This is the privacy policy of Sociable Tech Pty Ltd ABN 94 654 934 684 and its subsidiaries, which include Philled Pty Ltd ABN 44 656 428 483 and WorkInAus Pty Ltd ABN 63 657 665 444, each referred to as 'we', 'us' or 'our' (as applicable). Customers, candidates, business contacts and
other individuals with whom we deal through the WorkinAUS platform accessible at
www.workinaus.com.au (
Platform) and
through our
www.workinaus.co.uk
website and the WorkinAUS mobile application, and through other channels, may provide us with personal
information (defined below). The purpose of this privacy policy is to provide information about how we
deal with and manage personal information.
We are headquartered in Australia and for that reason this
privacy policy is based on the requirements of the Privacy Act 1988 (Cth) (Privacy Act)
and the
Australian Privacy Principles (which exist within the Privacy Act).
Even so, our business operates in a
global marketplace and this is reflected in our arrangements for dealing with and managing personal
information. Accordingly, to the extent that we deal with customers, candidates, service providers and
others who are in jurisdictions other than Australia, we operate in accordance with the leading standard
for data protection law, the European Union General Data Protection Regulation (EU) 2016/679
('EU
GDPR'). We also monitor and adhere to the retained version of the EU GDPR which applies in
the UK
(where we are also active), as this is amended from time to time ('UK GDPR')1.
Our obligations under the Privacy Act exist in respect of our dealings with
'personal information' of
'individuals'. For the purposes of this privacy policy, those terms should be read as interchangeable
with the corresponding terms in the UK GDPR: 'personal data' and 'data subjects'. Other terms that
relate to the Privacy Act and/or the UK GDPR are defined below.
For the purposes of the UK GDPR, the 'data controller' of personal data that we
collect is Sociable Tech
Pty Ltd. Among other things in this privacy policy, we explain what rights data subjects might have in
respect of their personal data, how you can exercise those rights (where they apply) and the methods
with which you can contact us.
What is personal Information?
Personal information is defined in the Privacy Act as:
information or an opinion about an identified individual, or an individual who is
reasonably
identifiable:
(a) whether the information or opinion is true or not;
(b) whether the information or opinion is recorded in a material form or not.
Why do we collect personal Information?
There are few, if any, organisations that can function without personal information. We are no
exception. We collect personal information where it is reasonably necessary for our functions or
activities. Our functions and activities include:
our primary services are:
connecting jobseekers, employers and recruiters with each other
connecting jobseekers with other participants in the international
jobs market, including immigration service providers and training
and education providers;
marketing our services;
undertaking research to improve our business;
obtaining goods and services from other businesses;
employing staff; and
complying with legal and regulatory obligations.
Some common examples of personal information that we may collect include an
individual’s name, contact details, and details of services that they obtain from
us.
The Privacy Act recognises certain types of personal information as sensitive
information. Examples of sensitive information about an individual include
information about the individual’s:
health;
racial or ethnic origin;
political opinions;
membership of a political association, professional or trade association or
trade union;
religious beliefs or affiliations;
philosophical beliefs;
sexual orientation or practices; and
criminal record.
It is in the nature of the services we provide that we may collect sensitive
information from candidates with whom we deal. Otherwise, we do not normally
collect sensitive information in the course of our activities. Any sensitive
information which we do collect will either be collected with the consent of the
relevant individual or as permitted by law.
How do we collect and keep personal Information?
We receive personal information in different ways and through a number of
different media including:
via online sources (including email and other electronic communication
channels such as the WorkinAUS platform located at
www.workinaus.com.au,
Facebook, Instagram, Twitter and other social media and technology platforms;
by telephone;
through face to face communications; and
by hard copy correspondence and documentation
We keep different types of records that include personal information. These
include records stored electronically on databases, information stored in the
cloud, and also hard copy files. Our servers are hosted by Amazon Web
Services. Your personal information will be routed through, and stored on, those
servers as part of the Service. Personal information of Australian and New
Zealand users of the platform will be held in servers located in AWS’s Asia Pacific
(Sydney) Region, personal information of European users will be held in one of
the AWS Europe regions and personal information of UK users will be held in the
AWS Europe (London) Region or Europe (Ireland) Region. Information about the
Amazon Web Services Regions is accessible at
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/.
We take reasonable steps to protect personal information we hold from misuse,
interference and loss, as well as unauthorised access, modification or disclosure.
When do we use or disclose or transfer personal Information?
If we collect personal information for a particular purpose, we may use or
disclose that personal information for that purpose. For example, if a customer
obtains a product or service from us, we may use and/or disclose their personal
information for the purpose of providing the product or service to them.
