Privacy policy
This Privacy Policy outlines how Governance Institute of Australia Ltd (Governance Institute or we) collects, uses, discloses and otherwise handles personal information. It also explains how you can access and correct the personal information we hold about you or complain about any suspected privacy breach.
In some situations, we may provide individuals with a specific privacy notice in relation to the collection of personal information. If there is any inconsistency between a privacy notice and this Privacy Policy, you should rely on the information in the privacy notice.
This version of our Privacy Policy was last updated on 17 July 2023.
As we are generally exempt from the Privacy Act 1988 when we collect and handle employee records, this Privacy Policy does not apply to our employees; however, we have an internal policy to protect the personal information of our employees as we do other personal information.
What personal information do we collect?
Members (including applicants for membership)
If you are one of our members or apply for membership, we may collect the following kinds of personal information about you:
- your name, personal and/or business contact details, date of birth and gender
- details of your position (including when you commenced work with your employer) and your employer, which industry you work in and whether you are responsible for or involved in governance
- any personal information contained in your resume
- your academic qualifications and any other information on your academic transcript
- Continuing Professional Development courses attended
- your areas of interest and/or professional responsibilities
- your credit card or other payment details, and
- information about your membership of any professional association, which is ‘sensitive information’ under the Privacy Act.
In order to assess your application for membership or as part of disciplinary action, we may also collect details of your bankruptcy or insolvency, any offences committed by you which could, or could have if you were a member at the time, give rise to disciplinary action by the Chartered Governance Institute (CGI) (which could be ‘sensitive information’ under the Privacy Act), and any conduct which could discredit CGI and us. This information will be deleted once a determination is made.
If you apply for membership fee reduction, we may also collect information about your income bracket and whether you are retired.
Students
If you enrol in one of our education courses, we may collect the following kinds of personal information about you:
- your name (including previous name, if applicable), personal and/or business contact details, date of birth and gender
- your job title
- information about your educational and professional qualifications (including your academic transcript, degree certificate and evidence of currency, such as a practising certificate)any personal information contained in your resume
- your Unique Student Identifier
- a photograph of your official government identification (eg passport, driver’s licence, state card)
- your credit card or other payment details, and
- information about your membership of any professional association, which is ‘sensitive information’ under the Privacy Act.
Others
If you attend one of our conferences or seminars, we may collect your name, contact details, position title, organisation and credit card or other payment details.
If you subscribe to our subscriber package, we collect your name, date of birth, contact details, position title, employer’s name and credit card or other payment details.
We may also collect:
- the name, contact details and position title of referees of applicants for membership, and
- the name and contact details of other individuals by ‘renting’ lists (see the section below).
Credit card or other payment details
When we collect credit card or other payment details, we will not store them for any longer than the purpose required and they will be masked after your payment has been processed.
Credit card details are not processed directly or held by the Governance Institute, we use a secure third-party financial institution to manage payments and auto-renewal payment profiles.
When you choose to automatically renew your membership, we will continue to notify you when your membership is about to expire. Your payment will automatically be made on the due date using the payment method specified so that you can continue to enjoy the benefits of GIA membership uninterrupted.
Selecting the auto-renewal option for your membership authorises the Governance Institute to deduct the payment for your current membership fees and for all future renewals. You agree to have your membership fees automatically charged to your chosen payment method on an annual basis. Please ensure that your payment information is up to date to avoid any disruptions in your membership benefits. If you wish to cancel the auto-renewal, please do so before the renewal date to prevent any charges for the upcoming year.
How do we collect personal information?
Governance Institute collects personal information in a number of different ways, including through application, registration, enrolment and renewal forms; by email; telephone; letters, event registrations; surveys; and during examinations and assignments conducted as part of our educational programs.
We collect personal information through our website when an individual makes an online purchase or completes an online form. See also the section titled ‘Online privacy issues’.
Sometimes, we may ‘rent’ lists of names and contact details so that we can use that personal information to promote our products and services.
We take photos at our courses and events to share the experience via our digital channels and print publications. At these events, you may be filmed, recorded or photographed and such recordings and images are used for promotional and archiving purposes. They may be published in media including online.
Can you deal with us without identifying yourself?
Governance Institute’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so.
A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, you are able to access our website and make general phone queries without having to identify yourself and you can respond to our surveys anonymously.
In some cases, however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to become a Governance Institute member or if you enrol in any of our Graduate Diplomas or Certificate courses.
