1. Introduction
We manage personal information in accordance with the following Principles:
1.1 PRIVACY PRINCIPLES
For information subject to New Zealand law, the Personal Privacy Information Principles established by the Privacy Act 1993 (NZ)
and
For Information subject to Australian law, the Australian Privacy Principles established by the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988.
1. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
We only collect information that is reasonably necessary for the proper performance of our activities or functions.
We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
1.2 HOW TO CONTACT US
If you wish to contact us about your personal information you should contact Triple0 Medical Recruitment during normal office hours which are 8am – 4pm NZT Monday – Friday. Our contact details are available on our website https://triple0.com/contact-us/
1.3 INFORMATION FLOW
When we collect your personal information:
- We check that it is reasonably necessary for our functions or activities as a recruitment agency such as sourcing work for candidates with potential employers, gaining registration with relevant authorities or gaining references about candidates previous work experience.
- We check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties.
- We record and hold your information in our Information Record System which is held securely on our Candidate Management System servers based in Las Vegas Nevada USA.. Your information on these servers is accessed by Triple0 employees and contractors for the purpose of carrying out our functions and activities as a recruitment agency. Some information may be disclosed to overseas recipients such as our staff which are mostly based in New Zealand.
- We retrieve your information when we need to use or disclose it for our functions and activities as a recruitment agency. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again – especially if some time has passed since we last checked.
- Subject to some exceptions, we permit you to access your personal information in accordance with APP:12 of the (APPs). https://www.oaic.gov.au/
- We correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs). https://www.oaic.gov.au/
- We destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.
2. THE KINDS OF INFORMATION THAT WE COLLECT AND HOLD
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a recruitment agency and is likely to differ depending on whether you are:
- a Workseeker
- a Client
- a Referee
2.1 FOR WORKSEEKERS
The type of information that we typically collect and hold about Workseekers is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us and includes:
- Workseeker information submitted and obtained from the workseeker and other sources in connection with applications for work.
- References obtained regarding past performance and suitability for future positions.
- Your medical board registrations and liability insurance details.
- Criminal record information only as is required to be disclosed by relevant registration boards and authorities.
- Your financial information including details about any entities you work through, payroll information, tax information, bank details.
- Information about incidents in the workplace.
- Staff information.
- Information submitted and obtained in relation to absences from work due to leave, illness or other causes.
- Information obtained to assist in managing client and business relationships.
- Contact details.
2.2 FOR CLIENTS
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
- Position descriptions and salary information.
- Personnel details & department information, including rosters.
- Workplace health & safety information.
2.3 FOR REFEREES
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Workseekers for particular jobs or particular types of work and includes:
- Personal information including contact and employment information.
3. PURPOSES
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
- a Workseeker
- a Client
- a Referee
The following sections are also relevant to our use and disclosure of your personal information:
- ur Policy on Direct Marketing
- verseas Disclosures
3.1 FOR WORKSEEKERS
Information that we collect, hold, use and disclose about Workseekers is typically used for:
- Work placement operations.
- Recruitment functions.
- Staff management.
- Risk management.
- Client and business relationship management.
- Marketing services to you; but only where this is permitted and whilst you are registered with us.
- You provide us with any additional information about you.
- Statistical purposes and statutory compliance requirements.
3.2 FOR CLIENTS
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- Client and business relationship management.
- Recruitment functions.
- Marketing services to you.
- Statistical purposes and statutory compliance requirements.
3.3 FOR REFEREES
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- To confirm identity and authority to provide references.
- Workseeker suitability assessment.
- Recruitment functions.
3.4 OUR POLICY ON DIRECT MARKETING
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. We meet the requirements of all relevant anti-spam legislation. We give individuals the direct option as to whether or not they receive marketing communications from us (via a “yes” or “no” response) as well as the option to unsubscribe from further marketing communications at any time.
4. HOW YOUR PERSONAL INFORMATION IS COLLECTED
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
- a Workseeker
- a Client
- a Referee
We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on Electronic Transactions.
