This is the privacy policy of Sociable Tech Pty Ltd ABN 94 654 934 684 and its subsidiaries, which include Philled Pty Ltd ABN 44 656 428 483 and WorkInAus Pty Ltd ABN 63 657 665 444, each referred to as 'we', 'us' or 'our' (as applicable). Customers, candidates, business contacts and other individuals with whom we deal through the WorkinAUS platform accessible at www.workinaus.com.au (Platform) and through our www.workinaus.co.uk website and the WorkinAUS mobile application, and through other channels, may provide us with personal information (defined below). The purpose of this privacy policy is to provide information about how we deal with and manage personal information.

We are headquartered in Australia and for that reason this privacy policy is based on the requirements of the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (which exist within the Privacy Act).

Even so, our business operates in a global marketplace and this is reflected in our arrangements for dealing with and managing personal information. Accordingly, to the extent that we deal with customers, candidates, service providers and others who are in jurisdictions other than Australia, we operate in accordance with the leading standard for data protection law, the European Union General Data Protection Regulation (EU) 2016/679 ('EU GDPR'). We also monitor and adhere to the retained version of the EU GDPR which applies in the UK (where we are also active), as this is amended from time to time ('UK GDPR')¹.

Our obligations under the Privacy Act exist in respect of our dealings with 'personal information' of 'individuals'. For the purposes of this privacy policy, those terms should be read as interchangeable with the corresponding terms in the UK GDPR: 'personal data' and 'data subjects'. Other terms that relate to the Privacy Act and/or the UK GDPR are defined below.

For the purposes of the UK GDPR, the 'data controller' of personal data that we collect is Sociable Tech Pty Ltd. Among other things in this privacy policy, we explain what rights data subjects might have in respect of their personal data, how you can exercise those rights (where they apply) and the methods with which you can contact us.

¹UK GDPR applies by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).

Personal information is defined in the Privacy Act as:

information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; (b) whether the information or opinion is recorded in a material form or not.

It is in the nature of the services we provide that we may collect sensitive information from candidates with whom we deal. Otherwise, we do not normally collect sensitive information in the course of our activities. Any sensitive information which we do collect will either be collected with the consent of the relevant individual or as permitted by law.

We receive personal information in different ways and through a number of different media including:

We keep different types of records that include personal information. These include records stored electronically on databases, information stored in the cloud, and also hard copy files. Our servers are hosted by Amazon Web Services. Your personal information will be routed through, and stored on, those servers as part of the Service. Personal information of Australian and New Zealand users of the platform will be held in servers located in AWS’s Asia Pacific (Sydney) Region, personal information of European users will be held in one of the AWS Europe regions and personal information of UK users will be held in the AWS Europe (London) Region or Europe (Ireland) Region. Information about the Amazon Web Services Regions is accessible at https://aws.amazon.com/about-aws/global-infrastructure/regions_az/.

We take reasonable steps to protect personal information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

If we collect personal information for a particular purpose, we may use or disclose that personal information for that purpose. For example, if a customer obtains a product or service from us, we may use and/or disclose their personal information for the purpose of providing the product or service to them.

We may also use or disclose personal information for other secondary purposes including the following:

We may disclose your personal information to third parties, such as our service providers (including IT services including cloud storage, insurers, financial institutes, mailing houses), member organisations and other business partners, our professional advisers (including lawyers, accountants and auditors), and government, regulatory and law enforcement authorities;

We may share your personal information with analytics and search engine providers that assist us in the improvement and optimisation of our platform. For these purposes your personal information will be aggregated and looked at on a statistical basis. One important example is Google Analytics based in the USA (treated by the EU and UK as a third country) which requires all partners to have a Privacy Policy in place and to alert users to the use of cookies such as tracking and retargeting triggers which are stored on the users device or computer. For more information on Google Analytics see   https://marketingplatform.google.com/about/analytics/ and for Google’s privacy policy please see   here: https://policies.google.com/privacy?hl=en

Otherwise, we use the personal information that we collect for a variety of purposes related to the services that we provide. We only hold and process personal data when the law in your particular jurisdiction allows us to. Using the UK GDPR as a benchmark (and refining these lawful bases as required to suit the Australian context) we have reviewed the six kinds of legal justification that could apply to the processing of a user’s personal data. They are summarized in the following.

We have put in place appropriate technical and organisational measures to help keep the personal information that we collect safe from unauthorised access or disclosure as required by law and in accordance with good industry practice. For example, all information you provide to us is stored on our secure servers and our database is encrypted using only whitelisted IP addresses for access. Any payment transactions will be encrypted using SSL technology.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share your password with anyone.

The transmission of information via the internet is not completely secure. Although we implemented the measures described above to protect your personal information, we cannot guarantee the security of information that is transmitted to our platform and any transmission is at your own risk.

We will react swiftly (in line with UK GDPR response-times and our own data breach response procedure) upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.

We will only retain your personal information for as long as is necessary for the purposes described in this policy. This means that retention periods will vary according to the type of personal information that we have collected in the first place. For example, we’ll hold on to your personal information for as long as you have your account, or as long as is needed to be able to provide the services to you but we may also retain some of your personal information (even after you have closed your account) for fraud prevention and detection reasons and where necessary to satisfy our regulatory and other legal obligations.

