Privacy Policy

Background and scope

The Institute of Internal Auditors – Australia (IIA-AU, we, us, our) is committed to protecting the privacy of the personal information we collect and receive. This policy has been developed in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).

This policy explains how IIA-AU collects, uses, discloses and otherwise handles personal information relating to individuals, whether or not they are members. It also explains how you can ask to access and correct the personal information we hold about you or complain about any suspected privacy breach. Nothing in this policy limits any of our other obligations at law.

Collection of personal information

IIA-AU is required to collect personal information only by lawful and fair means. Where possible we will collect personal information we require, directly from you.

Personal information we hold may include your name, current and previous addresses, telephone numbers, e-mail addresses, your employer and employment details as relevant to our purposes, your preferences and interests as relevant to your membership or potential membership with IIA-AU, and information we require to perform our services to you, or to allow the organisation you work for to provide IIA-AU with services. Further information may be collected with your consent in specific instances as notified to you.

Personal information entered into the IIA-AU database will not be used or disclosed by us, except as authorised by you or as is reasonably necessary for the purposes outlined to you.

Should you choose not to provide personal information we may not be able to provide you with the services or may not be able to provide you with the services to a sufficient level that we regard as best practice. 

We may collect personal information:

  • from the information supplied by you to IIA-AU, including as described in the analytics section below
  • in conversation and communication with you and your organisation
  • from organisations with whom we partner with to offer membership benefits
  • from third parties including employees, service providers, related companies or your representatives
  • from publicly available sources of information
  • when we are required to do so by law
 Where IIA-AU collects your personal information, IIA-AU will take reasonable steps to notify you of: 
  • the purposes for which we are collecting the information
  • the third parties to whom we may disclose the information of that kind
  • whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located
  • how to access and correct personal information and make privacy complaints
IIA-AU will only collect sensitive information where it is reasonably necessary for our core functions or activities.  For example, we may collect: 
  • information about your membership of other professional associations with your consent
  • information about dietary requirements for events and conferences
  • identification as Aboriginal or Torres Strait Islander and other required sensitive information for enrolment into qualifications that IIA-AU delivers as a TEQSA registered Institute of Higher Education.
Where it is practical and lawful for us to do so, IIA-AU will enable you to access our website and make general telephone enquiries without having to identify yourself. Where it is practical, IIA-AU will enable you to respond to our surveys anonymously.
When you give us information about another person you confirm that they have appointed you to act for them and that they consent to the collection, use, disclose and other elements set out in this policy. 

Web analytics

Cookies through the IIA-AU website

Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies. Rejecting cookies can, however, limit the functionality of our website. There are a range of websites that provide tips on how to disable cookies. Here is an example. However, please note that IIA-AU does not endorse the content of external websites. You are advised to refer to them at your discretion.

Web and email analytics

IIA-AU has enabled the Google Analytics Demographics and Interest Reporting functionality available through Google Analytics. IIA-AU use first-party cookies and third-party cookies to collect information.

IIA-AU and its authorised service providers, use web beacons in conjunction with cookies to collect information that enables us to greater tailor our services to your interests and needs, such as your browsing activities and website and email clicks. Web beacons typically work in conjunction with cookies and are small graphic images that may be included in our sites or other communications and can identify our users and user behaviour. Our authorised service providers may also use information collected from your browsing activities to help us target relevant advertising on our website and other places on the Internet. These technologies assist IIA-AU to understand the usefulness of our offerings to you and help to deliver increasingly greater value to our membership and other services.

If you would like to opt-out of the collection of cookies and other technologies then follow the instructions above (in the ‘Cookies through the IIA-AU website’). This will instruct you on how to reject cookies. You can also find out more from Google.

Use and disclosure of personal information

Your personal information may be used by us or our associates to:

  • provide products and services to you
  • collect payments and to administer your account
  • provide you with updated or new information about our products and services
  • for development of existing and new products and services
  • maintain and update our business infrastructure and systems
  • promote our other products and services to you
In providing our products and services, or collecting and using your personal information, your personal information may be disclosed to third party organisations including: 
  • information technology service providers
  • conference organisers
  • marketing and communications agencies
  • mailing houses, freight and courier services
  • printers and distributors of direct marketing material
  • our legal, accounting, financial or other professional advisors
  • regulatory, government and other authorities as required by law
  • international bodies with which we have mutual recognition agreements
  • members of IIA-AU committees such as Chapter Councils and advisory committees
  • our partners and sponsors to enable them to provide information about their products and services
  • The Institute of Internal Auditors Inc (based in the USA), in order to allow you password-protected access to its website.

Opting out

You can opt out of receiving marketing communications from IIA-AU at any time through the following channels:

  • By email: [email protected]
  • By utilising the unsubscribe facility that we include in our electronic messages such as emails and SMS
You agree and acknowledge that even if you opt out of receiving information about future events or marketing material, we will still send you essential information that we are required to send you relating to the services we provide.

Unsolicited information

Unsolicited personal information is personal information we receive that we have taken no active steps to collect. If the information we receive is not required for IIA-AU to perform one or more of our services or activities, IIA-AU will destroy or de-identify the information as soon as practicable.

Quality of personal information

IIA-AU takes reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you provide.

We recommend that you:

  • let us know if there are any errors in your personal information
  • keep us up-to-date with changes to your information

Security of personal information

We take reasonable steps to protect your personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have completed your transaction. If you become aware of any security breach, please contact IIA-AU as soon as possible.

We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.

IIA-AU is not responsible for the privacy or security of third party websites that you access via links on the IIA-AU website.

Access and correction of your personal information

You are able to access your personal information that we hold, with some exceptions as allowed by law. To obtain a copy of your personal information, write to the IIA-AU requesting the information and we will assess your request and provide you with a response, usually within 10 working days. We reserve the right to charge a reasonable fee for the provision of this information. If we refuse your request, or if we refuse to give you access in the manner you requested, IIA-AU’s policy is to provide you with written confirmation of the reasons for our refusal and the available complaint process.

Members can access and update their contact details by logging in to the member-only area of the website.  For any personal information that can’t be accessed and corrected through website please contact IIA-AU.

Variation

This policy may be varied from time to time in accordance with any changes to our practices or changes to the way we collect, use and disclose any personal information. You should check this policy regularly so that you are aware of any variations made to this policy.

Complaints

If you have a complaint about how IIA-AU has collected, stored or used your personal information, please contact IIA-AU. We will endeavour to deal with your complaint and take any steps necessary to resolve the matter promptly, but usually within 15 business days.

If your complaint is unable to be resolved within 10 business days, IIA-AU will advise you in writing including letting you know when we expect to provide our response.

If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner, whose contact details can be found here.

Please contact IIA-AU if you have any queries about the personal information that IIA-AU holds about you including the way we use or disclose that personal information or you wish to access or correct the personal information held by us or opt out of receiving our marketing communications. Our contact details are set out below.

Contact us

The Privacy Officer

Level 5, 580 George St, Sydney, NSW, 2000

T: +61 2 9267 9155

E: [email protected]