Privacy Policy: Australia

Introduction

The protection of privacy is important to us at HireRight AU Pty Ltd. We treat all personal information as confidential and handle in accordance with the Australian Privacy Principles the Privacy Act 1988 (Cth), the Australian Crime Commission Act 2002 (where relevant) and other data protection legislation, both global (e.g., the European Union General Data Protection Regulation – “GDPR”) and local (e.g., Singapore Personal Data Protection Act 2012), where relevant.

HireRight provides reference, background checking and validation services and is engaged by its clients to validate the skills, qualifications, experience, background and identity of potential employees. We are under an obligation to keep a candidate’s information confidential and not to use it for any other purpose other than background screening and validation.

The reason for the background and reference checks being undertaken is to enable our client to assess an individual’s (“the candidate”) suitability for employment or appointment; this may be for new employment, a role change within an existing employer and/or for compliance purposes.

Why We Collect Personal Information

HireRight collects personal information about you because:

You have provided it to us, for instance:
- you are a candidate applying for a role with one of our clients;
- you are a client of our company;
- you have provided information to us about one of our candidates; and/or
- you contact us to make comments, complaints or to ask us questions;
We need it to provide a product or service that you or one of our clients have requested from us for instance, you are applying for a new job and our client requires you to complete a background check;
We need it to conduct a nationally coordinated criminal history check on request by one of our clients or for a role within HireRight (as relevant);
We would like to improve our services; for instance, through the collection and analysis of statistical and research data, in internal processes such as audits, quality control and IT system updates and use of cookies;
You work for us, or apply to us for a job or work experience;
You or your company provides services to us; and/or
For purposes directly related to any of the above.

What Kinds of Personal Information do we Collect, Use, Disclose and Store?

HireRight will only request, collect, use, disclose and store information that is needed in order for us to carry out our services and this may include personal and/or sensitive information, including your IP address.

Type of Personal Data	Reason for Collecting
Name (and former names)	This is how we are able to identify you when performing the Services. We ask for your name as it appears on your government issued ID and also any names that you may also be known as, or have been formerly known by. This is important particularly where you may be known professionally by a name other than that shown on your government ID document.
Date of Birth	Collecting this information increases the accuracy of results provided by sources.
Contact Details	This is to ensure that HireRight can keep in touch with you during the provision of the Services. HireRight do not use your contact details for any other purpose and these details are deleted from the Services Platform in accordance with retention polices set by our Client.
Address History	Your prospective employer/employer will ask HireRight to perform verifications over a certain period of time (the “Search Depth”). Therefore HireRight needs your address history covering the search depth to identify in which locations certain searches are to be conducted. Collecting address history also increases the accuracy of results returned from sources.
Employment History	Your prospective employer/employer requires that this information be verified in accordance with the Search Depth.
Education History	Your prospective employer/employer requires that this information be verified and in most cases requires the highest level of education achieved.
Referees	To support the verification of your employment history you may be asked to provide the contact details of a referee. You must always ensure that you have the referee’s consent to do so. These contact details are not shared with any third party.
ID Number	This may be required by sources from which information is obtained as the records kept by that source are associated with a government ID Number.
Gender	Some sources require that this information is provided in order to return results.
Position applied for and prospective employer	For some checks, including a nationally coordinated criminal history check in Australia, it is a requirement of the source to collect the position you are applying for and the name of your prospective employer.
Type of employment “purpose field data”	For some checks, including a nationally coordinated criminal history check in Australia, it is a requirement of the source that they understand the type of role that you are applying for e.g., contact with vulnerable persons or work in the financial sector in order to provide appropriately filtered results in accordance with relevant legislation.
Supporting Documents	You may be asked to provide supporting documents during the course of the Services. These supporting documents may include a number of items and will be dependent on the type of Services requested by HireRight’s Client. By way of example you may be asked to upload (where lawful to do so) a copy of your government issued ID; certificates showing professional qualifications; documents that verify any gaps in your employment history; and biometric data which can include photographs included on any government issued ID.

We will never knowingly send you unsolicited commercial electronic messages. Our email newsletters and updates comply with the Spam Act 2003 (Cth) for express and implied consent.

