WorkPro Privacy Policy

Effective Date: April 2025


Introduction 


Risk Solutions Australia Pty Ltd (trading as WorkPro) ACN 113 726 033 ("us", "we", or "our") is a web-based platform purpose-built to aid in streamlining the administration of worker screening, onboarding, induction, and workforce compliance.


This policy outlines our approach to the collection, use, disclosure and destruction of personal data, and the choices available to you that are associated with that data.


WorkPro collects and may store certain sensitive information about you to perform certain functions, deliver our services and adhere to our Government accreditation obligations. By using WorkPro, you agree to the collection and use of your information in accordance with this policy.


Unless otherwise defined, the terms used in this Privacy Policy have the same meaning as the WorkPro Customer Terms of Service and Candidate Terms of Access which are available on our website (workpro.com.au).


If you have queries or want further information about this Policy, please email privacy@workpro.com.au.


Our Service


WorkPro is a web-based platform that aggregates employment-related services including, without limitation, your CV, inductions and e-learning modules, on-demand background and probity checks, reference checks, medical checks, vaccination status information, citizenship and work rights checks, and licence, ticket, credential and document management.


WorkPro is certified to ISO27001:2022 Information Security Management Standards. Whilst we conduct scheduled regular third-party audits and security penetration tests, it is important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. While WorkPro adopts security best practice and strives to use acceptable means to protect personal data, we cannot guarantee its absolute security. 


Information Collection


We collect and use personal information about you in the operation of our business.


Individuals


Once you have established your digital WorkPro profile, you may be required to enter personal information, provide identity and upload documents to fulfil certain tasks.


Information and documents may include but are not limited to:


  • Your CV;
  • Name, address, phone numbers and e-mail address;
  • Date, town, state, and country of birth;
  • Previous names;
  • Address history;
  • Identity documents;
  • Photographic and/or live image of your face;
  • Licences or accreditations;
  • Work history;
  • Vaccination Status;
  • Education and qualifications
  • References;
  • Medical Reports


Sharing your digital WorkPro profile


If a subscribing WorkPro customer (customer) request you to complete the same tasks, upload the same document, or provide the same information, it is possible for you to share certain information in your personal digital profile with that company:


1. Provide them with your unique WorkPro Identification Number (WorkPro ID). Your unique WorkPro ID is assigned to when you create a WorkPro digital profile. This identifier is emailed to you when you complete your first task and is visible in your digital profile.


Information that you can share or make visible to a customer using this method includes:


  • eLearning modules that you have completed
  • Licences/Tickets/Credentials/Accreditations that you have uploaded

 

2. The customer will send you a request from the WorkPro platform that contains a unique Single Use Token. You will log in to your WorkPro digital profile, enter the Single Use Token contained in the invitation, review, edit or add the required information, and, if necessary, upload new identity documents or facial image, and provide consent for the check to be completed. This includes:

 

  • Background and Probity Check
  • Reference Check
  • Medical Check
  • Citizenship and Work Rights Check
  • Vaccination Information


Most background and probity checks are unique, however there is an option to securely share some completed background checks. If this is permissible, you will see a ‘share’ option in your profile once you enter the Single Use Token.


Pre-populated applications, and previously uploaded current identity documents can be re-used.


If you have previously uploaded licences or accreditations and completed eLearning modules, a subscribing customer can see these once you have provided them your WorkPro ID, which they use to import your profile to their account or completed a task using the Single Use Token.


When you complete certain tasks, some or all the following information is collected:


  • Results of background and probity checks captured through Government Authorised and Regulatory Bodies databases within Australia and Overseas;
  • Results of Document Verification Service captured through Government Authorised Bodies within Australia;
  • Medical Reports;
  • Vaccination Certificate;
  • Records and test results of eLearning modules


Covid-19 Vaccination


The Covid-19 Vaccination is considered sensitive information under the Privacy Act, and as such we take all reasonable steps to ensure that this information is protected from misuse, interference, loss, unauthorised access, modification, or disclosure and to ensure that this information is stored securely. Covid-19 information can only be collected with your informed consent, and it is only visible to WorkPro Customers who have requested your Covid-10 certificate when you enter the Single Use Token provided to you by that customer.


You can access and make an update or correction to your Covid-19 vaccination status any time by logging in to your digital profile.


Deleting data or deleting your digital WorkPro profile


You have the right to delete your facial data from your WorkPro profile, or delete your WorkPro profile.


You can request your profile to be deleted by logging in and clicking on your initials to open settings and selecting ‘delete profile’.


You can request for your facial record to be deleted from your WorkPro profile.


WorkPro is not able to provide you with services or support you if you choose to remain anonymous or to use a pseudonym.


Customers


When a Customer subscribes to use WorkPro, WorkPro may require some or all of the following information:


  • Contact name and work title, and direct contact details including telephone number and email address;
  • Customer contact details including company telephone numbers and office addresses.

