Privacy Policy

Effective date 2 August 2019

Introduction

Risk Solutions Australia Pty Ltd (trading as WorkPro) ACN 113 726 033 (“us”, “we”, or “our”) is a web-based platform purpose built to aid in streamlining the administration of employee screening, onboarding, induction and workforce compliance. This policy outlines our approach to the collection, use and disclosure of personal data, and the choices available to you associated with that data.

WorkPro collects and stores certain sensitive information in order to deliver our services. This includes performing specific functions, and meeting our legal obligations. By using our services, you agree to the collection and use of your information in accordance with this policy.

Unless otherwise defined, the terms used in this Privacy Policy have the same meanings as in our End User License Agreement and Terms of Service.

For queries or further information about this Privacy Policy, please contact WorkPro on + 61 1300 975 776, or privacy@workpro.com.au.

Our service

WorkPro is a web-based platform that aggregates employment-related services including, without limitation, inductions and eLearning modules, on-demand background and probity screening and checks, citizenship and work rights checks, and licences/tickets and document management.

The security of all data is important to us, but remember that no method of transmission over the internet or method of electronic storage is 100% secure. While WorkPro strives to use commercially acceptable means to protect personal data, we cannot guarantee its absolute security.  All users of the internet should take appropriate steps to protect their own personal information. These may include keeping online passwords safe and secure, regularly updating anti-spyware software, and being diligent about the types of information shared via the internet.

Information collection

We collect and use personal information about you in the operation of our business.

Individuals

Upon sign-up, you may be required to enter personal information and upload documents in order to fulfil certain tasks. Once the tasks are completed, or you upload certain documents, you can choose to make some of your personal information visible to WorkPro Customers that subscribe to the WorkPro service.

You can do this by providing a WorkPro Customer with your Candidate Identification Number (CIN), a unique identifier that is provided when you sign up for WorkPro. This CIN is emailed to you and is available via your online profile.

Information and documents may include but are not limited to your:

• Name, address, phone numbers and e-mail addresses;
• Passport information;
• Date, town and country of birth;
• Driver’s licence and other work licences;
• Any previous names;
• Address history;
• Identity documents;
• Photographic image of your face;
• Work histories;
• Qualifications.

When you complete certain tasks, some or all of the following information is collected:

• Results of work rights checks through the Department of Home Affair’s Visa Entitlement Verification Online (VEVO) database;
• Results of background and probity check results captured through Government Authorised and Regulatory Bodies;
• Results of police and criminal record checks captured through the Australian Criminal Intelligence Commission (ACIC) National Criminal History database;
• Records and test results of any induction and training modules undertaken.

Please note that criminal records are sensitive information.  This information will only be collected with your express consent when you provide your details for a criminal check to be conducted.

WorkPro will be unable to provide you with services if you choose to remain anonymous or to use a pseudonym.

Customers

When a Customer registers to use our service, you may will be asked to provide some or all of the following information:

• Name and work title, and direct contact details including telephone number and email address;
• Customer contact details, including telephone numbers and office addresses.

Electronic transactions

Through the use of our services, including our website, some personal information may be collected through browsing and cookies. This may include pages visited, the time spent on each page and the server IP address. This information (or metadata) does not identify a person personally. You should take care when browsing from one website to another as this Privacy Policy does not apply to any other websites visited. Cookies may be used to record user activity on our website to enable a better browsing experience. Browsers can be set to not accept cookies, or cookies can be deleted at the end of the session.

General Data Protection Regulation legal basis

If you are in the European Economic Area (EEA) you are advised that our legal basis for processing personal information under the General Data Protection Regulation (GDPR) depends on the personal information we collect, and the specific context in which we collect it.  We may process your personal information because:

• We need it to perform a contract with you;
• You have given us permission to do so;
• The processing is in our legitimate interests and it is not overridden by your rights;
• For payment processing purposes;
• To comply with the law.

Use of information

WorkPro uses collected information to provide and maintain our services. This includes but is not limited to:

• Legal obligations as related to providing Customers with compliance protections;
• Verifying consistency in personal information collected;
• Enabling sharing of your personal information to selected Customers as requested by you;
• Providing secure storage of your personal information;
• Providing records of verification of your personal information for Customers;
• Issuing automatic alerts to recheck information if required.

In addition, we may use the information collected for the following purposes:

• To monitor the usage of our service;
• To provide you with support;
• To gather analysis or valuable information so that we can improve our service;
• To detect, prevent and address technical issues;
• Staff management and training.

How personal information is held

Your personal information is held in our online portal for the purposes of delivering business services.

WorkPro utilises technical security measures to ensure that information and data is stored securely and to mitigate against theft, loss, misuse, unauthorised access, and unauthorised modification.

Servers are hosted by external suppliers at a secured site in Australia under suitable data protection and security procedures.

WorkPro employees are obliged to respect the confidentiality of any personal information held by us. Background checks are completed on all WorkPro employees, and all employees complete a Privacy Induction as part of their employment. Regular audits are conducted to monitor how personal information is managed, and all employees participate in regular training and discussions about data management and security.

Disclosures

We may disclose your personal information for any of the purposes for which it is primarily held or where we are under a legal duty to do so. We may disclose personal information in the good faith belief that such action is necessary to:

• Comply with a legal obligation;
• Protect and defend the rights or property of WorkPro;
• Prevent or investigate possible wrongdoing in connection with the Service;
• Protect the personal safety of users of the Service or the public;
• Protect against legal liability.

Related purpose disclosures

WorkPro outsources a number of services to Contracted Service Providers (CSPs) from time to time. Our CSPs may see some of your personal information. Some CSPs assist us to maintain our platform, others provide data through their external databases, such as ACIC and VEVO.

