Background and Scope
Whizdom is committed to protecting the privacy and personal information it collects and receives. We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).
This policy outlines how Whizdom collects, uses, discloses and otherwise handles personal and sensitive information relating to individuals. The policy also explains how you can ask to access and correct the personal information we hold about you or complain about any suspected privacy breach.
This policy may change over time in light of changes to privacy laws, technology and business practice. If you use our website regularly or conduct transactions with us that involve us to collect your personal information, it is important that you check this policy regularly to ensure that you are aware of the extent of any consent, authorisation or permission you might give.
Whizdom’s Adherence to Association of Professional Staffing Companies in Australia (APSCo Australia) Code
As a Member of the Association of Professional Staffing Companies in Australia (APSCo Australia) we undertake a core commitment to ethical and professional practice and do not:
- without the Work seeker’s permission, given as may be required by law, disclose the Work seeker’s identity or other details:
- to a Client; or
- Other than as required or permitted by law.
- use information about a Work seeker improperly:
- for a purpose other than assisting the Work seeker to find work; or
- In a way that is contrary to the terms of the permission given by the Work seeker about the use of the information.
- except as required or permitted by law, divulge or allow to be divulged any Confidential Information of about a Work seeker
- present a Work seeker to a Client for interview unless due authority to do so has been given by the Client
APSCo Australia administers Dispute Resolution Procedures that you may access if you consider that we have breached the APSCo CODE. You may additionally make a complaint to the Privacy Commission in Australia.
Kinds of Information that we Collect and Hold
The type of personal information that we collect and hold is information that is reasonably necessary for the proper performance of our activities or functions as a recruitment agency (see Purposes below) and is likely to differ depending on whether you are:
- A Candidate - i.e. someone who is looking for a placement or work through us; or whom we have identified as a person who might be receptive to an offer of a placement or work through us;
- A Client – i.e. someone other than a Candidate who is looking to acquire our services as a recruitment agency or whom we have identified as someone who might be interested in acquiring our services; or
- A Referee – i.e. a person from whom we have sought facts or opinions regarding the suitability of one of our Candidates for work or positions through us; and who is a Referee nominated by the Candidate, a Client or us.
Sensitive information is only collected with consent and where it is necessary for the performance of our functions and activities as a recruitment agency. Sensitive information will need to be collected where it relates to a genuine occupational requirement, for the purposes of the right to work in Australia verification or an inherent requirement of the job or work being considered. Our collection of some types of sensitive information is also governed by equal opportunity and anti-discrimination laws. If sensitive information needs to be collected only staff who are required to collect this information will have access.
Sensitive information is a subset of personal information and is defined as:
- information or an opinion (that is also personal information) about an individual’s:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional or trade association
- membership of a trade union
- sexual orientation or practices, or
- criminal record
- health information about an individual
- genetic information (that is not otherwise health information)
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
- biometric templates
You may choose not to provide us your personal information or to act under a pseudonym. However, to do so will render us unable to provide you our services in seeking and being placed into work.
The type of information that we typically collect and hold about Candidates is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us. It includes:
- Information submitted and obtained from the Candidates and other sources (e.g. Referees or Clients) regarding applications for work;
- Information about personality, character, skills, qualifications and experience
- Information about career path and preferences
- Information about work entitlement and ability to undertake specific types of work
- Information about health status and ability to undertake specific types of work;
- Work performance information
- Information about incidents in the workplace; Personnel information including contact details
- Information in relation to absences from work due to leave, illness or other causes;
- Bank details and Tax File Number;
- Information required to undertake criminal history checks and obtain criminal history records; and
- Information required to ascertain a Candidate’s right to work in Australia.
- Information required to undertake Australian Government Security Clearance checks and vetting.
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
Client relationship information;
- Information about position, contracting and hiring authority;
- Information about team structures and roles;
- Information about incidents in the workplace;
- Client facility addresses, ABN, key personnel and contact details; and
- Credit check and financial information.
The type of information that we typically collect and hold about Referees is information that is necessary to help make determinations about the suitability of one of our Candidates for particular jobs or particular types of work and could include:
- Information about work position, authority to give a reference and preferred contact details;
- Opinions of the Referee regarding the Candidates character and work performance or work environment; and
- Facts or evidence in support of those opinions, sometimes involving the Referee’s own knowledge and experience of having worked with the Candidate.
