Who we are
Our website address is: http://cpd-australia.com
This Policy outlines CPD Australia’s obligations to manage and protect personal information. CPD Australia is bound by the Australian Privacy Principles (‘APPs’) and the Privacy Act 1988 (‘Privacy Act’). This Policy also outlines CPD Australia’s practices and procedures that ensure compliance with the Privacy Act and APPs.
‘Disclosing’ information means providing information to persons outside CPD Australia;
‘Individual’ means any person whose personal information we collect, use or disclose.
‘Personal information’ means information or an opinion relating to an individual, which can be used to identify that individual;
‘Privacy Officer’ means the contact person within CPD Australia for questions and complaints regarding CPD Australia’s handling of personal information;
‘Sensitive information’ is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information;
‘Use’ of information means use of information within CPD Australia.
What kind of personal information do we collect and hold?
CPD Australia is required under various legislation and codes of practice to collect certain information in order to provide our range of education services. We may collect and hold the following kinds of personal information about individuals:
- personal details, including name, address, contact details, date of birth, marital status, dependents and employment details;
- what courses or lessons you are enrolled in;
- information recorded in the National Personal Insolvency Index about the individual; and
- any other information that is relevant to the services that we provide.
How we collect personal information
We generally collect personal information directly from the individual. For example, personal information will be collected when an individual fills out application forms, visits our website, or sends us correspondence.
Our ability to provide individuals with comprehensive and quality services is reliant on us obtaining certain personal information. If individuals do not provide us with the information we request, we may elect to terminate our relationship with the individual as it may jeopardise our ability to provide a complete, accurate and comprehensive service.
We will, if it is reasonable or practicable to do so, collect your personal information directly from you. This may happen when you fill out an application form for a course, or complete a dedicated form on our website, make a claim or request assistance. This may occur over the phone, via email, a website or through one of our agents or partners.
CPD Australia does not give individuals the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical, and in some circumstances illegal, for CPD Australia to deal with individuals who are not identified. We will not be able to offer you CPD Services or provide you with any services or assistance if we cannot identify you.
Unsolicited personal information
CPD Australia may receive unsolicited personal information about individuals. If possible, CPD Australia will return the unsolicited personal information to the person who provided it. In all other cases, we destroy the information or otherwise ensure it is de-identified, provided that it is lawful to do so, unless the personal information is relevant to CPD Australia’s purposes for collecting personal information.
About whom do we collect personal information?
We may collect personal information about the following individuals:
- potential clients;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
In addition, we collect information when you visit our website, or other social media sites and other pages that we own and manage. We may also collect information by other means and will take reasonable steps to inform you if and when we do. Where your company is the applicant on a corporate policy we may receive your details from your employer.
Why do we collect and hold personal information?
We may collect and hold information about individuals for the following purposes:
- assisting CPD Australia in providing education services;
- completion of documentation and application forms;
- provision of other services to assist in meeting your requirements, goals and objectives;
- to comply with relevant laws, regulations and other legal obligations, including anti-money laundering legislation;
- to provide individuals with information about a product or service and also to invite individuals to marketing events;
- protection of our business and other clients from fraudulent or unlawful activity;
- to otherwise conduct our business and perform other management and administration tasks;
- to consider any concerns or complaints individuals may have;
- manage any legal actions involving CPD Australia; and
- to help us improve the products and services offered to our clients, and to enhance our overall business.
How might we use and disclose personal information?
CPD Australia may use and disclose personal information for the primary purposes for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
We use and disclose personal information (excluding credit information) for the purposes outlined in section 7 above. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it. We prohibit that person from using your information for the purposes of direct marketing their products or services.
In relation to sensitive information held by us, wherever possible, CPD Australia will attempt to de-identify the information. We also undertake to take reasonable steps to delete all personal information about an individual when it is no longer needed in accordance with our record keeping obligations.
To whom might we disclose personal information?
We may disclose personal information to:
- a related body corporate;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our trainers. lawyers, accountants, administrators, debt collectors, emergency assistance providers, family members for emergencies, record management providers, or other advisors;
- organisations involved in a transfer or sale of all or part of our assets or business;
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks, regulatory bodies, government agencies, law enforcement bodies and courts for the purposes of resolving customer complaints or disputes both internally and externally or to comply with any investigation by one of those bodies or Police and law enforcement bodies to assist in their functions;
- an individual’s referee(s), employer, or co-account holder;
- the recipients outlined in section 10 below; and
- anyone else to whom the individual authorises us to disclose it.
If we collect personal information from these organisations and individuals we will deal with that information in accordance with this Policy.
