Subscribe

GDPR Schedule

Overview

  1. Under the GDPR, we are required to provide additional information if this GDPR Schedule is applicable to you. This GDPR Schedule generally only applies where you interact with us when you are in the European Economic Area (‘EEA’).
  2. This GDPR Schedule provides additional information about the processing of your personal information and should be read in conjunction with the other parts of our Privacy Policy. It also provides information about how we process certain special categories of data listed in Article 9 of the GDPR (such as your racial or ethnic origin) (‘Special Categories’). 
  3. For the purposes of this Schedule, personal information is taken to mean ‘personal data’ within the meaning of Article 4(1) of the GDPR.

Categories of personal information we collect

  1. The types or categories of personal information that we may collect are set out in our Privacy Policy. We may also collect certain Special Categories of personal information, which is broadly similar in parts to ‘sensitive personal information’ defined in the Australian Privacy Act.

Bases for personal information processing

  1. In the table below, we have linked each purpose of our information processing described in our Privacy Policy to the relevant legal bases for processing that personal information as permitted under the GDPR. Where more than one legal basis is stated below it is because any or all of those bases may apply, depending on the specific situation. If consent is stated below in conjunction with other legal bases, we will only rely on your consent if the other legal bases do not apply in a particular circumstance.
  2. These ‘legal bases’ are set out in the GDPR, which allows us to process personal data only when the processing is permitted by the specific ‘legal basis’ set out under the GDPR and other relevant laws. A more detailed description of each ground that we rely on can be found in Annexure 1.

 

Purpose of information processing

Legal bases

To provide services and products to you, including membership services and networking support such as, the provision of magazines, journals, electronic newsletters, event alerts, networking opportunities with industry partners and other member benefits.

  • Contract performance;
  • Legitimate interests (to enable us to perform our obligations and provide our products and services to you); or
  • Consent.

To provide referral services to you for insurance or insurance related products.

  • Consent.

To communicate with you and conduct our business, including to answer enquiries and provide information to you about us and our products, services or membership; for example, if you are a student who would like information about becoming a member.

  • Legitimate interests (to enable us to perform our obligations and provide our services to you and to correspond with you in connection with our services, offerings and memberships); or
  • Consent.

To assess or verify membership applications, membership status and skills assessments to ensure that application and assessment criteria are met.

  •  Contract performance;
  •  Legitimate interests (to allow us to assess   your membership application and other assessments);
  •  Public interest; or
  •  Consent.

If we process any Special Categories of personal information, we will usually rely on your explicit consent.

To assess and process applications or enquiries for enrolment in a Professional Year program, National Vocational Education and Training program and other non-accredited training courses and programs.

  • Consent

 

To process payments for products or services, including membership applications and assessments.

  • Contract performance; or
  • Legitimate interests (to allow us to process and receive payments).

To perform an assessment of your eligibility for engagement by us or employment with us and to conduct our recruitment and selection process.

  • Legal obligation;
  • Legitimate interests (to allow us to facilitate our hiring and employment procedures); or
  • Consent.

If we process any Special Categories of personal information, we will usually rely on your explicit consent.

For quality assurance purposes, including to monitor communications and transactions to ensure service quality, compliance with laws and regulations and to combat fraud.

  • Legal obligation;
  • Legitimate interests (to ensure the quality and legality of our services); or
  • Public interest.

 

To verify your identity when you interact with us, including when you seek access to information that we hold.

  • Legal obligation; or
  • Legitimate interests (to allow us to verify that you are who you say you are).

If we process any Special Categories of personal information, we will usually rely on your explicit consent.

To provide you with access to, and use of, our website and portals.

  • Legitimate interests (to allow us to provide you with the content, products and services on our website); or
  • Consent.

To make decisions relating to nomination or election to a position on our Board, National Congress, Committees or other constituent groups, or to process a nomination in regard to a significant award and/or recognition.

  • Legitimate interests (to allow us to conduct our election or nomination processes and procedures).

To send marketing and promotional materials or communications (including emails) for products, services or events which we believe our members and non-members would like to receive, including those from our sponsorship and commercial partners.

  • Legitimate interests (to allow us to tailor our products and services to you)
  • Consent.

To enable us to facilitate or organise events, conferences, seminars and professional development and networking events that you have expressed an interest in, or will attend; for example, to organise catering or accommodation in connection with such events.

 

  • Contract performance;
  • Legitimate interests (to allow us to facilitate or organise events, including to ensure that food is catered to any special dietary requirements that you may have); or
  • Consent.

To include your name, post-nominal and, with consent, contact details on any national Registers owned or administered by Engineers Australia including the National Engineering Register and to respond to third party enquires in relation to members.

