- 1.2.2 it will then apply through your acceptance of it by subsequent or continued use of the Platform and/or our Products or Services.
1.4 Application. This policy applies to RSGA, which is a wholly-owned subsidiary of NSWBC known as Australian Business Recruitment Solutions being a trading division of NSWBC that includes various brands (ABRS).
2.1 Primary and Secondary Purposes for collection.
We collect personal information from you and, subject to clause 3.3, you consent to us using your personal information (other than sensitive information) for the following Primary and Secondary Purposes:
|Purpose/Activity||Type of personal information||Basis for use|
|Products and Services
To process and deliver Products and Services requested by you, including but not limited to:
To provide you with information about the Products or Services you requested and any other products and services which we consider you may be interested in
To personalise and customise your experiences with us
To help us review, manage or enhance our Products and Services, and develop insights which may be used in reports or other content developed by us
To communicate with you, including by email, mobile and in-application notifications
|Surveys and promotions
To conduct surveys or promotions
|Payments and Accounts
To process payments and administer your account, including to send you account related reminders
To investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms
|Service Providers and Partners
To work with commercial and technology partners as well as affiliates of repute (whether for profit, economic benefit or otherwise) so that data collected by us and/or them on our behalf may be used by those third parties for commercial, analytic, service provision and/or communication purposes (or otherwise on a basis contemplated by this document)
To receive services from you or the organisation which employs you
To help us assess an application submitted by you or on your behalf in relation to your employment
|General Business and Legal Obligations
To lawfully carry out our functions and activities and do anything else as required or permitted by any law
3. WHAT WE COLLECT
3.1 Personal Information. Personal information we collect about you may include identification information such as your name, position, address, email address, date of birth, gender, driver’s licence number, passport number, tax file number, visa information, police clearances, working with children checks, vulnerable people check, professional registrations or licences, demographic information such as country of origin and languages spoken, immunisation status, mobile phone number, business references, details about your business, Australian Business Number, insurance details, rates and fees, your occupation, career history and references, financial and payment information (including credit card and banking information) and such other information necessary or convenient for delivering our Products and Services. We also may collect additional information as part of our collection of Identity, Contact, Financial, Transaction, Technical, Marketing and Communications, Client and Profile information used for the Primary and Secondary Purposes. To access our Community Care, Disability Support and other health related services, we may also collect (and you consent to us collecting) the following personal and sensitive information to allow us to assess and manage your healthcare: referring person / agency, identifier number for government funding (e.g. My Aged Care Number, NDIS number, Medicare number, your General Practitioner’s details, client medical history and health concerns or risks (including an illness, disability or injury), current services received, informal support details, carer or representative details (including advocate, power of attorney, enduring power of attorney details), living and healthcare arrangements, government pension or benefit details (e.g. Aged pension, disability support pension, veterans pensions, carer payment, self-funded retiree), residence or accommodation details, assessment of need for Services.
3.2 Other information. We may collect, and you consent to us collecting, information relating to you that is not personal information, such as data relating to your activity on our Platforms, including:
- 3.2.1 the Internet Protocol address and a component of the domain name used (e.g. .com or .net);
- 3.2.2 the type of browser and operating system you used;
- 3.2.3 the date and time you visited our Platforms;
- 3.2.4 the web pages or services you accessed at our Website;
- 3.2.5 the time spent on individual pages and our Website overall;
- 3.2.6 which files you downloaded; and
- 3.2.7 information about your computer and Internet connections using cookies.
3.3 Sensitive information. Sensitive information is a special category of personal information and includes, but is not limited to, information about your health, race or ethnic origin, political or religious beliefs, membership of a trade union or association, or criminal record. Health information includes personal information collected from you in order to provide a health service. There are greater restrictions that apply to our collection, storage, use and disclosure of sensitive information under the Privacy Act. We will only collect, hold, use or disclose your sensitive information with your consent or if you volunteer your sensitive information to us. If we collect or hold your sensitive information in accordance with this clause, we may disclose such sensitive information to our Related Bodies Corporate. However neither us nor our Related Bodies Corporate may use or disclose your sensitive information to any Third Party except as required or permitted by law.
