Privacy Policy

COR200 V6.2

 

Document Review

Timeframe for review:                every five years, or earlier if required.

Document authorisation:           Board

Document implementation:       CEO

Document maintenance:            Manager, Governance and Risk

 

Revision History

Version

Date

Pages revised / Brief Explanation of Revision
v1 Dec-2001 Approved by Council.  Subsequent changes in Dec-2006 and Jul-2011
v4 Jul-2014 Updated to comply with Australian Privacy Principles
v5 May-2017 Substantive revisions throughout
v6 Jun-2018 Inclusion of Supplement to the Policy
v6.1 Jan-2020 Minor revisions to reflect revised organisational structure. Formal approval not required pursuant to Board decision in 2019.
v6.2 Apr-2025

Removal of terms EMC, EMD, EMAD, and DipPHRM to reflect changes to training program titles
 
 

1. Purpose and Scope

This policy sets out the information handling practices of the Australasian College for Emergency Medicine (ACEM; the College), including information available on the ACEM website.

The specific legal obligations of entities when collecting and handling personal information are outlined in the Commonwealth Australian Privacy Principles and other provisions of the Privacy Act 1988 (Cth) (Australia) and the Information Privacy Principles and other provisions of the Privacy Act 1993 (New Zealand).  One of such obligations requires entities to have a privacy policy.  This policy encompasses requests for information that are explicitly considered in ACEM privacy statements and consent to release forms, as well as those which are not covered by an existing consent to release information.

 

2. Definitions

Member

except where otherwise stated, means a person designated as a 'member' in the ACEM Constitution and associated regulations; and, for the purposes of this policy, also includes any other person, other than trainees, serving on any ACEM entity or as an ACEM representative.

Personal information

means information or an opinion about an individual whose identify is apparent or can be ascertained from the information or opinion (‘you’), whether or not that information or opinion is true and whether or not it is recorded in a material form.

Privacy Officer

means the ACEM staff member signified as such in Section 8.1 of this policy

Sensitive information

means personal information about a person’s race/ethnicity, religion, political opinions, affiliations, philosophy, memberships, sexual preferences/practices, and their health, genetic or criminal record.

Trainee

means an individual enrolled in an ACEM training program and, for the purposes of this policy, undertaking College requirements for the purpose of attaining eligibility for election to Fellowship of
the College.

 

3. Collection

In order for ACEM to effectively fulfil its principal roles as a provider of emergency medicine training, a membership organisation and an employer, it is necessary for ACEM to collect personal information from individuals participating in these activities.

ACEM may collect such information about members, trainees, SIMGs applying to and seeking information in relation to applicable specialist/vocational registration assessment pathways, applicants for registration with ACEM, whether as a trainee, CPD program participant or otherwise, suppliers, conference delegates, staff and other individuals who interact with ACEM. 

The information ACEM collects about individuals includes name, address, contact details, training records, financial records and other information relevant to their relationship to ACEM functions and activities.  ACEM may also collect information indirectly through such means as assessments, verifications of completion of training, confirmation of educational requirements and similar.

Except where it is unreasonable or impracticable to do so or where it occurs with an individual’s permission, ACEM will collect this information only from the individual concerned.  In addition, unless permitted or required to do so by law, ACEM will not collect sensitive information about an individual without their consent. 

ACEM will ensure a designated employee is appropriately trained in privacy legislation and will act as the ACEM Privacy Officer in order to be the primary ACEM source of information regarding privacy matters.

3.1 Purpose of collection

Personal information will be collected in relation to the primary and secondary purposes of ACEM (as referred to in this policy).  It allows ACEM to provide services such as training; to procure goods and services from suppliers and generally interact with third parties; to contact individuals and others; and ensures access to member-only services on the ACEM website.

3.2 Points of collection

The main points at which personal information is collected include:

  • on joining ACEM as a trainee  or member
  • on applying for specialist assessment and/or assessment for an Area of Need position or specialist-in-training purposes
  • on applying to and joining ACEM as an employee or non-FACEM member of the Board or other ACEM governing body or entity
  • on registering for ACEM events such as scientific meeting and conferences
  • on visiting the ACEM’s website.

Website information collection

The usage analysis software used by ACEM in connection with ACEM website records (amongst other things):

  • unique visitors and sessions
  • requested pages, downloads, search terms used, posted forms, status and errors, hits and bytes downloaded per directory, file, and file type
  • entrance pages, exit pages, click paths, click to and click from and length of session
  • domains, countries, and IP addresses, and
  • browsers, platforms, and robots.

The statistics are de-identified at the time of recording.  This information is used for administrative purposes, including to improve and assess services, and to monitor usage patterns in order to improve navigation and design features - helping users to get information more easily.

