WorkPro is hosted within the Microsoft Azure data centre in Victoria. From time to time, underlying problems in the Azure infrastructure can have an impact on the WorkPro system. Azure is reporting to WorkPro that there is an intermittent issue with the underlying database that serves WorkPro. They are currently working with the WorkPro Platform Team to resolve the issue.
Risk Solutions Australia Pty Ltd (trading as WorkPro) ACN 113 726 033 (“us”, “we”, or “our”) is a web-based platform purpose built to aid in streamlining the administration of employee screening, onboarding, induction and workforce compliance. This policy outlines our approach to the collection, use and disclosure of personal data, and the choices available to you associated with that data.
WorkPro collects and stores certain sensitive information in order to deliver our services. This includes performing specific functions, and meeting our legal obligations. By using our services, you agree to the collection and use of your information in accordance with this policy.
WorkPro is a web-based platform that aggregates employment-related services including, without limitation, inductions and eLearning modules, on-demand background and probity screening and checks, citizenship and work rights checks, and licences/tickets and document management.
The security of all data is important to us, but remember that no method of transmission over the internet or method of electronic storage is 100% secure. While WorkPro strives to use commercially acceptable means to protect personal data, we cannot guarantee its absolute security. All users of the internet should take appropriate steps to protect their own personal information. These may include keeping online passwords safe and secure, regularly updating anti-spyware software, and being diligent about the types of information shared via the internet.
We collect and use personal information about you in the operation of our business.
Upon sign-up, you may be required to enter personal information and upload documents in order to fulfil certain tasks. Once the tasks are completed, or you upload certain documents, you can choose to make some of your personal information visible to WorkPro Customers subscribing to the WorkPro service.
You can do this by providing a WorkPro Customer with your Candidate Identification Number (CIN), a unique identifier that is provided when you sign up for WorkPro. This CIN is emailed to you and is available via your online profile.
Information and documents may include but are not limited to your:
When you complete certain tasks, some or all of the following information is collected:
Please note that criminal records are sensitive information. This information will only be collected with your express consent when you provide your details for a criminal check to be conducted.
WorkPro will be unable to provide you with services if you choose to remain anonymous or to use a pseudonym.
When a Customer registers to use our service, you may be asked to provide some or all of the following information:
If you are in the European Economic Area (EEA) you are advised that our legal basis for processing personal information under the General Data Protection Regulation (GDPR) depends on the personal information we collect, and the specific context in which we collect it. We may process your personal information because:
WorkPro uses collected information to provide and maintain our services. This includes but is not limited to:
In addition, we may use the information collected for the following purposes:
Your personal information is held in our online portal for the purposes of delivering business services.
WorkPro utilises technical security measures to ensure that information and data is stored securely and to mitigate against theft, loss, misuse, unauthorised access, and unauthorised modification.
Servers are hosted by external suppliers at a secured site in Australia under suitable data protection and security procedures.
WorkPro employees are obliged to respect the confidentiality of any personal information held by us. Background checks are completed on all WorkPro employees, and all employees complete a Privacy Induction as part of their employment. Regular audits are conducted to monitor how personal information is managed, and all employees participate in regular training and discussions about data management and security.
We may disclose your personal information for any of the purposes for which it is primarily held or where we are under a legal duty to do so. We may disclose personal information in the good faith and belief that such action is necessary to:
WorkPro outsources a number of services to Contracted Service Providers (CSPs) from time to time. Our CSPs may see some of your personal information. Some CSPs assist us to maintain our platform, others provide data through their external databases, such as the ACIC and VEVO.
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Third party applications are online, web-based applications and offline software products that are:
WorkPro may allow providers of third party applications to access your information as required for interoperation with its services.
Your information (including where relevant, personal information or sensitive information) may be transmitted outside the WorkPro system and the systems of its Third Party Application Suppliers (TPAS).
WorkPro’s TPAS may aggregate, use, disclose, distribute, and publish anonymous statistical or analytical data regarding use and functioning of their systems. Such statistical or analytical data will be the sole property of the TPAS.
WorkPro relies upon consents and contractual arrangements contained in its End User Licence Agreement (EULA) and Terms of Service to manage privacy obligations arising in connection with its use of TPAS.
Personal information may be collected from sources or disclosed to recipients outside of Australia.
WorkPro’s processing (including collection, validation and disclosure to permitted site users) of your personal information is undertaken for the purpose of providing the Licenced Services pursuant to the EULA and relevant Terms of Service.
In the processing of your personal information, it may be necessary for WorkPro to source information from overseas countries (source countries) and to disclose personal information to Australian and overseas recipients.
Such disclosure may result in personal information being disclosed via WorkPro’s online portal to recipients (including overseas recipients) who may not be subject to privacy protections applying in Australia or the source country, depending on where the recipient is based.
Whilst collection and disclosure or transfer of personal information is intended for their benefit, overseas recipients and transferors of personal information may not be bound to protect it under domestic and foreign Privacy Laws that apply to WorkPro, and it may be impracticable to enforce any protections that do apply.
There are a number of reasons why it may not be practicable for WorkPro to take steps to ensure that the source or recipient does not breach the privacy protections that apply to personal information or to WorkPro’s management, control or processing of it, such as:
WorkPro relies upon consents and contractual arrangements contained in its EULA and Terms of Service to manage privacy obligations and risks arising in connection with its cross border disclosures of personal information.
You have the right to request access to your personal information and to correct it as necessary. WorkPro will ask you to verify your identity, and will take reasonable steps to either make the changes or to refuse to do so if doing so would be unreasonable.
You have access to your own personal information held in WorkPro at all times, and can update, edit or request to have your profile deleted at any time.
If your profile is deleted as a user of the WorkPro service it does not automatically entitle you to have all of your personal information permanently deleted from the WorkPro system. Some personal information may continue to be used, disclosed, or otherwise processed for a lawful purpose, including the meeting of WorkPro’s and Customer’s retention and reporting obligations.
If you are seeking to be informed about what personal information is held about you, and what data may be retained following deletion of your profile, you should contact WorkPro.
WorkPro has data destruction procedures that are undertaken on a regular basis. Data retention periods vary according to the type of data and the requirements of the EULA and Terms of Service, and the obligations imposed by authorities such as the Australian Criminal Intelligence Commission (ACIC).
For the purposes of phone and email support, you will need to verify your identity in accordance with WorkPro’s security and privacy protocol. This may include providing your name and confirming personal information held in the WorkPro portal.
Individuals from the European Economic Area (EEA) have the following data protection rights:
From time to time WorkPro may send email, text messages or print communications to you as part of various direct marketing campaigns. We may use the contact details you have provided to include in these direct marketing campaigns, unless it has been specifically requested not to do so. If you receive marketing related email communication from us, you have the option to request that your contact details be removed from the distribution list for similar, future direct marketing campaigns. We respect your privacy and endeavour to abide by the requirements of relevant anti-spam legislation.
You have the right to complain about the handling of your personal information if you believe that we have interfered with your privacy.
Complaints made about our handling of your personal information should be made in writing, and sent to our Privacy Coordinator who can be contacted at firstname.lastname@example.org. Complaints can also be made to the Office of the Australian Information Commissioner or to the GDPR supervisory authority in the Member state of your habitual residence.
When we receive a complaint, we will seek to confirm the authenticity of the complaint, acknowledge receipt, and commence an investigation. We will aim to be in a position to respond in a reasonable time, usually 30 days.