Privacy Policy

Introduction

1. We respect your right to privacy and are committed to safeguarding the privacy of our clients, candidates and website visitors. This policy sets out how we collect and treat your personal information.

2. We adhere to the Australian Privacy Principles contained in the Privacy Act 1998 (Cth), any amendments and to the extent applicable, the EU General Data Protection Regulation (GDPR).

3. You may contact us in writing at reception@wellsgray.com.au for further information about this privacy policy.

What personal information is collected:

1. We will from time to time, receive, collect and store personal information you provide us that is reasonably necessary for the proper performance of our activities or functions.

2. You may provide information such as your name, address, email, telephone number and city.

3. Additionally, we may also collect other information you provide while interacting with us.
4. We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
5. Generally, we do not collect sensitive information about you unless required by law or where it is required in order for us to provide you with the services. “Sensitive information” includes information relating to race, political or religious beliefs, sexual orientation and sexual life, criminal convictions, membership of professional or trade associations or unions, biometric information or information about your affiliation with certain organisations such as professional associations. If Sensitive Information is required, we will limit its collection to the minimum amount required to perform our services.

6. The nature of information collected may vary depending on the nature of your engagement with us. The following types of engagement and the type of information we may collect includes but is not limited to:

   1. Job Seeker/Candidate. Information necessary to:

      1. work history;
      2. assess amenability to work offers;
      3. work availability;
      4. suitability for placements; or
      5. manage performance in work obtained through us.

   2. Client. Information necessary to:

      1. assess the nature of work required; and
      2. help us manage the presentation and delivery of our services.

   3. Referee. Information necessary to:

      1. Make determinations about the suitability of Job Seekers/Candidates for particular jobs or work.
7. Information Flow

   When we collect your personal information:

   1. We check that it is reasonably necessary for our functions or activities as an employment agency and On-hire Firm;
   2. We check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;
   3. We record and hold your information in our database. Some information may be disclosed to overseas recipients;
   4. We retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again - especially if some time has passed since we last checked;
   5. Subject to some exceptions, we permit you to access and correct your personal information in accordance with APP:12 of the (APPs);
   6. We correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs);
   7. We destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.

How we collect your personal information

1. We collect personal information from you in a variety of ways, including when you contact us with a question or enquiry, provide your resume or CV or when you access our website.  We may use ‘cookies’ on our website. Cookies are an industry standard and most major websites use them. A cookie is a small text file that our website may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings in your browser.

2. How we collect your personal information may vary depending on the nature of your engagement with us. The following types of engagement and how we may collect your information includes but is not limited to:

   1. Job Seeker/Candidate. Information may be collected:

      1. Directly from you when you complete and submit an application form;
      2. From a third-party database used to synchronise data with platforms such as LinkedIn. If you do not wish to have this data synchronised please contact us in accordance with this Privacy Policy; and
      3. From a range of publicly available sources such as journals, directories, social media etc.

   2. Client. Information may be collected:

      1. When it is provided directly from you to us; and
      2. From a range of publicly available sources such as journals, directories, social media etc.

   3. Referee. Information may be collected:

      1. When it is provided directly from you to us; and
      2. From a range of publicly available sources such as journals, directories, social media etc.
3. We will not request that you supply photographs, scan your photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances. For Job Seekers/Candidates who permit us to take a photo of them at an interview, this information will be stored for internal purposes only in accordance with this Privacy Policy.
4. Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
5. By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.  

How we use your personal information

1. We will use personal information only for the purposes that you consent to. This may include to:

   1. communicate with you about our services including but not limited to:

      1. work placement operations;
      2. recruitment functions;
      3. client and business relationship management; and
      4. marketing services.
   2. Statistical purposes (including the use of cookies); and
   3. To confirm your identity and authority to provide references.
   4. If you withhold your personal information, it may not be possible for us to provide you with our services or for you to fully access our website.  
2. We may disclose your personal information to comply with legal requirements, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.  
3. If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases, without having to obtain your consent.  

How your personal information is held

1. Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
2. Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia.
3. Our office is located in Australia. However, in the event that we open offices or facilities outside of Australia, any transfers to each of these countries will be protected by appropriate safeguards.
4. You acknowledge that personal data that you submit for publication through our website or service may be available, via the internet, around the world.  Whilst we will take appropriate steps to safeguard your personal data, we cannot prevent the use (or misuse) of such personal data by others.

Disclosure of your personal information and its security

1. We may disclose your personal information to any of our employees, officers, insurers,professional advisers, agents, suppliers or subcontractors insofar as reasonablynecessary for the purposes set out in this privacy policy.
2. If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy. Any information stored with third party providers is subject to the privacy policies of those organisations and we will provide access to those policies.
3. We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
4. The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us.  Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure your that personal information that we collect will not be disclosed in a manner that is inconsistent with this privacy policy.
5. Your personal information will not be kept for longer than necessary for us to fulfil the specific purposes outlined in this privacy policy, and to allow us to comply with our legal requirements.

Notifiable Data Breach

1. An Eligible data breach occurs when:

   1. there is unauthorised access to, or unauthorised disclosure of personal information that we hold; and
   2. this is likely to result in serious harm to one or more individuals; and
   3. we have not been able to prevent the likely risk of serious harm with remedial actions (serious harm may be psychological, emotional, physical or reputational).

2. If an Eligible data breach is found we would complete the following steps which are further outlined in our Company Notifiable Data Breach Plan:

   1. conduct an assessment immediately to investigate the matter. There are 3 steps involved:

      1. initiate the assessment;
      2. investigate and gather information; and
      3. evaluate and make a decision whether there has been an eligible data breach (Note: there is a maximum of 30 days to conduct assessments).
   2. we will ensure that relevant personnel are made aware of the breach as soon as practicable; and
   3. we will notify you of the breach as soon as practicable once we confirm that an eligible data breach has occurred.  

General Data Protection Regulation (GDPR) for the European Union (EU)

1. We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
2. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
3. We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
4. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
5. We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
6. We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
7. We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
8. You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you.

Your rights under the GDPR

1. If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

2. Except as otherwise provided in the GDPR, you have the following rights:

   1. to be informed how your personal information is being used;
   2. access your personal information (we will provide you with a free copy of it);
   3. to correct your personal information if it is inaccurate or incomplete;
   4. to delete your personal information (also known as “the right to erasure” and “the right to be forgotten”);
   5. to restrict processing of your personal information;
   6. to retain and reuse your personal information for your own purposes;
   7. to object to your personal information being used; and
   8. to object against automated decision making and profiling.

3. Please contact us at any time to exercise your rights under the GDPR at reception@wellsgray.com.au

4. We may ask you to verify your identity before acting on any of your requests.  

Access to your personal information

1. You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at reception@wellsgray.com.au.
2. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act 1988 (Cth), to the extent applicable the GDPR or any other applicable law.
3. Except to the extent required by applicable law, you are not authorised to gain access to evaluative opinion material obtained confidentially in the course of performing our reference checks. Alternatively, we may obtain consent from the relevant referees before sharing this information with you. You can request the deletion of such material, however you are not authorised to obtain access to it.
4. We will provide a response to your request for access within 14 business days and where lawfully, you will be responsible for any costs or charges incurred by us to obtain any of your information.

Complaints about privacy

1. If you have any complaints about our privacy practices, please feel free to send in details of your complaints to reception@wellsgray.com.au. We take complaints very seriously and will respond as soon as practicable after receiving written notice of your complaint and within 30 days at the latest.

Changes to privacy policy

1. Please be aware that we may change this privacy policy in the future. We may modify this privacy policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website. Please check back from time to time to review our privacy policy.