Skip to content
Engagement Institute

Privacy Policy

Last Updated: 8th October 2025

International Association for Public Participation Australasia Limited (ACN 165 006 511) trading as Engagement Institute (we, us, our or Engagement Institute) is committed to safeguarding your privacy and has created this privacy policy to demonstrate our commitment to privacy.

The Engagement Institute provides training, EngageMark certifications, resources, events and support to professionals and organisations engaged in community and stakeholder engagement across Australasia.

To the extent that the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), or the Privacy Act 1993 (NZ) (New Zealand Privacy Act) govern the way in which we must manage your personal information, this policy sets out how we collect, hold, use, disclose and otherwise manage personal information about you, including when you:

  • are an Engagement Institute member;
  • participate in our professional development activities (such as attend our training, seminars or events);
  • seek or obtain a certification from us (including through the EngageMark certification process);
  • take part in our awards, promotional or advocacy activities;
  • participate in an Advisory Group, Community of Practice, Committee or similar;
  • advertise a role on our job notice board;
  • subscribe to our publications or newsletters;
  • visit our websites located at engagementinstitute.org.au and www.engagemark.org (our websites); or
  • otherwise interact or communicate with us.

This Privacy Policy applies to the International Association for Public Participation (IAP2) Australasia and covers our processing activities as a data controller, and is divided into the following sections:

  • What personal information do we collect?
  • How do we collect personal information?
  • Can you deal with us without identifying yourself?
  • For what purposes do we collect, use, hold and disclose personal information?
  • To whom do we disclose personal information?
  • Disclosure of personal information overseas
  • Do we use your personal information for direct marketing?
  • How do we hold personal information and keep it secure?
  • Online privacy issues
  • How can you access and correct your personal information?
  • Complaints and feedback
  • Changes to the policy
  • How can you contact us?

What personal information do we collect?

We collect personal information, being information or an opinion about an identified or reasonably identifiable individual, about members and non-members to provide our products and services to you or someone else that you know (such as your organisation) and perform our functions and activities. See the section titled ‘For what purposes do we collect, hold, use and disclose personal information?’ for more information about the purposes for which we collect personal information.

The kinds of personal information we collect depends on our relationship with you, but may include the following:

  • your name, age range, personal and/or business contact details and gender;
  • details of your position and your employer, which industry you work in and whether you are responsible for or involved in engagement;
  • your academic qualifications and any other information on your academic transcript;
  • your years of experience within in the engagement sector;
  • whether you identify as First Nations, such as Aboriginal, Torres Strait Islander, Māori, Pasifika or other ethnicity;
  • your areas of interest and/or professional responsibilities;
  • your credit card or other payment and billing details; and
  • information about your membership of any professional association.

 If you are only attending an event or training session, we will typically collect your name, contact details, position title, organisation and credit card or other payment details. We may also collect any dietary requirements or accessibility requirements that you choose to share with us.

When you make a purchase using a credit card or other payment card details, we will typically require you to submit this information directly into our PCI/DSS-compliant payment processing service provided by our third party service provider. We do not ourselves process or store this information.

Except as otherwise permitted by law, we only collect sensitive information about you (such as your racial or ethnic origin, membership of a professional association or health information) if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities. Consent may be implied by the circumstances existing at the time of collection.  There may be circumstances where we are permitted to collect sensitive information without your consent, such as where we are required or authorised by law, or another exception applies.

How do we collect personal information?

We collect personal information in a number of different ways, including through application, registration, enrolment and renewal forms; by email; telephone; letters; faxes; event registrations and surveys. We collect personal information through our websites when an individual makes an online purchase or completes an online form, and in person when an individual attends our training or events.

Personal information will generally be collected directly from you.  There may, however, be some instances where personal information about you will be collected indirectly, such as where your organisation registers you to attend a training course or event, or provides us with evidence that includes personal information about you in order to assess the organisation’s application for certification, you are nominated for an award and we receive a reference about you, or you are identified as a key contact of an organisation that is a prospective member or customer through publicly available information.

Can you deal with us without identifying yourself?

It is our policy to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name. For example, you are able to access our websites and make general phone queries without having to identify yourself and you can respond to our surveys anonymously.

In some cases however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to become an Engagement Institute member or if you enrol in any of our certificate courses.

For what purposes do we collect, hold, use and disclose personal information?

