This document sets out the policy of the National Business Travel Association (Asia Pacific) trading as GBTA AUS/NZ Ltd ACN 124 662 120 hereafter GBTA AUS/NZ relating to the protection of the privacy of personal information.
The Global Business Travel Association (GBTA) is the world’s premier business travel and meetings organisation. Collectively, GBTA’s 6,000-plus members manage over $340 billion of global business travel and meetings expenditures annually. GBTA provides its network of 21,000 business and government travel and meetings managers, as well as travel service providers, with networking events, news, education & professional development, research, and advocacy.
1.1. What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable.
Examples include an individual's name, address, contact number and email address.
1.2. Our obligations
GBTA AUS/NZ is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal.
We are also required to comply with other, including more specific privacy legislation in some circumstances, such as:
- applicable legislation of the other national jurisdictions in which GBTA AUS/NZ operates;
- applicable Australian State and Territory health privacy legislation (including the Victorian Health Records Act 2001) when we collect and handle certain health information; and
- the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
1.3. Employee records
GBTA AUS/NZ is generally exempt from the Privacy Act when it collects and handles employee records. However, GBTA AUS/NZ’s policy is to protect the personal information of its employees as it does other personal information.
2. The purposes for which we collect, hold, use and disclose personal information
GBTA AUS/NZ needs personal information to be able to perform its core functions, including administration of members, event delegates, admission to membership, membership administration, continuing professional development, invitations to networking events, licences including public practice certificates, and management of professional conduct. In addition, GBTA AUS/NZ has subsidiary functions to benefit its members, under our Member Benefits program such as discussions and other member groups.
Our core services to members include education, training, providing resources and advocacy. The main purposes for which we collect, hold, use and disclose personal information are to provide services and benefits to our members, and to maintain and extend our membership. Staff and members work together with local and international bodies to represent the views and concerns of the profession to governments, regulators, industries, academia and the general public. GBTA AUS/NZ also interacts with non-members, both prospective members and also the general public.
The main purposes for which we collect, hold, use and disclose personal information are to provide services and benefits to our members, and to maintain, retain, extend and grow our membership.
For those above purposes, our activities include:
2.1.1 Membership management
- informing potential members about the benefits of membership;
- processing applications for membership;
- managing memberships (for example, by sending out renewal notices and recording and updating membership details and profile information);
- distributing our annual reports, and sending notices of GBTA AUS/NZ meetings; and
- advising interested third parties (including member's employers and other professional organisations) of the status and category of GBTA AUS/NZ members
2.1.2 Member services and publications
- distributing GBTA AUS/NZ publications and newsletters to our media list;
- managing various professional member advisory groups;
- managing Divisional and Branch Councils and other member groups;
- organising and holding discussion groups to consider topics of interest to the business travel profession;
- providing members with access to and information about a range of current and future membership services and benefits, including Member Benefits (see further below)
2.1.3 Training and events
- developing, promoting and conducting other events (whether digitally, online, face-to-face or otherwise), including seminars and conferences (including organising speakers, locations and catering, making travel arrangements where required and keeping attendance records);
- developing, administering, supporting and assessing GBTA AUS/NZ's educational programs, including the foundation and professional levels our programs, study units and practice management distance learning; and
- developing new public practice resources and services
2.1.4 Public Practice Certification
- marketing practice development materials to non-members as well as Members;
- informing members about public practice requirements and assessing public practice certificate applications;
- allowing an accredited GBTA AUS/NZ quality reviewer to perform a quality review in accordance with the requirements of GBTA AUS/NZ’s By-Laws
2.1.5 Surveys, research and competitions
- conducting surveys and market research for product and service improvement purposes and to compile statistics and analyse trends;
- considering research grant applications and administering research grants; and
- conducting competitions and fundraising for local charities
2.1.6 Professional conduct
- ensuring that our members comply with GBTA AUS/NZ’s Constitution, By-Laws, and Applicable Regulations;
- investigating and resolving complaints about members; referring member to disciplinary tribunal if necessary; and
- investigating complaints about non-members (for example, where an individual incorrectly claims to be a GBTA AUS/NZ member)
2.1.7 General administration
- recruiting staff and contractors;
- processing payments;
- answering queries and resolving complaints; and
- using aggregated information for business analysis
2.1.8 Other activities
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:
- required or authorised by or under law (including, without limitation, privacy legislation);
- and for which the individual has provided their consent
2.2. Direct marketing
We may use personal information of members and non-members, specifically your name and relevant address details, to let you know about our services, facilities and benefits and those of third party partners/contractors/suppliers of GBTA AUS/NZ, where we have your consent. We are not permitted to do so unless we have your consent. We and/or our partners/contractors/suppliers may contact you for direct marketing purposes in a variety of ways, including by mail, email, telephone or online advertising.
