Our privacy commitment
What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not
- whether the information or opinion is recorded in a material form or not.
The types of personal information we collect include your name, date of birth, contact information, workplace, credit/debit card information, and AHPRA details.
Whose personal information do we collect?
We collect personal information from people who are connected to our operations and activities – including members, employees, industry partners, suppliers, and service providers.
How do we collect your personal information?
Where possible, we will collect your personal information directly from you. This may be in person (for example, where you register for membership or if you attend an event), on the telephone (for example, if you contact the CNA, or online (for example, if you sign up for an event online).
We also obtain personal information from third parties such as contractors, list vendors, and health professionals. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.
Why do we collect your personal information?
We may collect your personal information for several purposes, including:
- Marketing – to communicate with you about upcoming events, new products, services, or related campaigns and organisations.
- Support services – to provide you with information and support services, and to evaluate and report on these services.
- Research – to conduct research into your experiences as a Cosmetic Nurse or industry sentiment and feedback.
- Volunteering and other support – to enable you to assist us with volunteering, advocacy, and any other activities where we seek our member’s assistance.
- Other issues – communicating with you in relation to our operations, activities, and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.
Where we collect your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.
What happens if you do not provide all this information?
If you do not provide some or all the personal information requested, we may not be able to approve your membership or provide you with information about our events, programs, and projects.
Using a pseudonym or engaging with us anonymously
It is not practicable to engage with us on an anonymous basis or by using a pseudonym.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie, and this will provide you with an opportunity to either accept or reject it in each instance.
You can also delete cookies that have already been set. If you wish to restrict or block web browser cookies which are set on your device, then you can do this through your browser settings.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
We use Google Analytics features based on Remarketing, Google Analytics Demographics, and Interest Reporting. These features use first party and third-party cookies to inform and optimise content based on your past visits to our site.
We also use pixel tracking, which indicates when your computer has visited pages on our websites where a pixel has been installed. As with cookies, this does not identify you personally, only the device you are using.
Google Analytics informs us of how visitors use our site based on your browsing habits, so that we can improve our site to make it easier for you to find the information you are seeking. Google also receives this information as you browse our site and other websites on the Google Display Network using Remarketing.
If you would like to opt-out of customised Google Display Network services and Google Analytics for Display Advertising, you can use Ad Settings. You can also use the Google Analytics Opt-out Browser Add-on, so you are not tracked into Google Analytics.
Opting out of marketing communications
In your profile, you can opt out of marketing communications. This means you will miss out on eDMs and promotional advertising that talks to events or activities we could be hosting or publicising.
By electing not to opt-out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous, and easy to take up.
To whom does the CNA disclose your personal information?
We may need to disclose your personal information to others to carry out our activities. This may include:
- External support services – to health care professionals, lawyers, other professionals, funders, financiers, co-ordinators, volunteers, service providers, agencies and not-for-profits that provide support services.
- Researchers – to conduct research studies.
- Third parties for marketing purposes – we may provide your contact details to other like-minded organisations to contact you with information that may be of interest to you. From time to time, we participate in data collectives where we share your personal information (other than sensitive information) with other organisations.
- Contractors and service providers who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), database contractors and telemarketing agencies.
Wherever we propose to disclose your personal information to a third party not outlined above, we will provide you with a collection notice which explains the circumstances in which we might disclose your personal information.
Cross-border disclosures of your personal information
We use data hosting facilities and third-party service providers to assist us with providing our goods and services. As a result, your personal information may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand, Netherlands, China, Singapore, Hong Kong, Ireland, Canada, United States of America and the United Kingdom
Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, or partners. We take such steps as are necessary in the circumstances to ensure that any overseas third-party service providers we engage do not breach the Australian Privacy Principles, including through contractual arrangements.
Where is your personal information stored?
We take all reasonable steps to protect all the personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third-party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for seven years, with a third-party provider of secure archiving services.
Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Your direct debit or credit cards
We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.
Access to your personal information
We will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type(s) of information requested. We will deal with your request to provide access to your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information.
Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:
- access would pose a serious threat to the life, safety, or health of any individual or to public health or public safety.
- access would have an unreasonable impact on the privacy of other individuals.
- the request is frivolous or vexatious.
- denying access is required or authorised by a law or a court or tribunal order
- access would be unlawful.
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.
Participants in research studies should note that access to personal information such as DNA sequences is not generally granted, in accordance with the first exception above. This is notified to you, where applicable, at the time of committing to the research study.
Updating your personal information
You may ask us to update, correct or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant, or misleading for the purpose for which it is held.
If you require access to, or wish to update your personal information, please contact us by emailing: firstname.lastname@example.org.
If you do not provide some or all the personal information requested, we may not be able to offer you services or provide you with information about our causes, events, programs, and projects.