For what purposes do we collect, hold, use and disclose personal information?
The reason we collect, hold, use and disclose (together handle) the personal information outlined above is so that we can provide you with our products and services (including establishing and maintaining your membership and/or enrolment, enabling your participation in member groups and functions, and processing payments), manage our relationship with you, communicate with you effectively, identify which of our products and/or services will best meet your requirements, internally analyse membership demographics and trends, improve our products and services and manage professional conduct issues.
‘Our products and services’ include:
- education (including a Graduate Diploma and an Advanced Certificate)
- short courses (including various Certificate courses)
- professional development (for example, through our training programs, seminars, and conferences)
- technical support (through our journal and website), and
- advocacy (promoting a practical and workable approach to governance).
We may also handle your personal information to notify you about products, services and promotions offered by us and our sponsors, partners and suppliers. This is discussed further in the section below titled ‘Do we use and disclose your personal information for direct marketing?’.
In addition, we may handle personal information for other purposes explained at the time of collection or which are required or authorised by or under law (including privacy legislation).
Do we use your personal information for direct marketing?
We may use personal information of members and non-members, specifically your name and relevant address details, to let you know about our products, services, facilities and benefits and those of our sponsors, partners and suppliers.
We (either on our own behalf or on behalf of our sponsors, partners or suppliers) may contact you for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, or online advertising.
Opting out
You can opt out of receiving marketing communications from us at any time, in the following ways:
- updating your communications preferences by visiting the ‘My Governance Institute’ portal on the Governance Institute website
- contacting Governance Institute’s Privacy Officer on the details in the section titled ‘How you can contact us’
- advising us if you receive a marketing call that you no longer wish to receive these calls
- using the unsubscribe facility that we include in our electronic messages to opt out of receiving those messages.
To whom do we disclose personal information?
Governance Institute may disclose personal information to third parties to whom Governance Institute contracts out specialised functions (including mailing houses, printing companies and conference organisers).
We may disclose personal information (i.e., name, employer and title) that we collect about you to the organisers, speakers, exhibitors, industry partners and sponsors of our events, and to your fellow delegates at training courses or events you attend.
We may disclose additional personal information that we collect about you, such as your phone number and email address, to venues and organisers of our events so they can perform contact tracing in the event of a health incident.
If you are enrolled in a training course or event provided by us under an arrangement with your employer, which is paid for by your employer, we may disclose to them your enrolment status and results.
We may publish the names of graduates from our education courses, recipients of prizes, scholarships or similar awards in our Annual Report and in our journal, Governance Directions.
We may also disclose personal information about you to our service providers, such as technology providers, auditors, bankers and mailing houses to assist us in providing services.
We take steps to ensure that those contractors:
- comply with the Australian Privacy Principles when they handle your personal information, and
- are authorised only to use personal information in order to provide the services or to perform the functions required by Governance Institute.
Governance Institute may also disclose personal information where required or authorised by law.
Governance Institute does not sell or rent personal information to third parties.
Disclosure overseas
The third parties to whom we disclose personal information may be located in other countries including the United Kingdom (UK) and the United States of America (USA).
Personal information, such as name, address and postnominals, of members who are also members of CGI may be sent to CGI (in the UK) for voting purposes of general meetings.
Our electronic email system provider is located in the USA and acts as a conduit in the distribution of such communications as our eNewsletter; Events & News, events marketing; education and training courses.
How do we hold personal information and keep it secure?
Governance Institute holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files (locked away where appropriate).
Paper files may also be archived in boxes and stored offsite in secure facilities.
Governance Institute takes steps to secure the personal information we hold including the use of Information and Communications Technology (ICT) security (using encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.
Governance Institute only permits your details to be accessed by authorised personnel, and it is a condition of employment that Governance Institute’s employees maintain the confidentiality of personal information.
Payment security of all financial transactions is maintained by Governance Institute using EFTPOS, BPAY and online technologies. It is our policy to ensure that all financial transactions processed, meet industry security standards that ensure payment details are protected.
If you are concerned about sending your information over the internet, you can contact Governance Institute by mail, or telephone.
The privacy of your personal information can also be protected by you, by keeping passwords secret, changing them frequently and by ensuring that you log out of the website when you have finished using it, as well as refraining from writing your credit card details in the body of an email.
If you become aware of any security breach, please advise us as soon as possible.
