WORKIT™ PRIVACY POLICY
WORKIT™ complies at all times with:
- the Australian state and commonwealth privacy laws including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (if the User is not an EU Entity); and
- the GDPR (if the User is an EU Entity),
(collectively, “Privacy Laws”)
WORKIT™ is committed to the privacy of its website users and to continue providing products in a confidential and safe manner.
This Privacy Policy summarises how WORKIT™ handles personal information with respect to:
- any official WORKIT™ website, web/cloud-based application (“Website”) including any forms on the Website;
- any stand-alone WORKIT™ application (“App”);
- any software used to provide the Website; and
- any services provided by or to a User through the Website or the App,
(collectively, “Platform”).
WORKIT™ will respect and keep secure all personal and sensitive information provided to WORKIT™ by users and clients of its Platform (individually and collectively, “User/s”) in accordance with Privacy Laws and this Privacy Policy.
By downloading, installing or continuing to use the Platform, a User:
- acknowledges acceptance of; and
- consents to the collect, use, store, process and disclose a User’s personal information,
in accordance with this Privacy Policy as updated from time to time.
Information WORKIT™ collects and holds
Personal Information
Definition [non-EU]
If the User is not an EU Entity, “personal information” is defined by the Privacy Act 1988 (Cth) as “information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.”
Definition [EU-only]
If the User is an EU Entity, “personal information” is defined as “any data that can be used to identify a living person directly or indirectly”.
From time to time, WORKIT™ may collect certain of a User’s personal information. WORKIT™ only collects that personal information that is reasonably necessary for or related to WORKIT™’s business or to facilitate the use of the Platform by Users.
The kind of information WORKIT™ collects will depend on a User’s relationship with WORKIT™ (e.g. as a Platform user, customer, business partner, employee or contractor).
Generally, the only personal information WORKIT™ collects about a User is that information which a User choose to disclose to WORKIT™ or which a User authorises WORKIT™ to obtain.
WORKIT™ holds a wide range of Personal Information about users, which may include:
Sensitive Information
Sensitive information is a special category of the most sensitive personal information including racial or ethnic origin, political opinion, police record, health and disability information etc.
WORKIT™ may sometimes need to collect sensitive information about a User, for example, to handle a complaint. This might include information about a User’s health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
Indirect collection
In the course of handling and resolving a complaint, data breach notification, review or an investigation, WORKIT™ may collect personal information (including sensitive information) about a User indirectly from publicly available sources or from third parties such as:
- a User’s authorised representative, if the a User has one
- applicants, complainants, respondents to a complaint, investigation, application or data breach notification or the third parties’ employees and witnesses.
WORKIT™ may also collect personal information from publicly available sources to enable us to contact stakeholders who may be interested in WORKIT™’s business.
Social networking services
WORKIT™ may use social media services such as X, Instagram, LinkedIn, Facebook and YouTube to communicate with the public about WORKIT™’s business.
When a User communicate with WORKIT™ using social media services WORKIT™ may collect such User’s personal information, but WORKIT™ only use it to help us to communicate with the User and the public.
The social media service will also handle a User’s personal information for its own purposes. These services have their own privacy policies.
Credit card details
WORKIT™ may collect or store a User’s credit card numbers for the purposes of payment for services provided by WORKIT™ to the User or at the User’s request.
How WORKIT™ collects and holds personal information
Where possible, WORKIT™ will collect a User’s personal information directly from a User, but information may also be collected via:
- IP loggers
- social media
- online forms and other data capture
- GPS devices
Personal and sensitive information may be collected from a User when a User provides it to WORKIT™ directly.
WORKIT™ has established appropriate physical, electronic and managerial procedures to safeguard any information WORKIT™ collects. This helps prevent unauthorised access, maintains data accuracy and ensures that the information is used correctly.
All data transferred to and from WORKIT™’s servers is encrypted and a firewall is in place to prevent intrusion. All data stored within WORKIT™’s systems is designed to only be able to be accessed by authorised WORKIT™ officers, employees, contractors and the relevant hosting facility.
