Privacy Policy

This Privacy Policy seeks to explain how The Data Institute Ltd (TDI or we) collects, uses, discloses and otherwise handles personal information.

It also seeks to explain how you can ask to access and correct the personal information we hold about you or complain about any suspected privacy breach. 

We may also provide individuals with privacy notices in relation to particular collections of personal information. If there is any inconsistency between these privacy notices and this Privacy Policy, you should rely on the information in the privacy notices.

This version of our Privacy Policy was last updated on 20 November 2018.

The Nitty Gritty
The Nitty Gritty
Members (including applicants for membership)

If you are one of our members or apply for membership, we may collect the following kinds of personal information about you:

  • your name, personal and/or business contact details, date of birth and gender
  • details of your position (including when you commenced work with your employer) and your employer, which industry you work in and whether you are responsible for or involved in data governance, ethics and/or AI
  • any personal information contained in your resume
  • your academic qualifications and any other information on your academic transcript
  • TDI courses attended
  • your areas of interest and/or professional responsibilities
  • your credit card or other payment details, and
  • information about your membership of any professional association, which is ‘sensitive information’ under the Privacy Act.

If you attend one of our conferences, events or seminars, we may collect your name, contact details, position title, organisation and credit card or other payment details.

If you subscribe to our subscriber package, we collect your name, date of birth, contact details, position title, employer’s name and credit card or other payment details.

When we collect credit card or other payment details, we will not store them or they will be masked after your payment has been processed

TDI collects personal information in a number of different ways, including through application, registration, enrolment and renewal forms; by email; telephone; letters; faxes; event registrations; surveys; and during activities conducted as part of our educational programs.

We collect personal information through our website when an individual makes an online purchase or completes an online form. See also the section titled ‘Online privacy issues‘.

TDI’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so.

A pseudonym is a name or other descriptor that is different to an individual’s actual name.

For example, you are able to access our website and make general phone queries without having to identify yourself and you can respond to our surveys anonymously.

In some cases however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking.

The reason we collect, hold, use and disclose (together handle) the personal information outlined above is so that we can provide you with our products and services (including establishing and maintaining your membership and/or enrolment, enabling your participation in member groups and functions, and processing payments), manage our relationship with you, communicate with you effectively, identify which of our products and/or services will best meet your requirements, internally analyse membership demographics and trends, improve our products and services and manage professional conduct issues.

‘Our products and services’ include:

  • events, short courses and education
  • professional development (for example, through our training programs, seminars, and conferences, resource centre)
  • technical support (through our journal and website), and
  • advocacy (promoting a practical and workable approach to all things data).

We may also handle your personal information to notify you about products, services and promotions offered by us and our sponsors, partners and suppliers. This is discussed further in the section below titled ‘Do we use and disclose your personal information for direct marketing?‘.

In addition, we may handle personal information for other purposes explained at the time of collection or which are required or authorised by or under law (including privacy legislation).

If you consent, we may use personal information of members and non-members, specifically your name and relevant address details, to let you know about our products, services, facilities and benefits and those of our sponsors, partners and suppliers.

We (either on our own behalf or on behalf of our sponsors, partners or suppliers) may contact you for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile. 

Opting out

You can opt out of receiving marketing communications from us at any time, in the following ways:

  • updating your communications preferences by visiting the member portal on the Governance Institute website
  • contacting TDI using the details in the section titled ‘How you can contact us’
  • advising us if you receive a marketing call that you no longer wish to receive these calls
  • using the unsubscribe facility that we include in our electronic messages to opt out of receiving those messages.

TDI may disclose personal information to third parties to whom The Data Institute contracts out specialised functions (including mailing houses, printing companies and conference organisers).

We take steps to ensure that those contractors:

  • comply with the Australian Privacy Principles when they handle your personal information, and
  • are authorised only to use personal information in order to provide the services or to perform the functions required by Governance Institute.

TDI may also disclose personal information where required or authorised by law.

TDI does not sell or rent personal information to third parties.