We may collect, hold, use and disclose your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities, including to:

  • provide you or someone that you know (such as your organisation) with our products and services (including establishing and maintaining memberships and/or enrolments, enabling participation in member groups, functions and events, and processing payments);
  • undertake certification services you, or your organisation, request from us, which require us to hold evidence to support the certification;
  • manage our relationship with you;
  • communicate with you effectively;
  • identify which of our products and/or services will best meet your requirements;
  • analyse membership demographics and trends and identify industry and sectoral insights;
  • using these identified trends and insights to develop reports relating to our services and the industries to which our customers relate and advocate for commercial and governmental support of our activities;
  • improve our websites, products and services;
  • manage professional conduct issues;
  • monitor traffic on our websites, undertake data management for quality or operational purposes, and diagnose data collection issues;
  • investigate and respond to any enquiry or complaint made by you or on your behalf; and
  • notify you about products, services and promotions offered by us and our sponsors, partners and suppliers that we believe will be of interest to you (unless you have opted out). This is discussed further in the section below titled ‘Do we use and disclose your personal information for direct marketing?’

In addition, we may collect, hold, use and disclose your personal information for other purposes explained at the time of collection or as required or authorised by or under law or a court or tribunal order, to protect our legal rights and interests, and for our internal business administration and operations.

We may also aggregate and anonymise any of the information we collect and use it for the purpose of analytics, research and deriving insights, trends and benchmarks in relation to organisational engagement maturity, improving the EngageMark framework and our services (including developing new tools, programs, products and services), creating and distributing reports relating to organisational engagement maturity, advocating for governmental support of and promoting the EngageMark framework and our services.

To whom do we disclose personal information?

We may disclose personal information about you:

  • to our employees, volunteers, contractors and consultants (workers) (including our licensed assessors, if you are applying for EngageMark certification), our affiliated organisations and other third parties who require the information to assist us to operate our business, provide you or someone that you know with information, products and services, and establish, maintain, manage or end our relationship with you (including payment processors, insurers, IT and technology service providers, promotion or marketing service providers, event organisers and professional advisers such as lawyers, accountants and auditors);
  • to third parties acting on your behalf or to whom you have agreed we may disclose your personal information, which includes your organisation and their authorised representatives if your membership is linked to an organisational membership or, if you have an individual membership, you have authorised us to share your training records with your organisation;
  • if you attend a training course or event, we may use photographs or other footage for promotional purposes in a variety of formats (including print, video and digital). For footage specifically of individuals, we will obtain your prior written consent before using your image for promotional purposes.  However, where you are captured while in a crowd in a public place, you acknowledge that it would be impractical to seek specific consent from all people in a crowd, and we may use these images or footage for promotional purposes;
  • if you are the hiring manager or key contact in relation to a role published on our job notice board;
  • to any other person or entity as required or authorised by law or court or tribunal order, or as otherwise permitted by law.

We take reasonable steps to ensure that our service providers comply with the Australian Privacy Principles when they handle your personal information and are authorised only to use the personal information in order to provide the services or to perform the functions required by us.

The Engagement Institute does not sell or rent personal information to third parties for their own use.

We may disclose aggregate or de-identified information for any purpose detailed in this policy, including for analytics, research, development and advocacy purposes.  Such information will not identify you individually.

Disclosure of personal information overseas

We may disclose your personal information to overseas recipients, including our international affiliates and service providers located in countries such as the USA, Canada, Indonesia, South Africa, and Latin America. Where we do so, we will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information, unless an exception applies under the Privacy Act.

Do we use your personal information for direct marketing?

If you consent, we may use your personal information to let you know about our products, services, facilities, benefits and events and those of our sponsors, partners and suppliers. We (either on our own behalf or on behalf of our sponsors, partners or suppliers) may contact you for direct marketing purposes in a variety of ways, including by mail, email, telephone and online advertising.

Opting out

Members and non-members can opt out of receiving marketing communications from us at any time, in the following ways:

  • contact us through our websites using the ‘Contact Us’ form;
  • advise us if they receive a marketing call that they no longer wish to receive these calls; or
  • use the unsubscribe facility that we include in our electronic messages (such as emails and SMSs) to opt out of receiving those messages.

How do we hold personal information and keep it secure?

We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files (locked away where appropriate). Paper files may also be archived in boxes and stored offsite in secure facilities.

We take reasonable steps to ensure that that your personal information is stored safely to protect it from interference, misuse, loss, unauthorised access, modification or disclosure, including the use of Information and Communications Technology (ICT) security (using encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies. We only permit your details to be accessed by authorised personnel, and it is a condition of employment that our employees maintain the confidentiality of personal information.

Payment security of all financial transactions is maintained by Engagement Institute using EFTPOS, BPAY and online technologies. It is our policy to ensure that all financial transactions processed, meet industry security standards that ensure payment details are protected.

