We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and we comply with all of the Act’s requirements in respect to the collection, management and disclosure of your personal information.
What is your personal information?
Personal information has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
What personal information do we collect and hold?
We may collect the following types of personal information:
identification and contact details, such as your name, email, mailing address and telephone number
information about your role in your organisation
payment details and preferences in relation to our training courses and events.
We may also collect any additional information relating to you that you provide to us directly through our website or indirectly through use of our website.
We do not usually collect any sensitive information about you unless it relates to food allergies (medical information) which may be collected in relation to one of our events.
You may choose to interact with us anonymously or using a pseudonym, except in relation to matters where we need to identify you, such as for payment or Member website portal access.
If you do not provide information we request about you, we may not be able to register your access to our Member’s website portal and you may not be able to enjoy or participate in the full range of our services effectively or at all.
How do we collect your personal information?
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. At times we may also collect your personal information from third parties with your consent.
When collecting your personal information, we may collect it in ways including:
through your access and use of the Australian Retail Credit Association (ARCA) and Principles of Reciprocity and Data Exchange (PRDE) websites
when your employer registers for membership
when you register for or attend any of our events
when you register for access to the Australian Credit Reporting Data Standard (ACRDS) and/or Principles of Reciprocity and Data Exchange (PRDE), or you otherwise make an enquiry about the ACRDS and/or PRDE
if you tell us about your areas of professional interest
you undertake any of our training events or courses
if you send us contributions for publication
if you speak at our events
if you participate in our surveys
if you nominate for or are appointed to our Board or join one of our working groups
when you inquire about or apply for a position with us
at any time that you communicate with us.
For what purpose do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality Member engagement.
We collect, hold, use and disclose your personal information for the following purposes:
to verify your identity, process your application and manage your membership, including your membership of different working groups
to send communications requested by you
to answer enquiries and provide information or advice about our association
to exchange information with you about ARCA’s activities, including information relevant to your participation in a working group or the Board
to retain a record of your attendance at events and attendance at training or courses
to communicate with you about the ARCA and PRDE websites and publications (for example, to inform you about new discussions, blogs, materials, information, news and site features that we believe may interest you and to send you our updates)
where you have registered for access to the ACRDS, to communicate with you about the standard and any versions that have been released subsequent to your registration to access the ACRDS
where you have registered for access to the PRDE information pack or have otherwise sought to become a signatory to the PRDE, to communicate with you about the PRDE, provide relevant updates or communicate in respect to compliance matters (including providing you information about compliance issues impacting other signatories, as well as seeking information in respect to compliance issues affecting your organisation)
to inform you of our upcoming conferences, training programs and events (unless you elect not to receive such information)
to send you promotional material about conferences and events, organisational membership renewals or to inform you about the products or services of any of our sponsors. You may tell us at any time using the contact details at the end of this Policy if you do not wish to receive promotional information from us and we will stop sending it to you.
To whom do we disclose your personal information?
We are administered from Australia and our website, document and email exchange is hosted in Australia. However, technical support, backup and disaster recovery scenarios may utilise facilities outside Australia.
We may disclose your personal information to:
our employees, related bodies corporate, contractors or service providers for the purposes of the operation of our association, including, without limitation, web hosting providers, IT systems administrators, couriers, payment processors, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, business advisors and consultants
physical and virtual event planners, facilitators and event platform providers in Australia or New Zealand to manage or assist in the running of events you have registered to attend, including ARCA’s current event platform provider Encore Event Technologies Pty Ltd (ABN 46 006 668 702) as well as any additional event planners, facilitators and event platform providers that ARCA engages for the purpose of managing or assisting the running of ARCA events
Sponsors for ARCA events including the ARCA Credit Summit and Pre-Summit Series events, with each of these organisations listed in the separate event notification statement
our Australia-based service providers such as Microsoft, itro, Vodien, Membes and Web Force 5, in relation to the operation, administration and maintenance of our website and your membership
as a PRDE signatory, where a dispute exists, disclosures to other PRDE signatories which are required as part of the dispute process
any government or regulatory authority which requires us to do so.
We also take reasonable steps to protect your personal information. We restrict access to your personal information to those people or service providers who need to know that information to provide services. In addition, we train our employees about the importance of protecting the privacy and security of your information.
Do we disclose your personal information to overseas recipients?
We may disclose your personal information to overseas recipients, for example, to our cloud document storage facility (Microsoft) or cloud hosted website (Vodien) located in United States, United Kingdom, United Arab Emirates, India, Netherlands, Ireland, Singapore, Hong Kong (China).
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us (see details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will let you know.
What if you have a complaint about a breach of privacy?
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.
We will attempt to confirm as appropriate with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title and contact details of the investigating officer and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have change our view. If you are unsatisfied with the outcome, we will advise you about further options including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner.
If you have any questions about this policy, any concerns or complaints regarding the treatment of your privacy or a possible breach of your privacy, please contact our Privacy Officer using the details set out below.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.