Third parties
We may use third-party providers to store personal information electronically. We take reasonable steps to ensure this information is held securely.
Internet
Unfortunately, we cannot remove all risks involved in sending information through any channel over the Internet. You send information over the Internet entirely at your own risk.
De-identification
All personal information will be de-identified where possible.
Retention of Personal Information
We hold your member information, and information about your course and event attendance for the duration of your professional career so we continue to offer you content that we think may be of interest to you.
Accidental or unauthorised use or disclosure
In the event of accidental or unauthorised use or disclosure of personal information, we shall take prompt action to remedy such breach and shall notify the individual and the Privacy Commissioner as required under the Privacy Act.
Our staff are trained in dealing with data breaches and we have in place a formal Data Breach Response Plan.
External service providers contracted by Governance Institute are bound to comply with the requirements of the Privacy Act in relation to notification of data breaches.
Online privacy issues
Governance Institute will apply this policy to all personal information it handles, whether collected online or otherwise. This clause is intended to provide more information about privacy for the users of our website.
(a) Online collection of personal and non-personal information
As outlined in the section titled ‘How do we collect personal information?’, we collect personal information through our website.
Our website also collects other information which may or may not be personal information. For each visitor to our website, our server automatically recognises and stores your ‘address’ (e.g. your domain name or Internet protocol address), the type of your Internet browser, and the address of the site which ‘referred’ you to our website and clickstream data.
In addition, our website uses cookies to track usage of our website. Most web browsers are set by default to accept cookies. However, if you do not wish to receive any cookies you may set your browser to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on the website are available to you. We use cookies for tracking the statistics of our website. This allows us to better understand our users and improve the layout and functionality of our website.
This tracking is conducted in such a way to ensure the anonymity of visitors — in this context the cookie may identify your computer — but it should not identify you.
(b) Links to other websites
Sometimes our website contains links to third party websites, for your convenience and information. When you access a non-Governance Institute website, please understand that Governance Institute is not responsible for the privacy or security practices of that site, which are not covered by this Privacy Policy.
We suggest that you review the privacy policies of each site you visit, before supplying any personal information to them.
How can you access and correct your personal information?
Under the Privacy Act, you have a right to seek access to, and correction of, personal information which Governance Institute holds about you.
Access
If you wish to exercise your right under the Privacy Act to seek access to the personal information that Governance Institute holds about you, we ask that you contact Governance Institute’s Privacy Officer (details in the section below titled ‘How can you contact us?’), who will explain how Governance Institute will handle your access request.
We will assume (unless you tell us otherwise) that your request relates to our current records about you. These current records will include personal information about you which is included in our databases and in paper files, and which may be used by Governance Institute on a day-to-day basis. To provide you with access to ‘current’ personal information, Governance Institute would ordinarily provide you with a print-out of the relevant personal information from our databases, or with photocopies of records which are held only on paper files. If you request access in a different manner, we will give you access in this manner if it is reasonable and practicable for us to do so. Ordinarily, Governance Institute will not charge you for the cost of providing this type of access to these records.
For legal and administrative reasons, Governance Institute may also store records containing personal information in its archives. You may seek access to the records held by Governance Institute which are not current records, but if you do so, we may charge you for the cost of providing access (but not for the making of the request).
Correction
If you are of the view that personal information about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please provide Governance Institute’s Privacy Officer with your request for correction (contact details are set out in the section below titled ‘How can you contact us?’).
Governance Institute’s policy is to consider any requests for correction in a timely way within 24-48 hours.
Members can also easily review and update their information on an ongoing basis, through their ‘Update your member profile’ page on the Governance Institute website.
How can you make a privacy complaint?
If you wish to complain about how we have handled your personal information, please contact Governance Institute’s Privacy Officer on the contact details set out below.
We will acknowledge receipt of your complaint within 24 hours and aim to review and respond to your complaint within 10 business days, unless there are extenuating circumstances. If you are not satisfied with our response to your complaint, you may also contact the Office of the Australian Information Commissioner.
How can you contact us?
If you have any questions or comments about this Privacy Policy please contact Governance Institute’s Privacy Officer:
- by telephone: +61 2 9223 5744 or toll free in Australia on 1800 251 849, or
- by e-mail: companysecretary@governanceinstitute.com.au, or
- by letter: Governance Institute of Australia Ltd, GPO Box 1594, Sydney, NSW 2001.