 

Electronic Transactions


When you are accessing our services, including our website, some personal information may be collected through browsing and cookies. This may include pages visited, the time spent on each page, and the server IP address. This information (or metadata) does not identify you personally. You should take care when browsing from one website to another as this Privacy Policy does not apply to any other websites visited. Cookies may be used to record user activity on our website to enable a better browsing experience. Browsers can be set to not accept Cookies, or Cookies can be deleted at the end of the session.


GDPR Legal Basis


If you are in the European Economic Area (EEA) you are advised that our legal basis for processing personal information under the General Data Protection Regulation (GDPR) depends on the personal information we collect and the specific context in which we collect it. We may process your personal information because:


  • We need it to perform a contract with you;
  • You have given us permission to do so;
  • The processing is in our legitimate interests and it is not overridden by your rights;
  • For payment processing purposes;
  • To comply with the law


Use of Information


WorkPro uses the collected information to provide and maintain our services. This includes but is not limited to:


  • Legal obligations as it relates to providing Customers with compliance protections;
  • Verifying consistency in personal information collected;
  • Enabling sharing of an individual’s personal information to selected Customers as requested by an individual;
  • Providing secure storage of an individual’s personal information;
  • Providing records of verification of an individual’s personal information for Customers;
  • Issuing automatic alerts to re-check information if required


In addition, we may use the information collected for the following purposes:


  • To monitor the usage of our service;
  • To provide you with support;
  • To gather analysis or valuable information so that we can improve our service;
  • To detect, prevent and address technical issues;
  • Staff management and training.


How personal information is held


Your personal information is held in our online portal for the purposes of delivering business services.


Once tasks are completed, a record of completion is stored in your personal WorkPro digital profile.


Certain Personally Identifiable Information (PII) (date of birth, facial image) are encrypted.


Identity documents that have been validated using WorkPro’s Document Verification Service are stored in your personal identity vault.


WorkPro is security accredited to ISO27701: 2022 and utilises appropriate technical security measures to ensure that information and data is stored securely and to mitigate against theft, loss, misuse, unauthorised access, and unauthorised modification. IT systems that store personal data or other sensitive data are protected according to industry security compliance standards such as encryption, a firewall and anti-malware protection.


WorkPro regularly participates in penetration testing to maintain the highest levels of security.


Servers are hosted by external suppliers at a secured site in Australia under data protection and security procedures. 


Users information is protected by access controls, whereby users are positively identified and authenticated before gaining access to systems, services, or the information. The information is encrypted at rest and in transit.


WorkPro staff are obliged to respect the confidentiality of any personal information held by us. Background checks are completed on all WorkPro employees, and all employees complete Security, Privacy and Cyber Security Training as part of their employment.  Regular audits are conducted to monitor how personal information is managed, and all employees participate in regular training and discussions relating to data management and security.


Disclosures


We may disclose your personal information for any of the purposes for which it is primarily held or where we are under a legal duty to do so. We may disclose your personal information in the good faith belief that such action is necessary:


  • To comply with a legal obligation;
  • To protect and defend the rights or property of WorkPro;
  • To prevent or investigate possible wrongdoing in connection with the service;
  • To protect the personal safety of users of the service or the public;
  • To protect against legal liability


Related Purpose Disclosures


WorkPro outsources several services to contracted service providers (CSPs) from time to time.  Our CSPs may see some of your personal information. Some CSPs assist us to maintain our platform, others provide data through their external databases, such as the Australian Criminal Intelligence Commission (ACIC) and Department of Home Affairs.


We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.


Links to Other Sites


Our service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.


We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.


Third Party Applications


Third Party Applications (TPA’s) are online, web-based applications and offline software products that:


  • are provided by third parties;
  • are interoperated with the Licensed Services; and
  • may be either separate or co-joined with the Licenced Services, whether they are identified to you by WorkPro as applications that are provided by third parties -


and include (without limitation): FastTrack360, Recruit360, Expr3ss!, Onboard Express, JobAdder, Jobfit, RecruitWizard, PageUp, SmartRecruiters, Salesforce, Workday, RecruitOnline, Paradox, Recruit Wizard, Bullhorn and Referoo, social media log-in functionality, and related web-based software and application programming interfaces (APIs) including Department of Home Affairs, the Australian Criminal Intelligence Commission, Ministry of Justice NZ, and Microsoft Azure.


WorkPro may allow providers of TPA’s to access your information as required for interoperation with its services.


Your information (including, where relevant, personal information or sensitive information) may be transmitted outside the WorkPro system and the systems of its Third-Party Application Suppliers (TPA’s).


WorkPro’s TPA’s may aggregate, use, disclose, distribute, and publish anonymous statistical or analytical data regarding use and functioning of their systems. Such statistical or analytical data will be the sole property of the TPA’s.


