This document sets out the policy of the API Group relating to the protection of the privacy of personal information. The Group consists of Australian Property Institute Ltd ACN 608 309 128 (“API”), Australian Property Institute Valuers Ltd ACN 143 638 975 (“APIV”) and all other related entities of API.
This policy document is intended to enable members and others who interact with the API to understand what types of personal information we collect, and what we do with such information in performing our functions and in light of our privacy obligations.
API is Australia’s largest property industry professional body with a membership of more than 8,000 valuer, property management and property professionals across Australia.
| ||1.1||What is personal information?|
| || ||Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about a living individual who is either identified or reasonably identifiable.|
Examples include an individual's name, address, contact number and email address.
| ||1.2||Our obligations|
| || ||The API Group is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal. |
We are also required to comply with other laws, including more specific privacy legislation in some circumstances, such as:
- applicable data protection and privacy legislation of the other national jurisdictions in which the API Group operates. An example is Hong Kong’s Personal Data (Privacy) Ordinance.
- applicable Australian State and Territory health privacy legislation (including the Victorian Health Records Act 2001) when we collect and handle certain health information
- applicable data protection and privacy legislation of the other national jurisdictions in which the API Group operates. An example is Hong Kong’s Personal Data (Privacy) Ordinance.
- the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
| ||1.3||Employee records|
| || ||The API Group is generally exempt from the Privacy Act when it collects and handles employee records. However, our policy is to protect the personal information of its employees as it does other personal information.|
|2.||The purposes for which we collect, hold, use and disclose personal information|
| || |
In Australia and around the world, the API needs personal information to be able to perform its core functions, including administration of the API limited liability scheme, admission to membership, membership administration, professional development (including by the provision of materials), invitations to networking events, and management of professional conduct.
API’s core services to members include education, training, the provision of information, technical support and advocacy. The main purposes for which we collect, hold, use and disclose personal information are to provide services and benefits to our members, and to maintain and extend our membership. Staff and members work together with local and international bodies to represent the views and concerns of the profession to governments, regulators, industries, academia and the general public. API also interacts with non-members, both prospective members and also the general public.
For those above purposes, the API Group’s activities, in Australia and around the world, include:
- Informing potential members about the benefits of membership.
- Processing applications for membership.
- Managing memberships (for example, by sending out renewal notices and recording and updating membership details and profile information).
- Distributing our annual reports, and sending notices of API meetings.
- Advising interested third parties (including member's employers, university tuition providers, and other professional organisations) of the status and category of API members.
Member services and publications
- Distributing API publications and newsletters.
- The provision of other professional information and materials to members and non-members.
- Supporting various professional member advisory groups.
- Supporting the Board and Committees and other member groups.
- Organising and holding discussion groups to consider topics of interest to the property industry.
- Organising, promoting and running live chats and live interviews including digitally, online and face-to-face.
- Providing members with access to and information about a range of current and future membership services and benefits, including member benefits (see further below).
Education, training and events
- Administering our CPD program (including informing members about CPD requirements, developing, promoting and conducting CPD events for members and non-members, keeping records of CPD attendance and conducting CPD audits).
- Developing, promoting and conducting other events (whether digitally, online, face-to-face or otherwise), including API workshops and conferences (including organising speakers, locations and catering, making travel arrangements where required and keeping attendance records).
- Developing, administering, supporting and assessing the API Group's educational programs, including the foundation and professional levels of the API Program, study units and practice management distance learning.
- Developing new public practice resources and services.
- Marketing practice development materials to non-members as well as members.
- Marketing practice development materials to non-members as well as API members.
- Informing members about Certified Practising Valuer (CPV) requirements and assessing certificate applications.
- Allowing accredited API quality reviewers to perform quality reviews in relation to holders of CPV certificates in accordance with the requirements of API’s Policies.
- Managing the "Find an API Member"
- Ensuring that our members comply with API’s Constitution, Policies, Code of Professional Conduct, and Applicable Regulations:
- investigating and resolving complaints about members.
- referring members to the disciplinary tribunal if necessary.
- providing a secretariat to receive and take action on complaints and to support and service the disciplinary committee.
- receiving, investigating and taking action on complaints about non-members (for example, where an individual incorrectly claims to be a API member).
Australian Property Institute Valuers Ltd (“APIV”)
- APIV will seek and, as appropriate, hold approval from the Professional Standards Council (PSC) for its limited liability scheme developed and run for members of the APIV
- For that purpose, API and APIV will receive and deal with personal information to be able to provide oversight, management and control of the Scheme as required by the PSC as well as to meet its legal obligations.
- API and APIV may also market the Scheme and its benefits. Marketing may include direct marketing, in compliance with Australian law.
- For the purposes of communicating with its Members in order to train and up-skill them, APIV will receive and deal with personal information about those Members, by creating and maintaining mailing lists etc.