The purposes for which WORKIT™ collects, holds, uses and discloses personal information.
WORKIT™ collects personal information that WORKIT™ considers relevant for the purpose of providing WORKIT™’s services or the Platform.
WORKIT™ will not use or disclose personal information collected about an individual for the purposes of direct marketing unless the individual has given WORKIT™ consent to do so.
WORKIT™ will not disclose any personal information to any third-party overseas recipients unless the individual has given WORKIT™ consent to do so.
Some of the ways WORKIT™ uses personal information includes to:
- communicate with a User and others as part of WORKIT™’s business
- enable WORKIT™ to provide a product
- personalise a User’s WORKIT™ user experience
- send a User information regarding changes to WORKIT™’s policies, other terms and conditions, on-line services and other administrative issues
- manage accounts and perform other administrative and operational tasks (including risk management, systems development and testing, credit scoring and staff training, collecting debts and market or client satisfaction research)
- prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks
- verify information given to WORKIT™
- to identify a User when the User contacts us
- carry out market research and analysis, including satisfaction surveys
- provide marketing information to a User (including information about other products and services offered by selected third party partners) in preferences a User have expressed
- manage WORKIT™’s infrastructure and business operations and comply with internal policies and procedures, including those relating to auditing accounting billing and collections IT systems data and website hosting business continuity and records, document and print management
- process payments, refunds, replacements and repairs
- resolve complaints and handle requests for data access or correction
- comply with applicable laws and regulatory obligations (including laws outside a User’s country of residence), such as those relating to anti-money laundering, sanctions and anti-terrorism
- comply with legal process and respond to requests from public and governmental authorities (in outside a User’s country of residence)
- establish and defend legal rights protect WORKIT™’s operations or those of any of WORKIT™’ group companies or insurance business partners, WORKIT™’s rights or property and/or that of WORKIT™’ group companies, a User or others and pursue available remedies or limit WORKIT™’ damages
- verify a User’s identity with express consent for the collection, use and disclosure of identification information that relates to you included in an information Match request, prior to any such use or access or transmission being initiated by workit or it’s clients.
- conduct a Nationally Coordinated Criminal History Check
To whom does WORKIT™ disclose a User’s personal information?
WORKIT™ may disclose a User’s personal information to:
- the User
- government authorities (where required by law including workers compensation laws)
- third parties involved in court action (where required by law)
- other parties that provide support services to WORKIT™ including support services, merchant services, marketing programs for the purposes of marketing WORKIT™ products only
- third party professional advisers
- potential business partners or purchasers
- any other persons contemplated by this Privacy Policy
- any persons to whom the User explicitly or implicitly consents personal information to be disclosed including potential employers
What happens if a User doesn’t provide personal or sensitive information?
If a User does not provide some or all of the information requested, WORKIT™ may not be able to provide WORKIT™’s products, permit a User to open or use a user account or give a User access to the Platform.
Using a pseudonym or engaging with WORKIT™ anonymously
Where practicable, a User will be given the opportunity to engage with WORKIT™ on an anonymous basis or using a pseudonym. Due to the nature of WORKIT™’s services, in most cases, the use of a pseudonym anonymity will not be possible.
Miscellaneous
Website cookies and usage information
When a User accesses WORKIT™’s Platform, WORKIT™ may use software embedded in WORKIT™’s Platform and WORKIT™ may place small data files (or cookies) on a User’s computer or other device to collect information about which pages a User’s view, how a User reach those pages, what a User does when a User visits a page, the length of time a User remains on the page and how WORKIT™ performs in providing content to a User. A cookie does not identify individuals personally, but it does identify computers.
A User can set a User’s browser to notify a User when a User receive a cookie and this will provide a User with an opportunity to either accept or reject it in each instance. WORKIT™ may gather a User’s IP address as part of WORKIT™’s business activities and to assist with any operational difficulties or support issues with WORKIT™’s services. This information does not identify a User personally.