Management of personal information
CPD Australia recognises how important the security of personal information is to clients. We will at all times seek to ensure that the personal information we collect and hold is protected from misuse, loss, unauthorised access, modification or disclosure. CPD Australia employees must respect the confidentiality of the personal information we collect.
Personal information is generally held a computer database. Information may also be held in client files. All paper files are stored in secure areas. Computer-based information is protected through the use of access passwords.
In relation to our computer-based information, we apply the following guidelines:
- data ownership is clearly defined within CPD Australia;
- passwords are routinely checked;
- we change employees’ access capabilities when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically logs and reviews all unauthorised access attempts;
- the system automatically limits the amount of personal information appearing on any one screen;
- all personal computers which contain personal information are secured, physically and electronically;
- data is encrypted during transmission over the network;
- print reporting of data containing personal information is limited;
- CPD Australia has created procedures for the disposal of personal information; and
- personal information is overwritten to the extent possible when the information is no longer required.
If a person ceases to be a client, any personal information we hold will be maintained in a secure area or secure off-site storage facility for a period of at least 7 years in order to comply with legislative and professional requirements, following which the information will be destroyed.
CPD Australia does not use personal information for the purposes of direct marketing, unless:
- the personal information does not include sensitive information;
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing;
- we provide a simple way of opting out of direct marketing; and
- the individual has not requested to opt out of receiving direct marketing from us.
- If the individual would not reasonably expect us to use or disclose the information for the purpose of direct marketing, we may only use or disclose that information for direct marketing if the individual has consented to the use or disclosure of the information for direct marketing or it is impracticable to obtain that consent.
- In relation to sensitive information, CPD Australia may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. We will not use or disclose credit information for the purposes of direct marketing.
- Individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
- Individuals may also request that CPD Australia provides them with the source of their information. If such a request is made, CPD Australia must notify the individual of the source of the information free of charge within a reasonable period of time.
We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes. CPD Australia also endeavours to avoid data matching.
Our web pages may however contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages of our website. Web beacons and spotlight tags are a tool we use to analyse which web pages users view, and in an aggregate number.
Our web sites include links to non-CPD Australia web sites. These links are provided for your convenience, however the information handling practices of the linked web sites might not be the same as ours.
How do we keep personal information accurate and up-to-date?
CPD Australia is committed to ensuring that the personal information, including credit information, it collects, uses and discloses is relevant, accurate, complete and up-to-date.
We encourage individuals to contact us in order to update any personal information we hold about them. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless the individual agrees otherwise. We do not charge individuals for correcting the information.
In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial of or limitation on access. If you seek correction and CPD Australia disagrees that the information is incorrect, we will provide you with our reasons for taking that view and advise you on the further steps you may take.
You have the ability to gain access to your personal information
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information, including credit information, which CPD Australia holds about them by contacting the CPD Australia Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide access, we will provide reasons for the refusal.
We may provide copies of the information requested, allow the individual to inspect the information at our offices, or provide an accurate summary of the information held. We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
Updates to this policy
This Policy will be updated from time to time to take account of new laws and technology, and changes to our operations and the business environment.
Non-compliance and disciplinary actions
Privacy breaches must be immediately reported to management by employees and relevant Third Parties.
CPD Australia has an effective complaints handling process in place to manage privacy risks and issues.
Firstly, please contact your advisor to discuss your complaint. We strive to improve the services we offer and rely on feedback from you to help us in this regard.
Secondly, if you are not satisfied with the response you receive you should contact the Managing Director.
Contractual arrangements with third parties
Third parties will be required to implement policies to ensure they comply with the Privacy Act and the APPs, including:
- regulating the collection, use and disclosure of personal and sensitive information;
- de-identifying personal information wherever possible;
- ensuring that personal information is kept securely, with access to it only by authorised employees or agents of the third parties; and
- ensuring that the personal information is only disclosed to organisations which are approved by CPD Australia.
CPD Australia will conduct periodic privacy audits in order to ensure that it is continuing to comply with its obligations under the APPs.
Inquiries and complaints
If you have any questions about our privacy procedures or if wish to make a complaint about how we have dealt with your personal information (including credit information) you may lodge a complaint with us in any of the following ways:
by emailing: email@example.com
What if I am not satisfied with the response?
If you are not satisfied with the result of your complaint to CPD Australia you can also refer your complaint to the Office of the Australian Information Commissioner.
You can contact the Office of the Australian Information Commissioner:
by telephone – 1300 363 992
by writing to – Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001 by emailing –firstname.lastname@example.org