Skip to main content

Privacy policy

This is the privacy policy of FINSIA - the Financial Services Institute of Australasia ACN 066 027 389 and its controlled entities.


This Privacy Policy describes how FINSIA (the Financial Services Institute of Australasia) and its controlled entities, collects, holds, uses and discloses personal information consistent with the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) found in that Act. In addition, this Privacy Policy incorporates how we manage personal information collected from individuals based in New Zealand in accordance with the New Zealand Privacy Act 2020 and the information privacy principles set out in that Act (NZIPPs). This Privacy Policy also explains how we process ‘personal data’ about people in the European Union (EU), as required under the General Data Protection Regulation (GDPR). All references to personal information in this Privacy Policy will also apply to personal data for the purposes of the GDPR.

This Privacy Policy is also notification to individuals of the matters required to be notified by the APPs, the NZIPPs and the GDPR.

We will review this policy regularly, and we may update it from time to time to ensure we are complying with any legislative changes. Updates will be published on our website.

FINSIA, as a professional association and provider of membership & education services to the financial services industry, collects, holds, uses and discloses personal information to carry out its activities. We are committed to protecting the privacy of the personal information we collect and receive.

Our Partners

FINSIA has strategic partnerships, including with overseas professional institutes and with providers of training and related services.

Collection of Personal Information

The kinds of information we collect will depend on which of our products or services are used and how you use the facilities offered or accessed via our website (

At all times we try to only collect the information we need for the particular product or service we are providing. The kinds of personal information that FINSIA collects and holds include:

  • Name.
  • Gender.
  • Date of birth.
  • Contact details (for example, postal address, e-mail address, telephone number(s), facsimile number). For certain student cohorts we may also hold employee numbers.
  • Citizenship.
  • Qualifications held or currently being completed, including final assessment scores.
  • Occupation – company, position, job function and market segment.
  • Work experience.
  • Membership details.
  • Professional development choices and areas of interest.
  • Whether or not you are Aboriginal/ Torres Strait Islander.
  • Financial information (bank and credit account details) – for membership payment and enrolment purposes. Partial details are held via a third-party payment gateway.
  • Information relating to complaints received and any disciplinary investigations or other action.
  • Criminal record information.

Some of the information that we collect about you may be sensitive information especially if we are dealing with a complaint or disciplinary issue. This might include information about your racial or ethnic origin, association memberships or criminal history.

FINSIA generally collects personal information directly from you and, in particular, from paper and electronic forms that you or your employer complete and provide to us. We may also collect your personal information in other ways including (but not limited to) by way of email, telephone, video calls, conversations between you and us or our representatives, contracting with us, or via our website.

FINSIA may also collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as complainants, respondents to a complaint, investigation, application or data breach notification. We also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in our products or services.

If you do not provide us with your personal information, we may not be able to provide you with membership, benefits or services. Where possible we will allow you to interact with us anonymously. For example, if you contact our Member Services team with a general question, you do not need to provide your name unless we need it to adequately handle your question.

However, for most of our functions and activities, we usually need your name, contact details and enough information about the particular matter to enable us to handle your inquiry, request, complaint or application.

Please note If you intend to disclose personal information to us about another person, it is your responsibility to ensure you have a lawful basis to do so.

Social networking services

FINSIA uses social networking services such as Facebook, LinkedIn, Twitter, YouTube and Instagram to communicate with the public about its activities. FINSIA may collect your personal information when you communicate with us by using these social networking services. We will only use this information to help us communicate with our members, students and the public. The social networking services will also handle your personal information for their own services. These social networking sites have their own privacy policies. Given the public nature of social networking services, other users may read, collect and use your personal information which you choose to share on that social networking service. We cannot guarantee that any information you choose to contribute on that social networking service will be managed in accordance with this Privacy Policy.

Use and disclosure of information

FINSIA will not use your personal information for any purpose that you would not reasonably expect FINSIA to use it for. If we need to use your personal information for a purpose other than one that we believe you would reasonably expect we will seek your specific consent.

The purposes for which FINSIA uses personal information include, but are not limited to:

  • To fulfil our role as a professional association, including maintaining membership records; providing education programs, services and benefits available to members; communicating with members regarding inquiries, requests for information and use of services.
  • To undertake investigations and implement disciplinary procedures.
  • To undertake marketing activities directed to members and students or prospective members or students.
  • Communicating with you.
  • To access the performance of our website and to improve its operation.
  • To protect and/or enforce our legal rights and interests, including defending any claim.
  • For any other purpose authorised by you or in accordance with prevailing law.

