1 Introduction
This policy applies to information collected by Ignite Limited ABN 43 002 724 334 (“Ignite). Ignite manages personal information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Ignite will only collect information that is reasonably necessary for the proper performance of its functions or activities.
Ignite does not collect personal information just because it thinks it could be useful at some future stage if Ignite has no present need for it.
Ignite does not collect or use personal information for the purposes of unlawful discrimination. Ignite may decline to collect unsolicited personal information from or about you and may take such measures as it thinks appropriate to purge it from its systems.
If you have any questions regarding our Privacy Policy, please contact us.
2 Kinds of information that we collect and hold
The type of personal information that Ignite collect and hold is information that is reasonably necessary for the proper performance of our functions or activities as an employment agency which engages in recruitment, labour hire, contractor management and payroll services and is likely to differ depending on whether you are a:
- Workseeker – i.e. you are someone who is looking for a permanent job placement with one of Ignite’s clients or wishing to work through Ignite to be on-hired to one of Ignite’s clients; or whom we have identified as a person who might be receptive to an offer of a job placement or work through Ignite;
- Client – i.e. you are someone other than a Workseeker, who is looking to acquire our services as an employment agency which engages in recruitment, labour hire, contractor management and payroll services or whom we have identified as someone, who might be interested in acquiring Ignite’s services;
- Referee – i.e. you are a person from whom we have sought facts or opinions regarding the suitability of one of Ignite’s Workseeker for a work either directly with one of Ignite’s clients or through Ignite to be on-hired to one of Ignite’s clients; and who may be a Referee nominated by the Workseeker, a Client or us;
- Sensitive information is only collected with consent and where it is necessary for the performance of Ignite’s functions and activities. Sensitive information will need to be collected where it relates to a genuine occupational requirement or an inherent requirement of the job or work being considered. Ignite’s collection of some types of sensitive information is also governed by equal opportunity and anti-discrimination laws.
3 Purposes
The purposes for which Ignite collect, hold, use and disclose your personal information are those purposes that are reasonably necessary for the proper performance of our functions and activities as an employment agency which engages in recruitment, labour hire, contractor management and payroll services and are likely to differ depending on whether you are a:
- Workseeker
- Client
- Referee
4 Policy on Direct Marketing
Ignite may sometimes use personal information for marketing purposes but only subject to the following:
- Personal Information is only used for marketing purposes to allow Ignite to provide:
- Workseekers, whilst they are registered with us, with updates in relation to employment opportunities, market information and promotions from time to time;
- Clients, with whom we have a relationship, with market information and promotions from time to time;
- Subscribers to Ignite’s website with news and job alerts they have subscribed for;
- Personal Information is not used by or disclosed to any third party for marketing purposes;
- Client lists are not generally obtained from third parties for marketing purposes;
- In accordance with the anti-spam legislation, individuals to whom marketing communications are sent are:
- chosen on the basis of having given their express and/or implied consent for such communications to be sent to them since they registered with Ignite for the purpose of engaging Ignite as their employment agent; and
- always given an opt out or unsubscribe option in relation to such communications.
5 How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are a:
- Workseeker
- Client
- Referee
Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on Electronic Transactions.
6 Electronic Transactions
Ignite conducts transactions electronically as well as in hard copy and by face to face measures. It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC’s resource on Internet Communications and other Technologies.
It is important that you:
- know your rights: read Ignite’s privacy policy, collection statement and consent to electronic transactions;
- be careful what information you share on the Web;
- use privacy tools on the site – control access to your search listing and profile; and
- make sure your anti-virus and data protection software is up-to-date.
Please contact us by phone or mail if you have concerns about making contact via the Internet.
7 How your personal information is held
When your personal information is collected it will be held in Ignite’s Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
8 Information Security
Ignite takes a range of measures to protect your personal information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
These include:
- Staff training
- System Access and Password Protection
- Software Protection Hardware Protection
- Practices and procedures in relation to portable electronic devices
- Practices and procedures in relation to the retention and disposal of records
9 Disclosures
Ignite may disclose your personal information for any of the purposes for which it is primarily held or for a related purpose where lawfully permitted.
Ignite may disclose your personal information where we are under a legal duty to do so. Disclosure will usually be:
- internally and to our related entities;
- to our Clients; or
- to Referees for suitability and screening purposes.
In addition to disclosures for general purposes, we may also disclose your personal information for a range of related purposes.
