The types of personal information we collect may include:
Employees of The Group of Companies Clients: We may collect personal information such as the individual’s name, address, e-mail address, user ID, banking details, date of birth, payroll details, and employment-related information such as salary details, superannuation contributions, Tax File Number, relevant awards and PAYG withholding tax.
Contact information: We collect contact information from or about clients or prospective clients, including individuals working for clients or prospective clients, and records details of interactions with clients and prospective clients, including name, username, mailing address, telephone numbers, email address or other addresses that allow us to communicate with the client.
Transaction information: We may collect information about how users interact with us, including purchases, inquiries, customer account information, and information about the use of our websites and applications.
Job applicants: We collect contact details, employment history and other background information from job applicants as required and as permitted by law.
Immigration Services: We may also collect further information as listed below in order to provide our immigration services, visa history, financial information, family information, health declarations and bio-metric information as requested by the law.
If it is reasonable and practical to do so, we will collect personal information directly from you. In most cases, we collect personal information about employees and payment recipients directly from our clients that employs the relevant employee. This will include contact details and other information relevant to providing services to you.
This may take place in a number of ways, such as:
If someone other than you provide us with personal information about you that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you, as soon as practicable. This notice will be given unless to do so would be in breach of an obligation of confidence. If we could not have collected this personal information, we will lawfully de identify or destroy that personal information.
We will not collect any sensitive information from you, revealing your: race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability. Exceptions to this include:
We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If we are unable to collect personal information we reasonably require, we may not be able to do business with you or the organisation with which you are connected.
All personal information that we or our related bodies corporate collect, is reasonably necessary for the purposes relating to providing our services to you or for another purpose permitted by law. Those purposes include:
In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.
We may use personal information about you for the primary purpose of providing you with our services, and for other purposes for which you would reasonably expect us to use that information. This includes sending you information about new developments, products, services and special offers by post, telephone or any form of electronic communication. You authorise us to use any email address or other contact information you provide to us at any time for this purpose.
You can, at any time, opt out of receiving marketing material by contacting us. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of your request to be removed.
We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant and not misleading, please contact us and we will take all reasonable steps to correct it within a reasonable time. We may require substantiation of any request to correct personal information.
Individuals may request not to receive marketing communications from us. We aim to ensure such requests are complied with within five business days.
If you have an online account with us, you can also log into your account at any time to access and update information they have provided to us. If you are an individual whose employer uses our services, we encourage you to contact your employer at first instance to correct your information.
In order to deliver the services that we provide to you, we may disclose your personal information to other organisations, only in relation to providing our services to you. For example, government agencies as required by law, banks and financial institutions, superannuation funds, health funds and contracted service providers. We may share personal information with business partners, but only to the extent required to provide our services (e.g. where you authorise the disclosure, or purchase or request a third-party product or service via our platform or vice versa, we may provide certain personal information to validate the referral). We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information.
We may also provide certain information about you including your personal information to our related bodies corporate. We may also disclose personal information where needed to affect a sale or transfer of business assets, to enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions.
We may disclose personal information when required or authorised to do so by law.
We take the security of your personal information seriously and use reasonable endeavours to protect your personal information in a secure environment, including, among other things, the use of industry standard techniques such as firewalls, encryption, intrusion detection, and site monitoring. We also limit and restrict internal access to personal information to those personnel who need access to the information in order to do their jobs. These personnel are limited in number and are committed to maintaining confidentiality. These security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse however, this security cannot be guaranteed. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us.
If we no longer need your personal information, unless we are required by law or a court or tribunal order to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document and information retention policy.
Notwithstanding the reasonable steps taken to keep information secure, breaches may occur. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Law requirements.
Right to erasure
You can, at any time, request that we delete all personal information which relates to you. We will comply with any such request unless we are required to keep that information for:
Right to restriction on data processing
In certain circumstances, you may also request a restriction on the processing of your personal data. You can make such a request in the following situations:
If you make such a request, we will not process any of your personal information without your consent, unless it is for the purposes of storage, legal claims, protecting the rights of another person or it is in the public interest of either the EU or the respective Member State.
Right to data portability
In certain circumstances, you may request that we provide you with all personal information that relates to you. If this is the case, we will provide you with that information in a structured, commonly used and machine-readable format. Upon request from you, and subject to certain circumstances, we will also transmit that information to another controller.
Right to object
You have the right to request that your personal information is not processed by us in various circumstances. These circumstances include the pursuit of business interests, direct marketing and profiling. Unless we have legitimate grounds to object to your request, we will stop processing data for the purposes requested.
Withdrawal of consent
If at any time you wish to withdraw your consent to our processing of your personal information, please send your request to our Privacy Officer, whose details can be found below.
Data breach notification
In the unlikely event that we experience a personal data breach that is likely to result in a high risk to individuals in the EU, we will notify those affected individuals without undue delay.
Legitimate basis for processing your information
If you request access to the personal information, we hold about you, we will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the Privacy Laws. We may charge a reasonable fee for providing that information.
You may request information or make a complaint by writing to:
Contact: The Group of Companies Privacy Officer
By email: firstname.lastname@example.org
Data Protection Officer
Contact: The Group of Companies Data Protection Officer
Contact: The Group of Companies EU Representative
If you are not satisfied with our response to your complaint or believe that we have breached Privacy Laws in the handling of your personal information, you can contact the relevant regulator:
Australia: Office of the Australian Information Commissioner
1300 363 992
Europe: Please contact your local Data Protection Authority
When contacting us you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way or we are required or authorised under law (or a court or tribunal order) to only deal with individuals who have identified themselves.