The purposes for which we collect, hold, use and disclose your personal information are those purposes that are reasonably necessary for the proper performance of our functions and activities as a recruitment agency.
- Candidates - personal information is typically used for recruitment and work placement operations, pre-employment screening, staff management, training, remuneration, workplace health and safety, statistical purposes and statutory compliance requirements.
- Clients - personal information is typically used for client and business relationship management, review of workplace operations and health and safety management, credit checking, statistical purposes and statutory compliance requirements.
- Referees - personal information is typically used to confirm identity and authority to provide references and for candidate suitability assessment.
- We will only collect information that is necessary for the proper performance of our tasks or functions.
- We do not collect or use personal information for the purposes of unlawful discrimination.
- We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
- We do not use your personal information to carry out reference checks if there is no present requirement for them in connection with a job which you might be offered;
- We do not use your personal information to carry out reference checks merely for the purpose of establishing network contacts with your referees;
- We do not routinely conduct criminal history checks and only do so in order to obtain relevant criminal history with regard to particular jobs you are offered or for which you are shortlisted.
- If you only browse our website, we do not collect information that identifies you personally, though we may collect information related to your visit to our website.
How your information will be collected
Generally, information will be collected directly from you.
- Candidate – information is collected through your application, from referees, results of any competency test or similar, and other sources such as registrations or any professional disciplinary matter.
- Client - information is collected when you provide it to us for business purposes.
- Referee - information is collected from the Candidate in the course of their application for work, and from you when providing the reference.
We may also collect personal information about you from publicly available sources including newspapers, journals, directories, the Internet and social media sites. This information will be included in our records only if reasonably necessary for the performance of our activities or functions as a recruitment agency.
Under certain circumstances we will request proof of identification from you including copies of your passport, visa, driver’s license or any other relevant licences and will only do so for the performance of our activities or functions as a recruitment agency. However, we will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
Personal information will not be used for marketing purposes directly or by a third party. We do not supply or use customer lists for marketing purposes. We will give you the option to opt in or out of any marketing type communications. Whizdom is compliant with anti-spam regulations.
Personal information is also indirectly collected when:
- we receive or give any reference about you;
- electronically through our telecommunications and technology systems – see the section in this policy on electronic transactions;
- Through social media or “opt in” email correspondence
- Through referrals
This section explains how we handle personal information collected from our website www.whizdom.com.au and by other technology in the course of electronic transactions.
It is important that you understand that there are risks associated with use of the internet and you should take all appropriate steps to protect your personal information. It might help you to look at:
- Office of the Australian Information Commissioner: - https://www.oaic.gov.au/
It is important that you:
- Be careful what information you share on the Web.
- Use privacy tools on the site - control access to your search listing and profile.
- Make sure your anti-virus and data protection software is up-to-date.
Please contact our office by phone or mail if you have concerns about making contact via the internet.
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- ask to be on an email list such as a job notification list;
- register as a site user to access facilities on our site such as a job notification board;
- make a written online enquiry or email us through our website;
- submit a resume by email or through our website;
- submit a job application or any subsequent forms.
- Register for our candidate portal
Browsing - We do not monitor browsing on our website.
Call and message logs - We can access if needed call or message logs from our service provider but rarely have the need to do so.
Cloud Computing Services – Telstra/Microsoft handles our cloud computing requirements, please see their policy here.
Emails - All email communications are kept for record purposes only if required.
Social Networks - Our social networking sites are intended to facilitate two-way communications between Whizdom and its followers. We occasionally use some automation (such as tools that generate tweets from RSS feeds) but this will not dominate our social networking sites. Our followers can expect approximately 1-5 posts per week. This will vary, particularly if there is a series of major announcements.
Uploading photographs - Please make sure that you do not upload photographs of any individuals who have not given consent to the display of their photograph. Displaying photographs without that person’s consent could breach privacy laws, and you may be responsible for any legal consequences. We may ask you to sign a photography permission form.
Unsolicited personal information is personal information we receive that we have taken no active steps to collect. If the information we receive is not required for Whizdom to perform one or more of our services, Whizdom will destroy or de-identify the information as soon as possible
When your personal information is collected it will be held in our Information Record Systems until it is no longer needed for any purpose for which it may be used or disclosed, at which time it will be de-identified or destroyed provided that it is lawful for us to do so. However, resumes and other personal candidate information will remain on our database as it is linked to our record keeping processes and the manner by which our recruitment software operates.