10 Related Purpose Disclosures
Ignite may outsource a number of services to contracted service providers (CSPs) from time to time. Ignite’s CSPs may see some of your personal information. Ignite’s CSPs may include:
- Software solutions providers;
- ISO accredited auditing bodies;
- I.T. contractors and database designers and Internet service suppliers;
- Data cleansing suppliers;
- Legal and other professional advisors;
- Insurance brokers, loss assessors and underwriters;
- Superannuation fund managers; and
- Background checking and screening agents.
Ignite takes reasonable steps to ensure that terms of service with our CSPs recognise that Ignite are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause Ignite to breach those obligations.
11 Cross-Border Disclosures
Some of your personal information may be disclosed in accordance with the purposes, collection and uses detailed in this Policy to an overseas recipient, namely Ignite’s subsidiary company in New Zealand, Ignite IT Services Limited.
12 Access
Subject to some exceptions that are set out in privacy law, you can gain access to the personal information that Ignite hold about you.
Important exceptions include evaluative opinion material obtained confidentially in the course of Ignite performing reference checks and access that would impact on the privacy rights of other people.
Ignite does refuse access if it would breach any confidentiality that attaches to that information or if it would interfere with the privacy rights of other people.
In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that we make and which the communicator of that information is entitled to expect will be observed.
If you wish to obtain access to your personal information you should contact our Privacy Coordinator (see below). You will need to be in a position to verify your identity.
We might impose a moderate charge in providing access. Our Privacy Co-ordinator would discuss these with you.
You should also anticipate that it may take a little time to process your application for access as there may be a need to retrieve information from storage and review information in order to determine what information may be provided. We will generally respond to your request for access within 20 working days.
If we refuse to give access to the personal information or to give access in the manner requested by you, we will give you a written notice that sets out:
- the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal.
13 Correction
If you find that personal information that Ignite hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.
Ignite will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If Ignite have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
You should also anticipate that it may take a little time to process your application for correction as there may be a need to retrieve information from storage and review information in order to determine what information may be corrected. We will generally respond to your request for access within 20 working days.
There is no charge to correct information.
In some cases Ignite may not agree that the information should be changed.
If Ignite refuses to correct your personal information as requested by you, we will give you a written notice that sets out:
- the reasons for the refusal except to the extent that it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal. .
You may also ask Ignite to associate a statement that the information is contested as being inaccurate, out of date, incomplete, irrelevant or misleading and we will take such steps as are reasonable to do so.
14 Complaints
You have a right to complain about Ignite’s handling of your personal information if you believe that Ignite have interfered with your privacy.
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
15 Privacy Co-Ordinator
You can make complaints about our handling of your personal information to our Privacy Coordinator, whose contact details are:
Privacy Co-ordinator
Ignite Limited
Tel: +61 2 9250 8024
Email: [email protected]
Post: 26/161 Castlereagh Street, Sydney, NSW, 2000
16 Industry Associations
Complaints may also be made to APSCo the industry association of which Ignite is a member. APSCo administer Dispute Resolution Procedures that you may access if you consider that Ignite have breached the APSCo Code of Conduct.
NOTE: The APSCo Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of APCSo members.
17 Privacy Commissioner
You can also make complaints to the Office of the Australian Information Commissioner.
18 Breaches of Privacy
Ignite will ensure that any breach of privacy that comes to its attention is dealt with comprehensively and with urgency, whether this breach is caused by external hacking, failure of Ignite systems or staff error or otherwise.
In cases of serious breaches of privacy, where the breach in question is likely to result in serious damage to a person’s finances or reputation, unless this serious breach can be resolved quickly and completely, Ignite will not just notify the person who is affected but will also notify the Office of the Australian Information Commissioner (OAIC) and will work with the OAIC to ensure the breach is resolved to their satisfaction.
In addition to the ongoing efforts of Ignite to ensure its data security is maintained at the highest levels, any breach of privacy, especially a serious breach of privacy, will result in a targeted review of data security to better ensure such breaches do not reoccur.
Anyone who has identified a breach of privacy by Ignite, or even just suspects a breach of privacy may have taken place, whether this is identified by a staff member or the person/s whose personal information may have been affected, must contact Ignite immediately, preferably by directly contacting Ignite’s Privacy Coordinator (see above), or by alerting your Manager or Consultant, as is applicable, and this matter will then be escalated to the Ignite Privacy Coordinator to resolve, with or without the OAIC, depending on the circumstances.