3.4 Health information. ABRS, and in particular its divisions and subsidiaries that provide health services, is committed to safeguarding the privacy of patient information, and has implemented measures to comply with its obligations under the Health Records and Information Privacy Act 2002 (NSW) and equivalent legislation in other states and territories, Aged Care Act 1997 (Cth) and National Disability Insurance Scheme Act 2013 (Cth), as relevant. Our Alliance Community business may also collect and store in our secure App some health and other information for the purpose of providing the Services you have requested, such as the time of attendance at your premises, services provided and care related notes. Please see our client handbook for more details regarding the App used by our staff.
4. HOW WE COLLECT
4.1 How we collect. Your personal information may be collected:
- 4.1.1 when you complete an application, consent, purchase, account sign-up or similar form via our Platforms or otherwise;
- 4.1.2 in the context of our health industry businesses such as Alliance Health or Alliance Community, from Third Parties such as other healthcare professionals involved in your care, an Aged Care Assessment Team or Regional Assessment Service, government agencies responsible for administering relevant entitlements and benefits, or your family members, a carer, an attorney or guardian or a person responsible for your healthcare decisions;
- 4.1.3 when you register for an event or webinar or provide us with your business card;
- 4.1.4 when you contact us to submit a query or request (whether in writing, verbally, in hardcopy or electronic format);
- 4.1.5 when you contact us by telephone, mail, email, fax or face-to-face;
- 4.1.6 when you post information or otherwise interact with the Platforms;
- 4.1.7 when you participate in one of our competitions or surveys;
- 4.1.8 from those who request our Products or Services on your behalf;
- 4.1.9 from publicly available sources of information;
- 4.1.10 from government regulators, law enforcement agencies and other government entities;
- 4.1.11 when you complete an application for, or commence, employment with us;
- 4.1.12 when negotiating or entering into a contracting relationship with us as an independent contractor or otherwise;
- 4.1.13 from business contacts, external service providers and suppliers; or
- 4.1.14 by other means reasonably necessary.
- 4.3.2 consents to us using their personal information in order for us to provide our Products and Services.
4.5 Anonymity. If you would like to access any of our Products and Services on an anonymous or pseudonymous basis we will take reasonable steps to comply with your request, however:
- 4.5.1 you may be precluded from taking advantage of some or all of our Products and Services; and
- 4.5.2 we will require you to identify yourself if:
- a) we are required by law to deal with individuals who have identified themselves; or
- b) it is impracticable for us to deal with you if you do not identify yourself.
4.6 Destruction. Subject to a legal requirement to the contrary, we will destroy or de-identify your personal information if:
- 4.6.1 the purpose for which we collected the personal information from you no longer exists or applies; or
- 4.6.2 you request us to destroy your personal information, and we are not required by law to retain your personal information.
4.7 Website and Google Analytics. Information we collect may include:
- 4.7.1 the Internet Protocol address and a component of the domain name used (e.g. .com or .net);
- 4.7.2 the type of browser and operating system you used;
- 4.7.3 the date and time you visited our Platform(s);
- 4.7.4 the web pages or services you accessed on our Platform(s);
- 4.7.5 the time spent on individual pages and our Platform(s) overall;
- 4.7.6 which files you downloaded; and
- 4.7.7 information about your computer and Internet connections using cookies (see clause 4.8 below).
4.8 Cookies. We may use ‘cookie’ technology to assist us to determine in the aggregate the total number of visitors to the Platforms on an ongoing basis and the types of internet browsers and operating systems used by users of the Platforms. This information is used to enhance the usability and functionality of our Platforms and for marketing, advertising and analytic purposes.
5.1 Primary use. We will only use and disclose your personal information:
- 5.1.1 for purposes which are related to the Primary and Secondary Purposes; or
5.2 Reasonable uses. We will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.
5.3 Third parties. You consent to us providing your personal information (other than sensitive information) to commercial and technology partners as well as affiliates of repute and our Related Bodies Corporate. We may do so for profit or economic benefit and this may include (without limitation) licence arrangements and rights of use in relation to or in connection with direct marketing, analysis, data aggregation and anything else reasonably required or permitted by law. Data collected by us and/or them on our behalf may be used by those third parties for commercial, analytic, service provision and/or communication purposes (or otherwise on a basis contemplated by this document). The provision of such personal information to Third Parties and Related Bodies Corporate may be subject to the relevant privacy policies of such third persons.
