Arca's Privacy Policy

The Australian Retail Credit Association Limited, ACN 136 340 791 (Arca) and its related bodies corporate, including the Reciprocity & Data Exchange Administrator Pty Ltd, ACN 606 611 670, (we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our “APP privacy policy” and it tells you how we collect and manage your personal information.

We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and we comply with all of the Act’s requirements in respect to the collection, management and disclosure of your personal information.

What is your personal information?

Personal information has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What personal information do we collect and hold?

We may collect the following types of personal information:

• identification and contact details, such as your name, email, mailing address and telephone number
• information about your role in your organisation
• payment details and preferences in relation to our training courses and events.

We may also collect any additional information relating to you that you provide to us directly through our website or indirectly through use of our website.

We do not usually collect any sensitive information about you unless it relates to food allergies (medical information) which may be collected in relation to one of our events.

You may choose to interact with us anonymously or using a pseudonym, except in relation to matters where we need to identify you, such as for payment or Member or Signatory website portal access. 

If you do not provide information we request about you, we may not be able to register your access to our website portals and you may not be able to enjoy or participate in the full range of our services effectively or at all.

How do we collect your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. At times we may also collect your personal information from third parties with your consent.

When collecting your personal information, we may collect it in ways including:

• through your access and use of the Arca (arca.asn.au) and Principles of Reciprocity and Data Exchange (prde.com.au) websites

• when your employer registers for membership or to become a signatory to the PRDE

• when you register for or attend any of our events
• when you register for access to the Australian Credit Reporting Data Standard (ACRDS) and/or Principles of Reciprocity and Data Exchange (PRDE), or you otherwise make an enquiry about the ACRDS and/or PRDE

• if you tell us about your areas of professional interest

• you undertake any of our training events or courses

• if you send us contributions for publication

• if you speak at our events

• if you participate in our surveys

• if you nominate for or are appointed to our Board or join one of our working groups

• when you inquire about or apply for a position with us

• at any time that you communicate with us.

For what purpose do we collect, hold, use and disclose your personal information?

We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality Member or Signatory engagement.

We collect, hold, use and disclose your personal information for the following purposes:

• to verify your identity, process your application/registration and manage your membership or signatory request, including your membership of different working or advisory groups

• to send communications requested by you

• to answer enquiries and provide information or advice about our association or the PRDE/ACRDS

• to exchange information with you about our activities, including information relevant to your participation in a working or advisory group or the Board

• to retain a record of your attendance at events and attendance at training or courses
• to communicate with you about the Arca and PRDE websites and publications (for example, to inform you about new discussions, blogs, materials, information, news and site features that we believe may interest you and to send you our updates)
• where you have registered for access to the ACRDS, to communicate with you about the standard and any versions that have been released subsequent to your registration to access the ACRDS
• where you are a PRDE signatory or have registered for access to the PRDE information pack or otherwise sought to become a signatory to the PRDE, to communicate with you about the PRDE, provide relevant updates or communicate in respect to compliance matters (including providing you information about compliance issues impacting other signatories, as well as seeking information in respect to compliance issues affecting your organisation)
• to inform you of our upcoming conferences, training programs and events (unless you elect not to receive such information)

• to send you promotional material about conferences and events, organisational membership renewals or to inform you about the products or services of any of our sponsors. You may tell us at any time using the contact details at the end of this Policy if you do not wish to receive promotional information from us and we will stop sending it to you.

To whom do we disclose your personal information?

We are administered from Australia and our website, document and email exchange is hosted in Australia.  However, technical support, backup and disaster recovery scenarios may utilise facilities outside Australia.

We may disclose your personal information to:

• our employees, related bodies corporate, contractors or service providers for the purposes of the operation of our association or administration of the PRDE/ACRDS, including, without limitation, web hosting providers, IT systems administrators, couriers, payment processors, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, business advisors and consultants
• physical and virtual event planners, facilitators and event platform providers in Australia or New Zealand to manage or assist in the running of events you have registered to attend, including Arca’s current event platform provider Encore Event Technologies Pty Ltd (ABN 46 006 668 702) and event management provider Fetching Events & Communications (ABN 28 119 380 780) as well as any additional event planners, facilitators and event platform providers that Arca engages for the purpose of managing or assisting the running of Arca events

• Sponsors for Arca events including the Arca Credit Summit, with each of these organisations listed in the separate event notification statement

• our Australia-based service providers such as Microsoft, itro, Salesforce and Web Force 5, in relation to the operation, administration and maintenance of our website and your membership or signatory status
• as a PRDE signatory, where a dispute exists, disclosures to other PRDE signatories or Eminent Person which are required as part of the dispute process

• any government or regulatory authority which requires us to do so.

We also take reasonable steps to protect your personal information. We restrict access to your personal information to those people or service providers who need to know that information to provide services. In addition, we train our employees about the importance of protecting the privacy and security of your information.

Do we disclose your personal information to overseas recipients?

We may disclose your personal information to overseas recipients, for example, our service providers

• Microsoft, which may be hosted in countries in the Asia Pacific
• Amazon Web Services (AWS) which may be hosted globally, including in United States, Netherlands, Ireland, Singapore and Hong Kong
• Cvent which may be hosted in countries in Europe or in the United States

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information that we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will let you know.

What if you have a complaint about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.

We will attempt to confirm as appropriate with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view. If you are unsatisfied with the outcome, we will advise you about further options including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner.

Cookies and analytics

When you browse the Arca website, we use cookies to collect anonymous traffic data about how you interact with us. A cookie is small bits of code in the form of an electronic token that is passed to your browser and your browser passes it back to the Arca server whenever a page is sent to you. Cookies can only be read by the issuing server. This helps us measure how our services are used and what we can do to improve. The cookie contains no personal information about you.

We use Google Analytics (including the Advertising Features) and Google Tag Manager, which are web analysis services provided by Google Inc. ('Google').

All the information we collect using Google Analytics and Google Tag Manager is for internal purposes only. We cannot identify individuals based on the data we collect and we won't publish any of it on our website.

Reports obtained from Google Analytics are used to improve the efficiency and usability of this website. Google Analytics uses cookies to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The Advertising Features is a function within Google Analytics to get more advanced information about our users, such as user demographics, user interests, and frequency of visits. For more information on how Google uses the data collected, visit Google's (External link: Privacy Policy) and External link: Google Analytics Terms of Service. To opt out and prevent your data from being collected by External link: Google Analytics, you can download Google's opt out add-on.

Google Tag Manager lets us combine codes on different areas of the website and collect data in ways that we can't do with Google Analytics. For more information on how Google uses the data collected, visit Google's External link: Privacy Policy.

By using this website, you consent to Google processing data about you in the manner and for the purposes set out above.

Contacting us

If you have any questions about this policy, any concerns or complaints regarding the treatment of your privacy or a possible breach of your privacy, please contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.         

Please contact our Privacy Officer at:

Privacy Officer
Arca
Post:        PO Box Q170, Queen Victoria Building NSW 1230
Phone:     (03) 9863 7859
Email:      [email protected]

Changes to our Privacy Policy

We may change this policy from time to time. Any updated versions of this policy will be posted on our website.

This Policy was last updated 5 April 2024