Use within the API Group
- Assessing the skills of overseas professionals, to determine whether they are eligible to migrate to Australia for study work or settlement and advising on migration outcomes.
- Applicant assistance
- Assessing the skills and educational experience of individuals to determine whether they are eligible for membership.
- Surveys, research and competitions
- Conducting surveys and market research for product and service improvement purposes and to compile statistics and analyse trends.
- Considering research grant applications and administering research grants.
- Conducting competitions and lucky draws.
- Receiving, investigating and taking action on complaints about how the API Group has collected or handles personal information.
- Recruiting staff and contractors.
- Processing payments.
- Answering queries and resolving complaints.
- Using aggregated information for business analysis.
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:
- which are required or authorised by or under law (including, without limitation, privacy legislation); or
- for which the individual has provided their consent.
| ||2.2||Direct marketing|
| || |
The API Group may use personal information of members and non-members, specifically your name and relevant address details and information about your preferences for direct marketing, both as to the communication channels which you prefer for receiving direct marketing from us and the types of products and services in which you are interested, to let you know about our services, facilities and benefits and those of third party partners, contractors, suppliers to the API Group, where permitted by law.
Where we are permitted by law to do so, we or our partners, contractors, suppliers may contact you for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile.
For example, where we have your consent and you are a member, we will send you:
- our member publications and events.
- information under our members benefit and other program offerings and advertising of the availability of goods, facilities and services in the classes of personal and business products and services, including credit cards and associated rewards, banking, lending and financial services, insurance, telecommunications services and devices, travel and leisure, news publications and subscriptions, technology, lifestyle offers, including premium wine deals, office supplies, business support services, professional development offerings and opportunities, including API Conferences.
- member research, including member surveys.
Our offerings may vary from time to time.
- If you are a not a member and have provided consent, we may use your personal information to contact you with information about the API and our current and future membership benefits, lifestyle benefits and events.
Communication of your consent
You may communicate your consent to our use of your personal data for Direct Marketing free of charge by:
- when providing us with your personal data through our website;
- when providing us with your personal data through a form, signing on the form indicating your consent; or
- following the instructions in the document on which you are providing your personal data to us.
Where you have consented to receiving direct marketing communications from us, your consent will remain current until you advise us otherwise. However, you can, at no cost, opt out at any time, in the following ways:
- Members and prospective members of API can update their communications preferences (including opting out of participating in surveys) by simply visiting the "Edit Communications Preferences" page on the API website
- Members, prospective members and non-members can:
- send a letter to: API, PO Box 26, Deakin West ACT 2600 or send an email to firstname.lastname@example.org
- advise us if they receive a marketing call that they no longer wish to receive these calls.
- use the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.
Notification of source
If we have collected the personal information that we use to send you direct marketing material from a third party (for example a direct mail database provider), under Australian law you can ask us to notify you of our source of information, and the API Group’s policy is to do so unless this is unreasonable or impracticable.
|3.||The kinds of personal information we collect and hold|
| || ||The type of personal information that the API Group collects and holds about you depends on the type of dealings that you have with us. For example, if you:|
- join or apply for membership of API, we collect information including your name, address, contact number, gender, date of birth, address, email address, proof of identity details, employment details, including your primary focus (for example valuation, property management), educational qualifications, academic results, accreditation and CPD details, communication preferences and payment details; and we allocate you a member number and membership status
- are involved on an API Board or Committee, an advisory, discussion or other member group we will obtain your name, address, contact numbers, email, addresses, professional credentials and dietary requirements
- undertake a API education program, we will collect the same type of information as for API members, as well as a photograph and digital signature to identify you for examinations
- contact us with an enquiry, if you do not take advantage of the option to use anonymity or pseudonymity, depending on the nature of the enquiry, we will record details about you and relating to the enquiry
- attend a API Group conference or seminar, we will collect your contact details, address, membership number (if applicable), employment details, payment details and any dietary and accessibility requirements
- join API’s student network, we collect information including your name, address, contact number, gender, date of birth, email address, country of permanent residency, proof of identity details, photograph, employment details, including your primary focus, e.g. educational qualifications, academic results, accreditation and CPD details, communication preferences and payment details; and we allocate you a member number
- are a supplier to the API Group, we collect contact address details, usually including but not limited to all forms of contact and address, billing information and information about the goods or services you supply
- are a sponsor of API, we collect contact address details, usually including but not limited to all forms of contact and address, and information about the sponsorship
- buy or otherwise obtain professional information and materials from API, we will collect contact address details and billing information including credit card or other payment details
- are a Member of APIV, we will collect information including your name, address, contact number, gender, date of birth, address, email address, proof of identity details, employment details, academic results, accreditation, communication preferences and payment details
- are a potential Member of APIV¸ we will collect similar information as for a Member of APIV
- apply for a job in the API Group, we will collect the information you include in your application for employment, including your cover letter, resume, contact details and referee reports
- are an academic, or industry experts or media contact of the API Group
- licences and registrations held as a Certified Practicing Valuer or as an workplace requirement (for example employee )
- are a member of the general public who contacts the API Group who elects not to rely on anonymity or pseudonymity, we collect contact address details, usually including but not limited to email addresses and phone numbers and details about the reason for the contact
- are a recipient of copies of the Australia and New Zealand Property Journal, such as a selected academics, subscribers, media industry members, high-profile business or governmental persons, we collect contact address details.
