Last updated: 14th July 2021
ProbityPeople are strongly committed to protecting your privacy as a customer, supplier, applicant, and an online visitor to our website. We use the information we collect about you to maximise the services that we provide to you. It is important to us that you feel secure when using our services, so rest assured, information security and privacy is at the forefront of everything ProbityPeople does. We respect the privacy and confidentiality of the information provided by you and adhere to the Australian Privacy Principles.
WHAT PROBITYPEOPLE DOES
ProbityPeople processes pre and post employment background screening checks for individuals directly, or for individuals looking for employment with other organisations. This generally involves the secure exchange of your personal information as highlighted in this policy.
Every business user or individual applicant is required to log in to a secure online portal to request orders or complete details for background screening checks. During the process of background checks being ordered or processed, the following procedure is likely, but not limited to occur:
- Personal information such as contact details and user-generated passwords is obtained to create a secure online account
- Depending on the type of background screening check, whether criminal background, financial history, career and education history, qualifications and memberships, entitlement to work etc., further personal information would be collected to:
- Verify the identity of the applicant
- Confirm accuracy of information provided
- Retrieve historical financial data against an individual
- Retrieve employment references
- Verifying legitimacy of qualifications, memberships and more
- Process various background screening verifications
- Your personal information will likely be passed onto well-protected sources such as the Australian Criminal Intelligence Commission, credit agencies or other government or police agencies in different jurisdictions. To complete these checks these sources may pass personal information on to other sources.
- These sources will also likely share further personal detail back to ProbityPeople to confirm results, verifications, references etc.
- Outcomes will then be shared back to either the business user or individual applicant depending who initiated the process through the secure online portal
- Depending on the type of result or personal information that ProbityPeople receives, we will then choose to either maintain or destroy certain records to comply with agreements, legislations, and the law
- To ensure we meet regulatory obligations, ProbityPeople’s online portals may also track and record communication or user activity experience and correspondence securely
INFORMATION WE COLLECT FROM YOU, AND ANYONE UNDER 18
In the course of your visits to our website or use of our products and services, we may from time to time obtain the following information about you, for example: contact details, date of birth, copies of your identity documents, current or previous addresses, career and education history, qualifications, memberships, references, financial information, criminal history, or any information regarding any services ordered through ProbityPeople, credit card details (not stored), billing address, geographic location, IP address, survey responses, support queries, blog comments and social media handles (together `Personal Data'}.
The Personal Data we collect from you will only be necessary information depending on the nature of your interaction. It would be used to provide our services to you such as criminal background history checks, financial checks, educational and qualification checks, work rights checks and any other services we offer on www.probitypeople.com.au. We will only collect your Personal Data lawfully, respectively and in a fair manner. We will collect your Personal Data and information directly from you when you create an account, order checks, complete checks, enter into an agreement with us or when you communicate with us. This information will be recorded, collected, and held in relation to your transaction with us.
We may also collect information about your transaction history with ProbityPeople, your browsing behaviour on our website (see information about ‘cookies’ in the section below) and record your interaction with us via email and telephone for security, training and dispute resolution purposes.
Depending on the products or services that are being provided your personal information may also be collected from other sources, such as:
- Third party suppliers including but not limited to providers of criminal background history checks, credit agencies, law enforcement agencies, education providers, regulatory and licensing bodies, professional organisations or psychometric assessment providers
- Partner organisations
- Current or previous employers
- Current or previous educational institutes
Any sensitive personal information that we collect from you for the purposes of the services ordered from ProbityPeople will be obtained with your permission and consent, except where it is otherwise allowed by law.
ProbityPeople will collect, use and exchange your information only if we have a valid and lawful reason to, such as to:
- Verify your identity and accuracy of information
- Manage our communication and relationship with you such as providing our products and services to you
- Review and assess your application for our products and services
- Minimise misuse or loss of data, and reduce risks and protect against fraud
- Comply with laws, obligations and provide assistance to regulatory, government and law enforcement authorities
- Manage our business and improve our service to you
- Processing your information to fulfil a contracted agreement with yourself or to comply with the law
- Processing your information to fulfil ProbityPeople or a third party’s legitimate interest. Where there is a good reason to protect your personal information, the legitimate interest can be overridden
- You have provided consent for us to process your personal data
Our services are not generally directed to persons under 18 and we do not knowingly collect Personal Data from anyone under 18. When ProbityPeople are required to collect personal information of persons under 18, we will seek parent or guardian consent prior to doing so. If you are the parent or guardian of a child and you believe they have provided us with Personal Data without your consent, then please contact us. You can review, correct, update, or delete your Personal Data by either logging into your account and making the changes yourself or contacting us directly to do so.