We may also use or disclose personal information for other secondary purposes
including the following:
where the individual has consented to the use or disclosure for the
secondary purpose;
the secondary purpose is related to (or in the case of sensitive information
directly related to) the purpose for which the personal information was
collected and the individual concerned would reasonably expect us to use
or disclose the information – for example providing marketing information
to existing customers (unless the customer has requested not to receive
marketing information from us);
the use or disclosure is required or authorised under a particular law or a
court or tribunal order;
a permitted general or health situation exists as defined in the Privacy Act;
or
we reasonably believe that the use or disclosure of the personal
information is reasonably necessary for one or more enforcement related
activities conducted by, or on behalf of, an enforcement body.
We may disclose your personal information to third parties, such as our service
providers (including IT services including cloud storage, insurers, financial
institutes, mailing houses), member organisations and other business partners,
our professional advisers (including lawyers, accountants and auditors), and
government, regulatory and law enforcement authorities;
We may share your personal information with analytics and search engine
providers that assist us in the improvement and optimisation of our platform. For
these purposes your personal information will be aggregated and looked at on a
statistical basis. One important example is Google Analytics based in the USA
(treated by the EU and UK as a third country) which requires all partners to have
a Privacy Policy in place and to alert users to the use of cookies such as tracking
and retargeting triggers which are stored on the users device or computer. For
more information on Google Analytics see
https://marketingplatform.google.com/about/analytics/
and for Google’s privacy
policy please see here:
https://policies.google.com/privacy?hl=en
Otherwise, we use the personal information that we collect for a variety of
purposes related to the services that we provide. We only hold and process
personal data when the law in your particular jurisdiction allows us to. Using the
UK GDPR as a benchmark (and refining these lawful bases as required to suit the
Australian context) we have reviewed the six kinds of legal justification that
could apply to the processing of a user’s personal data. They are summarized in
the following.
Security of your personal information
We have put in place appropriate technical and organisational measures to help
keep the personal information that we collect safe from unauthorised access or
disclosure as required by law and in accordance with good industry practice. For
example, all information you provide to us is stored on our secure servers and
our database is encrypted using only whitelisted IP addresses for access. Any
payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables
you to access certain parts of our site, you are responsible for keeping this
password confidential. You must not share your password with anyone.
The transmission of information via the internet is not completely secure.
Although we implemented the measures described above to protect your
personal information, we cannot guarantee the security of information that is
transmitted to our platform and any transmission is at your own risk.
We will react swiftly (in line with UK GDPR response-times and our own data
breach response procedure) upon discovering or being advised of a security
breach where your personal information is lost, stolen, accessed, used, disclosed,
copied, modified, or disposed of by any unauthorised persons or in any
unauthorised manner.
Retention of your personal information
We will only retain your personal information for as long as is necessary for the
purposes described in this policy. This means that retention periods will vary
according to the type of personal information that we have collected in the first
place. For example, we’ll hold on to your personal information for as long as you
have your account, or as long as is needed to be able to provide the services to
you but we may also retain some of your personal information (even after you
have closed your account) for fraud prevention and detection reasons and where
necessary to satisfy our regulatory and other legal obligations.
Data subjects in the UK: special provisions
Transferring personal information overseas
At all times we will ensure that wherever in the world your personal information
is stored or processed, it will be done so in full adherence to prevailing law.
What this means for data belonging to people located in the EU or UK is that
appropriate safeguards will be taken to ensure adequate protections are in place
with regards to any “third country” (including Australia) we use for key
headquartered functions and processes.
If you are a candidate based in the UK, you will provide us with personal
information about yourself when you upload you resume to our platform or apply for a
job that is listed on the platform. In that case, your personal information will be
transferred from the UK to us in Australia and, under the UK GDPR, we are
require to make sure that the personal data of UK data subjects is subject to
appropriate safeguards as if it were being processed inside of the UK.
We will apply the most appropriate safeguard for such transfers and
acknowledge the “EU standard contractual clauses” updated for use by the
European Commission on 4 June 2021 and available here:
https://eur-
lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en.
We will monitor the UK variant of these as and when updated and made
available for deemed use in data transfers outside the UK by the Information
Commissioners Office.
As a UK data subject, you have the following rights under UK GDPR:
Request access to your personal information. This enables you to request
access to your personal information in our possession or control or for
information about the ways in which your personal information has been or may
have been used or disclosed by us. You may request access to the information
we hold about you, by setting out your request in writing and sending it to us
at the email address specified below
Request correction of the personal information that we hold about
you. This enables you to have any incomplete or inaccurate information we hold
about you corrected.
Request erasure of your personal information. This enables you to ask us
to delete or remove personal information (such as your profile, account or
username) where there is no good reason for us continuing to process it. You
also have the right, if you are within the UK, to ask us to delete or remove your
personal information where you have exercised your right to object to processing
(see below).
