The Academy is required by the Privacy Act 1988 (Cth) (Privacy Act) to comply with the Australian Privacy Principles (APP) (subject to other provisions of the Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
The Academy is also required to comply with the Spam Act 2003 (Cth) (Spam Act);the Do Not Call Register Act 2006 (Cth) (Do Not Call Register Act); the European Union General Data Protection Regulation (GDPR) and the Notifiable Data Breaches (NDB) Scheme.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Special provisions apply to the collection of personal information which is sensitive information. Sensitive information includes (for example) information about a person’s membership of a professional or trade association. The Academy does not collect sensitive information (as defined by the Privacy Act) without consent.
The kinds of personal information the Academy collects and holds
To the extent required by the Privacy Act the Academy will not collect personal information about you unless that information is necessary for one or more of our functions or activities, for example:
When the Academy collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purpose for which we are collecting the information, the organisations (or types of
organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us.
When we collect credit card or other payment details, we will not store them, or they will be masked or encrypted after your payment has been processed. Where the Academy collects information about you from a third party, we will take reasonable
steps to ensure that you have consented or have been made aware of the details as set out above.
Similarly, the Academy may be required to provide your contact details to third party suppliers of services which you would reasonably expect the Academy to do in order to provide its services. The Academy provides the opportunity to opt-out of such third party arrangements.
The Academy acknowledges that there is no obligation for an individual to provide it with personal information. However, if an individual chooses not to provide the Academy with personal details, the Academy may not be able to provide the individual with the services reasonably expected to be provided.
If the Academy uses or discloses your personal information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose) to the extent required by the Privacy Act, we will ensure that:
For each visitor to our website or social media site or e-news, we may collect the following
type of information for statistical purposes:
Website or mobile device activity
The Academy system requires that the web browser accept cookies, which are used to make logging-in possible. Cookies are pieces of information that a website can transfer to an individual's computer hard drive for record-keeping. Your cookie may be sent at various times during your visit to our website and may be updated as you access our many different areas. These cookies are not used to collect, store, track or monitor any personal information.
Online Advertising and Remarketing:
The Academy collects personal information for a range of purposes, including:
From time to time, the Academy may survey its Fellowship on a range of issues. These surveys help us to identify and analyse the ongoing needs of our Fellows and the quality of our products and services. If you do not wish to participate in these surveys, you can opt out of
the survey or please let us know.
For EU residents that engage with ATSE, because we collect, use and store your personal information to enable us to provide you with our goods and/or services, we are a “collector” under the GDPR. As such, we have certain obligations under the GDPR when collecting,
storing and using the personal information of EU residents. If you are an EU resident, your personal data will:
We also apply these principles to the way we collect, store and use the personal information
of all non EU contacts.
Specifically, we have the following measures in place, in accordance with the GDPR:
In performing our functions and activities (such as for conferences, presentations, and events as outlined above), we may need to disclose personal information to third parties where you may reasonably expect the Academy to use or disclose the personal information for a
specific purpose. Third parties with whom the Academy may share your personal information include, where appropriate:
ATSE aims to safeguard your information to the best of its abilities, through a combination of technical, administrative and physical measures. This includes the use of Secure Socket Layer (SSL) encryption to protect information transmitted across the internet. Production data is housed in a Tier 3 Data Centre facility and backups are encrypted at rest.
All personal information collected by the Academy will be retained as part of a database, which will be securely monitored and maintained by the Academy or an approved host, which to the best of our knowledge is based in Australia. If the Academy stores personal
information with a “cloud” service provider, the provider may be situated outside Australia. Subject to paragraph 1.7, the data will not be made available to a third party, unless it is legally required and verified, without the authority of the individual who provided the personal
information. The Academy will take all reasonable steps to protect the security of the personal information that it holds. This includes appropriate measures to protect electronic materials and materials stored and generated in hard copy. Where information held by the
Academy is no longer required to be held, and the retention is not required by law, then the Academy will de-identify or destroy such personal information by a secure means.
However, if you have reason to believe that your interaction with us is no longer secure (for example, if you feel that your online account has been compromised) please contact our Privacy Officer by phone: 03 9864 0900, fax: 03 9864 0930 or email firstname.lastname@example.org or
write to us at The Privacy Officer, Australian Academy of Technological Sciences and Engineering, GPO Box 4055, Melbourne VIC 3001.
Please note some third party platforms that you might use to engage with us (for example, LinkedIn, Twitter, Mailchimp or SecurePay) are not under our control. If you have concerns about using these platforms, we encourage you to carefully consider their terms and conditions
and other relevant policies.
The Academy only permits your details to be accessed by authorised personnel, and it is a condition of employment that ATSE’s employees maintain the confidentiality of personal information.
Payment security of all financial transactions is maintained by the Academy using EFTPOS, BPAY and online technologies. It is our policy to ensure that all financial transactions processed meet industry security standards that ensure payment details are protected.
If you are concerned about sending your information over the internet, you can contact ATSE by mail, facsimile or telephone.
The Data Breach Response Plan is to enable ATSE to contain, assess and respond to a data breach in a timely fashion and to mitigate potential harm to affected individuals.
A data breach occurs when information held by ATSE is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Data breaches involving personal information that are likely to cause individuals to be at serious risk of harm must be
reported to the affected individual(s) and the Australian Information Commissioner in accordance with the requirements of the Notifiable Data Breaches (NDB) scheme.
Data breaches may arise from: loss or unauthorised access, modification, use or disclosure or other misuse; malicious actions, such as theft or ‘hacking'; internal errors or failure to follow information handling policies that cause accidental loss or disclosure; and not adhering to the
laws of the states and territories or the Commonwealth of Australia.
When a data breach has occurred or is suspected to have occurred, ATSE will initiate the following process. However, it should be noted that there is no single method of responding to a data breach and in some cases the following steps may need to be modified. Data breaches
must be dealt with on a case-by-case basis, by undertaking an assessment of the risks involved, and using that risk assessment to decide the appropriate course of action.
Suspected or known data breach
When an ATSE employee or contractor become aware or suspects that there has been a data breach, they will notify their manager who will assess the risk, document the event and report in the first instance to the Executive Director, Operations & Events.
The Executive Director, Operations & Events will notify:
Notification and Review
The Executive Director, Operations & Events will submit a Data Breach Risk Assessment Report to the Chief Executive Officer who will coordinate notification (if required) of affected individuals, the ATSE Board, and/or the Australian Information Commissioner.
Academy of Technological Sciences and Engineering, GPO Box 4055, Melbourne VIC 3001.
The Academy will make available for inspection, free of charge, all personal information, based on the information supplied by the individual that it holds in relation to an individual, provided reasonable notice is given. In the event that such a request is made, the Academy will review our records to determine what personal information is held and endeavour to
respond to your request as soon as possible. Please note that the Academy will request that identification is provided before personal information is released. In the event that any part of the personal information that the individual inspects is determined to be incorrect and requires alteration then the Academy will make such alteration in compliance with the corrected advice provided by the individual.
Fellows are able to update their contact details and profile information online at any time by signing into the Fellows section of the website to Manage Account; or they can email
email@example.com ; or email firstname.lastname@example.org .
Please contact the Academy if you have any queries about the personal information that the Academy holds about or the way we handle that personal information. Contact details for
privacy queries are outlined below.
Attention: Privacy Officer
Australian Academy of Technological Science and Engineering
GPO Box 4055
Melbourne, Victoria, 3001
Fax: 03 9864 0930
Promoting Australia's advancement through technology