HOW WE USE YOUR INFORMATION
Personally Identifiable Information: We use the information we collect to deliver our services to you and give you a better experience, including: communicating with you, providing technical support, notifying you of updates and offers, sharing useful content, measuring customer satisfaction, diagnosing problems and providing you with a personalised website experience. Marketing communications are only sent to you if you have requested or subscribed to them. You can opt out of our marketing communications at any time by unsubscribing or emailing us your mailing preferences at email@example.com and your request will be actioned immediately. Non-Personally Identifiable Information: We also use the information we collect in aggregated and anonymised forms to improve our services, including: administering our website, producing reports and analytics, advertising our products and services, identifying user demands and assisting in meeting customer needs generally. Any information you choose to make publicly available, such as blog comments and testimonials on our website, will be available for others to see. If you subsequently remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.
HOW LONG YOUR INFORMATION IS KEPT WITH US
ProbityPeople will keep your information indefinitely if you are a customer of ours. We will also comply to all our legal or regulatory obligations. We will also comply with our supplier agreements whereby as an example, Australian Criminal history checks are destroyed after 12 months and identity documents for this type of check must be stored for 12 months and deleted within 15 months. Internal research, data analytics, your requests or feedback, and being unable to delete data for technical reasons may also influence how long ProbityPeople may keep your personal data.
STORAGE AND SECURITY OF YOUR INFORMATION
ProbityPeople will use all reasonable means to protect the confidentiality of your Personal Data while in our possession or control. All information we receive from you, whether hard-copy or electronic records are stored and protected on our secure servers from unauthorized use or access. Credit card information is encrypted before transmission and is not stored by us on our servers. To enable us to deliver our services, we may transfer information that we collect about you, including Personal Data, across borders for storage and processing in countries other than Australia. If your Personal Data is transferred and processed outside Australia, it will only be transferred to countries that have adequate privacy protections. We retain your personal information for as long as needed to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes and enforce our agreements. In the event there is a breach of our security and your Personal Data is compromised, we will promptly notify you in compliance with the applicable law.
ProbityPeople also have a detailed approach to our online security.
ProbityPeople’s server is hosted securely behind the leading firewall and site monitoring tools preventing various cyber-attacks. Leading malware detection technology is also used to detect and mitigate possible malware from the server. All check processes must be maintained via probitypeople.com.au, which is securely hosted on a private server. Only authorised and required users will have access to applicant details. Results are only securely shared via individual sign in accounts which have strong password protection requirements. ProbityPeople enforces secure socket layer (SSL) connections for every page of our website and back end application processes. The use of SSL and TLS means that data traffic between your computer and our site is encrypted and protected at all times. No sensitive personal data or materials is transferred on an unsecured mechanism such as email.
All company servers and all documents are stored and shared via an encrypted server which has two factor authentications enabled. Individual sign in accounts with access privileges is required to access our third-party suppliers and only compliance team members will be granted access. All access requests are logged for further auditing. Email alerts are in place to notify the server admin.
Antivirus and server protection software are installed on all devices to secure the endpoint. Operating systems and application patches must be applied on the server and endpoint on a weekly basis. Critical server software and application patches are installed as soon as they become available ensuring data security.
Access to server infrastructure is strictly monitored and role-based access control mechanism is used to prevent unauthorised access to confidential personal data. Two-factor authentication is also used to further restrict the unauthorised access to the server.
Access to ProbityPeople offices, sensitive areas, and document storage spaces are fully controlled by employee security passes, safety cameras, alarms and building guards. Management of physical and electronic documents as well as disposal of these documents are also controlled by trained management staff.
All of ProbityPeople’s operational data and customers’ personal data is held securely in Australian data centres. All ProbityPeople’s Consultants are fully trained prior to managing and processing checks from our operation centres. ProbityPeople’s application processing procedure and integrations are built in adherence to robust performance, fast response times and data preservation in the event of any negative impacts. We will only keep personal information for as long as we need it and only for the period in compliance to our suppliers and by law. When we are disposing of any information or data, responsible steps and measures will be in place to destroy or de-identify any data.
All policies and standards and procedures are set out by senior management. They form part of our Security Management team and are responsible for measuring and monitoring ProbityPeople’s operational staff and departments.