The ACEM website will also use cookies to manage login and logout.

3.3 Complete and accurate details

Where possible and practicable, individuals have the option to deal with ACEM on an anonymous basis or by using a pseudonym.  However, if personal information provided to ACEM is incomplete or inaccurate, or if personal information is withheld, ACEM may not be able to deal with the individual or deal with the individual effectively, in which case, additional requirements and conditions may be notified by ACEM.

 

4. Use

ACEM will at all times try to only collect the information needed for a particular function or activity.  The information collected will depend on the individual’s relationship with ACEM.

ACEM collects personal information for a number of purposes (being the primary purposes of collection), including:

  • to provide membership services and benefits and maintain membership and service/benefits records
  • to assist, support, provide and improve continuing professional development and education and training
  • to enable planning, policy and service development and to market, advertise or otherwise promote ACEM, including to inform individuals of special offers or additional services provided by ACEM
  • to monitor and investigate conduct
  • to operate a complaints resolution process
  • to provide workplaces and training environments which are free from discrimination, bullying and sexual harassment
  • to provide assessment processes for SIMGs
  • to implement, monitor and maintain quality assurance processes and systems, as well as processes and systems concerning regulatory matters, registrations, accreditation, audits, risk and claims management (including dealings with insurers)
  • to procure funding, donations or other support for the activities of ACEM
  • to enable internal administration, training, assessments and reviews
  • to operate boards, committees, sections and other ACEM bodies
  • to provide or undertake any of the other activities referred to in this policy, and
  • to conduct or facilitate research or surveys for purposes related to ACEM, emergency medicine and/or one or more of the above.

Information may also be used or disclosed for secondary purposes which directly relate to the primary purpose of collection, or for any other purpose authorised by you or which is required or authorised by law.

 

5. Disclosure

ACEM will only disclose personal information for the primary purpose for which it was collected, for a secondary purpose if it directly relates to the primary purpose or for any other lawful purpose.

5.1 Third party disclosure

ACEM does engage third parties to perform certain business functions.  Therefore, it is sometimes necessary to disclose personal information to those suppliers.  In general, ACEM may disclose personal information to the following persons and organisations:

  • ACEM’s consultants, auditors, lawyers, contractors and contracted staff or service providers that provide goods or administrative, membership or other services in connection with the activities of ACEM
  • entities and institutions that provide services or undertake activities in conjunction with or in association with ACEM
  • regulatory authorities and bodies, professional or specialist societies and associations, hospitals and health centres and relevant complaints tribunals and government departments and agencies
  • where ACEM collects an individual’s information from someone else, or another entity, then that person or entity
  • where the law requires or permits ACEM to do so (such as to law enforcement agencies), and
  • an individual’s agent (with an individual’s authority).

Information supplied in such circumstances is disclosed to suppliers for the contracted purpose.  Failure by the third party to act in accordance with this policy and other contractual and legal obligations may result in termination of the relationship with ACEM.

All specific requests for information from a third party (including a specialty society) must be documented.

College website and publications

ACEM uses sound and image recordings (including photographs) in the production of educational and promotional material for ACEM purposes.  Such material may be published, either in electronic media (including our website) or in hard copy publications.  ACEM officers may also take image recordings of attendees at ACEM events, which may be published on the ACEM website or other media with your consent (express or implied).

5.2 Specialist Assessment

ACEM is involved in the assessment of international medical graduates’ emergency medicine training, qualifications and experience, and therefore provides its decisions and recommendations arising from these assessments to the Australian Medical Council, the Medical Board of Australia and/or the Medical Council of New Zealand.

Without limiting the scope of the authorised uses, ACEM may need to clarify information provided to it for this purpose with external institutions or individuals, and gather additional information in order to complete the assessment.  ACEM may also disclose personal information where required to do so by law.

5.3 Members and Trainees

Without limiting the generality of section 4, personal information about members and trainees is used to conduct ACEM business, including for the purposes of training and assessment and for continuing professional development.

Information may, without limitation, be shared and used by all ACEM staff, officers and officeholders, supervisors of training, committees and subcommittees connected with ACEM’s activities or functions where access to such information is warranted, as determined by ACEM.

Where ACEM collects information about membership of other professional associations, this information will not be disclosed without consent.

Public enquiries regarding member information

ACEM can respond to requests for the name and practice address of a member, with confirmation that he or she is a Fellow, member or trainee of ACEM.  Except where required or authorised by law, any other information will not be provided without the individual’s permission.

Members of the public include spouses, family members and colleagues.

Enquiries regarding CPD status

ACEM can respond to requests from a prospective or current employer or their agents regarding the participation of an individual member in ACEM’s Continuing Professional Development (CPD) Program.

