1. Introduction
The purpose of this policy is to advise external parties that we are committed in managing personal information in accordance with the Privacy Act 1988 and any of its amendments, Privacy Amendment (Enhancing Privacy Protection) Act 2012 which outlines the Australian Privacy Principles, the Privacy Amendment (Notifiable Data Breaches) Act 2017 and any of its amendments, and the General Data Protection Regulation (GDPR) (EU) 2016/679 and any of its amendments.
We only collect information that is reasonably necessary for the proper performance of our activities or functions.
We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
Within this document, you will be able to find out how we manage your personal information.
You will also be able to find out about the information flows associated with that information.
If you have any questions please do not hesitate to contact us via phone on (03) 9535 9500 or via email to reception@bwsrecruitment.com.au.
1.1. APP Entity
Becks Wiggins Stokes P/L (BWS) manages personal information, as an APP Entity, under the Australian Privacy Principles (APPs).
Because we are a contracted service provider it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
1.2. Information Flow
When we collect your personal information:
We check that it is reasonably necessary for our functions or activities as an employment agency and On-hire Firm;
We check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;
We record and hold your information in our Information Record System. Some information may be disclosed to overseas recipients;
We retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again - especially if some time has passed since we last checked;
Subject to some exceptions, we permit you to access and correct your personal information in accordance with APP:12 of the (APPs);
We correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs);
We destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.
2. Kinds of information that we collect and hold
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as an employment agency and On-hire Firm and is likely to differ depending on whether you are:
A Job Seeker;
A Client;
A Referee.
2.1. For Job Seekers
The type of information that we typically collect and hold about Job Seekers is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us.
2.2. For Clients
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services.
2.3. For Referees
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Job Seekers for particular jobs or particular types of work.
3. Purposes
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
A Job Seeker;
A Client;
A Referee.
The following sections are also relevant to our use and disclosure of your personal information including Marketing and Overseas Disclosures.
3.1. For Job Seekers
Information that we collect, hold, use and disclose about Job Seekers is typically used for:
Work placement operations;
Recruitment functions;
Statistical purposes and statutory compliance requirements.
3.2. For Clients
Personal information that we collect, hold, use and disclose about Clients is typically used for:
Client and business relationship management;
Recruitment functions;
Marketing services to you;
Statistical purposes (including the use of cookies) and statutory compliance requirements.
3.3. For Referees
Personal information that we collect, hold, use and disclose about Referees is typically used for:
To confirm identity and authority to provide references;
Job Seeker suitability assessment;
Recruitment functions.
4. How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
A Job Seeker;
A Client;
A Referee.
We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us - see the section in this policy on Electronic Transactions.
See also the section on Photos & Images.
4.1. For Job Seekers
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work. We utilise a database called Bullhorn which synchronises data with LinkedIn and vice versa to assist with our workflow. If you do not wish to have this data synchronised please advise us in writing and we will opt you out of this process.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.2. For Clients
Personal information about you may be collected:
When you provide it to us for business or business related social purposes.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.3. For Referees
Personal information about you may be collected when you provide it to us:
In the course of our checking Job Seeker references with you and when we are checking information that we obtain from you about the Job Seeker.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.4. Photos & Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
For Job Seekers who have permitted our Receptionist to take a photo of you at interview this will be stored for internal purposes only, this will not leave our premises or be sighted by anyone other than our staff.
4.5. Electronic Transactions
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals
Ask to be on an email list such as a job notification list;
Make a written online enquiry or email us through our website;
Submit a resume by email or through our website.
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC's resource on Internet Communications and other Technologies.
You can contact us by land line telephone or post if you have concerns about making contact via the Internet.
5. How your personal information is held
Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
Misuse, interference and loss; and
Unauthorised access, modification or disclosure.
5.1. Our Information Record System
The Information Record Systems that we use are contained both within a Server that is kept on site at our South Melbourne office as well as on the systems provided by our Software Support programs; all hard copies are also kept within our premisis in filing cabinets which are securely locked:
The information stored within our system in electronic format remains on site, all access via portable electronic devices is through our server and never downloaded to such devices;
The information stored in the Cloud through our Software support providers are covered within the Privacy Policies of these organisations which links are provided below:
5.2. Information Security
Your information will be kept securely both in hard copy and soft copy within our offices. We have measures in place to ensure your privacy is maintained at all times. This is due to the following:
Staff training – We ensure staff are trained to know how long we keep records for and how to store them safely within our work environment;
"Clean desk" procedures – We ask our staff to maintain a clean working space and to place files in secure cabinets before leaving their desk for extended periods of time or overnight;
Password protection – Each computer is individually password protected for each staff member and only the Directors have access to the Server passwords, we also have a different set of passwords for each staff member to access the internal database that holds our data;
Our Senior Team and Management are the only staff members who have laptop or PC access to our database when they are offsite again these are password protected and access is to our server so no information is stored on these devices away from the office. Our consultants all have access to email on business owned mobile phones, however the data on these devices is set to display only 1 week of data and we have an electronic resources policy in place for the staff to ensure that data and equipment is kept secure on these devices;
We have a company Policy that any files for Candidates that have been inactive for over 12 months are disposed of and shredded, we can however remove and destroy any information at any time at your request as well as opt out when requested;
These Culling procedures include secure disposal in a shredding bin one of which is located at each of our sites.