If you are concerned about sending your information over the internet, you can contact us by mail or telephone.

The privacy of your personal information can also be protected by you, by keeping passwords secret, changing them frequently and by ensuring that you log out of the websites when you have finished using it, as well as refraining from writing your credit card details in the body of an email.

If you become aware of any security breach, please advise us as soon as possible.

Online privacy issues

 We will apply this policy to all personal information we collect and hold, whether collected online or otherwise. This clause is intended to provide more information about privacy for the users of our websites.

Online collection of personal and non-personal information

As outlined in the section titled ‘How do we collect personal information?’, we collect personal information through our websites.

Our websites also collect other information which may or may not be personal information. For each visitor to our websites, our server automatically recognises and stores your ‘address’ (eg your domain name or internet protocol address), the type of your internet browser, and the address of the site which ‘referred’ you to our websites and clickstream data.

In addition, our websites use cookies and pixels (including third party tracking pixels) to track usage of our websites, improve user experience, deliver targeted online advertising and measure ad performance.

Most web browsers are set by default to accept cookies. However, if you do not wish to receive any cookies you may set your browser to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on the websites are available to you. We use cookies for tracking the statistics of our websites. This allows us to better understand our users and improve the layout and functionality of our websites.

We generally cannot identify you from the information collected through cookies and pixels.

Links to other websites

Sometimes our websites contain links to third party websites, for your convenience and information. When you access a non-Engagement Institute website, please understand that we are not responsible for the privacy or security practices of that site, which are not covered by this Privacy Policy. We suggest that you review the privacy policies of each site you visit, before supplying any personal information to them.

How can you access and correct your personal information?

You have a right to seek access to, or correction of, the personal information which the Engagement Institute holds about you.

Access

If you wish to exercise your right to seek access to the personal information that we hold about you, we ask that you contact our Privacy Officer at info@engagementinstituteiap2.org.au. We will respond to your request within a reasonable period.  We may charge you a reasonable fee for processing your request (but not for making the request for access).

We will assume (unless you tell us otherwise) that your request relates to our current records about you. These current records will include personal information about you which is included in our databases and in paper files, and which may be used by us on a day-to-day basis. To provide you with access to ‘current’ personal information, we would ordinarily provide you with a print-out of the relevant personal information from our databases, or with photocopies of records which are held only on paper files. If you request access in a different manner, we will give you access in this manner if it is reasonable and practicable for us to do so. Ordinarily, we will not charge you for the cost of providing this type of access to these records.

For legal and administrative reasons, Engagement Institute may also store records containing personal information in its archives. You may seek access to the records held by us which are not current records.

We may refuse a request for access to personal information if we are unable to confirm your identity or in other circumstances permitted under the Privacy Act or New Zealand Privacy Act. If we refuse a request for access, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

Correction

If you are of the view that the personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please provide our Privacy Officer with your request for correction (contact details are set out in the section below titled ‘How can you contact us?’).

Our policy is to consider requests for correction in a timely way. Members and non-members can also easily review and update their information at any time, by visiting the ‘My Account’ section of the Community Portal and selecting the ‘My Profile’ page.

If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

Complaints and feedback

If you wish to make a complaint about how we have handled your personal information, please contact the Engagement Institute using the details set out below. We will take reasonable steps to investigate the complaint and respond to you as soon as reasonably practicable.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Australian Information Commissioner (OAIC) or the NZ Office of the Privacy Commissioner (NZOPC).

To lodge a complaint to the OAIC, visit the ‘Complaints’ section of the OAIC’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the OAIC’s office.

To lodge a complaint to the NZOPC, visit the ‘Making a complaint’ section of the NZOPC’s website, located at https://www.privacy.org.nz/your-rights/making-a-complaint/, to obtain the relevant complaint forms, or contact the NZOPC’s office.

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Changes to the Policy

This policy may change from time to time. The latest effective date will be highlighted at the top of the policy.

We will update this privacy policy when necessary to reflect customer feedback, changes in our programs and services or legal changes. When we post changes to this policy, we will revise the date at the top of the privacy policy.

How can you contact us?

If you have any questions about our Privacy Policy or any other questions or concerns about how we have handled your personal information, please contact our Privacy Officer by writing to us.

Postal address:  PO Box 618 Toowong QLD 4066

Email address:   info@engagementinstitute.org.au

Telephone:        AU:1300 4ENGAGE (1300 436 424)

NZ: 0800 4ENGAGE (0800 436 424)

Sign In Join Now