5.4 Direct marketing. We may deliver direct marketing communications to you about our Products and Services and any other products or services you might be interested in. If you notify us that you do not want to receive these communications, we will comply with your instruction and will not use your personal information for this purpose.
- 5.5.1 we collected the information from you;
- 5.5.2 it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
- 5.5.3 we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
- 5.5.4 you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.
5.6 Opt-out. You may opt-out of receiving direct marketing communications by:
- 5.6.1 checking the relevant box on the form used to collect your personal information;
- 5.6.2 clicking a link on the email communication sent to you; or
- 5.6.3 contacting us using our contact details set out at clause 10.
- 6.1.1 Third Parties engaged by us to perform functions or provide Products or Services on our behalf;
- 6.1.2 Third Parties that engage us to provide Products or Services to them;
- 6.1.3 Third Parties who assist us with a number of our functions and services including but not limited to service providers of technology, data processing, contact centre, archival, delivery, banking, payments, market research, content production, mail-outs, marketing and advertising, but only for the purpose of fulfilling those services;
- 6.1.4 Third Parties engaged to provide online credit card account processing and related services. When you pay your accounts online, a secure server is used, such as SecurePay or Ezidebit (Payment Gateway). The Payment Gateway encrypts the information you send through our Website. For further information about SecurePay or Ezidebit and how they collect, use and disclose personal information, please use the link provided below. For further information about the encryption process, please use the link provided. We make no warranty in respect of the strength or effectiveness of that encryption and we are not responsible or liable for events arising from unauthorised access of the information you provide;
- 6.1.5 your referees and former employers (in relation to employment applications only);
- 6.1.6 credit agencies;
- 6.1.7 relevant regulatory bodies in the industry in which we or you operate;
- 6.1.8 our professional advisors, including our accountants, auditors and lawyers;
- 6.1.9 our Related Bodies Corporate;
- 6.1.10 persons authorised by you to receive information held by us, which for the avoidance of doubt includes but is not limited to our business partners and sponsors that we may have commercial arrangements with from time to time including Third Parties who we contract with for our independent commercial purposes;
- 6.1.11 a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law;
- 6.1.12 a party to a transaction involving the sale of our business or its assets; or
- 6.1.13 parties you have consented to us disclosing your personal information to, or would otherwise reasonably expect us to disclose your personal information to.
6.2 Payment Gateways. Click below to:
- 6.2.2 View SecurePay’s page on security; and
6.3 Health Information. If you are a client requesting our health related Services through our Alliance Health or Alliance Community businesses (or any other relevant brands), for the purpose of providing those Services we may share (and you consent to us disclosing) your personal information with:
- 6.3.1 your GP, medical specialist or other healthcare professionals involved in your care;
- 6.3.2 government agencies which administer subsidies and benefits (such as My Aged Care, Centrelink, Medicare, Department of Social Services, National Disability Insurance Agency and Department of Veterans Affairs);
- 6.3.3 your attorney or guardian or a person responsible for your healthcare decisions;
- 6.3.4 your family members or carers (except if this is against to your wishes); or
- 6.3.5 a hospital or aged care facility if you are referred for respite or higher levels of care.
If you become unwell and require transfer to hospital, we may need to communicate urgently with the NSW Ambulance Service or with the staff of the hospital, which may involve sharing your personal information.
6.4 Non-identifiable information. We may share non-personally identifiable information publicly and with our partners (e.g. relevant Third Party suppliers or service providers, publishers, advertisers, sponsors, or connected sites). For example, we may share information publicly to show trends about the general use of our Products and/or Services.
6.5 Overseas disclosure. We may in some circumstances as necessary send your personal information to overseas recipients to enable us to provide our Products or Services to you. In relation to recruiting staff, the countries in which likely overseas recipients of personal information are located includes: New Zealand, Ireland and the UK. In relation to Community Care Clients who may travel or move abroad, the overseas recipients may be located in countries other than those mentioned.
6.6 Overseas recipients. Overseas recipients that may handle or process your data include (but are not limited to) the server hosts of our email services, cloud storage services and the Platforms. For the purpose of our recruitment and labour hire services, we may from time to time send candidate information overseas to or receive candidate information from our recruitment contractors and partners for the purpose of placing such candidates overseas (or placing international candidates in Australia), with relevant overseas locations currently including New Zealand, Ireland and the UK.