Prior to commencing employment, all employees must read and sign all company policies. All employees undergo full training to access the company’s resources including how to safely access and manage stored data and personal information.
SHARING YOUR INFORMATION WITH THIRD PARTIES
When providing our professional services to you, depending on the service you have purchased or the reason for your interaction with ProbityPeople, we may share your personal information with the following third parties:
- Third party suppliers including but not limited to providers of criminal background history checks, credit agencies, law enforcement agencies, education providers, regulatory and licensing bodies, professional organisations, or psychometric assessment providers
- Partner organisations
- Current or previous employers
- Current or previous educational institutes
- Service suppliers such as marketing and IT support
- Auditors, insurers and re-insurers
In some instances, ProbityPeople may be compelled to disclose your information to various authorities if required by law. For the purposes of completing a check or service for you, we may also be required to share your personal information with entities overseas. ProbityPeople may use an agent or supplier who may be based overseas to conduct checks and verifications which require international sources. This may include but is not limited to, criminal background history checks, references, education and qualification verifications, financial checks etc. Your personal information will not be disclosed to international suppliers and entities unless we have received your consent to do so. ProbityPeople will only complete commercial transactions and work with organisations who also have robust processes and procedures in place for handing secure and personal information which adheres to ProbityPeople’s policies.
DISCLOSURE OF YOUR INFORMATION
ProbityPeople may from time to time need to disclose certain information, which may include your Personal Data, to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request. We may also use your Personal Data to protect the rights, property, or safety of probitypeople.com.au, our customers or third parties. If there is a change of control in one of our businesses (whether by merger, sale, transfer of assets or otherwise) customer information, which may include your Personal Data, could be transferred to a purchaser under a confidentiality agreement. We would only disclose your Personal Data in good faith and where required by any of the above circumstances.
ACCESSING YOUR PERSONAL INFORMATION
Every individual applicant or business user has access to their own secure online portal. This is where you can access, manage, and update your personal information such as your name, address, contact details etc. Personal information which has been submitted as part of a background screening check may or may not be amended or updated depending on the nature of the check. Amending or updating your personal details generally does not incur a fee, however if it relates to information which has already been processed for a check, then a re-processing fee or small administration fee may be involved. Should there be a fee involved, this would be communicated with you prior to any updates.
In most cases, when information is related to your personal details, you will be given full access via your secure online portal, however if it involved commercially sensitive information, or information regarding a third party or organisation then ProbityPeople may reserve the right to reject your access or only give you access to certain information.
If you think information ProbityPeople has about you is incorrect, contact us and we will investigate and, if necessary, correct it. If you believe that the information received by ProbityPeople from another source is incomplete, incorrect or misleading, we may need to refer you to the source to ask for a review.
Please send your request to firstname.lastname@example.org
PROBITYPEOPLE AND GDPR
The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018. These requirements will complement data protection laws across the EU and replace existing national data protection rules. ProbityPeople’s services and operations comply to the GDPR requirements and additional information and your rights as EU residents are covered in this policy.
In adherence to the requirements of the policy, EU Citizens who are residents in the EU will have rights to the following either through your individual secure portal which you will have password access to or by written request to email@example.com:
- Access or request for all personal information ProbityPeople has about you
- Update inaccurate or incomplete information
- Request for your personal information or data to be deleted
- Request for ProbityPeople to restrict or stop processing your data if certain grounds apply
- Receive your personal data in a commonly readable format such as a spreadsheet or word document upon request
The above are requirements of the GDPR which relate to ProbityPeople. Upon request of any of the above, ProbityPeople will endeavour to complete the request within 30 days.
COOKIES AND PIXELS
LINKS TO OTHER WEBSITES
CONTACT US AND FEEDBACK
GPO Box 4849
Sydney NSW 2001
Alternatively, you can e-mail us at firstname.lastname@example.org and we will respond within 48 hours.
When you provide your feedback, we will always aim to be fair and handle it in a responsive, friendly, and professional way. We will try our best to evaluate and understand your feedback or investigate any concerns. We will keep a record of your feedback, ensure you are kept updated on the evaluation or solution and make all possible efforts to advise you of an outcome within 30 days of when feedback has been provided or as soon as possible. If we cannot respond within this timeframe, we will ensure to update you with a reason.
If you are not satisfied with our response to your feedback, then you can refer to the Office of the Australian Information Commissioners who can be contacted via their website: https://www.oaic.gov.au/about-us/contact-us/