In each case, we seek to keep the personal information we need updated and accurate.
| ||3.2||Sensitive Information|
| || |
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
The API Group’s policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented.
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect:
- information about your membership of other professional associations (such as the Royal Institution of Chartered Surveyors, CPA Australia).
- information about dietary requirements or mobility needs when we conduct events such as conferences and seminars.
- information about medical conditions in the context of exams, as part of a special consideration application or so that we can implement special exam arrangements.
- copies of medical reports and psychiatric assessments in the course of a professional conduct investigation.
- identification as Aboriginal or Torres Strait Islander.
- information with regard to criminal convictions in relation to members, prospective members and former members.
| ||3.3||Collection of information through our website|
| || |
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website (such as preventing users from logging on and making purchases).
| ||3.4||What if you don't want to provide your personal information to us?|
| || |
The API Group’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, the API Group’s policy is to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.
In some cases however, if you don't provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to become a API member and, if you sit an exam for the API Program, we will check your photo ID and digital signature, to confirm that you are person who is entitled to sit for the exam.
|4.||How we collect and hold personal information|
| ||4.1||Methods of collection|
| || ||The API Group is required by the Privacy Act also to collect personal information only by lawful and fair means. It is reasonable and practicable, we will collect personal information we require directly from you. |
We collect personal information in a number of ways, including:
- by email
- over the telephone
- through written correspondence (such as letters, faxes and emails)
- on hard copy forms (including event registration forms, network registration forms , competition entry forms and surveys)
- in person (for example, at job interviews and in exams)
- through our website (for example, if you make an online purchase or complete and submit a web form such as the Update my Profile form or a membership application form, or if you participate in a live chat)
- at seminars and functions (for example, if you fill out an assessment form or leave us your business card)
- during examinations and assignments conducted as part of our educational programs
- electronic systems such as applications
- through surveillance cameras (which we may use for security purposes)
- from third parties, including:
- educational providers that assist us in running our educational programs (including organising and conducting assessments)
- direct marketing database providers
- the ATO or ASIC (for example, through correspondence in relation to member conduct)
- insurers in relation to professional indemnity insurance
- public sources, such as telephone directories, membership lists of business, professional and trade associations, public websites, ASIC searches, bankruptcy searches and searches of court registries.
| ||4.2||Collection notices|
| || ||Where the API Group collects personal information directly from you, the API Group’s policy is to take reasonable steps to notify you of certain matters. We will do this at or before the time of collection, or as soon as practicable afterwards. The matters include:|
- our identity and how to contact us
- the purposes for which we are collecting the information
- whether the collection is required or authorised by or under by or under an Australian law or a court or tribunal order
- the third parties (or types of third parties) to whom we would normally disclose information of that kind
- whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located
We will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, we will generally include a collection notice, or a clear link to it, on the form.
Where the API Group collects information about you from a third party, our policy is to take reasonable steps to make sure that you are made aware of the collection details listed above and, if you may not be aware that that we have collected the information, of the fact and circumstances of the collection. The API’s obligation to inform you of information from a third party may not apply in the case of formal Member compliance processes . The API will, in these cases, follow the relevant API Member compliance Policy in this regard.
