Privacy Policy
Updated: April 2024.
THE PRIVACY ACT 1988 - AUSTRALIAN PRIVACY PRINCIPLES
1. Introduction
This policy outlines how we fulfill our obligations under the current privacy legislation, including the Privacy Act 1988, as amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017 and any other subsequent amendments. This encompasses the Australian Privacy Principles (APPs) concerning the collection, storage, and use of personal information about you. Additionally, it describes how you can exercise your rights to access and manage your personal information in accordance with these laws.
We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
1.1. APP Entity
McArthur manages personal information, as an APP Entity under the Australian Privacy Principles (available through the website of the Office of the Australian Information Commissioner).
As an organisation that is also a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
Who will collect your personal and sensitive information?
Your personal and sensitive information will be collected by authorised employees of McArthur.
All McArthur employees have been carefully screened and have signed Confidentiality Agreements, undertaking not to make any unauthorised disclosure of confidential information to which they may become privy to in the course of their employment with McArthur.
1.2. Information Flow
When we collect your personal information:
-
We check that it is reasonably necessary for our functions or activities as a recruitment and on-hire agency.
-
We check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties.
-
We record and hold your information in our Information Record System.
-
We retrieve your information when we need to use or disclose it for our functions or activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again - especially if some time has passed since we last checked.
-
Subject to some exceptions, we permit you to access your personal information in accordance with APP:12 of the Australian Privacy Principles (available through the website of the Office of the Australian Information Commissioner).
-
We correct or attach associated statements to your personal information in accordance with APP:13 of the Australian Privacy Principles.
-
We destroy or de-identify your personal information when it is no longer needed for any purpose, for which it may be used or disclosed, provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a commonwealth record.
2. Kinds of Information that We Collect and Hold
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a recruitment and on-hire agency and is likely to differ depending on whether you are:
Personal information is any information or an opinion about you. It may range from the very sensitive (e.g. medical history or condition) to the everyday (eg address and phone number).
It would include the opinions of others about your work performance, your work experience and qualifications, aptitude test results and other information obtained by us in connection with your possible work placement. Personal information includes sensitive information.
Sensitive information is a special category of personal information. It is information or opinion about your:
- Racial or ethnic origin
- Political opinion
- Membership of a political association
- Philosophical beliefs
- Religious beliefs or associations
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal record
- Health or disability (at any time)
- Expressed wishes about the future provision of health services
Sensitive information can, in most cases, only be disclosed with your consent.
Some laws such as taxation law, immigration law, laws regulating employment agencies, laws relating to national security, laws relating to professional or trade registration and laws for the protection of certain classes of people (such as children or the elderly), may require that we collect certain types of information (including criminal history and evidence of your right to work) from you that is relevant to the position/s for which you may be applying.
The following Australian laws require or authorise our collection of personal information from you:
- Migration Act 1958 (C’th) and Migration Regulations 1994 (C’th)
- Private Employment Agents (Code of Conduct) Regulation 2015 (QLD)
- The Education and Care Services National Law and the Education and Care Services National Regulations 2011
- The Working with Vulnerable People (Background Checking) Act 2011 (ACT)
- Child Protection (Working with Children) Act 2012 (NSW)
- Child Safety (Prohibited Persons) Act 2016 (SA)
- Children and Young People (Safety) Act 2017 (SA)
- Working with Children (Risk Management and Screening) Act 2000 (QLD)
- The Working with Children Act 2005 (VIC)
- Working with Children Regulations 2011 (TAS)
- Working with Children (Criminal Record Checking) Act 2004 (WA)
- Care and Protection of Children Act 2007 (NT)
- Aged Care Act 1997 (C’th)
- National Health Act 1953
- Work Health and Safety Act 2011 (C’th) and Work Health and Safety Acts (various states/territories)
- Occupational Health and Safety Act 2004 (VIC)
- Health Records and Information Privacy Act 2002 (NSW)
- National Disability Insurance Scheme Act 2013 (C’th)
- Fair Work Act 2009 (C’th)
2.1. For Work Seekers
The type of information that we typically collect and hold about Work seekers is information that is necessary to assess amenability to work offers and work availability, suitability for placements, or to manage the performance in work obtained through us and includes:
- Proof of identity
- Contact details including name, address, telephone numbers and email address
- Payroll information including banking details, superannuation fund, tax file number and date of birth
- Confirmation of ability to work in Australia including residency or visa details
- Work history and references
- Qualifications and professional associations (where applicable)
- Driver’s licence, car insurance and registration (where applicable)
- Industry-specific licences, certifications, and clearances
- Immunisation records (where applicable)
- Medical and criminal history (where appropriate)
- Skills assessments
- Work placement performance feedback
2.2. For Clients
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