Information you provide to us is stored in our secure cloud-based recruitment database and document storage system, which are restricted and accessible by staff using individual log-in credentials.
Whizdom takes reasonable steps to ensure that the personal information we collect is up to date and accurate. We rely on you to tell us when there are changes to your personal information that we hold about you. This could be e.g. a change of address or employment status. We recommend that you let us know if there are any errors in your personal information and keep us up to date with changes to your information.
If we deem that you are no longer actively using our services after a 3-year period, then we will de-identify and destroy your information.
Whizdom have implemented data security measures and will take all reasonable steps to ensure the information you provide us remains secure and confidential and is only used for the performance of our functions or activities as a recruitment agency.
We take a range of measures to protect your personal information from misuse, interference and loss, unauthorised access, modification or disclosure. These measures include:
- Staff training;
- Password-protection of cloud-based database and document storage system;
- Secure office premises with restricted access;
- Need-to-know and authorisation policies;
- Policies on laptop, mobile phone and portable storage device security; and
- Document culling procedures including shredding and secure disposal.
We will always seek permission before sharing your information to other parties (for example sending details to a client). We take reasonable steps to destroy or permanently de-identify personal information when it is no longer required for any purpose for which it may be used or disclosed. However, it is not always practicable to destroy or de-identify electronic data. Where it is not reasonable to destroy or permanently de-identify personal information in electronic form, we will take reasonable steps to prevent inadvertent access to it.
Managing Privacy Breaches
Whizdom will take reasonable steps to protect the personal information we hold against unauthorised access, loss, use, modification or disclosure, or other misuse.
Data breaches are not limited to malicious actions, such as theft or 'hacking', but may arise from internal errors or failure to follow information handling policies that cause accidental loss or disclosure. Whizdom has procedures in place to ensure that internal information handling policies be adhered to.
If Data has been breached and if there is a real risk of serious harm as a result of a data breach, the affected individuals and the OAIC will be notified.
We may disclose your personal information for any of the purposes for which it is primarily held or for a related purpose where lawfully permitted. We may disclose your personal information where we are under a legal duty to do so, including circumstances where we are under a contractual duty to disclose information.
Disclosure will usually be internally and to our related entities, to our Clients, and to Referees for suitability and screening purposes.
We do not share sensitive information about you with Government Agencies, Organisations or anyone else unless one of the following applies:
- You have consented;
- You would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies or agencies;
- it is required or authorised by law;
- it will prevent or lessen a serious and imminent threat to somebody's life or health;
The disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically, our CSPs would include Software solutions providers, IT contractors and/or Background checking and screening agents.
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations. We will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Whizdom does not share any personal information with overseas recipients.
Access and Correction
Subject to some exceptions that are set out in privacy law, you can gain access to the personal information that we hold about you.
Important exceptions include evaluative opinion material obtained confidentially in the course of our performing reference checks and access that would impact on the privacy rights of other people. We do refuse access if it would breach any confidentiality that attaches to that information or if it would interfere with the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that we make and which the communicator of that information is entitled to expect will be observed.
If you wish to obtain access to your personal information you should contact our Privacy Officer, contact details can be found under the heading “How to contact us”. You will need to be in a position to verify your identity.
You should also anticipate that it may take a little time to process your application for access as there could be a need to retrieve information from storage and review information in order to determine what information can be provided. We will generally respond to your request for access within 20 working days.
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us. We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
Please advise us if you wish to be removed from our recruitment software system. We will amend your status to “inactive” and will remove information that we have no present need for or obligation to retain.
There is no charge to correct information. We will generally respond to your request for access within 20 working days.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. If you are making a complaint about our handling of your personal information, it should first be made to us in writing. We will endeavour to deal with your complaint and take any necessary steps to resolve the matter within 5 business days.
If your complaint is unable to be resolved within 5 business days, Whizdom will advise you in writing including letting you know when we expect to provide a response and or resolution.
If you are unhappy with our response, you can also make complaints to the Office of the Australian Information Commissioner (https://www.oaic.gov.au/individuals/what-can-i-complain-about)
How to contact us
If you wish to contact us about your personal information you should contact Whizdom’s nominated Privacy Officer:
Name: Natalie Angus
Title: Operations Manager
Phone: 1300 WHIZDOM (1300 944 936) during normal office hours which are 9am to 5pm.
Address: PO Box 7112, Kaleen ACT 2617