You may elect to no longer receive our newsletters at any time by clicking the unsubscribe link at the bottom of the email or replying to the newsletter with a request to unsubscribe. If you subscribe to our email newsletter we will not sell, rent, share or disclose your details to any third party without your consent.

Personal Information

Personal information is any information or an opinion (whether true or not) about a person. It may range from the very sensitive (e.g., criminal history) to the everyday (e.g., address and telephone number). It would include the opinions of others about a candidate’s work performance (whether true or not), work experience and qualifications and other information obtained by HireRight in connection with a candidate’s background.

When HireRight validates a candidate’s background, it may receive additional information relevant to the employment application which verifies or adds to the information already held regarding the candidate. Should HireRight receive unsolicited personal information that could not have been collected by HireRight under the Australian Privacy Principles detailed in the Privacy Act 1988 (Cth) and it is not relevant to our background checking, HireRight will destroy this information.

Sensitive Information

Sensitive information is a special category of personal information. Sensitive information can, in most cases, only be disclosed with an individual’s specific consent. It is information or opinion about an individual’s:

Racial or ethnic origin;
Political opinion;
Membership of a political association or religious beliefs, affiliations or philosophical beliefs;
Membership of a professional or trade association or membership of a trade union;
Sexual preferences or practices;
Criminal record; and
Health or disability (at any time).

HireRight does not collect sensitive information other than criminal record information requested by our client as part of a background check.

Our Background and Reference Checking Service

Depending on the background checks required, HireRight may validate and/or collect the one or all of the following types of information regarding a candidate:

Employment history (such as HR or Payroll) and references (such as former managers or nominated referees);
Education, professional qualifications and memberships;
Identity (including obtaining/confirming national identity numbers);
Right to work in Australia;
Driving history;
Any police/criminal history information recorded about them;
Medical history (including drug and alcohol); and
Claims, judgements, bankruptcies, current and previous directorships and other public records.

Our criminal records check via the Australian Criminal Intelligence Commission (the National Police Checking Service (NPCS))

To learn more about this service please click on this link [FAQ] which covers:

Process
ID checks required to support the criminal check
Timing of checks
Information on further investigation/enquiries
An overview of the Australian Criminal Intelligence Commission
How long the check lasts for
Whether the check can be used for other jobs
Different types of checks and the spent convictions scheme
Disclosable and non-disclosable results
Who sees the criminal check results
How long criminal checks are retained for
Disputes process

and other relevant information.

When conducting this check you will also be asked to complete and sign a standalone Application and Informed Consent Form which contains a separate privacy notice and guidance notes which you must read. These notes cover both requirements under the Australian Privacy Principles but also those requirements of the Australian Criminal Intelligence Commission.

Data gathered for the purposes of the Service will be retained for no less than 12 months, but no greater than 15 months, following collection. Results of Nationally Coordinated Criminal History Checks will be disposed of within 12 months of receipt.

HireRight is an accredited body and its relationship with the Australian Criminal Intelligence Commission is determined and governed by the Agreement for Controlled Access by Duly Accredited Bodies to Nationally Coordinated Criminal History Checks, including Annexure B to that Agreement which HireRight must adhered to regarding information security controls.

If you should wish to contact the National Police Checking Service you may do so by emailing npcs@acic.gov.au or calling on 02 6268 7900.

Disclosure of Personal Information to Third Parties

HireRight may disclose your personal information to third parties for the following purposes:

To provide the service we have been engaged to undertake (e.g., Background and Reference checking);
For research purposes relating to the performance, quality, maintenance and improvement of HireRight’s services and products;
To inform you of information which may be of interest to you;
To provide technical support to you to use HireRight’s services;
If permitted or required by law; or
Otherwise, with your express consent.

Where your consent is requested, it is important that you fully understand the implications of providing such consent. Your consent must be freely given and you are able to refuse or withdraw your consent at any time. In some circumstances, there may be implications for refusing consent. If at any time you wish to withdraw your consent in part or full, you should contact us immediately and, if possible, in writing to ensure your request is actioned promptly.