- Contact details including name, work location, telephone numbers and email address
- Organisational structure and position descriptions
- Recruitment and HR service requirements
- Internal issues disclosed (including staff personal information) for the purpose of McArthur providing HR services
2.3. For Referees
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Work seekers for particular jobs or particular types of work and includes:
- Contact details including name, telephone numbers and email address
- Answers provided for reference check questions
3. Purposes
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
3.1. For Work Seekers
Information that we collect, hold, use and disclose about Work seekers is typically used for:
- Recruitment functions including reference checking, verifying ability to work in Australia and skills assessments
- Work placement operations including performance and other feedback, assessment of your on-going performance and prospects, any workplace rehabilitation and payroll – banking, superannuation, and tax
- Statistical purposes and statutory compliance requirements including government reporting
- Insurance, litigation, registration, or professional disciplinary matters including workplace incidents and rehabilitation, and compliant handling
If you do not give us the information we seek:
- We may be limited in our ability to locate suitable employment for you
- We may be limited in our ability to employ you
3.2. For Clients
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- Client and business relationship management
- Recruitment functions
- Marketing services to you
- Statistical purposes and statutory compliance requirements
- Insurance, litigation, registration, or professional disciplinary matters including workplace incidents and rehabilitation and compliant handling
If you do not give us the information we seek:
- We may be limited in our ability to provide you with service
3.3. For Referees
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- Confirming identity and authority to provide references
- Work seeker suitability assessment
- Recruitment functions
- Marketing services to you.
4. Our Policy on Direct Marketing
McArthur will obtain an individual’s non-sensitive personal information for secondary purposes (Direct Marketing) at the time of collection, unless the use is a related secondary purpose which would be within the relevant individual’s reasonable expectations.
We aim to observe the requirements of anti-spam legislation and would provide an effective means for unsubscribing from any marketing that would be considered to be spam.
McArthur will ensure that:
- Individuals are clearly notified of their right to opt out from further direct marketing
- If the individual opts out of all direct marketing the opt out will be respected by McArthur and implemented free of charge.
Opting Out
By providing McArthur with your contact details, your consent to receive communication and direct marketing will remain until you advise us otherwise. However, you can opt out of direct marketing at any time by:
- Using the unsubscribe facility we include in our electronic messages such as emails
- Contacting us through the office nearest you
- Contacting our Privacy Coordinator.
5. How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
We sometimes collect information from third parties when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records, we will manage the information in accordance with the APPs and our Privacy Policy.
Sometimes the technology that is used to support communications between us will provide personal information to us - see the section on Electronic Transactions.
McArthur will allow its customers to transact with it anonymously where that is reasonable and practicable, though this may limit our ability to provide products and services to you.
Where it is not practicable for McArthur to notify individuals of the collection of their personal information before, we will ensure that individuals are notified as soon as possible after the fact, including individuals on purchased lists.
5.1. For Work Seekers
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.
Personal information is also collected when:
- We receive any reference about you
- We receive the results of any enquiries we may make of your former employers, work colleagues, professional associations, registration body or educational institution
- We receive the results of any competency or other assessment, or medical examination
- We receive performance feedback (whether positive or negative)
- We receive feedback not directly related to performance
- We receive any complaint either from or about you in the workplace
- We receive any information about a workplace incident in which you are involved
- We receive any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest, or inquiry in which you are involved
- You provide us with any additional information through conversations and other communications
See also the section on Photos & Images.
5.2. For Clients
Personal information about you may be collected:
- When you provide it to us for business or business related social purposes
- When you attend a business function that McArthur has organised or been presenting at
See also the section on Photos & Images.
5.3. For Referees
Personal information about you may be collected:
- When Work seekers provide your details as a reference for them
- In the course of our checking Work seeker references with you and when we are checking information that we obtain from you about Work seekers
5.4. Electronic Transactions
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- Ask to be on an email list such as a job notification list
- Register as a site user to access facilities on our site such as a job notification board
- Make a written online enquiry through our website or email us directly
- Make a written online enquiry through other linked websites
- Submit a resume by email or through our website
- Submit a resume through a third-party recruitment advertising website
- Self-register for employment
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the Office of the Australian Information Commissioner's (OAIC) resource on Internet Communication and other Technologies.