| ||4.3||Unsolicited information|
| || ||Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement). |
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, the API Group’s policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
|5.||Disclosure of personal information to third parties|
| ||Under the API Group’s policy, personal information may be disclosed to the following third parties where appropriate for the purposes set out under heading 2 above:|
- financial institutions for payment processing
- universities and other educational service providers involved with or engaged by API for the API Educational programs and other professional programs
- our Member benefits partners and sponsors (so that they can provide members with information about their products and services)
- a Member's employer (to confirm membership status and provide educational program results where the employer or API subsidises some or all of the individual's API Program fees)
- a University Tuition Provider (to provide education program results if the member is concurrently enrolled in a post-graduate qualification with the tuition provider)
- Australian and international property industry bodies with which the API Group, from time to time, may have affiliations (for example, to confirm a member's membership status);
- members of API committees (such as Divisional Councils, advisory committees, member and discussion groups formed to consider topics of interest to the property industry)
- government and regulatory bodies (such as the Department of Immigration and Citizenship, Australian Education International – National Office for Overseas Skills Recognition and the Department of Education, Employment and Workplace Relations) and an individual's migration agent (in connection with applications for General Skills Migration)
- referees whose details are provided to us by job applicants
- third parties who have complained about members (including to advise them of the conduct and outcome of the complaint)
- the API Group’s contracted service providers, including:
- electronic content delivery providers
- information technology service providers
- publishers of our newsletters, student handbooks and course material
- online voting providers
- conference organisers
- marketing and communications agencies
- call centres and call training centres (including the third party that conducts member surveys on our behalf)
- mailing houses, freight and courier services
- printers and distributors of direct marketing material
- external business advisers (such as recruitment advisers, auditors and lawyers)
- transcript recording service providers, in relation to disciplinary proceedings
- regulatory bodies as required by law
- other professional bodies of which a member is also a member in relation to disciplinary proceedings.
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
|6.||Cross border disclosure of personal information|
API may in future operate in international jurisdictions. These overseas offices will form part of API.
The API Group may disclose personal information to third parties located overseas in the following situations and analogous situations:
- member's names and relevant addresses may be provided to an overseas direct mail provider to send marketing material to our members
- member details may be disclosed to international property bodies with whom we may have affiliations for example if a member applies for a reciprocal membership
- where API members are located in one of the international jurisdictions in which API operates, any disciplinary proceedings are likely to be conducted in the relevant jurisdiction. Information relevant to the proceedings, including personal information may be disclosed to panel members located overseas
- likewise, examinations may be conducted in the international jurisdictions in which API operates. Personal information about candidates may be disclosed to a third party contracted to conduct such examinations
- members to advise them of complaints made against them and to seek responses from them
- members of disciplinary tribunals to consider complaints
- information about individuals applying for General Skills Migration may be disclosed to their migration agents, who may be located anywhere around the world.
In each case, the API Group’s policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.
|7.||Use of government related identifiers|
| ||The API Group’s policy is to not:|
- use a government related identifier of an individual (such as a Medicare number or driver's licence number) as our own identifier of individuals
- otherwise use or disclose such a government related identifier
- unless this is permitted by the Privacy Act (for example, where the use or disclosure is required or authorised by or under an Australian law or a court or tribunal order).
|8.||Data quality and security|
| || ||We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate . Paper files may also be archived in boxes and stored offsite in secure facilities. The API Group’s policy is to take reasonable steps to:|
You can also help us keep your information up to date; by letting us know about any changes to your personal information, such as your email address or phone number. If you are a Member, you can easily review and update your information on an on-going basis, through our online "My Portal" page.
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
| || |
The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies .
The API Group processes assessment, membership and other payments using EFTPOS and online technologies. API’s policy is to ensure that all transactions processed by the API Group meet industry security standards to ensure payment details are protected.
While the API Group strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact the API Group by phone or post.
You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
Third party websites
|9.||Access and correction of your personal information|
| ||Individuals have a right to request access to the personal information that the API Group holds about them and to request its correction . |
| ||9.1||Members and prospective members|
| || ||Members and prospective members can readily access and correct their own personal information, including changing their communication preferences, by visiting the "My Portal" pages on the API website.|
For any personal information that can't be accessed and corrected through "My Portal", members and prospective members can follow the access and correction procedures for non-members (set out under the next heading).
| ||9.2 ||Non-members|
| || |
If you are not a member, you can contact our state offices (details under heading 11 below) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.
The API’s Group’s policy is to provide you with access to your personal information, subject to some exceptions permitted by law. We may provide access in the manner that you have requested provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, the API Group’s policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, the API Group’s policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.
Timeframe for access and correction requests
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
What if we refuse your request for access or correction?
If we refuse your access or correction request, or if we refuse to give you access in the manner you requested, the API Group’s policy is to provide you with a written notice setting out:
- the reasons for our refusal (except to the extent that it would be unreasonable to do so); and
- available complaint mechanisms.
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.
If you have a complaint about how the API Group has collected or handled your personal information, please contact our Privacy Officer (details under heading 11 below).
Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can't be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which details (for example) the date, time and circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how would you like your complaint resolved.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.
Our response will set out:
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
- what action, if any, API will take to rectify the situation.
|11.||Retention of personal data|
| ||All personal data that has been collected from you will only be kept for a limited duration that is relevant to the purpose for which your personal data is to be used and for as long as required by applicable law.|
| ||Please contact the API Group if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details for privacy queries and complaints are set out below. |
Privacy Officer, API, PO Box 26, Deakin West ACT 2600, Australia
P: + 61 2 6282 2411
F: +61 2 6285 2194
|13.||Changes to this policy|