Privacy Statement
Who does this Privacy Statement apply to?
This Privacy
Statement (“this Statement”) applies to “Achieva Strategy Australia” (“we” or
“us”), which includes both the Achieva Strategy Australia and the entities it
owns or controls. We want you to know that we are committed to protecting your
privacy and handling your personal information in an open and transparent way.
What does this Privacy Statement cover?
This
Statement explains how we collect, handle, store and protect personal
information when:
·
We provide professional services to you or our
clients;
·
You use “this Website”; or
·
Perform any other activities that form part of the
operation of our business.
When
we refer to “this Website” we are talking about websites associated with Achieva
Strategy Australia. This includes;
·
Pages accessed using the www.achieva-global.com URL that are
labelled “Location: Australia” in the webpage; and
·
Pages or communications that link directly to this
privacy statement.
This
Statement also contains information about when we share information with Achieva
Global Partners (“AGP”), its member firms, or their related entities
(collectively, the “AchievaNetwork”).
Are
all areas of this Website covered by this statement?
Certain
areas of this Website have separate privacy statements that apply to personal
information collected via those pages. A separate statement may be necessary
because of the nature of the personal information being collected (for example,
information collected during the recruitment process) and to provide additional
detail about how we handle information collected via those pages.
What
about the privacy statements of other Achieva member firms?
The
Achieva member firms are located internationally and are subject to the privacy
laws of the particular country or countries in which they operate. As a result,
each member firm has its own privacy statement governing the handling of any
personal information they collect. Importantly, the websites of other Achieva
member firms, as well as other websites that may be linked to this Website, are
not covered by this Statement.
We encourage
visitors to review each website's privacy statement before disclosing any
personal information.
What laws apply to us?
When
handling personal information we will comply with the Australian Privacy
Principles (APPs) contained in the Privacy Act 1988 (Cth)
(Privacy Act) and other applicable legislation (such as Australian State and
Territory health privacy legislation), as well as the Spam Act
2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Where applicable, we will also comply with data protection laws of other
jurisdictions, such as the European General Data Protection Regulation (GDPR).
The
APPs are legally binding principles that are designed to ensure that
individuals’ personal information is protected throughout the information
lifecycle – that is, from the time the information is collected through to its
destruction. The APPs also give individuals the right to access their personal
information and have it corrected if it is incorrect.
We
take our obligations under the APPs, Australian State and Territory privacy
legislation and other applicable data protection laws seriously. Therefore, in
addition to this statement, we also:
·
Maintain an internal privacy policy; and
·
Where appropriate, include terms in our agreements
with our clients that describe how we handle personal information during the
delivery of our professional services.
What personal information do we collect?
Information
we collect when we provide professional services to our clients
We
may be provided with personal information directly by our clients to enable us
to deliver professional services or to perform due diligence checks before we
agree to provide services. This information may relate to clients’ employees,
members or customers or it may relate to third parties (for example, the
spouses and dependants of a client’s employees, members or customers).
As
part of providing professional services to our clients, we may also collect
personal information from other sources (such as directly from individuals
themselves or information that is publicly available).
The
types of personal information we may collect or be provided with include, but
are not limited to:
·
Contact details;
·
Dates of birth;
·
Gender;
·
Employment records;
·
Financial records;
·
Complaint details.
We
may also collect sensitive personal information (also called ‘special category
information’). For example, where we are provided with such information
directly by our clients to provide professional services, or where we collect
information directly from individuals with their consent. This may include:
·
Government identifiers such as drivers’ licence,
passport and Medicare numbers and visa/work permit status;
·
Tax file numbers;
·
Health records;
·
Information about racial or ethnic origins;
·
Information about criminal convictions;
·
Membership of a political association or membership
of a trade union.
Where
we are provided with personal information by a client, we take steps to ensure
that the client has complied with the relevant obligations under applicable
data protection laws in relation to that information; this may include, for
example, that the client has provided you with notice of the collection (and
other matters) and has obtained any necessary consent for us to collect, use and
disclose that information.
We
also collect personal information (such as contact details and account details)
from suppliers, contractors and third party service providers that we engage to
help us operate our business.
Information
we collect when we perform any other activities that form part of the operation
of our business
We
may collect personal information when performing other activities that form
part of the operation of our business, but which do not directly form part of
providing professional services to our clients. For example, we might collect
personal information from members of the public as part of undertaking surveys,
research on current issues or as part of projects or initiatives we are
conducting with other organisations.
The
types of information that we collect may vary depending on the nature of the
activity. However, we will take reasonable steps to provide clear information
about the nature of those activities and the purpose for which we are
collecting your information.
Information
we collect via this Website (Log information, cookies, and web beacons) or when
you attend events
We
may collect your personal contact details when you use this Website or when you
attend aAchieva event, or an event sponsored by Achieva. For example, if you
sign up to receive promotional materials, thought leadership or communications
about services provided by us or other Achieva member firms.
To
improve your experience when you use this Website and ensure that it is
functioning effectively, we also use cookies (small text files stored in a
user’s browser) and Web beacons (electronic images that allow this Website to
count visitors who have accessed a particular page and to access certain
cookies).
Protecting
children's privacy
We understand the
importance of protecting children's privacy. This Website is not designed for,
or intentionally targeted at, children 13 years of age or younger. It is not
our policy to intentionally collect or store information about anyone under the
age of 13.
How do we use your personal information?
How
do we use personal information collected to provide services to our clients?
We
use the personal information that we collect to provide clients with agreed
services. We have an agreement with each client that governs the provision of
our services and sets out the purposes for which we may use any information
that the client provides to us (including any personal information). We use
that information as permitted by the client agreement and we do not use that
information for any other purposes, unless it is necessary to comply with a
legal or professional right or duty.