WorkPro relies upon consents and contractual arrangements contained in its Terms of Access to manage privacy obligations arising in connection with its use of TPA’s.


Document Verification Service (DVS)


WorkPro is an approved Gateway Services Provider of the Federal Attorney-General’s Document Verification Service. This service enables WorkPro to authenticate some identity documents against the authorised database for the purposes of confirming its authenticity.


Users are notified in the WorkPro portal if any uploaded document(s) will be verified using WorkPro’s Document Verification Service. Consent must be provided before the document can be verified.


Cross-Border Disclosures


Personal information may be collected from sources or disclosed to recipients outside of Australia.


WorkPro’s processing (including collection, validation, and disclosure to permitted Customers) of your personal information is undertaken for the purpose of providing the Licensed Services pursuant to the Customer Terms of Service.


In the processing of personal information, it may be necessary for WorkPro to source information from overseas countries (source countries) and to disclose personal information to Australian and overseas recipients.


Such disclosure may result in personal information being disclosed via WorkPro’s online portal to recipients (including overseas recipients) who may not be subject to privacy protections applying in Australia or the source country, depending on where the recipient is based.


Whilst collection and disclosure or transfer of personal information is intended for their benefit, overseas recipients and transferors of personal information may not be bound to protect it under domestic and foreign Privacy Laws that apply to WorkPro, and it may be impracticable to enforce any protections that do apply.


There are several reasons why it may not be practicable for WorkPro to take steps to ensure that the source or recipient does not breach the privacy protections that apply to personal information or to WorkPro’s management, control or processing of it, such as:


  • the variety and number of sources from which WorkPro may need to collect personal information;
  • the variety and number of overseas recipients to whom WorkPro may need to disclose personal information;
  • the number of occasions on which disclosure may be necessary; and
  • the timeframes within which processing of personal information is to occur.


WorkPro relies upon consents and contractual arrangements contained in its Terms of Access to manage privacy obligations and risks arising in connection with its cross-border disclosures of personal information.


General Rights

You have access to your personal information held in WorkPro, and to update, edit or request to delete your facial image or digital profile.


If your profile is deleted as a User of the WorkPro service, it does not automatically entitle you to have all the personal or sensitive information permanently deleted from the WorkPro system. Some personal information may continue to be used, disclosed, or otherwise processed for a lawful purpose, including the meeting of WorkPro’s and Customer’s retention and mandatory legal obligations.


Information about the personal information or data that needs to be retained following the deletion of your digital profile is available in WorkPro’s Candidate Data Management policy found within your digital profile.


WorkPro deploys data destruction procedures systematically. Data is retained for no longer than necessary and retention periods vary according to the type of data and the obligations imposed by certain authorities and regulations.


For the purposes of phone and email support, you will need to verify your identity in accordance with WorkPro’s security and privacy protocol.  This may include providing your name and confirming personal information held in the WorkPro portal.


Data Protection Rights under GDPR


Individuals from the European Economic Area (EEA) have the following data protection rights.


1. The right to access, update or delete the information held. Whenever made possible, you can access, update or request deletion of your personal information directly within your digital profile.

2. The right of rectification. The right to have their information rectified if that information is inaccurate or incomplete.

3. The right to erase. The right to be forgotten except in some circumstances including where the information has been shared with a Customer to enable the Customer to meet their legal obligations (refer above).

4. The right to object. The right to object to WorkPro’s processing of your personal information.

5. The right of restriction. The right to request that WorkPro restrict the processing of your personal information.

6. The right to data portability. The right to be provided with a copy of the information held by WorkPro in a structured, machine-readable, and commonly used format.

7. The right to withdraw consent. The right to withdraw future consent at any time where WorkPro relied on consent to process the personal information.

 

Direct Marketing


From time-to-time WorkPro may send e-mail, text message or print communication to you as part of various direct marketing campaigns. We may use the contact details you have provided to include in these direct marketing campaigns unless it has been specifically requested not to do so. If you receive marketing-related e-mail communication from us, you have the option to request that your contact details be removed from the distribution list for similar, future direct marketing campaigns. We respect your privacy and endeavour to abide by the requirements of relevant anti-spam legislation.


Complaints


You have the right to complain about the handling of your personal information if you believe that we have interfered with your privacy.


Complaints made about our handling of your personal information should be made in writing and sent to our Privacy Co-ordinator who can be contacted at privacy@workpro.com.au. Complaints can also be made to the Office of the Australian Information Commissioner, NZ Privacy Commissioner, or to the GDPR supervisory authority in the Member state of your habitual residence.


When we receive a complaint, we will seek to confirm the authenticity of the complaint, acknowledge receipt, and commence an investigation. We will aim to be able to respond within a reasonable time, usually 7 business days. 


Changes to Privacy Policy


We may update our Privacy Policy from time to time. The latest version will be available on the WorkPro website. Changes to this Privacy Policy are effective when they are posted on the WorkPro website.