  • Contract performance;
  • Legitimate interests (to allow us to maintain accurate information on our published registers and to respond to enquiries in accordance with our By-Laws and Regulations); or
  • Consent.

To elect, recruit, manage, support and contact and communicate with our committee members, office bearers and volunteers in the performance of their roles and duties.

 

  • Legitimate interests (to allow us to properly and efficiently govern and administer Engineers Australia); or
  • Consent.

If we process any Special Categories of personal information, we will usually rely on your explicit consent.

For accounting and administrative functions, including to contact our Board, panel and committee members to distribute business papers and other documentation related to the performance of their roles and duties.

  • Legitimate interests (to allow us to properly and efficiently govern and administer Engineers Australia).

For statistical or analytical purposes, including to assess and analyse the demographics of our members, the attendees of our conferences and events and the users of our services and offerings.

 

  • Legitimate interests (to allow us to better understand our clients and members and to improve our business practices).

To facilitate procurements and to enter into contracts with suppliers and contractors.

  • Contract performance.

To process and respond to any complaint, claim or feedback that you have made.

  • Legal obligation; or
  • Legitimate interests (to allow us to assess complaints and feedback made against our members or us).

If we process any Special Categories of personal information, we will usually rely on your explicit consent or our need to process legal claims.

To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.

  • Legal obligation.

 

  1. We may rely on other legal bases under the GDPR in particular circumstances.

Export of your personal information outside EEA

  1. Your personal information may be accessed, transferred and/or stored outside the EEA, where different personal information protection standards may apply. We will, in all circumstances, safeguard personal information as set out in our Privacy Policy and GDPR Schedule. 
  2. With respect to individuals located in the EEA, where we transfer personal information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA information protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions. In countries which have not had these approvals (see the full list here), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses or other legal grounds permitted by applicable legal requirements.
  3. Please contact our Privacy Officer set out in the body of our Privacy Policy if you would like to see a copy of the specific safeguards applied to the export of your personal information.

Profiling and automated decision-making

  1. We do not make any decisions solely by automated means and without human involvement.
  2. We may gather certain information about you from your online activity. This may in some situations constitute profiling as defined under Article 4(4) of the GDPR (‘Profiling’). We build profiles through your interactions with our websites and social media pages, including through cookies.
  3. We undertake Profiling to personalise your website experience and our communications with you. Profiling may also be used by us for analytical purposes and so that we may improve our business offering. Our use of Profiling will not have any legal consequences for you or significantly affect you (for example, we will never make a decision about whether or not to grant you membership based on any Profiling we may undertake).
  4. We only carry out Profiling in accordance with all applicable laws. You may object to our use of your personal information to carry out Profiling by contacting our Privacy Officer (please refer to paragraph 18 below for further information about how you may exercise this right). If you do not wish to receive cookies, you may be able to change the settings on your browser to refuse cookies. Please refer to our Privacy Policy and Cookies Policy, available here, for further information about our use of cookies and your options in relation to cookies.
  5. If you refuse cookies or we cannot provide you with targeted content, we may not be able to tailor the content of our websites and communications to your preferences.

Additional rights under GDPR

  1. In addition to the rights already outlined in the body of our Privacy Policy and this GDPR Schedule, in certain circumstances, you may have the right under the GDPR to:
  • ask us to provide you with further details about our processing of your personal information, including the purposes for processing of your information;
  • ask us to provide you with a copy of the personal information that we have collected about you;
  • update any inaccuracies in the personal information we hold about you in accordance with our Privacy Policy;
  • ask us to delete or erase certain personal information where we are obligated under the GDPR to do so;
  • where processing is based on consent, withdraw your consent so that we stop that particular processing;
  • ask us to transmit the personal information you have provided to us and we still hold about you to a third party electronically;
  • object to particular types of processing of your personal information, including processing for direct marketing purposes or any processing based on public interest or legitimate interests grounds;
  • restrict how we process your personal information in particular circumstances, including whilst a complaint or objection about our processing of your personal information is being investigated; and
  • lodge a complaint with the relevant supervisory authority as further detailed below.
  1. You may also ask us to confirm whether or not we process personal information about you.
  2. You may exercise these rights by contacting our Privacy Officer set out in the body of our Privacy Policy. Subject to law, we may in certain circumstances charge you a reasonable fee based on our administrative costs where you request further copies of your personal information or your request is manifestly unfounded or excessive.
  3. Your exercise of these rights is subject to certain legal exemptions, including to safeguard the public interest (for example, the prevention or detection of crime) and our interests (for example, the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
  4. If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to refer your complaint to our Privacy Officer stated in the main body of our Privacy Policy and to the relevant supervisory authority.