Because
we provide a wide range of different types of services to our clients, the way
we use personal information also varies. For example, we might use personal information:
·
About a client’s employees to help those employees
manage their tax affairs when working overseas;
·
About a client’s customers to help the client
improve the quality of the services they offer;
·
Collected by a client as part of their ordinary business
activities in the course of helping that client restructure their business; and
·
Collected by a client as part of their ordinary
business activities to help that client manage their cyber-security and other
business risks.
How
we use information collected when we perform other activities that form part of
the operation of our business
When
we collect personal information as part of performing other activities that
form part of our business, we will take reasonable steps to provide clear
information about the nature of those activities and how we will use any
personal information collected.
We
may also use non-personal, de-identified and aggregated information for several
purposes including for data analytics, research, submissions, thought leadership
and promotional purposes.
How
do we use information collected via this Website or through other sources? Do
we use it to market goods and services to you?
We
may use personal information that we collect from you via this Website, through
your interactions with our Partners and staff or through your attendance at
events, to provide you with promotional materials, thought leadership or
communications about services provided by us or other Achieva member firms that
we feel may be of interest to you. We may provide these materials to you
directly (e.g. via email) or through third parties who provide us with
marketing services (e.g. via your news feed in professional networking
platforms).
We
will not use your personal information collected via this Website or through
other sources to market the goods and services of third parties to you without
first notifying you and seeking your consent (usually through a separate
privacy notice).
We
may also use your personal information collected via this Website:
·
To manage and improve this Website;
·
To tailor the content of this Website to provide
you with a more personalised experience and draw your attention to information
about our services that we feel may be of interest to you;
·
To seek feedback on our services; and
·
For market or other research purposes (however, we
will only ever report aggregated results of any research we undertake, and will
never include your personal information in those results unless you explicity
give us your consent).
If
you do not want to receive marketing materials from us, you can:
·
Click on the unsubscribe function in the
communication; or
·
Email achieva.international@gmail.com for any hard copy
communications that you no longer wish to receive.
At
times, you may choose to register or create a user profile on this Website –
for instance, to gain access to specific content, attend a hosted event,
respond to a survey, or request communications about specific areas of
interest. In such cases, the information you submit will be used to manage your
request and to customise and improve this Website and related services offered
to you. You may request at any time that we discontinue sending you emails or
other communications generated in response to your registration on this
Website.
Are
there any other ways we use your personal information?
We may also use
personal information to protect our rights and those of our users or to comply
with a legal or professional right or duty.
When will we disclose your personal information?
We
will only disclose your personal information as set out below. Importantly, we
will never sell your personal information to third parties for advertising
purposes, or disclose it for any other secondary purpose without your
authorisation.
We
may disclose personal information to:
·
Other entities in the Achieva Network;
·
Third parties that we engage to assist us in
providing professional services to our clients or in the operation of our
business (i.e. our subcontractors, advisors and suppliers).
These
entities and third parties may sometimes be located in other countries, in
particular Australia, Singapore and Indonesia. A current list of Achieva
Offices around the region is available in the webpage.
Where
we disclose your personal information to other entities in the Achieva Network,
or to third party service providers, we will take steps to ensure that those
recipients protect that information from unauthorised access, modification or
disclosure, and from misuse, interference and loss.
We
may also be required to disclose personal information to law enforcement,
regulatory or government agencies, or to other third parties:
·
To comply with legal or regulatory obligations or
requests; or
·
Where there is a legal or professional right or
duty to disclose.
We
may share non-personal, de-identified and aggregated information with third
parties for several purposes, including data analytics, research, submissions,
thought leadership and promotional purposes.
Blogs,
forums, wikis, and other social media
This Website hosts
various blogs, forums, wikis, and other social media applications or services
that allow you to share content with other users (collectively ‘social media
applications’). Importantly, any personal information that you contribute to
these social media applications can be read, collected and used by other users
of the application. We have little or no control over these other users and,
therefore, we cannot guarantee that any information that you contribute to any
social media applications will be handled in accordance with this Statement.
On what basis do we process personal information
about you?
Certain
data protection laws, such as the European GDPR, require us to have a ‘legal
basis’ for processing personal information. Where those laws apply, we may
process your personal information for the purposes outlined above because:
(a)
You have consented to the processing of your personal information for those
purposes;
(b)
We have a legitimate interest in processing your personal information, which
may be to:
·
provide services to you and/or to the entity that
has engaged us to provide the services;
·
support the management of our client engagements;
·
evaluate, develop or improve our services or
products; or
·
protect our business interests; or
(c)
We are subject to legal, regulatory or professional obligations.
To
the extent that we process any sensitive (special category) personal
information about you for any of the purposes outlined above, we will do so
because either:
(a)
You have given us your explicit consent to process that information;
(b)
We are required by law to process that information, for example, in order to
ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations;
(c)
The processing is necessary to carry out our obligations under employment,
social security or social protection law; or
(d)
The processing is necessary for the establishment, exercise or defence of legal
claims.
How do we protect your information?
We
hold personal information in hard copy and electronic formats. We use a range
of physical, operational and technological security measures to protect this
information. These measures include:
·
Staff education and training to ensure our staff
are aware their privacy obligations when handling your personal information;
·
Administrative and technical controls to restrict
access to personal information to only those people who need access;
·
Technological security measures, including fire
walls, encryption and anti-virus software;
·
Physical security measures, such as staff security
passes to access AchievaStrategy Australia premises, laptop cable locks and the
use of privacy screens where appropriate.
What is our process for making changes to this
Privacy Statement?
We
may modify or amend this Privacy Statement from time to time.