Enquiries regarding trainee status

ACEM can respond to an enquiry from a medical registration authority or from a prospective or current employer or their agents regarding the participation of an individual trainee in ACEM’s training programs.  The enquirer may be advised:

  • the training program(s) in which the trainee is registered and, if the FACEM Training Program, whether they are a Provisional or Advanced trainee
  • whether the trainee is currently actively participating in the applicable training program.

Requests for information regarding staff

Personal information related to staff members may not be divulged unless consent is received from the staff member concerned or disclosure is authorised or required by law.  The staff member’s Executive Director has access to his or her personnel file.

Without limitation, a staff member can authorise the Human Resources Coordinator to release information pertaining to their employment in relation to enquiries from credit agencies, real estate agents and banks.  Human Resources may release information on staff to the appropriate statutory authority (e.g. the Australian Taxation Office). 

All staff have access to their own personnel files. 

Prohibited uses

ACEM does not sell or rent the personal information it has collected to organisations such as telemarketers, pharmaceutical companies or medical equipment companies.  ACEM will not accept requests to market products or to advertise training courses directly to members and trainees and will therefore not disclose contact information to organisations requesting its use for these purposes.

5.4 Overseas recipients

ACEM is a corporate entity which is registered and operates in both Australia and New Zealand.  As of necessity, personal information may be collected, used and disclosed between those countries in respect of member, trainees and applicants for assessment of international qualifications.

Personal information may also be disclosed to recipients in overseas countries other than New Zealand, in appropriate circumstances, especially in relation to the assessment of an international medical graduate’s training, qualifications and experience or those undertaking a period of training overseas.  Should this be necessary, the individual will be asked to complete a form consenting to ACEM disclosing information to the overseas recipient, and to the overseas recipient providing the requested personal information to ACEM.

 

6. Maintenance of Information

6.1 Security

ACEM takes reasonable steps to protect personal information from unauthorised use, access, disclosure and alteration.  Staff must comply with ACEM’s policy on the handling of personal and confidential information.  IT protection systems and internal procedures are also utilised to protect the personal information held by ACEM.  This includes the website where ACEM endeavours to ensure the website is secure through the use of firewalls.

ACEM may store electronic information on remote serves or in the cloud directly, or through contracted agencies in Australia and New Zealand, as permitted by privacy legislation.

Personal data is maintained under strict security and is to only be accessed internally by those ACEM employees who have permission to do so.

Information will be held until it is no longer needed for any function or activity of ACEM, at which time it will be destroyed or de-identified unless its retention is required or permitted by law.  

6.2 Correction of information

ACEM will take all steps as reasonably possible to ensure that the information it holds is accurate, up-to-date, complete, relevant and not misleading.  Individuals are encouraged to contact ACEM if the information held is incorrect or if personal information has changed.  This should be directed to ACEM administration (This email address is being protected from spambots. You need JavaScript enabled to view it.) or, where applicable, amended by the individual through the ACEM Member Portal.

6.3 Access

The identified information that ACEM has used to grant member access to members can be directly viewed by the individual.  Trainees are also able to access information relating to their training status and progress in the applicable training program.

Individuals may otherwise contact the Privacy Officer at any time to access their personal information.  All such requests must be made in writing to ACEM (This email address is being protected from spambots. You need JavaScript enabled to view it.).  The request will be addressed in accordance with privacy legislation. 

If ACEM is unable to accede to an individual’s request for access or for access in a particular manner, the individual will be notified in writing and provided with the reason(s) why this could not occur.

As permitted by law, a fee may be requested to cover the cost of access.

 

7. Complaints and concerns

While ACEM aims to meet all requests for access to personal information, in a small number of cases and where permitted to do so by law, ACEM may not give access or may do so only under conditions.

7.1 Privacy Officer

The Chief Executive Officer will act as the ACEM Privacy Officer, and may be contacted at any time regarding any requests to view personal information, or in relation to any concerns or complaints about private information.  Contact details are as follows: 

Privacy Officer

Australasian College for Emergency Medicine

34 Jeffcott Street, West Melbourne VIC 3003

Phone: +61 3 9320 0444

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

7.2 Formal complaint process

An individual who considers that their rights under privacy legislation have been breached and where informal resolution of the matter has not been achieved, is also entitled to make a formal complaint to ACEM pursuant to provisions of the ACEM Complaints Policy.

7.3 External complaint process

In Australia, an individual dissatisfied with the outcome of a privacy complaint, is able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) – http://www.oaic.gov.au/privacy/privacy-complaints.

In New Zealand, an individual dissatisfied with the outcome of a privacy complaint, is able to lodge a complaint with the Office of the Privacy Commissioner, Te Mana Matapono Matatapu - https://www.privacy.org.nz/your-rights/how-to-complain/.