HireRight is assisted by a variety of third parties to deliver the services offered by us and operate our business on a day-to-day basis. These third parties are too numerous to list and they change from time-to-time. Further, various third parties may be contacted during the background checking of a particular candidate and will often vary on a case-by-case basis. Some examples of the types of third parties include:

Identity verification providers such as the Document Verification Service, GBG or Yoti;
Technology service providers;
Data storage partners;
Website host such as Go Daddy;
Software development firms such as Accio Data, located in Dripping Springs, Texas, United States of America;
Government departments (direct and through brokers) such as ASIC, AFSA, The Australian Criminal Intelligence Commission (ACIC) etc; and
Medical assessment service providers.

Wherever possible, HireRight engages Australian third parties that are subject to the same Australian Privacy Principles detailed in the Privacy Act 1988 (Cth) as HireRight and/or impose equivalent contractual restrictions.

In some cases, such as when undertaking validations (with a former employer, educational institutes, government departments, for example), HireRight’s ability to impose adherence to Australian Privacy Principles is limited. In those circumstances, HireRight will carefully consider the risks to the protection of personal information when releasing information. We use all reasonable means to verify the accuracy and completeness of information, statements and opinions made available to us during our enquiries.

Some organisations we contact may have their own processes for releasing information; these are mandatory and often in line with data protection legislation outside of Australia. As a result, some organisations may request you provide very specific consent and/or may only release information directly to you, which in turn you can provide to your employer or HireRight to finalise your background checking. This can be the case even when you freely sign HireRight’s Consent Form to act on your behalf. Additional consent may be requested in the form of another consent form, telephone call, through an online platform or other methods. HireRight understand that these additional requirements can be frustrating, but they are in place to protect your privacy and it is important that we follow them.

Cross-Border Disclosure of Personal Information

Personal information collected as a part of our background and reference checking service is collected via HireRight’s online platform, HireRight Global or PRIVI. HireRight Global is hosted on servers in an ISO27001 certified data centre in the United Kingdom. PRIVI, is hosted by Accio Data, a United States of America-based software development firm located in Dripping Springs, Texas. You need to be aware that your information will be stored in the USA on PRIVI.

In addition to storing your information on HireRight Global or PRIVI, in some cases, it may also be necessary to collect and release your information outside of Australia and we will require your express consent to do this. In most cases, this will generally be because you have resided overseas and background and reference checking is required to be undertaken in this particular region. Sometimes, our client may be based overseas and your information will be provided to them. You have the option to nominate the countries we may disclose your information to or you can elect to withhold your consent to such disclosure. If you have any questions as to whether your information will be disclosed overseas, please contact us so we may discuss your specific circumstances.

If you or our client have resided, or currently reside in the EU Union, some specific requirements may apply to the transfer of your information. If you have any restrictions or conditions regarding the release of your information, be sure to advise us as soon as possible.

How Do We Collect and Store Personal Information?

HireRight collects personal information through a variety of means, such as (but not limited to), in person at HireRight’s offices, verbally over the phone, in writing via email or fax, or through online sources, including HireRight Global and PRIVI.

HireRight will take all reasonable and practicable steps to ensure that your personal information is properly protected from misuse or loss and unauthorised access, modification or disclosure. In addition, we encourage you to be vigilant about the protection of your own personal information when providing your information to HireRight and choose the delivery avenue that best meets your own data disclosure expectations.

We employ appropriate technical, administrative and physical procedures to protect personal information from unauthorised disclosure, loss, misuse, interference or alteration during its collection, use, disclosure and storage. We limit access to personal information to individuals with a business need consistent with the reason the information was provided. HireRight has internal policies surrounding the management of personal information and is committed to training its people to ensure compliance with these policies. We keep personal information only for as long as it is required for business purposes or as required by law.

It is necessary for us to store your information and this may be done through a variety of means, such as (but not limited to): electronically on HireRight’s web-based document management and storage system, HireRight Global (hosted in the United Kingdom) or PRIVI (hosted in the USA) and backups; and hard copies onsite at HireRight offices.

