we take our obligations under the APPs, Australian State and Territory privacy legislation and all other applicable data protection laws seriously.
• only collect personal information when it is specifically required in the course of providing services to our clients or necessarily collected in the operation of our business;
• ensure our staff are trained in their obligations under the APPs.
What sort of personal information do we collect?
Information collected when providing professional services
We may, from time to time, be provided with personal information directly by our clients to enable us to deliver professional services. The information provided might relate to clients’ employees, members, or customers, or it could relate to third parties, such as spouses and dependents of a client’s employees, members, or customers.
In the course of providing services to our clients, we may also collect personal information from other sources, including directly from individuals themselves, or information that is publicly available.
The types of personal information we may collect or be provided with include, but are not limited to:
• Contact details;
• Dates of birth;
• Gender particulars;
• Employment records; and
• Financial details.
Also, when we are provided with personal information by any party, we will take steps to ensure that the entity has complied with their obligations under the prevailing privacy and data protection laws. For example, in relation to our receiving information from one party one the behalf of another, the information provider may need to evidence necessary consent for the collection, use and disclosure of the subject information.
Information we collect performing other activities
We also might collect personal information, including contact details and account details from suppliers, contractors and third party service providers.
It is also possible that we could collect personal information from members of the public during the conduct of a survey, research of current issues, or as part of a project or marketing initiative.
In the event of information being collected for any of the above purposes, we will take reasonable steps to advise that the information is being captured and the reason for doing so.
Information collected via our website
We may collect your personal contact details when you use this website. For example, if you sign up to receive promotional materials, information or communications about products, technology updates or services provided by us.
How will we use personal information?
How do we use personal information collected to provide services to our clients?
We only use personal information collected from clients to assist us provide agreed services.
We will not use that information for any other purpose, nor will we provide personal information to third parties unless strictly authorised to do so, or compelled by law.
How we use personal information collected when we perform other activities
We might collect personal information as part of performing other activities that form part of our business. When we do so, we will take reasonable steps to provide clear information about the nature of those activities and how we will use any personal information collected.
We may also use non-personal, de-identified and aggregated information for several purposes including for data analytics, research, submissions, thought leadership and promotional purposes.
How do we use information collected via this website or through other sources? Do we use it to market goods and services to you?
We may use personal information that we collect from you via our website, through your interactions with us to send you promotional materials, information or communications about services provided by us, that we feel may be of interest to you.
We might provide these materials to you directly (e.g. via email) or through third parties who provide us with marketing services (e.g. via your news feed in professional networking platforms).
We will not use your personal information collected via this website or through other sources to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy notice).
We may also use your personal information collected via this website:
• To manage and improve this website;
• To tailor the content of this website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you;
• To seek feedback on our services; and
• For market or other research purposes (however, we will only ever report aggregated results of any research we undertake, and will never include your personal information in those results unless you explicity give us your consent).
If you do not want to receive marketing materials from us, you can:
• Click on the unsubscribe function in the communication; or
• Email firstname.lastname@example.org for any hard copy communications that you no longer wish to receive.
At times, you may choose to register your details or create a user profile on this website – for instance, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this website and related services offered to you. You may request at any time that we discontinue sending you emails or other communications generated in response to your registration on this website.
Are there any other ways we use your personal information?
We may also use personal information to protect our rights and those of our users or to comply with a legal or professional right or duty.
When will we disclose your personal information?
We will only disclose your personal information as set out below. Importantly, we will never sell your personal information to third parties for advertising purposes, or disclose it for any other secondary purpose without your authorisation.
We may in limited circumstances, disclose personal information to:
• Other entities within in the Certified Independent Financial Advisers Association Limited Group; and
• Third parties that we engage to assist us in providing professional services to our clients or in the operation of our business (i.e. our subcontractors, advisors and suppliers).
In the event that we disclose your personal information to one of these entities, we will take steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss.
We may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties:
• To comply with legal or regulatory obligations or requests; or
• Where there is a legal or professional right or duty to disclose.
From time to time we might share aggregated, de-identified, non-personal data with third parties for analytical purposes, research, industry submissions or promotional purposes.
Blogs, forums, wikis, and other social media
The CIFAA website can host blogs, forums, and social media applications which allow the sharing of content with other users. Any personal information contributed by any user is completely the responsibility of that user. Whilst CIFAA will take care to reasonably moderate these interactions, and protect users where possible, they cannot be responsible for how information submitted voluntarily by one user might be utilised by another participant on a forum.
How do we protect your information?
CIFAA can hold personal information both in hard copy format and in electronic form. We will use a range of measures, physical, operational and technological to secure this information from unauthorised access.
Such measures include:
• Programs to ensure staff are educated and trained to ensure they observe CIFAA’s privacy obligations when handling your personal information;
• Procedures and administrative controls to restrict access to personal information to user who require access;
• Technological measures to ensure the integrity of our network, including fire walls, encryption, and anti-virus software; and
• Physical security measures which might include alarm systems, locks, keys, and security passes to limit access to, and within, our premises.
Can I access my personal information, or have it amended?
You are able to access your personal information or seek to have that information corrected at any time.
Should you wish to access, or correct your personal details held by us, please contact CIFAA’s Privacy Officer at email@example.com. Our privacy officer will respond to you promptly and work with you to address the matter.
What happens if you are not satisfied with our response? Who should you contact?
If you are not satisfied or feel that CIFAA has not properly handled your privacy complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC contact details are as follows:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
tel: 1300 363 992
Want to find out more about your privacy rights?
Further information regarding Australia’s Privacy laws and the obligations of business to protect your privacy, can be found at the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.