Privacy Policy

1. Purpose

This policy should be read and interpreted in conjunction with the National Employment Standards (NES), the Fair Work Act 2009 (Cth) and the Fair Work Regulations 2009 (Cth) (as amended or replaced). 

2. Application

This policy applies to all employees of Consortio. 

3. Australian Privacy Principles (APPs)

The Australian Privacy Principles (APPs) are contained in the Privacy Act 1988 (Cth) and cover the following:

• the open and transparent management of personal information (including having a privacy policy);
• an individual having the option of transacting anonymously or using a pseudonym where practicable;
• the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection;
• how personal information can be used and disclosed;
• maintaining the quality of personal information;
• keeping personal information secure; and
• right for individuals to access and correct their personal information.

4. Employee records exemption

The handling of personal information by private sector employers, including Consortio, is exempt from the Privacy Act 1988 if the personal information relates directly to an employee record of a current or former employee. This means that Consortio does not need to comply with the Australian Privacy Principles (APPs) when it handles current and past employee records. 

4.1 Employer’s obligation

Under section 535 of the Fair Work Act 2009, Consortio must make and keep employee records for a period of 7 years. 

4.2 What records are considered employee records?

Employee records are records prescribed by the Fair Work Regulations 2009 and include:

• general employment details (i.e. employees’ commencement date and type of employment);
• pay records;
• overtime records;
• averaging of hours agreements;
• records relating to leave entitlements;
• records relating to superannuation contributions;
• records relating to individual flexibility arrangements;
• records relating to guarantees of annual earnings; and
• termination of employment records.

4.3 Collection, use and protection of records 

4.3.1 Collection of personal information

Consortio will only collect and hold employee personal information that is relevant to and necessary for the employment relationship. Our services include verification, background reporting services, HR platform systems for workforce management across the employment cycle, payroll services and a range of other workforce data management services.

We collect, use, disclose and hold personal information in accordance with both Australian and New Zealand privacy laws. Those laws include the Australian Privacy Principles and Part IIIC of the Privacy Act 1988 (Cth), the New Zealand Information Privacy Principles in the Privacy Act 1993 (NZ) and the Credit Reporting Privacy Code 2004 (NZ). The personal information we collect will vary depending on which of our services you use. By way of overview, that personal information may include:

• contact information, such as your name, sex, job title, residential address, business address, telephone number, mobile phone number, fax number and email address;
• background information, such as past residential addresses (for up to the last 5 years), employment and academic history, former names and aliases and marital relationship;
• government identifiers, including passport and driver’s licence numbers, and visa information;
• information collected from publicly available resources, integrity databases and credit agencies;
• sensitive information, such as membership of a professional or trade association or union, health personal data, and details of any police or criminal record you may have;
• employee records, including variations to your employment, terminations, leave requests, performance management assessments, and payroll/HRIS systems data;
• résumés, recruitment records, identity documents and reference checks;
• payment data, such as data necessary for processing payments and fraud prevention, and related billing information;
• dispute information, where you dispute the accuracy of any report we obtain;
• your password for protected platforms or services, where you use one in conjunction with our services; other search specific data, such as information about relevant litigation or other legal proceedings against you or a third party related to you, regulatory sanctions or insolvency records;
• other personal data regarding your preferences where it is relevant to the services that we provide; and/or
• details of your contact with our offices or representatives. 

4.3.2 How do we collect your personal information?

We may collect personal information about you in various circumstances, including:

• when you or your organisation (usually an employer or prospective employer) seek to use any of our on-line or manual information services;
• when you or your organisation browse, make an enquiry or otherwise interact on our website;
• when you attend a seminar or another Consortio event or sign up to receive personal data from us, including training; or
• when you or your organisation offer to provide or provide services to us

In many circumstances, particularly in background checking, we collect personal information about you from a third-party source. For example, we may collect personal information from your employer organisation, other organisations with whom you have dealings, government agencies, a credit reporting agency, an information or service provider, or from publicly available records. 

