This policy may refer to one or more of our businesses (thereafter “We”):
- Interchange Bench – The Interchange Bench provides temporary, contractor, and contingent workforce services including payrolling services
- Slade Group – Slade Group recruits permanent roles through to executive appointments and technical specialist roles across a broad range of industries and sectors; services include HR consulting and assessments
- TRANSEARCH International Australia – TRANSEARCH specialises in executive search and senior level recruitment for C-Level Executives and Non-Executive Directors, leadership consulting, board services and management assessment
We respect the privacy rights of all individuals and are committed to ensuring that all Directors and others involved in the management of our business comply at all times with their obligations under the Privacy Act 1988 (C’th) and the Australian Privacy Principles.
This privacy statement explains how we collect personal information and how we use ie. maintain, protect, process and disclose that information. It also explains your privacy rights along with our rights and obligations with respect to the personal information we keep on record.
We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may also decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
Subject to applicable law, you are under no obligation to provide your Personal Data to us; however, please note that we may be unable to provide you with our services, if you do not give consent for us to collect, process and store your Personal Data.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law.
General Data Protection Regulation (GDPR)
GDPR requires data collectors and processors to have a legal basis to use the personal data of EU residents. We will only collect and use personal information in a way that is consistent with our responsibilities and your rights under General Data Protection Regulation GDPR (EU) 2016/679.
THE INFORMATION THAT WE COLLECT, PROCESS AND HOLD
Personal Information that we collect, process and hold is information that is reasonably necessary for the proper performance of our functions and activities as a recruitment services provider and is likely to differ depending on whether you are a:
The type of Personal Information that we collect, process and hold includes:
- Information submitted and obtained from candidates and other sources in connection with applications for work
- A candidate’s amenability to work offers and work availability; suitability for placements
- Information relating to the personal background of employees including: date of birth, citizenship, languages spoken, employment history, educational qualifications, social media profiles, Contact details (phone number, email address, home address), details of contact people in the event of any emergency, gender identity and other diversity information
- Work performance information (including, but not limited to, records and any written warnings)
- Information about incidents in the workplace
- Employee information (including letter of appointment, tax file number, bank account details, as well as records of any pay adjustments)
- Information collected from referees
- Information submitted and obtained about absences from work due to leave, illness or other causes
- Photographs for identification purposes
- Information obtained to assist in managing client and business relationships, including records of interaction, purchase history or other CRM (Customer Record Management) data
- Professional information, such as the size of the company you work for and its industry sector
- Information that is necessary to help us manage the promotion and delivery of our services
- Records of any consents you may have given, together with the date and time, means of consent and any related information
HOW YOUR PERSONAL INFORMATION IS COLLECTED, USED, PROCESSED AND STORED
Personal information is collected by the following means:
- Candidate registration or any other information requested in connection with your job application
- Submitting a resume or provide additional information at interview
- A referee providing a reference about you
- From the results of any psychometric assessments, competency testing, medicals, Police and other background checks
- Talent pooling
- Feedback on job performance
- Workplace complaints
- Legal documentation (for example, proof of entitlement to work in Australia) is provided
- Photographs to help us identify you
- Video interviewing
- Via social networks, web searches or your web browsing history
- Any information you make public (eg. if you make a public post on social media)
- Interacting with any of our content or advertising
- Subscribing to a mailing list, such as to receive job alerts
- Networking for personal or business purposes, socialising at industry and professional events
- Logging telephone calls and email messages
From time to time we collect information from third parties and publicly available sources, for example when it is necessary for a specific purpose such as checking information that you have given us is accurate, current and complete or where you have consented or would reasonably expect us to verify your information in this way.
We take a range of measures to protect your personal We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful access, disclosure, alteration, loss, destruction or any other unlawful or unauthorised forms of misuse, in accordance with applicable law.
Your data may be stored on our secure on-site servers or other internally hosted technology. Your data may also be stored by third parties, via cloud services or other technology, with whom we have contracted with, to support our business operations.
These third parties do not have access to or permission to use your personal data other than for cloud storage and retrieval, and we require such parties to employ at least the same level of security that we use to protect your personal data.
