Under the GDPR, we are required to provide additional information if this GDPR Schedule is applicable to you. This GDPR Schedule generally only applies where you interact with us when you are in the European Economic Area (‘EEA’).
For the purposes of this Schedule, personal information is taken to mean ‘personal data’ within the meaning of Article 4(1) of the GDPR.
These ‘legal bases’ are set out in the GDPR, which allows us to process personal data only when the processing is permitted by the specific ‘legal basis’ set out under the GDPR and other relevant laws. A more detailed description of each ground that we rely on can be found in Annexure 1.
|Purpose of information processing||Legal bases|
|To provide services and products to you, including membership services and networking support such as, the provision of magazines, journals, electronic newsletters, event alerts, networking opportunities with industry partners and other member benefits.||
|To provide referral services to you for insurance or insurance related products.||
|To communicate with you and conduct our business, including to answer enquiries and provide information to you about us and our products, services or membership; for example, if you are a student who would like information about becoming a member.||
|To assess or verify membership applications, membership status and skills assessments to ensure that application and assessment criteria are met.||
If we process any Special Categories of personal information, we will usually rely on your explicit consent.
|To assess and process applications or enquiries for enrolment in a Professional Year program, National Vocational Education and Training program and other non-accredited training courses and programs.||
|To process payments for products or services, including membership applications and assessments.||
|To perform an assessment of your eligibility for engagement by us or employment with us and to conduct our recruitment and selection process.||
|For quality assurance purposes, including to monitor communications and transactions to ensure service quality, compliance with laws and regulations and to combat fraud.||
|To verify your identity when you interact with us, including when you seek access to information that we hold.||
|To provide you with access to, and use of, our website and portals.||
|To make decisions relating to nomination or election to a position on our Board, National Congress, Committees or other constituent groups, or to process a nomination in regard to a significant award and/or recognition.||
|To send marketing and promotional materials or communications (including emails) for products, services or events which we believe our members and non-members would like to receive, including those from our sponsorship and commercial partners.||
|To enable us to facilitate or organise events, conferences, seminars and professional development and networking events that you have expressed an interest in, or will attend; for example, to organise catering or accommodation in connection with such events.||
|To include your name, post-nominal and, with consent, contact details on any national Registers owned or administered by Engineers Australia including the National Engineering Register and to respond to third party enquires in relation to members.||
|To elect, recruit, manage, support and contact and communicate with our committee members, office bearers and volunteers in the performance of their roles and duties.||
|For accounting and administrative functions, including to contact our Board, panel and committee members to distribute business papers and other documentation related to the performance of their roles and duties.||
|For statistical or analytical purposes, including to assess and analyse the demographics of our members, the attendees of our conferences and events and the users of our services and offerings.||
|To facilitate procurements and to enter into contracts with suppliers and contractors.||
|To process and respond to any complaint, claim or feedback that you have made.||
|To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.||
We may rely on other legal bases under the GDPR in particular circumstances.
With respect to individuals located in the EEA, where we transfer personal information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA information protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions. In countries which have not had these approvals, we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses or other legal grounds permitted by applicable legal requirements.
We do not make any decisions solely by automated means and without human involvement.
We may gather certain information about you from your online activity. This may in some situations constitute profiling as defined under Article 4(4) of the GDPR (‘Profiling’). We build profiles through your interactions with our websites and social media pages, including through cookies.
We undertake Profiling to personalise your website experience and our communications with you. Profiling may also be used by us for analytical purposes and so that we may improve our business offering. Our use of Profiling will not have any legal consequences for you or significantly affect you (for example, we will never make a decision about whether or not to grant you membership based on any Profiling we may undertake).
- ask us to provide you with further details about our processing of your personal information, including the purposes for processing of your information
- ask us to provide you with a copy of the personal information that we have collected about you
- ask us to delete or erase certain personal information where we are obligated under the GDPR to do so
- where processing is based on consent, withdraw your consent so that we stop that particular processing
- ask us to transmit the personal information you have provided to us and we still hold about you to a third party electronically
- object to particular types of processing of your personal information, including processing for direct marketing purposes or any processing based on public interest or legitimate interests grounds
- restrict how we process your personal information in particular circumstances, including whilst a complaint or objection about our processing of your personal information is being investigated, and
- lodge a complaint with the relevant supervisory authority as further detailed below.
You may also ask us to confirm whether or not we process personal information about you.
Your exercise of these rights is subject to certain legal exemptions, including to safeguard the public interest (for example, the prevention or detection of crime) and our interests (for example, the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
These are the principal legal bases that justify our use of your personal information:
- Consent: where you have consented to our use of your information
- Contract performance: where your information is necessary to enter into or perform our contract with you
- Legal obligation: where we need to use your information to comply with our legal obligations
- Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your information protection interests, rights and freedoms
- Public interests: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
These are the principal legal bases that justify our use of Special Categories of your personal information:
- Legal claims: where your information is necessary for us to establish, defend, prosecute or make a claim against you, us or a third party
- Explicit consent: You have given your explicit consent to the processing of your personal information for one or more specified purposes