For example, where we have your consent, we will send you:
- if you are a Member: our Member publications (see list above) and events;
- if you are a prospective member and have provided consent, we may use your personal information to contact you with information about GBTA AUS/NZ current and future membership benefits and events
2.2.1 Opting out
Where you have consented to receiving direct marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, in the following ways:
- Members, prospective members and non members can advise us if they receive a marketing call that they no longer wish to receive; and
- use the unsubscribe facility that we include in our commercial electronic messages to opt out of receiving those messages; or
- by contacting us directing on +61 (0) 9456 4470
2.2.1 Notification of source
If we have collected the personal information that we use to send you direct marketing material from a third party (for example a direct mail database provider), you can ask us to notify you of our source of information, and GBTA AUS/NZ’s policy is to do so unless this is unreasonable or impracticable.
3. The kinds of personal information we collect and hold
The type of personal information that GBTA AUS/NZ collects and holds about you depends on the type of dealings that you have with us. For example, if you:
- join as a Member, we collect information including your name, address, contact number, gender, date of birth, address, email address, proof of identity details, employment details, including your primary focus, e.g. taxation, educational qualifications, academic results, communication preferences and payment details; and we allocate you a member number and membership status; we seek to keep those details updated;
- attend a GBTA AUS/NZ conference or seminar, we will collect your contact details, address, membership number (if applicable), employment details, payment details and any dietary and accessibility requirements;
- are a supplier to GBTA AUS/NZ, we collect contact address details, usually including but not limited to all forms of contact and address, billing information and information about the goods and/or services you supply;
- are a sponsor of GBTA AUS/NZ, we collect contact address details, usually including but not limited to all forms of contact and address, and information about the sponsorship;
- are an academic, or industry expert or media contact of GBTA AUS/NZ;
- licences and registrations held as a Public Practitioner or as an workplace requirement (e.g. employee);
- are a member of the general public who contacts GBTA AUS/NZ who elects not to rely on anonymity or pseudonymity, we collect contact address details, usually including but not limited to email addresses and phone numbers and details about the reason for the contact
3.2. Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
GBTA AUS/NZ’s policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented;
- or we are required or authorised by or under law (including applicable privacy legislation) to do so
For example, we may collect:
- information about your membership of other professional associations;
- information about dietary requirements or mobility needs when we conduct events such as conferences and seminars;
- information about medical conditions in the context of exams, as part of a special consideration application or so that we can implement special exam arrangements;
3.3. Collection of information other than personal information through our website
When you visit the GBTA AUS/NZ website, some of the information that is collected about your visit is not personal information, because it does not reveal your identity.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies used by GBTA AUS/NZ may identify individual users who log into the website.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website (such as preventing users from logging on and making purchases).
GBTA AUS/NZ also uses online behavioural advertising as part of optimising email campaigns based on audience behaviour e.g. reaction or no reaction to a campaign.
3.4. What if you don't want to provide your personal information to us?
GBTA AUS/NZ’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, GBTA AUS/NZ’s policy is to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.
In some cases however, if you don't provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to become a GBTA AUS/NZ member and, if you sit an exam.
4. How we collect and hold personal information
4.1. Methods of collection
GBTA AUS/NZ is required by the Privacy Act also to collect personal information only by lawful and fair means. It is reasonable and practicable, we will collect personal information we require directly from you.
We collect personal information in a number of ways, including:
- by email;
- over the telephone;
- through written correspondence (such as letters, faxes and emails);
- on hard copy forms (including event registration forms, network registration forms competition entry forms and surveys);
- in person (for example, at job interviews and in exams); through our website and the Hub at seminars and functions (for example, if you fill out an assessment form or leave us your business card);
- during examinations and assignments conducted as part of our educational programs; electronic systems such as Applications;
- through surveillance cameras (which we use for security purposes); and from third parties, including:
- educational providers that assist us in running our educational programs (including organising and conducting assessments);
- direct marketing database providers;
- the ATO or ASIC (for example, through correspondence in relation to member conduct);
- insurers in relation to professional indemnity insurance; and
- public sources, such as telephone directories, membership lists of business, professional and trade associations, ASIC searches, bankruptcy searches and searches of court registries
4.2. Collection notices
Where GBTA AUS/NZ collects personal information directly from you, GBTA AUS/NZ’s policy is to take reasonable steps to notify you of certain matters. We will do this at or before the time of collection, or as soon as practicable afterwards. The matters include:
- our identity and how to contact us;
- the purposes for which we are collecting the information;
- whether the collection is required or authorised by or under by or under an Australian law or a court or tribunal order;
- the third parties (or types of third parties) to whom we would normally disclose information of that kind;
- whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located; and
We will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, we will generally include a collection notice, or a clear link to it, on the form.
Where GBTA AUS/NZ collects information about you from a third party, GBTA AUS/NZ’s policy is to take reasonable steps to make sure that you are made aware of the collection details listed above and, if you may not be aware that that we have collected the information, of the fact and circumstances of the collection.