We take every reasonable step to ensure that your Personal Data is only retained for as long as it is needed as is only processed for the period necessary for the purposes set out in this Policy. We will retain your Personal Data in a form that permits identification only for as long as:
- We maintain an active ongoing relationship with you or your organisation as a client
- We have a legitimate interest in you as a candidate (ie. up to 3 years from last engagement in relation to temporary/contract services; up to 3-5 years for entry level to mid-tier roles and HR consulting services; up to 5-10 years for management and executive roles; up to 10 years for senior executive and senior leadership appointments; or as otherwise determined)
- Your Personal Data is necessary in connection with the lawful purposes set out in this Policy or where we have a legal obligation to retain your Personal Data or for such additional periods as are necessary in connection with any legal claim or investigation.
Once the periods above have expired, we will either restrict access, anonymise, permanently delete, or destroy the relevant Personal Data.
VISITING OUR WEBSITE
Personal information you volunteer to us when registering online for a job vacancy (such as your name, address and contact phone numbers) will not be disclosed to any other organisation unless we are required by law to do so. This information is retained in our database only for the purposes it was intended. If you choose to email us via our website your email address will not be disclosed, nor will we use the information other than for its intended purpose.
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.
OUR LAWFUL BASIS FOR COLLECTING, PROCESSING AND HOLDING PERSONAL DATA
We may process your personal data where:
- You have given your prior, express consent
- Processing is necessary for a contract between us
- Processing is required by applicable law
- Processing is necessary to protect the vital interests of any individual
- Where we have a valid legitimate interest in processing it
In processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- Consent:We may process your personal data where we have obtained your prior, express consent
- Contractual necessity:We may process your personal data where processing is necessary in connection with any contract that you may enter into with us
- Compliance with applicable law:We may Process your personal data where the processing is required by applicable law
- Vital interests:We may process your personal data where the Processing is necessary to protect the vital interests of any individual
- Legitimate interests:We may process your personal data where we have a legitimate interest in managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms
GDPR regulations require that, after 25 May 2018, if we process your personal data for legitimate interests, we will do so in a considerate and balanced way taking your rights under data protection and any other relevant law into consideration.
We primarily collect, process and hold personal information for the following reasons:
- For recruitment and on-hired placement, whether actual or possible
- Any test or assessment to determine suitability for work
- Performance management
- Identification of your training needs
- To confirm the identity and authority of people nominated as referees
- Client and business relationship management
- Marketing our services, distribution of news, invitations to events and networking
- Improving our service or personalising our service to you
- Any insurance claim or proposal that requires disclosure of your personal and sensitive information
- surveys, statistical purposes or statutory data collection and reporting requirements
We do not generally seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where we do need to process sensitive personal data for a legitimate purpose, we do so in accordance with applicable law.
DATA PROCESSING – TIMESHEETS
When employed as a temporary/contractor, the information you submit online via your electronic timesheet is sent directly to our payroll department and is only used for its intended purpose. We only receive your personal information when your timesheet is approved. Our payroll system features secure two-factor authentication (2FA), which provides an additional layer of security to ensure your Personal Data is protected.
DIRECT MARKETING POLICY
We may use your personal information to update you on your jobseeking activities, to distribute relevant industry news and market intelligence, to contact with information about services that may be of interest to you, to invite you to attend professional events and for candidate and client business or social networking. Contact may be via email, telephone, direct mail or other electronic communication.
Individuals may unsubscribe from direct marketing at any time. If you unsubscribe, we may continue to contact you to the extent necessary to provide any services you have requested. We are responsible marketers and comply with Anti-Spam legislation.
We may disclose your personal information for the purposes for which it is primarily held or for a related secondary purpose. In some cases we may be required to disclose information without your consent, such as where we are under a legal duty to do so, including circumstances where we are under a lawful duty of care to disclose your information.