Disclosure overseas

The third parties to whom we disclose personal information may be located in other countries including the United Kingdom (UK) and the United States of America (USA).

Our administration system and electronic email system provider is located in the USA and acts as a conduit in the distribution of such communications as our eNewsletter; Events & News, events marketing; education and training courses.

TDI holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files (locked away where appropriate).

Paper files may also be archived in boxes and stored offsite in secure facilities.

The Data Institute takes steps to secure the personal information we hold including the use of Information and Communications Technology (ICT) security (using encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.

TDI only permits your details to be accessed by authorised personnel, and it is a condition of employment that TDI’s employees maintain the confidentiality of personal information.

Payment security of all financial transactions is maintained by TDI using EFTPOS, BPAY and online technologies. It is our policy to ensure that all financial transactions processed, meet industry security standards that ensure payment details are protected.

If you are concerned about sending your information over the internet, you can contact TDI by mail, email or telephone.

The privacy of your personal information can also be protected by you, by keeping passwords secret, changing them frequently and by ensuring that you log out of the website when you have finished using it, as well as refraining from writing your credit card details in the body of an email.

If you become aware of any security breach, please advise us as soon as possible.

The Data Institute will apply this policy to all personal information it handles, whether collected online or otherwise. This clause is intended to provide more information about privacy for the users of our website.

(a) Online collection of personal and non-personal information

As outlined in the section titled ‘How do we collect personal information?’, we collect personal information through our website.

Our website also collects other information which may or may not be personal information. For each visitor to our website, our server automatically recognises and stores your ‘address’ (eg your domain name or Internet protocol address), the type of your Internet browser, and the address of the site which ‘referred’ you to our website and clickstream data.

In addition, our website uses cookies to track usage of our website. Most web browsers are set by default to accept cookies. However, if you do not wish to receive any cookies you may set your browser to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on the website are available to you. We use cookies for tracking the statistics of our website. This allows us to better understand our users and improve the layout and functionality of our website.

This tracking is conducted in such a way to ensure the anonymity of visitors — in this context the cookie may identify your computer — but it should not identify you.

(b) Links to other websites

Sometimes our website contains links to third party websites, for your convenience and information. When you access a non-TDI website, please understand that The Data Institute is not responsible for the privacy or security practices of that site, which are not covered by this Privacy Policy.

We suggest that you review the privacy policies of each site you visit, before supplying any personal information to them.

Under the Privacy Act, you have a right to seek access to, and correction of, personal information which Governance Institute holds about you.


If you wish to exercise your right under the Privacy Act to seek access to the personal information that TDI holds about you, we ask that you contact TDI (details in the section below titled ‘How can you contact us?’), who will explain how The Data Institute will handle your access request.

We will assume (unless you tell us otherwise) that your request relates to our current records about you. These current records will include personal information about you which is included in our databases and in paper files, and which may be used by TDI on a day to day basis. To provide you with access to ‘current’ personal information, TDI would ordinarily provide you with a print-out of the relevant personal information from our databases, or with photocopies of records which are held only on paper files.  If you request access in a different manner, we will give you access in this manner if it is reasonable and practicable for us to do so. Ordinarily, TDI will not charge you for the cost of providing this type of access to these records.

For legal and administrative reasons, The Data Institute may also store records containing personal information in its archives. You may seek access to the records held by TDI which are not current records, but if you do so, we may charge you for the cost of providing access (but not for the making of the request).


If you are of the view that personal information about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please provide TDI with your request for correction (contact details are set out in the section below titled ‘How can you contact us?’).

The Data Institute’s policy is to consider any requests for correction in a timely way.

Members can also easily review and update their information on an ongoing basis, through their ‘Update member profile’ page on the TDI website.

If you wish to complain about how we have handled your personal information, please contact TDI on the contact details set out below.

We will respond to your complaint as soon as reasonably practicable.  If you are not satisfied with our response to your complaint, you may also contact the Office of the Australian Information Commissioner.

If you have any questions or comments about this Privacy Policy please contact TDI: