1 Introduction
The Australian Academy of Technological Sciences and Engineering Limited (ACN 008 520 394) (ATSE) is committed to protecting the privacy of your personal information. This Privacy Policy explains how ATSE manages the personal information that we collect, use, and disclose and how to contact us if you have any further queries about our management of personal information. This Privacy Policy does not cover personal information collected or held by ATSE about its employees.
ATSE is required by the Privacy Act 1988 (Cth) (Privacy Act) to comply with the Australian Privacy Principles (APP) (subject to other provisions of the Privacy Act). The APPs regulate the way personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility, and disposal.
ATSE is also required to comply with the Spam Act 2003 (Cth) (Spam Act); the Do Not Call Register Act 2006 (Cth) (Do Not Call Register Act); the European Union General Data Protection Regulation (GDPR); and the Notifiable Data Breaches (NDB) Scheme.
2 What is personal information?
Personal information is defined under Australian law (Privacy Act) as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not, and
- Whether the information or opinion is recorded in a material form or not.
ATSE does not collect sensitive information (as defined by the Privacy Act) without consent. The kinds of personal information ATSE collects and holds might include:
- an individual’s name, address, DOB, gender, contact number and email address
- username for the purposes of accessing ATSE-managed software and systems
- post-nominal letters
- employment and/or education details
- payment card details (encrypted)
- membership of industry body
- skills and expertise
- nationality and residency
3 Collection of personal information by ATSE
To the extent required by the Privacy Act ATSE will not collect personal information unless that information is necessary for one or more of our functions or activities, for example: conferences, meetings, events, and presentations, newsletters or publications, membership procedures.
When ATSE collects personal information, we will take reasonable steps at or before the time of collection to ensure individuals are aware of certain key matters, such as the purpose for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose the information, and how to contact us.
ATSE is committed to safeguarding all payment card data it receives. This will be masked or encrypted after payments have been processed. Where ATSE collects an individual’s information from a third party, we will take reasonable steps to ensure that the individual has consented or have been made aware of the details as set out above.
Similarly, ATSE may be required to provide an individual’s contact details to third party suppliers which would be reasonably expected in order to provide its services. ATSE provides the opportunity to opt-out of such third-party arrangements.
ATSE acknowledges that there is no obligation for an individual to provide it with personal information. However, if an individual chooses not to provide ATSE with personal details, ATSE may not be able to provide the individual with the services expected to be provided.
ATSE will make every reasonable effort to destroy information no longer required after holding it for five years post active engagement.
4 Use and disclosure of personal information by ATSE
If ATSE uses or discloses your personal information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose) to the extent required by the Privacy Act, we will ensure that:
- the secondary purpose is related to the primary purpose, and you would reasonably expect that ATSE would use or disclose your information in that way (without consent); or
- you have consented to the use and disclosure of your personal information for the secondary purpose (with consent); or
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by the Privacy Act.
ATSE in performing its functions and activities (such as for conferences, presentations, and events as outlined above), may need to disclose personal information to third parties where it may be reasonably expected for ATSE to use or disclose the personal information for a specific purpose. ATSE is bound by Australian Government rules with regard to international collaboration and disclosure. Third parties with whom ATSE may share your personal information include, where appropriate:
- secure online election provider
- printers and distributers of ATSE publications and other material
- financial institutions for payment processing
- external business advisers (such as auditors and lawyers)
- the Australian Government upon request for the purposes of supporting grant-funded international collaboration
- travel and conference organisers
5 Methods of collection
ATSE collection personal information via several mechanisms including:
- membership applications
- event registration
- online forms
- surveys; and
- direct communication
For each visitor to our website or social media site or e-news, we may collect the following type of information for statistical purposes:
- number of users who visit,
- date and time of the visits,
- pages accessed,
- user’s top-level domain name (for example .com or .gov),
- previous site visited,
- type of browser used,
- type of device used, users’ operating system (such as Windows or Macintosh), and/or
- website or mobile device activity.
The ATSE website requires that the web browser accept cookies, which are used to make logging-in possible. Cookies are pieces of information that a website can transfer to an individual’s computer hard drive for record-keeping. Cookies may be sent at various times during a visit to our website and may be updated as different areas are accessed. These cookies are not used to collect, store, track or monitor any personal information.
As would reasonably be expected, ATSE may collect website and mobile device (e.g. apps) statistics (which includes pages accessed and search terms used) but this information is not identifiable (i.e. ATSE cannot identify individuals): Google Analytics: (or other third-party vendor) demographics and interest reporting (such as what country you are from, what language your computer is set to, age group, gender, and interest area).
This is anonymous statistical data, and no attempt will be made to identify users. We use this data to evaluate our website and to improve the content.
We may use Google AdWords, Facebook Pixel, and other third-party vendor remarketing tools to advertise trigger ads across the internet. AdWords (and other vendors) remarketing will display relevant ads tailored to you based on what parts of ATSE website you have viewed by placing a cookie on your machine and/or use Facebook Pixel or Google Tag Manager technology (using your internet browser).