6.7 Reasonable protections. If we send your personal information to overseas recipients, we will take reasonable measures to protect your personal information from misuse, interference, loss, unauthorised access or modification. However, you acknowledge and agree that if we disclose your personal information to overseas recipients, we are not obliged to take reasonable steps to ensure overseas recipients of your personal information comply with the Privacy Act and the APPs.
7. ACCESS + CORRECTION
7.1 Access. If you require access to your personal information, please contact us using our contact details set out at clause 10. You may be required to put your request in writing and provide proof of identity.
7.2 Exceptions. We are not obliged to allow access to your personal information if:
- 7.2.1 it would pose a serious threat to the life, health or safety of any individual or to the public;
- 7.2.2 it would have an unreasonable impact on the privacy of other individuals;
- 7.2.3 the request for access is frivolous or vexatious;
- 7.2.4 it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
- 7.2.5 it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
- 7.2.6 it would be unlawful;
- 7.2.7 denying access is required or authorised by or under an Australian law or a court/tribunal order;
- 7.2.8 we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- 7.2.9 it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
- 7.2.10 it would reveal commercially sensitive information; or
- 7.2.11 a relevant law provides that we are not obliged to allow access to your personal information (e.g. the GDPR).
7.3 Response to access request. If you make a request for access to personal information, we will:
- 7.3.1 respond to your request within a reasonable period after the request is made; and
- 7.3.2 if reasonable and practicable, give access to the personal information as requested.
7.4 Refusal of access. If we refuse to give access to the personal information, we will give you a written notice that sets out at a minimum:
- 7.4.1 our reasons for the refusal (to the extent it is reasonable to do so); and
- 7.4.2 the mechanisms available to complain about the refusal.
7.5 Correction. We request that you keep your personal information as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can contact us using our contact details set out at clause 10.
7.6 Response to correction request. If you make a request for us to correct your personal information, we will:
- 7.6.1 respond to your request within a reasonable period after the request is made; and
- 7.6.2 if reasonable and practicable, correct the information as requested.
7.7 Refusal to correct. If we refuse a request to correct personal information, we will:
- 7.7.1 give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
- 7.7.2 take reasonable steps to include a note with your personal information of the fact that we refused to correct it.
7.8 EU Restriction. If you are a citizen of, or are located within, the European Union at the time at which we collect personal data about you, or at the time at which you make a relevant request, we will take steps to ensure that we comply with a request by you to restrict our use of your personal data pursuant to Article 18 of the GDPR. You acknowledge that, depending on the nature of the restriction you request, we may be unable to provide you with some or all of our Products or Services (or any part of any Product or Service) if we comply with your request. In such circumstances, we will advise you of our inability to provide or continue to provide you with the relevant Products or Services, and if you confirm that you would like us to comply with your request, we may terminate a relevant agreement or other document with you in relation to our Products or Services.
8. SECURITY + PROTECTION
8.1 Reasonable protections. In relation to all personal information, we will take all reasonable steps to:
- 8.1.1 ensure that the personal information we collect is accurate, up to date and complete;
- 8.1.2 ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- 8.1.3 protect personal information from misuse, loss or unauthorised access and disclosure.
8.2 Security. We require staff and service providers to respect the confidentiality of personal information. We store your personal information on a secure server behind a firewall and use security software accessible only by authorised personnel and service providers to protect your personal information from unauthorized access, destruction, use, modification or disclosure.
8.3 Obligation to notify. You must contact us immediately if you become aware of or suspect any misuse or loss of your personal information.
9.1 Complaint. If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or consider that we have breached the Privacy Act or APPs, please contact our Privacy Manager whose contact details are set out at clause 10. We will respond to your complaint within 14 days of receiving the complaint.
9.2 Response and resolution. Once the complaint has been received, we may resolve the matter in a number of ways:
- 9.2.1 Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
- 9.2.2 Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
- 9.2.3 Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
- 9.2.4 Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.
9.3 Notice of decision. After investigating the complaint, we will give you a written notice about our decision.
9.4 OAIC. You are free to lodge a complaint directly with the OAIC online, by mail, fax or email. For more information please visit the OAIC website at oaic.gov.au.
