This policy may refer to one or more of our businesses (thereafter "We"):
We respect the privacy rights of all individuals and are committed to ensuring that all Directors and others involved in the management of our business comply at all times with their obligations under the Privacy Act 1988 (C'th) and the Australian Privacy Principles.
This privacy statement explains how we collect personal information and how we use ie. maintain, protect, process and disclose that information. It also explains your privacy rights along with our rights and obligations with respect to the personal information we keep on record.
We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may also decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
Subject to applicable law, you are under no obligation to provide your Personal Data to us; however, please note that we may be unable to provide you with our services, if you do not give consent for us to collect, process and store your Personal Data.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law.
GDPR requires data collectors and processors to have a legal basis to use the personal data of EU residents. We will only collect and use personal information in a way that is consistent with our responsibilities and your rights under General Data Protection Regulation GDPR (EU) 2016/679.
Personal Information that we collect, process and hold is information that is reasonably necessary for the proper performance of our functions and activities as a recruitment services provider and is likely to differ depending on whether you are a:
The type of Personal Information that we collect, process and hold includes:
Personal information is collected by the following means:
From time to time we collect information from third parties and publicly available sources, for example when it is necessary for a specific purpose such as checking information that you have given us is accurate, current and complete or where you have consented or would reasonably expect us to verify your information in this way.
We take a range of measures to protect your personal We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful access, disclosure, alteration, loss, destruction or any other unlawful or unauthorised forms of misuse, in accordance with applicable law.
Your data may be stored on our secure on-site servers or other internally hosted technology. Your data may also be stored by third parties, via cloud services or other technology, with whom we have contracted with, to support our business operations.
These third parties do not have access to or permission to use your personal data other than for cloud storage and retrieval, and we require such parties to employ at least the same level of security that we use to protect your personal data.
We take every reasonable step to ensure that your Personal Data is only retained for as long as it is needed as is only processed for the period necessary for the purposes set out in this Policy. We will retain your Personal Data in a form that permits identification only for as long as:
Once the periods above have expired, we will either restrict access, anonymise, permanently delete, or destroy the relevant Personal Data.
Personal information you volunteer to us when registering online for a job vacancy (such as your name, address and contact phone numbers) will not be disclosed to any other organisation unless we are required by law to do so. This information is retained in our database only for the purposes it was intended. If you choose to email us via our website your email address will not be disclosed, nor will we use the information other than for its intended purpose.
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.
We may process your personal data where:
In processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
GDPR regulations require that, after 25 May 2018, if we process your personal data for legitimate interests, we will do so in a considerate and balanced way taking your rights under data protection and any other relevant law into consideration.
We primarily collect, process and hold personal information for the following reasons:
We do not generally seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where we do need to process sensitive personal data for a legitimate purpose, we do so in accordance with applicable law.
When employed as a temporary/contractor, the information you submit online via your electronic timesheet is sent directly to our payroll department and is only used for its intended purpose. We only receive your personal information when your timesheet is approved. Our payroll system features secure two-factor authentication (2FA), which provides an additional layer of security to ensure your Personal Data is protected.
We may use your personal information to update you on your jobseeking activities, to distribute relevant industry news and market intelligence, to contact with information about services that may be of interest to you, to invite you to attend professional events and for candidate and client business or social networking. Contact may be via email, telephone, direct mail or other electronic communication.
Individuals may unsubscribe from direct marketing at any time. If you unsubscribe, we may continue to contact you to the extent necessary to provide any services you have requested. We are responsible marketers and comply with Anti-Spam legislation.
We may disclose your personal information for the purposes for which it is primarily held or for a related secondary purpose. In some cases we may be required to disclose information without your consent, such as where we are under a legal duty to do so, including circumstances where we are under a lawful duty of care to disclose your information.
Your personal and sensitive information may be disclosed to:
We contract out a number of services from time to time and our contractors may be privileged to your personal information. Typically our contractors include, but are not limited to:
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
If you are unwilling to provide us with the information we need to assist you in your job search, we may be limited in our ability to place you in suitable work.
Where data is exposed to other jurisdictions we will endeavor to protect your personal information to the same standard to which it would be protected in Australia.
We are committed to GDPR and data security. We recognise that information is a vital asset to any organisation and take our responsibilities under the GDPR seriously. We will comply with The General Data Protection Regulation (GDPR) (EU) 2016/679 in the way we use and share your personal data.
Among other things, this means that we will only use your personal data:
We have a robust, secure IT infrastructure. We have ensured that safeguards are in place to protect your personal data from loss, misuse, unauthorised use, access, inadvertent disclosure, alteration, and destruction. Access to our database is secured and can only be gained using valid authentication. Authentication credentials are created and removed on a user by user basis. Data rights are controlled through role based access permissions, where rights are only given where they are required for job function. Data access rights are further controlled with the use of separate front end systems for payroll and consultant functions. External access to our systems is protected by Citrix SSL technology and services are collocated in dedicated spaces at top-tier data centres. Furthermore, we require the third parties we contract with to support our business operations to employ reasonable security measures.
We comply with the Notifiable Data Breaches Scheme. We are aware of our responsibility as a data controller to protect your information and to only share details with third parties upon receipt of your explicit consent. All of our systems are protected and only our staff and consultants working for us have access to the personal information stored within our systems.
In the unlikely event that our computer systems are compromised and there is a potential loss of confidentiality we will report this breach to you.
We comply with the Privacy Act 1988 (Cwlth). We take care to protect your information by securely storing it electronically in our database and protecting it in hardcopy at our secure offices. All staff are bound by Confidentiality Agreement and access is only provided to those who require it.
We follow a rigorous business process and have protocols to ensure high level database security is maintained. We take a range of measures to protect your personal information from:
From time to time we may ask you to confirm the accuracy of your Personal Data. Subject to some exceptions that are set out in the Australian Privacy Principles, you can gain access to the personal information that we hold about you. If you establish that personal or sensitive information that we hold about you is not accurate, complete and up-to-date, Slade Group will take reasonable steps to correct it.
We destroy or de-identify your personal information when it is no longer needed for any purpose.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Under GDPR, if you are an EU resident, as a data subject you have a number of additional rights. You can:
We may refuse access if it would interfere with the privacy rights of their persons or if it breaches any confidentiality applicable to that information.
In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We can refuse access if it would breach that confidentiality.
If you wish to obtain access to your personal information you can contact us at firstname.lastname@example.org. You will need to verify your identity. We may impose a reasonable administration charge to provide access. We will discuss any charges with you. You should also anticipate that it may take some time to process your application as we may need to retrieve information from offsite storage.
We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. Anyone who considers a privacy breach has occurred should contact email@example.com, or call +61 3 9235 5100 between 8.30am and 5.30pm Monday to Friday (Sydney time).
We will process standard access request (SAR) requests within 20 days; SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests.
Complaints may also be made to the Recruitment, Consulting and Staffing Association Australia & New Zealand (RCSA) and/or Association of Executive Search and Leadership Consultants (AESC), the industry associations of which we are a member.