This cookie does not identify individuals or give access to their computer. The cookie or similar technology is used to show individuals information related to the pages they have browsed. Google AdWords (or other third-party vendor) remarketing allows ATSE to tailor marketing to better suit user needs.
6 Purpose for collecting personal information
The primary purposes for which ATSE collects personal information include to:
- process nominations for Fellowship and Awards,
- manage the Fellowship of ATSE,
- record and maintain membership details and profile information,
- provide information on services and benefits available to Fellows,
- notify Fellows and non-Fellows about ATSE events,
- ensure compliance with ATSE’s Constitution,
- monitor website traffic data for statistical, reporting and maintenance purposes
- manage conferences, workshops, and events, including: – travel organisation, both domestic and international – international conferences and exchanges – manage grant applications
- produce ATSE outputs, such as the development of policy position statements,
- manage applications for programs run by ATSE
- distribute ATSE products such as IMPACT magazine and STELR school kits.
From time to time, ATSE may survey its Fellowship and other stakeholders on a range of issues. These surveys help us to identify and analyse the ongoing needs of our Fellows and stakeholders, and the quality of our products and services. People who do not wish to participate in these surveys can opt out of the survey.
7 ATSE's responsibilities under the GDPR
For European Union (EU) residents who engage with ATSE, ATSE are a “collector” under the General Data Protection Regulation (GDPR). ATSE has obligations under the GDPR when collecting, storing, and using the personal information of EU residents. Personal data collected by ATSE of an EU resident will:
- be processed lawfully, fairly and in a transparent manner;
- only be collected for the specific purposes identified in section 3 above and personal information will not be further processed in a manner that is incompatible with the purposes identified;
- be collected in a way that is adequate, relevant, and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within ATSE’s control to do so (Fellows may update their data by logging into their Fellow’s profile on the ATSE website). If an individual requires their personal information update, they can send an email to info@atse.org.au;
- be kept in a form which permits ATSE to identify you, but only for so long as necessary for the purposes for which the personal data was collected; and
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
ATSE also apply these principles to the way we collect, store, and use the personal information of all non-EU contacts.
Specifically, ATSE have the following measures in place, in accordance with the GDPR.
Data protection policies: Policies are in place which set out where and how ATSE collect personal information, how it is stored and where it goes after we get it, in order to protect personal information.
Right to ask us to erase your personal information: Individuals may ask to have personal information we hold about them erased. ATSE will provide confirmation when this has been done.
Right to ask us to restrict data processing: Individuals may ask ATSE to limit the processing of their personal information when they believe their personal information is wrong
Notification of data breaches: ATSE will comply with the GDPR notification requirements when required.
8 How might ATSE contact you?
ATSE may contact individuals in a variety of ways, including by post, email, SMS, social media, mobile devices, or apps or by telephone call.
Spam ATSE will not send commercial electronic messages unless they are permitted by the Spam Act. Any commercial electronic message that ATSE send will identify ATSE as the sender and will include our contact details. The message will also provide an unsubscribe facility. Individuals who do not want to receive commercial electronic messages from ATSE can also contact us at info@atse.org.au..
Do Not Call Register We will not call you on a number listed on the Do Not Call Register unless this is permitted under the Do Not Call Register Act. If you do not wish us to call you on a particular number can contact us at info@atse.org.au.
9 Security of personal information
ATSE aims to safeguard personal information to the best of its abilities, through a combination of technical, administrative, and physical measures. This includes the use of Secure Socket Layer (SSL) encryption to protect information transmitted across the internet. Production data is housed in a Tier 3 Data Centre facility and backups are encrypted at rest.
All personal information collected by ATSE is retained as part of a database, which is securely monitored and maintained by ATSE or an approved host. If ATSE stores personal information with a “cloud” service provider, the provider may be situated outside Australia. Subject to section 4 of this policy, the data will not be made available to a third party without the authority of the individual who provided the personal information, unless it is legally required and verified.
ATSE will take all reasonable steps to protect the security of the personal information that it holds. This includes appropriate measures to protect electronic materials and materials stored and generated in hard copy. Where information held by ATSE is no longer required to be held, and the retention is not required by law, then ATSE will de-identify or destroy such personal information by a secure means.
If an individual has reason to believe that their interaction with ATSE is no longer secure (for example, if they believe their online account has been compromised) please contact our Privacy Officer by email info@atse.org.au or write to us at The Privacy Officer, Australian Academy of Technology and Engineering, Level 2, 28 National Circuit Forrest ACT 2603.
Some third-party platforms that may be used to engage with ATSE (for example, LinkedIn, Twitter, Mailchimp or SecurePay) are not under ATSE’s control. Individuals with concerns about using these platforms, should consider their terms and conditions and other relevant policies.