NSW Business Chamber Limited
Level 15, 140 Arthur Street
North Sydney NSW 2059
P: 02 9458 7829
11. INTERPRETATION + DEFINITIONS
11.1 Personal pronouns. Except where the context otherwise provides or requires:
- 11.1.1 the terms we, us or our refers to RSGA, which is a wholly-owned subsidiary of NSWBC known as Australian Business Recruitment Solutions being a trading division of NSWBC that includes various brands (ABRS).
- 11.1.2 the terms you or your refers to a user of the Platform and/or a customer to whom we provide the Products and Services or from whom we collect personal information or data.
11.2 Italicised terms. Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.
ABRS means Australian Business Recruitment Solutions being a trading division of NSWBC that includes various brands.
APPs means any of the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
Client information includes information about how you use the Products and Services or our website, as well as personal information which can include Identity information, Contact information, Financial information, Transaction information and Profile information of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal information by law, or under the terms of a contract we have with you.
Contact information includes billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for).
Financial information includes bank account, credit card, banking information and other payment method details, reasonably required details about your business such as Australian Business Number, insurance details, business references.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 (most commonly referred to as the General Data Protection Regulation or GDPR).
Identity information includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your driver’s licence number, passport number, job function and position, your employer or department.
Marketing and Communications information includes your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
NSWBC means NSW Business Chamber Limited (ABN 63 000 014 504) of 140 Arthur Street, North Sydney NSW 2060.
Platforms means all or any of the relevant platforms, electronic interfaces (including the Products) and websites that are owned, provided and/or operated from time to time by us (including but not limited to the Website), regardless of how those interfaces and websites are accessed by users (including via the internet, mobile phone, mobile applications or any other device or other means).
Primary and Secondary Purposes means the primary and secondary purposes stated at clause 2.1.
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Profile information includes your username and password, your interests, preferences, feedback, survey responses and all other information you provide through your use of the Products or Services, or otherwise through your contact or correspondence with us.
Products means products that we provide or offer from time to time.
Related Bodies Corporate has the meaning given to that term in the Corporations Act 2001(Cth) and in the case of RSGA includes any entity in which NSWBC, RSGA or any of their subsidiaries has an equity stake of 10% or more, or has a services agreement under which any such person is required to provide for the benefit of the other entity services or deliverables; or is connected to or operates under a brand or trademark (owned or under licence) of NSWBC or RSGA or persons in which such a stake is held.
RSGA means Recruitment Solutions Group Australia Pty Ltd (ABN 16 162 071 490) as trustee for the Recruitment Solutions Group Australia Trust (ABN 86 157 291 541), of 140 Arthur Street, North Sydney NSW 2060.
Services means in relation to ABRS, our business services such as consulting, training, apprenticeship and traineeship services, labour hire services, general business products and services provided through our various divisions and Related Bodies Corporate, and any other products and services offered or performed by us from time to time.
Technical information includes (as relevant):
- a) The Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- b) Information about your visit to our website/Products, such as the full Uniform Resource Locators (URL), clickstream to, through and from our website/Products (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and
- c) Location data which we may collect through our website/Products and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website/App. Delivery of location services will involve reference to one or more of the following:
- (i) the coordinates (latitude/longitude) of your location;
- (ii) look-up of your country of location by reference to your IP address against public sources; and/or
Third Party means any party that is not us or one of our Related Bodies Corporate.
Transaction information includes details about payments to and from you and other associated information.
Website means the websites owned or operated by ABRS from time to time, including but not limited to:
- (a) www.alliancehealth.com.au
- (b) www.alliancecommunity.com.au
- (c) www.extrastaff.com.au
- (d) www.talentoptions.com.au
- (e) www.apprenticeshipcareers.com.au
- (f) www.actnursing.com.au
- (g) www.rnsnursing.com.au
- (h) www.cqnurse.com.au
- (i) www.belmorenurses.com.au
- (j) www.heartbeatnursing.com.au
- (k) www.hsga.com.au
- (l) www.onepeoplehr.com.au
- (m) www.agtnsw.com.au
and (as may be relevant to ABRS) www.nswbusinesschamber.com.au, www.nswbc.com.au, and the websites of our Related Bodies Corporate (where the context requires) and all relevant sub-domains.