How You Can Access, Correct and Remove Your Personal Information

Subject to some exceptions which are set out in the Australian Privacy Principles (Principle 12 – Access to, and correction of, personal information), you have a right to see and obtain a copy of personal and sensitive information about you held by HireRight. We will require you to put your request in writing and we will respond to such a request within a reasonable period after the request is made. We will provide access to the information in the manner you request it, providing it is reasonable and practicable to do so. If it is not possible to provide you with access in the manner you request, we will take steps to give you access in a way that meets the needs of both parties.

If we have undertaken a Nationally Coordinated Criminal History Check through the Australian Criminal Intelligence Commission (the National Police Checking Service (NPCS) or the Australian Federal Police and you do not agree with the results, you can contact us to dispute the result. HireRight accepts and escalates all disputes. Please see our FAQs for further information.

We will take reasonable steps to correct personal information collected about you where: HireRight is satisfied that, having regard to its purpose is inaccurate, out of date, incomplete, irrelevant or misleading; or you request we correct information. If HireRight is unable to agree that personal or sensitive information held about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will advise you in writing of the reasons for the refusal. You may request that a statement is included with the information that claims that particular information is inaccurate, out of date, incomplete, irrelevant or misleading.

If you wish to exercise your rights of access and correction, or would like to complain about a refusal, you should contact our Privacy Officer using the contact details below. Personal information will only be released to individuals directly, unless we are provided with a written, signed authority to provide it to a third party.

In some cases, HireRight may impose a moderate charge for providing access to personal or sensitive information. We will not charge you simply because you lodge a request for access.

Unless there is an exception, you may have the right to request we destroy your data or have it de-identified. This may apply where the information is no longer necessary for the purpose for which it was collected, or where you withdraw your consent and there is no other legal reason for processing your data. If you would like to exercise your rights in this respect, please contact us.

How Suspected Privacy Breaches are Handled

HireRight handles all suspected Data Breaches in accordance with the Privacy Act 1988 (Cth). If you suspect your information has been breached, please contact us via the details below and we will investigate this for you.

Alternatively, if you wish to complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds HireRight, you can contact us via the details below. We will request that you put your complaint in writing. Your complaint will be assigned to a data privacy officer for investigation. They may contact you for additional information or to discuss your complaint with you. We will respond to your request within a reasonable period after the request is made and, where appropriate, ensure that a response is issued in writing for your records.

You can also make a complaint to the Office of the Australian Information Commissioner (OAIC) on 1300 363 992 or via other means available on their website: www.oaic.gov.au. Before making a compliant with the OAIC, you should make your complaint with us first.

Do Our Websites Use Cookies

HireRight's web site may use the standard technology called a "cookie" to collect information about how you use the web site.

A cookie is a small data file that is transferred to your hard drive and used for record-keeping purposes. A cookie file can contain information such as the URL you came from, your computer's IP address (i.e., the Internet address of your computer) and domain type (e.g., .com or .org, etc.), your browser type, the country, state and telephone area code where your server is located, the pages of our site that were viewed during a visit, and any search terms that you entered on our site. This information is used for internal purposes only, and we do not link your URL or IP address to any personal information unless you have logged into our web site with a HireRight account login and password. In addition, HireRight’s web site does not allow other parties to collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the HireRight web site.

If you would prefer not to receive cookies, you can alter the configuration of your browser to refuse cookies, although it is possible that some areas of our web site will not function properly if you do so. In particular, you may be required to accept cookies in order to complete certain actions on HireRight's web site. HireRight’s web site does not currently recognize “do not track” signals transmitted by web browsers.

To find out more please click here to view the cookie policy.

Contact Us

If you wish to contact us about your personal or sensitive information, make a complaint or you wish to dispute a Nationally Coordinated Criminal History Check through the Australian Criminal Intelligence Commission or the Australian Federal Police you should contact our Privacy Officer in writing.

Privacy Officer

E: dpo@hireright.com

Appendix

Annexure B – Protection of Personal Information and Police Information Safeguards (as referenced in the Agreement for controlled access by duly Accredited Bodies to Nationally Coordinated Criminal History Checks)