Object to processing of your personal information. This right exists where
we are relying on legitimate interest as the legal basis for our processing and
there is something about your particular situation which warrants your objection
to the processing of your personal information. You also have the right to object
where we are processing your personal information for direct marketing
purposes.
Request the restriction of processing of your personal information. This
enables you to ask us to suspend the processing of personal information about
you, for example if you want us to establish its accuracy or the reason for
processing it.
Request the transfer of your personal information. If you are within the
UK, we will provide to you, or a third party you have chosen, your personal
information in a structured, commonly used, machine-readable format. Note that
this right only applies to automated information which you initially provided
consent for us to use or where we used the information to perform a contract
with you.
Withdraw consent. This right only exists where we are relying on consent to
process your personal information. If you withdraw your consent, we may not be
able to provide you with access to the jobs boards or opportunities provided by
our site, application and software. We will advise you if this is the case at the
time you withdraw your consent.
Make a complaint and seek a remedy. Under UK GDPR you have inalienable
rights to
(i) be informed about your right to complain through this privacy policy,
(ii) make an actual complaint to your relevant supervisory authority depending
on where you live (such as the Information Commissioner’s Office in the UK), and
(iii) to receive an effective judicial remedy if your rights need to be upheld or
enforced. If you believe that we hold personal information about you that is
wrong (which includes inaccurate, out of date, incomplete, irrelevant or
misleading), or you wish to complain about how we have handled your personal
information, you should contact our Privacy Officer.
We will process your subject access request as soon as reasonably practicable,
provided we are not otherwise prevented from doing so on legal grounds. If we
are unable to meet your request, we will let you know why.
How can you access your personal information that we hold?
You may request access to your personal information held by us by contacting
our Privacy Officer (details below). We will provide access where we are required
to do so under law. In other cases, we reserve our right not to provide access.
We also reserve the right to recover our reasonable costs of providing you with
access to your personal information held by us.
How to contact our Privacy Officer
Privacy Officer | Sociable Tech Pty Ltd
Unit 1, Building A/38 Brookhollow Avenue,
Baulkham hills NSW 2153
Our use of Cookies
In order to improve our software, the “WorkinAUS” sites and platform, the
customer experience and our overall service, we collect data by way of
“cookies”. A cookie is a small text file containing small amounts of information
which are automatically downloaded into your computer (or other electronic
devices) when you access our application, site or platform. Cookies help us to
measure the number of visits, average time spent, page views and other
statistics relating to your access to our Platform and other WorkinAUS websites
and mobile applicatons. Therefore, generally, we use cookies to:
recognise your browser as a previous visitor and save any preferences that
may have been set during your last visit to this Site;
Help your session load faster
Keep you signed in
Monitor how you use the website and platform
track website analytics and carry out research and statistical analysis to help
improve our content, products and services and to help us better understand
our visitors’ or customers’ requirements and interests;
customise and target our marketing and job-advertising campaigns and
those of our partners more effectively;
measure and research the effectiveness of our interactive online content,
features, advertisements, and other communications;
make your online experience more efficient and enjoyable.
What type of cookies do we use?
We may use functional cookies to recognise you on our Platform and remember
your previously selected preferences. These could include what language you
prefer to use and your location. A mix of first-party and third-party cookies are
used. The exception to functional cookies is where the cookies are strictly
necessary in order for us to operate the WorkinAUS platform or any related
application or site and/or to provide you with a service you have requested.
Third-Party Cookies
Third-party cookies are set by a third-party site separate from us. We work with
third-party service providers who are authorised to place third-party cookies and
may also set cookies on our Platform. These third-party service providers are
responsible for the cookies they set on the Platform. If you want further
information, please go to the website of the relevant third party. If you would like
to opt-out of all other types of technologies we employ on this Platform, you may
do so by changing your browser settings to block, delete or disable these
technologies as your browser or device permits.
In light of changes to cookies practices in the recent past, with respect to the
disablement of third party cookies on some browsers, we include below an
updated list of the more popular browser types with hyperlinks showing how to
adapt their cookie settings accordingly:
Google Chrome
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer
Opera
Apple Safari
At present the third party cookies that we use on the Platform are:
Auth_token - an authentication token securely transmits information about user
identities between applications and websites and enables us to strengthen our
authentication processes for the services we provide.
Facebook tracking - Facebook does not use cookies to create a profile of your
browsing behavior on third-party sites or to show you ads, although it may use
anonymous or aggregate data to improve ads generally. You can remove or
block cookies using the settings in your browser, but in some cases, this may
affect your ability to use Facebook.
Google tracking - Google Analytics cookies collect information about how
visitors use our Platform. We use the information to compile reports and to help
us improve the Platform. The information collected is anonymous and does not
identify a visitor. The data includes the number of visitors to the site, where
visitors have come from and the pages they visited.