4.3.3 Are you required to provide personal information?

As a general principle, you will provide us with your personal information entirely voluntarily; however, there may be detrimental effects for you if you choose not to consent or to provide some data depending on the information service being used and the requirements of any organisation requesting you to use our services. For example, there are circumstances in which we cannot act without certain of your personal information, because this data is required to carry out a legally required compliance screening or a background check required by an employer. In these cases, it will unfortunately not be possible for us to provide you with what is requested without the relevant personal information and we will notify you and the relevant organisation accordingly. 

4.3.4 Use of personal information

Consortio will ensure that employee personal information will only be used or disclosed for the purpose for which it was collected unless the law requires or permits use or disclosure for another purpose or consent is provided by the employee to use or disclose the information for another purpose. We may also use your personal information for the following general purposes:

• managing and administering your or your organisation's business relationship with Consortio, including processing payments, accounting, auditing, billing collection, support services;
• compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
• to analyse and improve our services and communications to you;
• protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
• for insurance purposes;
• for monitoring and assessing compliance with our policies and standards;
• to identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
• to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
• to comply with court orders and exercises and/or defend our legal rights; and
• or any purpose related and/or ancillary to any of the above or any other purpose for which your personal information was provided to us. 

4.3.5 Protection of personal information and records

Consortio will ensure that employee personal information and records are stored securely and protected against misuse, interference and loss, as well as unauthorised access, modification or disclosure. We will take appropriate technical and organisational measures to keep your personal information confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal information. Personal information may be kept on our personal information technology systems, those of our contractors or Affiliates, or in paper files.

4.4 Employee access to records

Under regulation 3.42 of the Fair Work Regulations 2009, Consortio must make a copy of an employee record available (in a legible form) for inspection and copying on request by an employee or former employee to whom the record relates.

If the employee record is kept at the premises (at which the employee works, or the former employee worked), Consortio will make a copy available at the premises within 3 business days after receiving a request or post a copy of the employee record within 14 days after receiving a request.

If the employee record is not kept at the premises (at which the employee works, or the former employee worked), Consortio will, as soon as practicable after receiving a request, make a copy available at the premises or post a copy of the employee record to the employee or former employee.

4.5 Third party access to records

Consortio must comply with the Australian Privacy Principles (APPs) when providing employee information and/or records to third parties. Unless consent is provided, Consortio will only disclose personal information to third parties for the purpose that it was originally collected or a closely related purpose that employees would reasonably expect. 

4.5.1 Requests by Fair Work Inspectors 

A Fair Work Inspector may request to inspect, make copies of and keep employee records. Consortio must and will comply with such requests. 

4.5.2 Requests by government departments 

Certain government departments (such as the Australian Taxation Office) may request employee records from Consortio. Where disclosure is required or authorised by law, Consortio must and will comply with such requests. 

4.5.3 Requests by unions 

A union official may request to inspect and make copies of employee records relating to a suspected contravention of the Fair Work Act 2009 or fair work instrument or under occupational health and safety laws. Consortio must and will comply with such requests, where the records are relevant to the suspected contravention and relate to employees who are members of the union official’s organisation. Records relating to employees who are not members of the union official’s organisation will not be provided without consent from such employees or by order of the Fair Work Commission.