See also the section on Photos & Images.
4.1 FOR WORKSEEKERS
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.
Personal information is also collected when:
- We receive or give any reference about you.
- We receive results of inquiries that we might make of your former employers, work colleagues, professional associations or registration body.
- We receive the results of any competency or medical test.
- We receive performance feedback (whether positive or negative).
- We receive any complaint from or about you in the workplace.
- We receive any information about a workplace health & safety incident in which you are involved.
- We receive any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you are involved.
- You provide us with any additional information about you.
- Electronically through our telecommunications and technology systems – see the section in this policy on electronic transactions.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.2 FOR CLIENTS
Personal information about you may be collected:
- When you provide it to us for business or business related social purposes.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.3 FOR REFEREES
Personal information about you may be collected when you provide it to us:
- In the course of our checking Workseeker references with you and when we are checking information that we obtain from you about Workseekers.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.4 PHOTOS & IMAGES
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
4.5 ELECTRONIC TRANSACTIONS
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- Ask to be on an email list such as a job notification or marketing list;
- Register as a site user to access facilities on our site such as a job notification board;
- Make a written online enquiry or email us through our website;
- Submit a resume by email or through our website;
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.
You can contact us by land line telephone or post if you have concerns about making contact via the Internet.
4.6 BROWSING
When an individual looks at our website, our web server or third party providers we subscribe to for site traffic information, such as Google Analytics make a record of the visit and logs (in server logs) the following information for statistical purposes:
- The individual’s server IP address.
- The individual’s top level domain name (for example .com, .gov, .org, .au, etc).
- The pages the individual accessed and documents downloaded.
- The previous site the individual visited.
- The type of browser being used.
We do not identify users or their browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider’s server logs.
We do not accept responsibility for the privacy policy of any other site to which our site has a hyperlink, and it is advisable to look at the privacy policy of other sites before disclosing personal information.
4.7 COOKIES
Our website may use session cookies during a search query of the website and when an individual accesses parts of the website. Our internet service provider does not employ cookies on our website except in those circumstances. The website statistics for this site are generated from the server logs as outlined above.
When an individual closes their browser the session cookie set by our website is destroyed and no personal information is maintained which might identify an individual should they visit our website at a later date.
4.8 WEB BUGS
If we use web bugs we will display a clearly visible icon on the page. The icon will include the name of the company collecting information and will be labelled as a tracking device. The Web bug will be linked to a page disclosing what data is collected, how it is used, and which companies receive the data. Web visitors will be able to opt out of data collection by Web bugs. Web bugs will not be used to collect sensitive information.
4.9 CLOUD COMPUTING SERVICES
We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions or against third parties and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
In cases where we use cloud computing services we will take reasonable steps to ensure that:
- Disclosure of your personal information to the cloud service provider is consistent with our disclosure obligations under the Privacy Principles. This may include ensuring that we have obtained your consent, or that the disclosure is for purposes within your reasonable expectations.
- Disclosure is consistent with any other legal obligations, such as the restrictions on the disclosure of tax file number information or the disclosure by private employment agencies of work seeker details.
- Our Cloud computing services provider’s terms of service recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
4.10 SOCIAL NETWORKS AND WEB SEARCHES
In order to assess your suitability for positions and to assist you to find work, we will need to collect, use and disclose personal information about you. It has become common practice in some places for employment service providers to conduct background checking via social network media sites frequented by candidates.
We will not conduct background checking via social network media sites other than those that you identify and authorise us to check. However we do conduct internet searches using search engines and entering your name and relevant identifying details.
4.11 UPLOADING PHOTOGRAPHS
Please make sure that you do not upload photographs of any individuals who have not given consent to the display of their photograph. Displaying photographs without that person’s consent may breach privacy laws, and you may be responsible for any legal consequences.
4.12 EMAILS
Our technology systems log emails received and sent and may include voting, and read and receipt notifications to enable tracking.
When your email address is received by us because you send us a message, the email address will only be used or disclosed for the purpose for which you have provided it and it will not be added to a mailing list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.