ATSE permits an individual’s details to be accessed only by authorised personnel, and it is a condition of employment that ATSE employees maintain the confidentiality of personal information.
Security of all financial transactions is maintained by ATSE using EFT, BPAY and other online technologies. It is ATSE’s policy to ensure that all financial transactions processed meet industry security standards that ensure payment details are protected.
Individuals concerned about sending their information over the internet, can contact us at info@atse.org.au.
10 Data breach response plan
The Data Breach Response Plan is to enable ATSE to contain, assess and respond to a data breach in a timely fashion and to mitigate potential harm to affected individuals.
A data breach occurs when information held by ATSE is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Data breaches involving personal information that are likely to cause individuals to be at serious risk of harm must be reported to the affected individual(s) and the Australian Information Commissioner in accordance with the requirements of the NDB scheme.
Data breaches may arise from: loss or unauthorised access, modification, use or disclosure or other misuse; malicious actions, such as theft or “hacking”; internal errors or failure to follow information handling policies that cause accidental loss or disclosure; and not adhering to the laws of the states and territories or the Commonwealth of Australia.
When a data breach has occurred or is suspected to have occurred, ATSE will initiate the following process. However, it should be noted that there is no single method of responding to a data breach and in some cases the following steps may need to be modified. Data breaches must be dealt with on a case-by-case basis, by undertaking an assessment of the risks involved, and using that risk assessment to decide the appropriate course of action.
Suspected or known data breach When an ATSE employee or contractor become aware or suspects that there has been a data breach, they will notify their manager who will assess the risk, document the event and report in the first instance to the Director, Business Operations.
The Director, Business Operations will:
- include details of the suspected breach in a data breach register that will contain a brief description of the nature of the breach, how it occurred, the date of the breach, the date of discovery and the date of notification to ATSE (for an external breach);
- notify ATSE’s Chief Executive Officer via a Data Breach Risk Assessment Report (and other senior managers as required) to determine ATSE’s response and remedial actions to take to contain the breach, which may include:
- if the breach is the result of an ICT security incident (i.e. an event that affects the confidentiality, integrity or availability of ATSE’s information, systems and infrastructure), notify ATSE’s IT service provider to implement a response;
- stopping the unauthorised practice;
- recovering records;
- shutting down the system that has been breached;
- revoking or changing computer access privileges;
- addressing weaknesses in physical or electronic security
Notification and Review The Director Business Operations will submit a Data Breach Risk Assessment Report to the Chief Executive Officer who will coordinate notification (if required) of affected individuals, ATSE’s Board, and/or the Office of the Australian Information Commissioner (OAIC), as soon as practicable after becoming aware that an eligible data breach has occurred.
11 Access and correction of personal information
ATSE has its Privacy Policy available on its website and can also provide a hard copy version upon request. If more information or a hard copy of ATSE’s Privacy Policy is required, please contact our Privacy Officer by email info@atse.org.au or write to us at The Privacy Officer, Australian Academy of Technology and Engineering, Level 2, 28 National Circuit Forrest ACT 2603.
ATSE will make available for inspection, free of charge, all personal information, based on the information supplied by the individual that it holds in relation to that individual, provided reasonable notice is given. In the event that such a request is made, ATSE will review its records to determine what personal information is held and endeavour to respond to the request within 30 days of the request.
Please note that ATSE will request that identification is provided before personal information is released. In the event that any part of the personal information that the individual inspects is determined to be incorrect and requires alteration, then ATSE will make such alteration in compliance with the corrected advice provided by the individual.
Fellows can update their contact details and profile information online at any time by signing into the Fellows section of the website or they can email info@atse.org.au or governance@atse.org.au.
Retention of information: ATSE will not hold your information for longer than is necessary for its stated purpose. Further to section 9 of this policy, where information held by ATSE is no longer required to be held, and the retention is not required by law, then ATSE will destroy such personal information by a secure means. ATSE’s Privacy Officer is the responsible authority for approving destruction of personal information held by tATSE.
Opting out: Subject to the above, where individuals have consented to receiving communications from ATSE, their consent will remain current until ATSE has been advise otherwise. However, individuals can, at no cost, opt out at any time, and this can be done by sending an email to the Privacy Officer at info@atse.org.au,or by mail at Level 2, 28 National Circuit Forrest ACT 2603.
Further information: Please contact ATSE if you have any queries about the personal information that the ATSE holds or the way personal information is handled. For more information or to discuss this policy, please contact the Privacy Officer:
Privacy Officer
Level 2, 28 National Circuit
Forrest ACT 2603
For information on privacy and the Privacy Act (including the Australian Privacy Principles), refer to the Office of the Australian Information Commissioner’s website: www.oaic.gov.au.
12 Endorsement and review
We will update this policy annually, or as required to reflect changes to our privacy practices and legislative requirements. We encourage you to check our website regularly for the latest version.
This policy was updated in October 2025.