 

Supplement

This supplement is intended to add to the College’s Privacy Policy (the policy) in relation to the General Data Protection Regulation (‘GDPR’) and is not intended to replace the policy, which applies to the collection, use and disclosure of personal information from individuals located in Australia and New Zealand.  The purpose of this supplement is to address the College’s obligations with respect to the processing of personal data collected from residents of the European Union.

Use of personal data

The College uses and processes personal data in accordance with the requirements and restrictions of the GDPR. Without limiting the foregoing, the College uses and processes personal data in the following situations:

  • where the processing is necessary for the performance of a contract to which a member or trainee is a party or in order to enable the College to take steps upon request prior to entering into a contract;
  • where a member or trainee has consented to the College processing their data for one or more specific purpose as made known to them at the time the College collects their personal data;
  • the processing is necessary to enable the College to comply with a legal obligation to which the College is subject;
  • the processing is necessary for the legitimate interests of the College.

The legitimate interests of the College include (but are not limited to) one or all of the purposes for which the College collects personal information, as listed in section 4 of the policy.

The College will store personal data only for the period during which it is necessary for the College to process the personal data for the purpose(s) for which it is collected, or in order to enable the College to comply with its legal, statutory and regulatory obligations. Accordingly, the College will securely destroy and erase personal data from its systems when the personal data is no longer required or, where applicable, following a request from a member or trainee to destroy or to erase their personal data, unless the College is required or permitted by law to retain such personal data for a longer period.

Disclosure of personal data

The College will use its reasonable endeavours to limit the disclosure of personal data only to those potential recipients listed in section 5 of the policy. Disclosure of personal data to a recipient not listed in section 5 of the policy will occur only with the consent of the member or trainee, or as otherwise permitted or required by law.

Cross border transfer of personal data

The College is based in West Melbourne, Victoria, Australia. Accordingly, the personal data the College collects from a member or trainee will be transferred out of the European Union to the College and may be stored on servers owned or controlled by the College, which are located in Australia, or backup servers stored in Singapore.

The College has implemented appropriate safeguards in connection with the protection of personal data transferred from the European Union into Australia (into the College’s control). The College will use its best endeavours to ensure that any third party recipient located outside the European Union will take steps to safeguard the personal data transferred or disclosed by the College to the recipient.

Further cross border transfer of personal data will only occur as envisaged in section 5.4 of the policy.

Security

In accordance with section 6.1 of the policy, the College has implemented appropriate technical and organisational measures to protect personal data from unauthorised use, access, disclosure and alteration.

Rights of a member or trainee

In accordance with the GDPR, a member or trainee has the right to make a written request to the College to be informed whether or not the College holds or processes any of their personal data. Requests should be submitted to the College’s privacy officer in accordance with the contact details outlined in section 7.1 of the policy.

In a request to the College, a member or trainee may:

  • request that they are provided with details of the personal data processed by the College, the purpose(s) for which the personal data is processed, the recipient(s) (if any) of such personal data, the existence of any automated decision making involving the personal data, and what protocols ACEM has established to safeguard the personal data;
  • request that the College corrects any errors in the personal data the College holds about them;
  • request that the College erases their personal data if the College’s continued processing of such data is no longer justified;
  • request that the College transfers their personal data to a third party;
  • object to automated decision-making and profiling based on legitimate interests or the performance of a task in the public interest (in which event the processing will cease except where there are compelling legitimate grounds such as when the processing is necessary for the performance of a contract between the member or trainee and the College);
  • object to the receipt of direct marketing communications from the College; and
  • object to processing of their personal data for the purposes of scientific, historical research and statistics.

Members and trainees can exercise their right to prevent the processing of their personal data for the purpose of direct marketing by checking certain boxes on consent forms the College uses to collect personal data. Alternatively, a member or trainee can exercise the ‘opt-out’ mechanism the College provides when sending direct marketing communications.

Third parties

The College’s website and social media channels may include links to websites or social media channels owned or operated by third parties. In following any such link to a third party’s website or social media channel, members and trainees should be aware that the owner or operator of such website or social media channel is not covered by the College’s Privacy Policy and the College does not vouch for the privacy and data security policies and procedures used by the relevant third party.

Updates to the Privacy Policy and this supplement

The College periodically reviews its Privacy Policy (including this supplement) and reserves the right to amend, modify or replace the policy (including this supplement). The College will use all reasonable efforts to notify a change to the policy; however, the College encourages members and trainees to regularly review the College’s Privacy Policy (including this supplement) so that they are aware of the College’s current policy regarding the processing of personal data.

Complaints

Complaints regarding the College’s processing of personal data should be made to the College in accordance with the complaints-handling process documented in section 7 of the policy.