4.13 CALL AND MESSAGE LOGS
Our telephone technology (systems and mobile phones) logs telephone calls and messages received and sent and enables call number display.
When your call number is received by us because you phone us or send us a message, the number will only be used or disclosed for the purpose for which you have provided it and it will not be added to a phone list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.
4.14 TELECONFERENCES AND VIDEO CONFERENCES
Teleconferences and video conferences may be recorded with your consent. In cases where it is proposed that they be recorded, we will tell you first the purpose for which they are to be used and retained.
4.15 DATABASE
We use recruiting software and databases to log and record recruitment operations.
4.16 PAPERLESS OFFICE
Recognising the environmental advantages and efficiencies it provides, we operate a wholly/partially paperless office as a result of which your paper based communications with us may be digitised and retained in digital format, the paper based communications may be culled.
It is therefore important that, except where specifically requested, you do not send us originals of any paper based document and that you retain copies for your own records.
Where we do request original paper based documents we will return them to you once they are no longer required by us for the purpose for which they may be used or disclosed.
4.17 FUTURE CHANGES
This policy may change over time in light of changes to privacy laws, technology and business practice. If you use our website regularly it is important that you check this policy regularly to ensure that you are aware of the extent of any consent, authorisation or permission you might give.
5. HOW YOUR PERSONAL INFORMATION IS HELD
Personal information is held in our Information Record System for five years or until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
- Misuse, interference and loss; and
- Unauthorised access, modification or disclosure.
These measures include a need-to-know electronic filing system so those who do not need to certain information cannot access it. Our IT system has many security features that prevent unauthorised access. All our information is backed up off-site on a daily basis so loss of data is prevented.
6. DISCLOSURES
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.
We may disclose your personal information where we are under a legal duty to do so.
Disclosure will usually be:
- Internally and to our related entities.
- To our Clients.
- To Referees for suitability and screening purposes.
6.1 RELATED PURPOSE DISCLOSURES
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
- Software solutions providers;
- T. contractors and database designers and Internet service suppliers;
- Legal and other professional advisors;
- Insurance brokers, loss assessors and underwriters;
- Background checking and screening agents;
- RCSA appointed service quality auditors
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
6.2 CROSS-BORDER DISCLOSURES
Some of your personal information is likely to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
The likely countries, type of information disclosed and recipients are indicated, so far as is practicable, as follows:
Country: New Zealand, Australia, Philippines
Type of Information: All personal data held by us.
Likely Recipients:
Accessed by Triple0 staff located in New Zealand, Australia & Philippines
Accessed by our CRM helpdesk based in Australia.
7. ACCESS & CORRECTION
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.
Important exceptions include:
- Evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
7.1 ACCESS POLICY
If you wish to obtain access to your personal information you should contact our Privacy Officer. You will need to be in a position to verify your identity. We might impose a moderate charge in providing access. Our Privacy Officer would discuss these with you.
You should also anticipate that it may take a little time to process your application for access as there may be a need to retrieve information from storage and review information in order to determine what information may be provided. We will generally respond to your request for access within 20 working days.
7.2 CORRECTION POLICY
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
8. COMPLAINTS
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
8.1 COMPLAINTS PROCEDURE
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are CEO, Triple0 Medical Recruitment, 245 Wooldridge Road, Harewood, Christchurch 8051, New Zealand
You can also make complaints to the Privacy Commissioner in New Zealand http://www.privacy.org.nz/your-privacy/how-to-complain/
Complaints may also be made to RCSA, the industry association of which we are a member. https://www.rcsa.com.au/
RCSA administers a Code of Conduct for the professional and ethical conduct of its members.
The RCSA Code is supported by rules for the resolution of disputes involving members.
NOTE: The Association Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of the Associations members
When we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint.
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
- We may ask for clarification of certain aspects of the complaint and for further detail.
- We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why.
- We will require a reasonable time (usually 30 days) to respond.
- If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions.
- If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response.
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the New Zealand Privacy Commissioner.