McArthur will not make it mandatory for visitors to use its web sites to provide personal information unless such personal information is required to answer an inquiry or provide a service. McArthur may however request visitors to provide personal information voluntarily when participating in competitions or questionnaires.
5.5. Photos & Images
- We will collect photos and images for the purposes of verifying the identity of Work seekers and fulfilling compliance screening requirements mandated by law or by the specific requirements of the roles for which Work seekers are applying. This may include, but is not limited to, photographs submitted voluntarily by candidates, images captured from official identification documents, or photos taken during the recruitment process with the individual’s consent.
- We may collect photos and images from Clients for various purposes, including but not limited to, use in marketing collateral, business cases, compliance materials, client requests, and for display on online platforms. These images may be collected directly from clients or through third-party services with client consent.
- By providing us with photos and images, Clients consent to their use and disclosure in accordance with the purposes outlined in this policy. Clients have the right to withdraw their consent at any time.
- Photos and images collected will be used exclusively for the purposes mentioned above. They may be shared with third-party service providers or regulatory bodies involved in the verification process or as required by law.
- These parties are bound by confidentiality and privacy obligations in relation to the protection of personal information.
- All parties have the right to withdraw their consent at any time. However, it is important to note that withdrawing consent may impact our ability to provide certain services or fulfill requests.
You can contact us by land line telephone or post if you have concerns about making contact via the electronic means.
6. How your personal information is held
Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
- Misuse, interference, and loss
- Unauthorised access, modification, or disclosure
All personal and sensitive information collected from or about you is treated as "Confidential" within the McArthur organisation. No unauthorised person is permitted to have access to it.
Hard copy documents containing such information are held in files that are situated in locations, within our premises, which negate the possibility of casual access by unauthorised persons. The premises are protected by appropriate security systems during non-business hours.
6.1. Our Information Record System
Electronic data is held in secured and controlled databases (information record system) with appropriate protection against viruses or other unauthorised access. The relevant computers and associated equipment are protected in the same manner as the hard copy files.
6.2. Information Security
The security of your personal information is very important to us, and we take a range of measures to ensure this information is protected.
Our electronic data is securely stored within cloud-based databases, ensuring robust protection against viruses, malware, and unauthorised access. These cloud-based information record systems are fortified with advanced security measures, including encryption, firewalls, and multi-factor authentication to safeguard the integrity and confidentiality of our data.
We extend these security protocols to all devices and associated equipment that interact with our cloud environment. This includes implementing secure access controls, regularly updating software to address security vulnerabilities, and employing state-of-the-art endpoint protection to ensure that both our digital and physical data assets are comprehensively protected.
We continuously monitor and review our cloud-based security measures to adapt to evolving cyber threats, ensuring that our information record system remains at the forefront of data protection standards.
We have also implemented additional measure that include:
- Management of access privileges, including password protection, to ensure that only those who really need too can see your personal information
- Policies on the use and security of laptops, mobile phones and portable storage devices
- Ongoing staff training
- Disposal of personal information through secure processes
- Security reviews
7. Disclosures
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.
We may disclose your personal information where we are under a legal duty to do so. McArthur may disclose personal information to related or unrelated third parties if consent has been obtained from the individual.
Disclosure will usually be:
- Internally and to our related entities
- To our Clients
- To Referees for suitability and screening purposes
- A person who seeks a reference about you
- A professional association or registration body that has a proper interest in the disclosure of your personal and sensitive information
- A parent, guardian, holder of an Enduring Power of Attorney (or like authority) or next of kin whom we may contact in any case in which consent is required or notification is to be given and where it is not practicable to obtain it from or give it directly to you
- Government bodies including Australian Taxation Office and WorkCover
7.1. Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically, our CSPs would include:
- Software solutions providers
- IT contractors and database designers and Internet service suppliers
- Legal and other professional advisors
- Insurance brokers, loss assessors and underwriters
- Superannuation fund managers
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations. We only provide them with access to information that they directly require for the purpose they have been engaged.
7.2. Cross-Border Disclosures
As we work with trusted third parties from time to time, some of whom may be located overseas, your personal information may be disclosed to these overseas recipients. We provide these recipients with limited access to the information that is strictly necessary to perform the relevant function, though we cannot guarantee that any recipient of your personal information will protect it to the Australian standard. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions, and the impracticability of attempting to enforce such rights in some jurisdictions, will mean that in some instances we will need to seek your consent to disclosure.