FINSIA will not generally disclose personal information to parties outside FINSIA, other than for a purpose directly related to our activities as a professional association and provision or improvement of our membership services or education programs.

In order to deliver our services to you, we occasionally need to disclose personal information to our agents, contractors or third-party service providers, such as providers of administrative, telecommunications, learning management systems, information technology/computer, payment gateway or other services. These service providers support the operation of our business and are under contract to FINSIA to keep personal information confidential and secure.

Personal information is occasionally disclosed to contracted partners, on a strictly confidential basis, for the purpose of conducting professional development events. FINSIA does not provide or sell any personal information to external organisations for commercial purposes.

Your personal information may be disclosed to other parties where you have agreed, or where it is required under an Australian law, a law of New Zealand, or by court/ tribunal orders.

FINSIA is in strategic partnerships with overseas professional bodies located in the United Kingdom. We may need to disclose your personal information to an overseas recipient in order for you to access their services or intellectual property. We will only disclose the minimum information required for this purpose. FINSIA’s contractual agreements with these organisations include requirements that these organisations deal with such personal information in accordance with applicable APPs, the NZIPPs or GDPR (depending on which jurisdiction is applicable to our processing of your personal information).

Requirements for communicating consent differ in some non-Australian jurisdictions in which FINSIA has members and dealings, including under the GDPR. We are committed to complying with all laws which are applicable to our activities.

Where we are carrying on business in New Zealand (as the term is phrased in the New Zealand Privacy Act 2020), NZIPP 12 permits us to disclose personal information about an individual to a recipient based outside of New Zealand in limited circumstances, including where we reasonably believe an overseas recipient has comparable safeguards in place to those set out in the New Zealand Privacy Act 2020. While we will always take reasonable steps to ensure that an overseas recipient has comparable safeguard in place, for the avoidance of doubt, by engaging with us and providing us with your personal information it will be deemed you have given your express consent for us to disclose your personal information to overseas recipients (including in circumstances where an overseas recipient may not have comparable safeguards in place to those expected under the New Zealand Privacy Act 2020 or the NZIPPs).

We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes that you would reasonably expect or if you agree, for example when dealing with a complaint.

In addition, at our events we sometimes take photographs of our participants sitting within the audience and may publish these images to advertise future events or workshops. Please inform the photographer at the event if you do not allow us to publish your image.

Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.

When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

Data retention

Education program and qualification assessment outcomes, CPD records and periods of membership, with associated personal data required for identification, will be retained indefinitely. This is for the purpose of confirming qualifications and membership claimed with reasonable third parties upon request – including potential employers, regulators, education training organisations and other Government bodies.

Information collected from prospective or prior members’ data, other than qualification assessment outcomes, CPD records and periods of membership and data for associated identification purposes, will be destroyed in a secure manner within seven (7) years from collection.


FINSIA maintains strict standards and security procedures to prevent misuse, interference and loss, unauthorised access, modification, or disclosure.

If you are a member, and/or studying with FINSIA, personal information received by FINSIA is held electronically on the information technology systems of FINSIA and contracted third parties. To access your membership account via our website (, you will need to use a log-in name and secure password. This restriction of access ensures that, other than authorised employees and contractors of FINSIA, your personal information is only available to you. You should not disclose your secure password to anyone.

Your information may only be accessed by FINSIA’s authorised employees and contractors which require access in connection with the purposes described in this Policy.

Following the lapse of your membership, your information is retained in case of a requirement for restoration of membership or provision of a membership history is required or authorised by law or a court/tribunal order.

All personal information collected is held on our cloud storage, on servers located in Australia. We retain effective control over any personal information held on our cloud, and the information is handled in accordance with the APPs (which provides comparable safeguards to the NZIPPs).

We take steps to protect the security of the personal information we hold from both internal and external threats by:

  • Regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification, or disclosure of that information.
  • Taking measures to address those risks, for example, we keep a record (audit trail) of when someone has accessed our electronic databases and regularly check that staff only access those records when they need to.
  • Conducting regular external audits to assess whether we have adequately complied with or implemented these measures.

If there is a privacy breach involving your personal information, we will comply with our legal obligations under the Australian Privacy Act and the APPs and the New Zealand Privacy Act 2020 and the NZIPPs (including notifying the New Zealand Privacy Commissioner and/or the affected individuals) as the case may be.

Website policy

Internet transmission of information

Encryption technology is used to ensure that information is protected when being transmitted over the Internet. FINSIA cannot ensure the security of any information transmitted over the Internet and individuals send personal information at their own risk. However, once we receive a transmission, we take reasonable steps to ensure that personal information is secure on our systems and those of our agents and protected from loss, misuse, and unauthorised access.