At all times we will ensure that wherever in the world your personal information is stored or processed, it will be done so in full adherence to prevailing law.

What this means for data belonging to people located in the EU or UK is that appropriate safeguards will be taken to ensure adequate protections are in place with regards to any “third country” (including Australia) we use for key headquartered functions and processes.

If you are a candidate based in the UK, you will provide us with personal information about yourself when you upload you resume to our platform or apply for a job that is listed on the platform. In that case, your personal information will be transferred from the UK to us in Australia and, under the UK GDPR, we are require to make sure that the personal data of UK data subjects is subject to appropriate safeguards as if it were being processed inside of the UK.

We will apply the most appropriate safeguard for such transfers and acknowledge the “EU standard contractual clauses” updated for use by the European Commission on 4 June 2021 and available here: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en. We will monitor the UK variant of these as and when updated and made available for deemed use in data transfers outside the UK by the Information Commissioners Office.

As a UK data subject, you have the following rights under UK GDPR:

Request access to your personal information. This enables you to request access to your personal information in our possession or control or for information about the ways in which your personal information has been or may have been used or disclosed by us. You may request access to the information we hold about you, by setting out your request in writing and sending it to us at the email address specified below

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information (such as your profile, account or username) where there is no good reason for us continuing to process it. You also have the right, if you are within the UK, to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information. This right exists where we are relying on legitimate interest as the legal basis for our processing and there is something about your particular situation which warrants your objection to the processing of your personal information. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information. If you are within the UK, we will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent. This right only exists where we are relying on consent to process your personal information. If you withdraw your consent, we may not be able to provide you with access to the jobs boards or opportunities provided by our site, application and software. We will advise you if this is the case at the time you withdraw your consent.

Make a complaint and seek a remedy. Under UK GDPR you have inalienable rights to (i) be informed about your right to complain through this privacy policy, (ii) make an actual complaint to your relevant supervisory authority depending on where you live (such as the Information Commissioner’s Office in the UK), and (iii) to receive an effective judicial remedy if your rights need to be upheld or enforced. If you believe that we hold personal information about you that is wrong (which includes inaccurate, out of date, incomplete, irrelevant or misleading), or you wish to complain about how we have handled your personal information, you should contact our Privacy Officer.

If you have complained to us about how we have handled your personal information, and you believe that we have not satisfactorily resolved your complaint, you may wish to contact the Office of the Australian Information Commissioner.

We will process your subject access request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why.

You may request access to your personal information held by us by contacting our Privacy Officer (details below). We will provide access where we are required to do so under law. In other cases, we reserve our right not to provide access. We also reserve the right to recover our reasonable costs of providing you with access to your personal information held by us.

Email: privacy@workinaus.com.au

In order to improve our software, the “WorkinAUS” sites and platform, the customer experience and our overall service, we collect data by way of “cookies”. A cookie is a small text file containing small amounts of information which are automatically downloaded into your computer (or other electronic devices) when you access our application, site or platform. Cookies help us to measure the number of visits, average time spent, page views and other statistics relating to your access to our Platform and other WorkinAUS websites and mobile applicatons. Therefore, generally, we use cookies to:

We may use functional cookies to recognise you on our Platform and remember your previously selected preferences. These could include what language you prefer to use and your location. A mix of first-party and third-party cookies are used. The exception to functional cookies is where the cookies are strictly necessary in order for us to operate the WorkinAUS platform or any related application or site and/or to provide you with a service you have requested.

Further information about cookies, including how to see what cookies have been set on your computer or device and how to manage and delete them,
visit www.allaboutcookies.org and www.allaboutcookies.org.

Third-party cookies are set by a third-party site separate from us. We work with third-party service providers who are authorised to place third-party cookies and may also set cookies on our Platform. These third-party service providers are responsible for the cookies they set on the Platform. If you want further information, please go to the website of the relevant third party. If you would like to opt-out of all other types of technologies we employ on this Platform, you may do so by changing your browser settings to block, delete or disable these technologies as your browser or device permits.

In light of changes to cookies practices in the recent past, with respect to the disablement of third party cookies on some browsers, we include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly:

At present the third party cookies that we use on the Platform are:

Auth_token - an authentication token securely transmits information about user identities between applications and websites and enables us to strengthen our authentication processes for the services we provide.

Facebook tracking - Facebook does not use cookies to create a profile of your browsing behavior on third-party sites or to show you ads, although it may use anonymous or aggregate data to improve ads generally. You can remove or block cookies using the settings in your browser, but in some cases, this may affect your ability to use Facebook.

Facebook’s Cookie Policy is accessible at https://www.facebook.com/policy/cookies

Google tracking - Google Analytics cookies collect information about how visitors use our Platform. We use the information to compile reports and to help us improve the Platform. The information collected is anonymous and does not identify a visitor. The data includes the number of visitors to the site, where visitors have come from and the pages they visited.

An overview of privacy at Google is accessible at https://marketingplatform.google.com/about/

Click here to opt out of being tracked by Google Analytics across all websites: https://tools.google.com/dlpage/gaoptout