External links
The Platform may contain links to other websites. When a User accesses these links, WORKIT™ recommends that a User read the website owner’s privacy statement before disclosing a User’s personal information. WORKIT™ does not accept responsibility for inappropriate use, collection, storage or disclosure of a User’s personal information collected outside WORKIT™’s Platform.
Storage
WORKIT™ will take reasonable steps to protect a User’s personal information and to protect such information from loss, misuse, and unauthorised access, use, modification, disclosure, alteration, or destruction.
However, electronic transmission of information is never completely secure or error-free. As a result, WORKIT™ cannot ensure or warrant the security of any information electronically transmitted by a User and a User provides their personal information at their own risk. To the maximum extent provided by the relevant laws, WORKIT™ is not responsible or liable for the electronic transmission of personal information to WORKIT™ or to third parties.
We will store your personal data for so long as we continue to provide our services to you or to your employer (as applicable). After this time, we will continue to store your personal data to the extent required by any law applicable to our business or for compliance and risk management purposes.
We will delete or de-identify your personal data when it is no longer necessary or required.
Your rights
Where we process any personal data about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out below).
We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing.
The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.
You have the right to request access to a copy of the personal data that we hold about you and to request that we correct or rectify any inaccurate personal data that we hold about you. You also have a right to data portability, which is the right in certain circumstances to request a copy of your personal data in a structured, commonly used and machine-readable format and to transmit this data to another data controller.
You may also request that we erase any personal data that we hold
about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of or processing which you are allowed under the GDPR to object to.
We will comply with such requests unless we are permitted or required by law to retain that information. You also have the right to object to our processing of personal data in certain circumstances, including where we process personal data based on our legitimate interests.
You can also request that we restrict our processing activities in some circumstances. If you make such a request in those circumstances, then we will continue to store your personal data but will not otherwise process your personal data without your consent or as otherwise permitted by law.
You have a right to lodge a complaint in respect of our processing of your personal data with the data protection supervisory authority in the member state of the European Union that you ordinarily reside or work in.
Cross-border disclosures of a User’s personal information
WORKIT™ does currently use off-shore service providers with regard to storage of personal information data including email services, support service and telephonic services. WORKIT™ reserves the right to use data hosting facilities and third-party service providers both in Australia and overseas to assist WORKIT™ with providing our goods and services.
Right to opt out of personal information use
WORKIT™ will comply with any request from a User to process or cease using their personal information data as soon as practicable.
Unless a User specifically opts-out of use of personal information for marketing purposes, WORKIT™ will assume WORKIT™ has a User’s implied consent to receive similar information and communications in the future.
Right to rectification
WORKIT™ has obligations to take reasonable steps to correct personal information held by WORKIT™ if WORKIT™ is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
WORKIT™ will comply with any request from a User to update and/or correct their personal information data within 28 days.
WORKIT™ may take reasonable steps to verify a User’s identity before making any such changes.
In cases where the information was provided by a third party, WORKIT™ may not be able to correct information and a User may have to contact the third-party that gave information to WORKIT™.
Right of access [EU only]
If the User is an EU Entity, WORKIT™ will comply with any request from a User to access their personal information data erased within 28 days.
Right to erasure [EU only]
If the User is an EU Entity, WORKIT™ will comply with any request from a User to object to have their personal information data erased within 28 days.
Right to data portability [EU only]
If the User is an EU Entity, WORKIT™ will comply with any request from a User to obtain and/or use their personal information data for their own purposes within 28 days.
Policy changes
WORKIT™ may revise this Privacy Policy from time to time by updating this page. The revised Privacy Policy will take effect when it is posted on WORKIT™’s Website, implemented in the Platform or otherwise communicated to a User. WORKIT™ suggests that a User review WORKIT™’s Privacy Policy regularly.
Applicable law
This agreement is governed by and construed in accordance with the laws of Victoria, Australia.