We use "cookies" to enhance functionality and to keep track of visits to our website.

A cookie is a small data file that contains information about your visit to a website. Your computer provides this information during your first visit to a web server. The server records this information in a text file and stores this file on your hard drive. When you visit the same website again, the server looks for the cookie and structures itself based on the information provided. A cookie only identifies your computer to a web server when you visit the site.

If you visit our website to browse or download information, our web server will record the date and time of your visit to our site, the pages viewed, and the information downloaded. We generally use this information for statistical purposes to improve your experience when visiting our website. We also use this data to understand and report on which content pages and downloads are accessed.

Most web browsers are initially set up to accept cookies. You can reset your browser to refuse all cookies or to warn you before accepting cookies. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You can refuse cookies by turning them off in your browser.

If your browser is configured to reject all cookies, you will be unable to use services on the website that require cookies in order to participate. You may still be able to use some information-only pages if you do not accept cookies.

We may also collect IP addresses (that is, the unique electronic addresses assigned to devices connected to the internet) for analytical purposes, to administer the website and for security purposes.

Embedded videos

We use Google’s YouTube to host embedded videos on our website. When you play an embedded video from our website the video and associated assets will load from the domain and other domains associated with Google’s YouTube player.

Employee Records

FINSIA is generally exempt from the Privacy Act when it collects and handles employee records. However, our policy is to protect the personal information of our employees as we do for other personal information.

Links to other sites

Our website contains links to other websites and this policy does not apply to these linked websites. We encourage you to read the privacy policy of every website you visit.

Access to information

In order to provide you with services and benefits, FINSIA relies on the accuracy of personal information that you provide. You should promptly notify FINSIA if there are any changes to your personal information. You can do this by logging on to your membership account on the FINSIA website, or by contacting the FINSIA office.

Under the Privacy Act (Australian Privacy Principles 12 and 13) and NZIPP 6 and 7, you can request access to personal information that FINSIA holds about you, and you can request that FINSIA corrects that personal information. FINSIA will give you access to your personal information and will take reasonable steps to correct it if FINSIA considers that it is incorrect, unless there is a law that allows or requires us not to.

We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.

The steps appropriate to verify an individual’s identity will depend on the circumstances. We will seek the minimum amount of personal information needed to establish an individual’s identity. For example, during a telephone contact it may be adequate for us to request information that can be checked against our records.

The steps appropriate to verify an individual’s identity will depend on the circumstances. We will seek the minimum amount of personal information needed to establish an individual’s identity. For example, during a telephone contact it may be adequate for us to request information that can be checked against our records.

If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.

If FINSIA refuses to give you access to your personal information, or to correct it, FINSIA will notify you in writing and will provide reasons.

If you would like to access or correct your personal information, contact our Privacy Officer (details are below).

Exercising your other rights

You have a number of other rights in relation to the personal data that FINSIA holds about you. You have the right to:

  • Opt-out of direct marketing, and profiling for marketing.
  • Opt-out of processing for research/statistical purposes, or processing on the grounds of ‘public interest’ or ‘legitimate interest’.

If your personal information is subject to the GDPR, you have additional rights:

  • Erasure or de-identification of information not longer needed for any legitimate purpose in accordance with the Privacy Act, APPs and GDPR.
  • Data portability., and
  • Temporary restriction of processing;

and we will provide these rights subject to any overriding obligations under Australian law.

Under Australian and New Zealand Privacy Law (as compared to the GDPR:

  • There is no ‘right to erasure’, but FINSIA must take reasonable steps to destroy personal information or to ensure it is de-identified if the information is no longer needed for any legitimate purpose.
  • There is no right to ‘data portability’ or ‘right to object’. However, you do have a right to request access to, and correction of, your personal information as noted above.
  • There is no right to the restriction of processing. However, we must take reasonable steps to ensure the quality of personal information that we hold, and to correct incorrect personal information.

To seek to exercise any of those rights, please contact our Privacy Officer.

To contact our Privacy Officer

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:

Our Privacy Officer is:

Name: Dwayne Beale
Phone: +61 2 9275 7900
Email: [email protected]

Suite 1903, Level 19
Gateway Tower, 1 Macquarie Place
Sydney NSW 2000

For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).

We will endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days, and we will endeavour to respond within 30 days of receipt (or 20 working days if the request relates to personal information of an individual based in New Zealand).

If you are not satisfied with our response to a complaint, you have the right to contact:

  • the Office of Australian Information Commissioner (at; if you are an individual based in Australia; or
  • the Office of the Privacy Commissioner (at, if you are an individual based in New Zealand;

to lodge a complaint.