The likely types of information disclosed, and recipients are:
- Third party IT Contractors who may have limited access to data for maintenance and software upgrade purposes.
- Organisations (from various countries) completing reference checking with us on your behalf.
7.3. Disclosure of information in special circumstances
- We reserve the right to use or disclose your personal information and/or health information if we reasonably believe it is necessary to lessen or prevent a serious threat to any individual’s life, health or safety, or to public health or safety and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed (APP 6.2(c), permitted general situation)
- We may use or disclose your personal information, as required or authorised by or under an Australian law or a court/tribunal order
- We reserve the right to disclose your personal information to the appropriate authority if we have reasonable suspicion of unlawful activity, or misconduct of a serious nature
- We may use or disclose your personal information to assist any APP entity, body or person to locate a person who has been reported as missing where the entity reasonably believes that this use or disclosure is reasonably necessary, and where that use or disclosure complies with rules made by the Commissioner under the Act
- We may use or disclose your personal information for the establishment, exercise or defence of a legal or equitable claim
8. Access & Correction
Subject to changes and exceptions outlined in the Australian Privacy Principles, you have a right to see and have a copy of personal and sensitive information about you that we hold.
If you think our records need to be corrected, please contact us through the office nearest you and we will take reasonable steps to correct it so that it is accurate, complete, and up to date.
If we are unable to agree that personal and sensitive information about you that we hold is not accurate, complete, and up to date, you may ask us to place with the information a statement by you that claims that particular information is not accurate, incomplete or out of date.
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold. Important exceptions include:
- Evaluative opinion material obtained confidentially in the course of our performing reference checks and access that would impact on the privacy rights of other people. In many cases, evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
8.1. Access
If you wish to exercise your right of access, you should lodge a written request to our Privacy Coordinator, including your contact details; the date you registered with us; the name of the Consultant with whom you dealt, which part of your personal information you wish to see and the reasons for requesting this information. You will need to be in a position to verify your identity.
You will receive acknowledgement of your request having been received within 10 business days and a response within 30 business days.
If the information is not available, or cannot be disclosed to you, a written explanation will be provided.
8.2. Correction
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us and it is recommended that you address this to the consultant with whom you dealt.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
The consultant will acknowledge receipt of your request (within 10 business days) to correct information and will make corrections as soon as possible within 30 business days.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps, if any, as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
9. Complaints
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
If you wish to make a complaint about our handling of your personal information, it should be made to us in writing, addressed to our Privacy Coordinator and include your contact details; the date you registered with us; the name of the Consultant with whom you dealt and which part of your personal information you have concerns or issues with. You will need to be in a position to verify your identity.
When we receive your complaint:
-
We will take steps to confirm the authenticity of the complaint and the contact details provided to us, to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint
-
We may ask for clarification of certain aspects of the complaint and for further detail
-
We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why
-
We will respond within 30 business days
-
If the complaint can be resolved by procedures listed in Access and Corrections, we will suggest these to you as possible solutions, and
-
If we believe that your complaint may be capable of some other solution, we will suggest that solution to you on a confidential and without prejudice basis in our response
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong, or to the Office of the Australian Information Commissioner.
We are a corporate member of the Recruitment and Consulting Services Association ( RCSA), who administers an RCSA Code of Conduct for the professional and ethical conduct of its members. The RCSA Code is supported by rules for the resolution of disputes involving members.
NOTE: The Association Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs, but are primarily designed to regulate the good conduct of the Association's members.
10. How to contact us
Should you wish to make a correction to any personal or sensitive information about you that is held by us, you should telephone our office nearest to you and it is recommended that you address this to the consultant with whom you dealt (as per 8.2 Correction).
To contact us about access to your personal or sensitive information, you should make a written request, giving full details of the information sought and the reasons for requesting (as per 8.1 Access).
If you are not satisfied with any aspect of our treatment of you and you wish to make a complaint please follow 9. Complaints.
Our Privacy Coordinator Contact Details are:
08 8100 7000
privacy@mcarthur.com.au
Office of the Australian Information Commissioner (OAIC) – Link to website
Australian Privacy Principles - Link to website
By accessing these websites you will be viewing information beyond our control and we do not warrant the accuracy of any information on an outside website