The User irrevocably and unconditionally submit to the non-exclusive jurisdiction of the courts of Victoria, Australia.
If any provision of this agreement is found to be invalid or unenforceable by a court of law, such invalidity or unenforceability will not affect the remainder of this agreement, which will continue in full force and effect.
Definitions
In this Privacy Policy:
“WORKIT™” means WORKIT HCM PTY LTD [ACN 634269122] and any “Related Body Corporate” within the meaning of the Section 50 of the Corporations Act 2001 (Cth).
“EU Entity” means a User that:
- is incorporated; or
- ordinarily resides (wholly or partly),
in a European Union member state from time to time.
“GDPR” means the EU General Data Protection Regulation.
Complaints
To exercise a right under this Privacy Policy, make further inquiries or to complain about a breach of Privacy Laws or disclosure of identification information, a User should contact WORKIT™ as follows:
The Privacy Officer
343 Ferrars Street, South Melbourne, 3205, Victoria, Australia
Email: privacy@workit.com.au
WORKIT™ takes all complaints regarding privacy of information seriously. WORKIT™ will respond to any inquiries in a reasonable time.
A user can also lodge complaints with the Office of the Australian Information Commissioner (OAIC) on the following:
Website: https://www.oaic.gov.au
Phone 1300 363 992
SCHEDULE 1–ACIC INFORMED CONSENT
Where the Nationally Coordinated Criminal History Check applies, I:
1. Acknowledge that I/the applicant am/is aware that I/the Applicant am/is providing consent for a Nationally Coordinated Criminal History Check to be conducted using all Personal Information provided in this form and in supplied identity documents.
2. Acknowledge that the Accredited Body is collecting information in this form to provide to the ACIC and police agencies, for a Nationally Coordinated Criminal History Check to be conducted for the purpose as disclosed in this application.
3. Give consent to the Police Information relating to me/the Applicant, being disclosed in accordance with the purpose identified in this application, and applicable legislation and information release policies (including spent convictions legislation described in Australian Government and state or territory legislation).
4. Acknowledge that it is usual practice for my/the Applicant’s Personal Information (including Personal Information) to be used by police agencies and the ACIC for law enforcement, including purposes set out in the Australian Crime Commission Act 2002 (Cth).
5. Have fully and accurately completed this form, and the Personal Information I/the Applicant, have provided relates to me/the Applicant.
6. Acknowledge that withholding and/or providing misleading or false information on this form and in any supplied identity documents may be a Commonwealth offence and may lead to prosecution under the Criminal Code Act 1995 (Cth).
7. Acknowledge that any information sent by mail or electronically, in relation to this form, including identity documents, is sent at my/the Applicant’s risk and I/the Applicant, am aware of the consequences of sending information in these ways.
8. Give consent to the Accredited Body verifying the identity documents that I/the Applicant supplied using an Authoritative Source.
9. Give consent to the Accredited Body providing the document identifiers of the documents that I/the applicant supplied to the ACIC for the purpose of the ACIC verify my/the Applicant’s identity documents.
10. Give consent to the ACIC using the document identifiers of the documents that I/the Applicant supplied to verify my/the Applicant’s identity documents.
11. Give consent to the ACIC and police agencies using and disclosing my/the Applicant’s Personal Information that I/the Applicant, have provided in this form, Personal Information contained in my supplied identity documents and all other available Personal Information relating to me/the Applicant to conduct a Nationally Coordinated Criminal History Check.
12. Give consent to the ACIC disclosing the Police Information sourced from the police agencies to other approved bodies and Accredited Body named in this application.
13. Give consent to the Accredited Body disclosing my/the Applicant’s Personal Information (including Police Information) to the Accredited Body’s contractors for the purpose of conducting a Nationally Coordinated Criminal History Check.
14. Give consent to the Accredited Body disclosing to the Employer Organisation and Third Party of this form, my/the Applicant’s Personal Information (including Police Information) to assess my/the Applicant’s suitability for the purpose identified in this application and as required by Australian Law.