4.6 Retention and disposal of records 

Records held by the Office of Human Resources are retained as required by legislation. The length that records are retained varies depending on the type of record. Personal records include staff/personnel records and contain information that is likely to be highly sensitive. While disposal of these records, like other types of records, must be authorised as per the State Records Act 1998, there are additional requirements to ensure the privacy and security of personal records. Remember that personal information is to be kept for no longer than necessary and that minimum retention periods apply for some records. Disposal of records and information, in any format or held in any location, system or application, must be: 

• undertaken in accordance with authorised disposal actions in relevant records retention and disposal authorities and supporting departmental procedures or directions
• approved by an authorised (delegated) employee in conjunction with the department’s Records Management Team. Exceptions are for those records that may be:
• disposed of under the Normal Administrative Practice (NAP) provision of the State Records Act 1998 (NSW) and State Records Regulations 2015 (NSW); or where
• retention periods specified in legislation other than the State Records Act 1998 (NSW), that is specific to a function or activity, need to be satisfied. Records that must be retained, even if the authorised disposal action in a relevant records retention and disposal authority has been satisfied, are those:
• reasonably likely to be required for a pending or anticipated investigation, inquiry or legal proceeding relating to an access request submitted under legislation or Order of Parliament. In each situation, relevant records may only be considered for disposal if all action associated with the event or request, and any subsequent action or reviews arising, have been completed. All system migration, and/or decommissioning of systems or applications, must ensure that authorised disposal actions are satisfied for any stored records. This includes a requirement to ensure records that have long-term value (something to be retained greater than 30 years but not permanently) or those of continuing value (something to be retained permanently as a State archive) are safeguarded, managed, protected and preserved in appropriate storage. Records authorised for destruction must be destroyed by secure means.

5. Health records 

The Australian Privacy Principles (APPs) do not apply to employee health records.

New South Wales

In New South Wales, the Health Records and Information Privacy Act 2002 (HRIP Act) regulates the collection, use, storage and disclosure of health information. The HRIP Act does not apply to health records that form part of employee records. Consortio must and will comply with its obligations under the HRIP Act.

Victoria

In Victoria, the Health Records Act 2001 (HR Act) protects health information handled by Victorian public and private sector employers. The HR Act applies to employee records (including health records). Consortio must and will comply with its obligations under the HR Act.

Other states and territories

Note: in Queensland, South Australia, Western Australia, Tasmania and the territories there is no legislation which specifically addresses the privacy of health records. Despite this, state or territory privacy laws applying in these jurisdictions may impact upon the protection of personal health information.

Consortio must and will comply with its obligations under any state or territory privacy laws dealing with the protection of personal health information.

6. Transferring your personal information overseas

Where we are likely to disclose your personal information to overseas recipients, when doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data. We are likely to disclose your personal information to overseas recipients in cases where your background or a specific search requested relates to a foreign activity or presence (in which case, the recipients are likely to be in those relevant jurisdictions, or in a jurisdiction (such as the NZ, England, USA, or India) that has agents in those relevant jurisdictions). 

7. Updating personal information about you 

If any of the personal information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal information about you, please let us know by sending an email to: hr@consortio.com.au. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you provide to us.

8. Your rights 

Subject to certain legal conditions, you have the right to request a copy of the personal information about you which we hold, to have any inaccurate personal information corrected (where that is within our power or control) and to object to or restrict our using your personal information. You may also make a complaint if you have a concern about our handling of your personal information.

If you wish to do any of the above, please send an email to: hr@consortio.com.au. We may request that you prove your identity by providing us with a copy of a valid means of identification to allow us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal information you request from us.

We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to a relevant privacy regulator. The contact details for the Australian bodies are set out below:

Australian Financial Complaints Authority (AFCA) GPO Box 3 Melbourne VIC 3001 Phone: 1800 931 678 Website: http://www.afca.org.au Office of the Australian Information Commissioner (OAIC) GPO Box 5218 Sydney NSW 2001 Phone: 1300 363 992 Website: http://www.oaic.gov.au

In New Zealand, you should contact: The Office of the Privacy Commissioner (OPC) PO Box 10 094, The Terrace, Wellington 6143 Phone: 0800 803 909 Phone: (04) 474 7595 Website: https://www.privacy.org.nz

9. Updates to this Privacy

Policy This Privacy Policy was last updated in October 2022. We reserve the right to update and change this Privacy Policy from time to time to reflect any changes to the way in which we process your personal information or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on this website.