Your personal and sensitive information may be disclosed to:
- Internally amongst other divisions, affiliated companies or related entities within our organisation
- Potential or actual employers who are our clients (with your prior consent)
- Our accountants, auditors, insurers, lawyers, and other external business advisors (subject to binding contractual obligations of confidentiality)
- A Workers Compensation body
- Superannuation fund administrators
- Any person with lawful entitlement to obtain the information
- Any person to whom you direct us to supply employment details
- Any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets
THIRD PARTY CONTRACTORS
We contract out a number of services from time to time and our contractors may be privileged to your personal information. Typically our contractors include, but are not limited to:
- IT contractors
- Internet service providers
- Software solutions providers
- HR and recruitment professionals
- Background checking and screening services
- Other administrators associated with the provision of our services
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
INABILITY TO PROVIDE INFORMATION
If you are unwilling to provide us with the information we need to assist you in your job search, we may be limited in our ability to place you in suitable work.
TRANS-BORDER DATA FLOWS
Where data is exposed to other jurisdictions we will endeavor to protect your personal information to the same standard to which it would be protected in Australia.
GDPR AND DATA SECURITY
We are committed to GDPR and data security. We recognise that information is a vital asset to any organisation and take our responsibilities under the GDPR seriously. We will comply with The General Data Protection Regulation (GDPR) (EU) 2016/679 in the way we use and share your personal data.
Among other things, this means that we will only use your personal data:
- Fairly and lawfully
- As set out in the legislation and this policy
- To the extent necessary for these purposes
We have a robust, secure IT infrastructure. We have ensured that safeguards are in place to protect your personal data from loss, misuse, unauthorised use, access, inadvertent disclosure, alteration, and destruction. Access to our database is secured and can only be gained using valid authentication. Authentication credentials are created and removed on a user by user basis. Data rights are controlled through role based access permissions, where rights are only given where they are required for job function. Data access rights are further controlled with the use of separate front end systems for payroll and consultant functions. External access to our systems is protected by Citrix SSL technology and services are collocated in dedicated spaces at top-tier data centres. Furthermore, we require the third parties we contract with to support our business operations to employ reasonable security measures.
NOTIFICATION OF BREACHES
We comply with the Notifiable Data Breaches Scheme. We are aware of our responsibility as a data controller to protect your information and to only share details with third parties upon receipt of your explicit consent. All of our systems are protected and only our staff and consultants working for us have access to the personal information stored within our systems.
In the unlikely event that our computer systems are compromised and there is a potential loss of confidentiality we will report this breach to you.
ACCESS AND CORRECTION
We comply with the Privacy Act 1988 (Cwlth). We take care to protect your information by securely storing it electronically in our database and protecting it in hardcopy at our secure offices. All staff are bound by Confidentiality Agreement and access is only provided to those who require it.
We follow a rigorous business process and have protocols to ensure high level database security is maintained. We take a range of measures to protect your personal information from:
- Any misuse, interference and loss
- Any unauthorised access, modification and disclosure
From time to time we may ask you to confirm the accuracy of your Personal Data. Subject to some exceptions that are set out in the Australian Privacy Principles, you can gain access to the personal information that we hold about you. If you establish that personal or sensitive information that we hold about you is not accurate, complete and up-to-date, Slade Group will take reasonable steps to correct it.
We destroy or de-identify your personal information when it is no longer needed for any purpose.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Under GDPR, if you are an EU resident, as a data subject you have a number of additional rights. You can:
- Access and obtain a copy of your data on request
- Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Object to the processing of your data where we are relying on legitimate interest as the legal ground for processing.
We may refuse access if it would interfere with the privacy rights of their persons or if it breaches any confidentiality applicable to that information.
In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We can refuse access if it would breach that confidentiality.
If you wish to obtain access to your personal information you can contact us at firstname.lastname@example.org. You will need to verify your identity. We may impose a reasonable administration charge to provide access. We will discuss any charges with you. You should also anticipate that it may take some time to process your application as we may need to retrieve information from offsite storage.
CONTACTING US WITH COMMENTS, COMPLAINTS AND REQUESTS
We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. Anyone who considers a privacy breach has occurred should contact email@example.com, or call +61 3 9235 5100 between 8.30am and 5.30pm Monday to Friday (Sydney time).
We will process standard access request (SAR) requests within 20 days; SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests.
Complaints may also be made to the Recruitment, Consulting and Staffing Association Australia & New Zealand (RCSA) of which we are a member.