15. Give consent to the Accredited Body transferring my/the Applicant’s Personal Information (including Police Information) outside Australia to the entity or entities as disclosed in this form under ‘Offshore Transfer Arrangements’ of this form, and my/the Applicant’s Personal Information being transferred, supplied, accessed, disclosed, retained or stored in the country or countries named in this form.
Terms used in the Informed Consent
Nationally Coordinated Criminal History Check– Describes both the checking process undertaken, and the result received by the Accredited Body.
You/the Applicant– Individual seeking a Nationally Coordinated Criminal History Check
Accredited Body– Organisation accredited with the ACIC and responsible for submitting your Nationally Coordinated Criminal History Check
Australian Criminal Intelligence Commission (ACIC)– Australian Government agency responsible for facilitating access to Nationally Coordinated Criminal History Checks
Authoritative Source– Any repository which is an accurate and up-to-date source of information using best available information (such as a third-party identity service provider accredited to the required level of assurance).
Employer Organisation– Body or entity that engages the Accredited Body to use the Service for obtaining a Nationally Coordinated Criminal History Check for its own potential or existing Personnel.
Third Party– Organisation the Accredited Body is required by law to disclose your Personal Information and Police Information to.
Personal Information– Information about you, including any information contained in your identity documents.
Police Information– Information released as part of a Nationally Coordinated Criminal History Check.
Offshore Customer– Customer that is registered as a company in a country other than Australia, or that intends to undertake an Offshore Transfer in relation to an Applicant.
Offshore Transfer– Transfer, access, disclosure or holding of Personal Information or Police Information outside of Australia.
SCHEDULE 2–ACIC DISCLAIMER
1. Limitations on accuracy and use of this information
a. A nationally coordinated criminal history check provides a point in time check about the Applicant for an authorised nationally coordinated criminal history check category and purpose. Information obtained through this check should not be used for any other purpose.
b. The accuracy and quality of information provided in a nationally coordinated criminal history check depends on accurate identification of the Applicant which is based on information, including aliases, about the Applicant provided in the application and the comprehensiveness of police records.
c. While every care is taken by the Australian Criminal Intelligence Commission (‘ACIC’ to conduct a search of police information held by it and Australian police agencies that relates to the Applicant, this nationally coordinated criminal history check may not include all police information about the Applicant. Reasons for certain information being excluded from the nationally coordinated criminal history check include the operation of laws that prevent disclosure of certain information, or that the Applicant’s record is not identified by the search
process across the agencies’ relevant information holdings
d. Anationally coordinated criminal history check may contain any (including a combination) of the following information about an Applicant:
i. charges;
ii. court convictions;
iii. findings of guilt with no conviction;
iv. court appearances;
v. good behaviour bonds or other court orders;
vi. pending matters awaiting court hearing; or
vii. traffic offence history.
(‘Disclosable Court Outcome’).
e. If a nationally coordinated criminal history check contains a Disclosable Court Outcome, the entity submitting the application is required to:
i. notify the Applicant of the nationally coordinated criminal history check; and
ii. provide the Applicant with a reasonable opportunity to respond to, or validate the information, in the nationally coordinated criminal history check.
f. To the extent permitted by law, neither the ACIC nor Australian police agencies accept responsibility or liability for any omission or error in the nationally coordinated criminal history check.
2. Nationally Coordinated Criminal History Check Process
The information in this nationally coordinated criminal history check has been obtained according to the following process:
i. provide the Applicant with a reasonable opportunity to respond to, or validate the information, in the nationally coordinated criminal history check.
ii. the ACIC searches its data holdings for potential matches with the names(s) of the applicant;
iii. the ACIC and the relevant Australian police agencies compare name matches with police information held in Australian police records;
iv. the relevant Australian police agency identifies any police information held its police records and releases the information subject to relevant spent convictions, non-disclosure legislation or information release policies; and the ACIC provides resulting information to the entity submitting the application.