4.3. Unsolicited information
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, GBTA AUS/NZ’s policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
5. Disclosure of personal information to third parties
Under GBTA AUS/NZ’s policy, personal information may be disclosed to the following third parties where appropriate for the purposes set out under heading 2 above.
- financial institutions for payment processing;
- universities and other educational service providers involved with or engaged by GBTA AUS/NZ for the GBTA Academy and other professional programs;
- our Member Benefits partners and sponsors (so that they can provide members with information about their products and services);
- a Member's employer (to confirm membership status and provide educational program results where the employer or GBTA AUS/NZ subsidises some or all of the individual's examination or event fees) and/or under the Recognised Employer Program;
- international accounting bodies with which we have mutual recognition agreements (for example, to confirm a member's membership status);
- members of GBTA AUS/NZ committees (such as Divisional and Branch Councils, advisory committees, member and discussion groups formed to consider topics of interest to the accounting profession);
- government and regulatory bodies (such as the Department of Immigration and Citizenship, Australian Education International – National Office for Overseas Skills Recognition and the Department of Education, Employment and Workplace Relations) and an individual's migration agent (in connection with applications for General Skills Migration);
- referees whose details are provided to us by job applicants;
- third parties who have complained about members (including to advise them of the conduct and outcome of the complaint); and
- GBTA AUS/NZ's contracted service providers, including:
- information technology service providers;
- publishers of our newsletters, student handbooks and course material; conference organisers;
- marketing and communications agencies;
- call centres and call training centres (including the third party that conducts member surveys on our behalf);
- mailing houses, freight and courier services;
- printers and distributors of direct marketing material; and
- external business advisers (such as recruitment advisers, auditors and lawyers).
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
6. Cross border disclosure of personal information
GBTA operates in a number of international jurisdictions, including the United States of America, Canada, Latin America, Russia, Thailand, South Africa, People's Republic of China, Hong Kong, India, Singapore, New Zealand and the Europe. These overseas offices are part of GBTA.
However GBTA AUS/NZ may disclose personal information to third parties located overseas in the following situations and analogous situations:
Member's names and relevant addresses may be provided to GBTA globally to send marketing material to our members;
Member details may be disclosed to international accounting bodies for example if a member applies for a reciprocal membership;
details of members who undertake education outside of Australia/New Zealand
where GBTA AUS/NZ members are located in one of the international jurisdictions in which GBTA AUS/NZ operates, any disciplinary proceedings are likely to be conducted in the relevant jurisdiction. Information relevant to the proceedings, including personal information may be disclosed to panel members located overseas;
likewise, examinations are conducted in the international jurisdictions in which GBTA AUS/NZ operates. Personal information about candidates may be disclosed to a third party contracted to conduct such examinations.
In each case, GBTA AUS/NZ’s policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.
7. Use of government related identifiers
GBTA AUS/NZ’s policy is to not:
- use a government related identifier of an individual (such as a Medicare number or driver's licence number) as our own identifier of individuals; or
- otherwise use or disclose such a government related identifier, unless this is permitted by the Privacy Act (for example, where the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order).
8. Data quality and security
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. GBTA AUS/NZ’s policy is to take reasonable steps to:
make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and
protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure
You can also help us keep your information up to date; by letting us know about any changes to your personal information, such as your email address or phone number.
The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.
8.2.1 Payment security
GBTA AUS/NZ processes assessment, membership and other payments using EFTPOS and online technologies. GBTA AUS/NZ’s policy is to ensure that all transactions processed by GBTA AUS/NZ meet industry security standards to ensure payment details are protected.
8.2.2 Website security
While GBTA AUS/NZ strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact GBTA AUS/NZ by telephone or post.
You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
8.2.3 Third party websites
9. Access and correction of your personal information
Individuals have a right to request access to the personal information that GBTA AUS/NZ holds about them and to request its correction.
9.1. Members and prospective members
Members and prospective members can contact GBTA AUS/NZ directly to update their details.
If you are not a member, you can contact us directly to update your details.
GBTA AUS/NZ’s policy is to provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, GBTA AUS/NZ’s policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, GBTA AUS/NZ’s policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.
9.4.1 Timeframe for access and correction requests
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
9.4.2 What if we refuse your request for access or correction?
If we refuse your access or correction request, or if we refuse to give you access in the manner you requested, GBTA AUS/NZ’s policy is to provide you with a written notice setting out:
- the reasons for our refusal (except to the extent that it would be unreasonable to do so); and
- available complaint mechanisms
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.
10. Further information
Please contact GBTA AUS/NZ if you have any queries about the personal information that GBTA AUS/NZ holds about you or the way we handle that personal information.
Our contact details for privacy queries are set out below.
GBTA AUS/NZ PO BOX 424, BEROWRA, NSW 2081, AUSTRALIA
P: + 61 2 9456 4470
F: +61 2 9456 1865
12. Changes to this policy