5.3. Notifiable Data Breach
In February 2018 there were significant changes to the privacy legislation in regards to Data Breach obligations.
An Eligible data breach occurs when the following criteria are present:
There is unauthorised access to, or unauthorised disclosure of personal information that we hold; and
This is likely to result in serious harm to one or more individuals; and
We have not been able to prevent the likely risk of serious harm with remedial actions (Serious harm may be psychological, emotional, physical or reputational).
If an Eligible data breach is found we would complete the following steps which are further outlined in our Company Notifiable Data Breach PlanConduct an assessment immediately to investigate the matter. 3 steps involve 1. Initiate the assessment 2. Investigate and gather information, what who, etc and then 3. Evaluate and make a decision whether it has indeed been an eligible data breach (Note: there is a maximum of 30 days to conduct assessments);
We would ensure that relevant personnel were made aware of the breach as soon as practicable;
We would notify the breach as soon as practicable once we believe an eligible data breach has occurred. To individuals whose personal information is involved, Publish and publicise the notification where required as well as reporting the breach via a statement to the Australian Information Commissioner.
6. Disclosures
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.
We may disclose your personal information where we are under a legal duty to do so.
Disclosure will usually be:
Internally and to our related entities;
To our Clients;
To Referees for suitability and screening purposes;
To any government entity that we are lawfully required to disclose this information to such as Centrelink or the Australian Taxation Office.
6.1. Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
Software solutions providers;
I.T. contractors and database designers and Internet service suppliers;
Legal and other professional advisors;
Insurance brokers, loss assessors and underwriters;
Superannuation fund managers.
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
6.2. Cross-Border Disclosures
Currently we do not have any of your personal information disclosed to overseas recipients.
If this were to change we cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
If we do start to disclose information to overseas recipients the below table will be amended in our Privacy Policy to outline the likely countries, type of information disclosed and recipients, so far as is practicable:
Table 1
Country | Type of Information | Likely Recipients |
6.3. Access & Correction
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold (refer point 7.1 Access Policy and point 7.2 Correction Policy below).
Important exceptions include:
Evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality. If there are extenuating circumstances we can obtain consent from referees and provide you with information upon their approval.
6.4. Access Policy
If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator. You will need to be in a position to verify your identity.
Access to your information needs to be in writing and to allow us 14 days to respond as per legislative requirements. We will endeavour to respond earlier than this time and usually there should be no problems in sharing access to your data.
Any lawful costs or charges that are imposed on BWS to obtain any information will be passed on to you if required;
We will respond to your request within 14 days of receipt of request and will keep you updated as to the process of obtaining the required information as the matter proceeds;
Generally any request for information access will be accepted, however in the event that we do not have to provide the information we may refuse the request and you will be informed in writing as to the reason for the refusal including an explanation as to why;
Any complaints will be directed to our Senior Management to respond to in a fair and reasonable manner, we will always take any complaints seriously.
6.5. Correction Policy
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
For correction to any information that we have on file again please submit your requests to us in writing and we again will respond within 14 days, usually the information will be corrected on the day that the request has been submitted unless verification of information is required from external sources.
6.6. Complaints
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. For more information see our Complaints Procedure below.
Complaints procedure:
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Managing Director who is also our Privacy Co-ordinator, whose contact details are as follows:
Mr John Wallis
Becks Wiggins Stokes Pty Ltd
Suite 113, 44 Lakeview Drive, Scoresby VIC 3179
Phone: 03 9535 9500
You can also make complaints to the Office of the Australian Information Commissioner.
Complaints may also be made to RCSA, the industry association of which we are a member.
RCSA administers a Code of Conduct for the professional and ethical conduct of its members.
The RCSA Code is supported by rules for the resolution of disputes involving members.
NOTE: The Association Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of the Associations members.
When we receive your complaint:
We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy;
We may ask for clarification of certain aspects of the complaint and for further detail;
We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
We will require a reasonable time (usually 30 days) to respond;
If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response.
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner website details shown above.
Becks Wiggins Stokes Pty Ltd may amend and vary this policy from time to time.