We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Third party applications

Third party applications are online, web-based applications and offline software products that are:

• Provided by third parties;
• Interoperate with the Licenced Services; and
• May be either separate or co-joined with the Licenced Services, whether or not they are identified to you by WorkPro as applications that are provided by third parties, and include (without limitation): FastTrack360, Recruit360, FastTrack Marketplace, PeopleStreme HR Software, FoundU, Expr3ss!, Bullhorn, Oncore, JobAdder, social media log-in functionality, and related web-based software and Application Programming Interfaces (APIs).

WorkPro may allow providers of third party applications to access your information as required for interoperation with its services.

Your information (including where relevant, personal information or sensitive information) may be transmitted outside the WorkPro system and the systems of its Third Party Application Suppliers (TPAS).

WorkPro’s TPAS may aggregate, use, disclose, distribute, and publish anonymous statistical or analytical data regarding use and functioning of their systems. Such statistical or analytical data will be the sole property of the TPAS.

WorkPro relies upon consents and contractual arrangements contained in its End User Licence Agreement (EULA) and Terms of Service to manage privacy obligations arising in connection with its use of TPAS.

Cross-border disclosures

Personal information may be collected from sources or disclosed to recipients outside of Australia.

WorkPro’s processing (including collection, validation and disclosure to permitted site users) of your personal information is undertaken for the purpose of providing the Licenced Services pursuant to the EULA and relevant Terms of Service.

In the processing of your personal information, it may be necessary for WorkPro to source information from overseas countries (source countries) and to disclose personal information to Australian and overseas recipients.

Such disclosure may result in personal information being disclosed via WorkPro’s online portal to recipients (including overseas recipients) who may not be subject to privacy protections applying in Australia or the source country, depending on where the recipient is based.

Whilst collection and disclosure or transfer of personal information is intended for their benefit, overseas recipients and transferors of personal information may not be bound to protect it under domestic and foreign Privacy Laws that apply to WorkPro, and it may be impracticable to enforce any protections that do apply.

There are a number of reasons why it may not be practicable for WorkPro to take steps to ensure that the source or recipient does not breach the privacy protections that apply to personal information or to WorkPro’s management, control or processing of it, such as:

• The variety and number of sources from which WorkPro may need to collect personal information;
• The variety and number of overseas recipients to whom WorkPro may need to disclose personal information;
• The number of occasions on which disclosure may be necessary; and
• The timeframes within which processing of personal information is to occur.

WorkPro relies upon consents and contractual arrangements contained in its EULA and Terms of Service to manage privacy obligations and risks arising in connection with its cross border disclosures of personal information.

Access and correction

You have the right to request access to your personal information and to correct it as necessary. WorkPro will ask you to verify your identity, and will take reasonable steps to either make the changes or to refuse to do so if doing so would be unreasonable.

General rights

You have access to your own personal information held in WorkPro at all times, and can update, edit or request to have your profile deleted at any time.

If your profile is deleted as a user of the WorkPro service it does not automatically entitle you to have all of your personal information permanently deleted from the WorkPro system. Some personal information may continue to be used, disclosed, or otherwise processed for a lawful purpose, including the meeting of WorkPro’s and Customer’s retention and reporting obligations.

If you are seeking to be informed about what personal information is held about you, and what data may be retained following deletion of your profile, you should contact WorkPro.

WorkPro has data destruction procedures that are undertaken on a regular basis. Data retention periods vary according to the type of data and the requirements of the EULA and Terms of Service, and the obligations imposed by authorities such as the Australian Criminal Intelligence Commission (ACIC).

For the purposes of phone and email support, you will need to verify your identity in accordance with WorkPro’s security and privacy protocol.  This may include providing your name and confirming personal information held in the WorkPro portal.

Data protection rights under GDPR

Individuals from the European Economic Area (EEA) have the following data protection rights.

1. The right to access, update or delete the information held
   Whenever made possible, you can access, update or request deletion of your personal information directly within your online profile.
2. The right of rectification
   You have the right to have your information rectified if that information is inaccurate or incomplete.
3. The right to erase
   You have the right to be forgotten except in some circumstances including where the information has been shared with a Customer to enable the Customer to meet their legal obligations (refer above).
4. The right to object
   You have the right to object to our processing of your personal information.
5. The right of restriction
   You have the right to request that we restrict the processing of your personal information.
6. The right to data portability
   You have the right to be provided with a copy of the information held by us in a structured, machine-readable and commonly used format.
7. The right to withdraw consent
   You have the right to withdraw future consent at any time where WorkPro relied on consent to process the personal information.

Direct marketing

From time to time WorkPro may send email, text message or print communication to you as part of various direct marketing campaigns. We may use the contact details you have provided to include in these direct marketing campaigns, unless it has been specifically requested not to do so. If you receive marketing related email communication from us, you have the option to request that your contact details be removed from the distribution list for similar, future direct marketing campaigns. We respect your privacy and endeavour to abide by the requirements of relevant anti-spam legislation.

Complaints

You have the right to complain about the handling of your personal information if you believe that we have interfered with your privacy.

Complaints made about our handling of your personal information should be made in writing, and sent to our Privacy Coordinator who can be contacted on privacy@workpro.com.au. Complaints can also be made to the Office of the Australian Information Commissioner or to the GDPR supervisory authority in the Member state of your habitual residence.

When we receive a complaint, we will seek to confirm the authenticity of the complaint, acknowledge receipt, and commence an investigation. We will aim to be in a position to respond in a reasonable time, usually 30 days.

Changes to Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our platform. We will let you know with a prominent notice in our online platform, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on WorkPro’s online platform.