VerifyNow Pty Ltd (VerifyNow) is committed to maintaining the privacy and confidentiality of personal information. VerifyNow adheres to the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth) (“Privacy Act”) when collecting, using, disclosing, securing and providing access to personal information. VerifyNow also adheres to the General Data Protection Regulation EU) 2016/679 (“GDPR”) in certain circumstances when dealing with data subjects of the European Union.
This policy details the practices we have adopted to protect your privacy so that you can feel confident about how we manage the personal information you entrust to us.
We collect personal information (including contact name, telephone number, address, email address, occupation, education and qualifications etc.) in a range of contexts:
- when entering into relationships with new clients
- when individuals apply directly for employment with us
- when individuals register online for employment with us
- when the information is required as part of a contract essential to the provision of a business service
When and Why do we Collect Personal Information?
We collect your personal information when either:
- you provide it to us,
- your current or prospective employer provides it to us to conduct background checking on their behalf
- The Australian Criminal Intelligence Agency, the Australian Federal Police (AFP) or other agencies provide it to us as a criminal history check
- Government agencies or third party service providers provide it to us as part of our employment screening service.
- you are applying to work with one of our clients, or are providing information in relation to someone applying to work for one of our clients,
- the role you hold or are applying for requires an Australian criminal history check or a criminal history check,
- you or your company are one of our service providers,
- you make a complaint, comment or ask a question of us,
- you work for us or have applied to work for us,
- you have been in contact with us for another reason in relation to the above.
We will notify you about the collection of personal information at or before the time we collect it, or if that is not practicable, as soon as practicable after personal information about you has been collected, including who we have collected it from if not from you. You have the right to withdraw your consent to our use of your personal information at any time.
If you provide personal information about someone other than yourself, you agree that you have that person’s consent to provide the information for the purpose for which you provide it to us. You also agree that you have told the person about this policy and where to find it.
Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym. However, in certain instances, we may not be able to allow you to access particular services if you don’t provide the required personal information. We will inform you at the time this happens and explain to you the reasons why the information is required. The provision of your personal information is a contractual requirement and necessary to enter into a contract.
What is Personal Information and what do we collect?
The Privacy Act defines ‘personal information’ as:
‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.’
General Personal Information encompasses general Personal details such as Name, Address, Email, Phone number.
Sensitive Personal Information includes information or opinion about an individual’s racial or ethnic origin, political opinion, trade union membership, health information, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information
We only collect personal information that is required in order for us to carry out our services. This will always include general information. If you have been referred to us for background screening or a security clearance this will also include sensitive information and unique identifying information such as a passport number or drivers licence number.
We do not collect sensitive information unless the individual has consented to the collection of the information and the information is reasonably necessary for one or more of our functions or activities, or the collection is required or permitted by law.
We will maintain a record of processing activities of personal information undertaken by us, including the purposes of processing personal information, the types of personal information and individuals, the third parties to whom the personal information will be disclosed, any overseas transfers and the envisaged time limits for the erasure of personal information
This information can be collected through a variety of methods including:
- Paper forms completed and submitted by you
- Directly entered into our platform by you
- Sent through via email by you
- Provided verbally over the phone or in person by you or one of your referees
- Provided to us by your employer organisation though one of the above means
What do we do with Personal Information?
We may use personal information:
- to enable us to provide capability and services to our clients including background screening
- to deliver services in accordance with Australian government policies such as the Government Protective Security Policy Framework (PSPF)
- to conduct Criminal History Checks through the Australian Criminal Intelligence Agency, the Australian Federal Police or other agencies or organisations providing Criminal History Check services
- to assess suitability for an individual’s employment on behalf of one of our clients
- to communicate information about our services to you; including direct contact with you
- for our internal administrative, planning, product development and research requirements
- to consider the suitability of applicants for employment with us
Unsolicited Personal Information
If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under the APPs or GDPR had we asked for it, we will destroy or de-identify the information if it is lawful and reasonable to do so.
Disclosure of Personal Information to Third Parties
We may disclose your personal information to third parties for a number of purposes including:
- To provide services to our clients and applicants e.g. (recruitment, employment screening services and other personnel services)
- Information provided to us for the purpose of Criminal History Checking may be used by ACIC, the AFP and other agencies for criminal history check purposes. This can be found on the Application and informed consent form.
- To conduct surveys, provide customer support, to improve our performance and provide quality assurance. This would involve general information only (contact details and service used only). We use Survey Monkey, Active Campaign and Freshdesk.
- Some of our systems are managed externally by OneBlink and The Business Doctor in accredited/approved environments. Your personal information may be held on these systems.
- Other purposes as permitted or required by law.
We do not disclose personal information overseas unless required or permitted by law, including with your consent when conducting overseas criminal history checks and to your prospective employers (our clients).
Aside from the above, any disclosure of personal information is to entities within Australia.
Australian Criminal Intelligence Commission (ACIC): We are authorised by the ACIC to conduct Criminal History Checks through the National Police Checking service. Your personal information will be provided to the ACIC to complete a criminal history check.
Australian Federal Police (AFP): We are authorised by the AFP to conduct National Police Checks through the AFP service. Your personal information will be provided to the AFP to complete a criminal history check.
VixVerify: We conduct Identity Document Verification through Vix Verify. To complete this your identity document details will be provided to their system to conduct the verification. Document details are not saved by their system once the check is complete.
Your Employer/Prospective Employer Organisation
The results of the employment screenings if conducted will be provided to your employer/prospective employer organisation. You will provide your express consent for this as part of completing the applicant forms for background checking.
As part of the provision of services, we may use external organisations or third parties, which may involve the disclosure of personal information. These third parties will not be permitted to use the information for purposes other than for which the information is disclosed. Some examples of these third party’s include:
- Government departments such as Australian Securities and Investments Commission (ASIC), Australian Financial Security Authority (AFSA), AIS International, Qualification Check, Check Social, Lumina Learning and ACER, among others, to complete specific background checks.
- Our Technology Service Provider (The Business Doctor)
Apart from this, your personal information is never shared, sold, rented or otherwise disclosed except if required by law or with your consent.
At any time, you may opt-out of receiving any communications from us (other than as required for the operation of our business e.g. regarding payment of accounts).
What do we do to Safeguard Personal Information?
We will take all reasonable steps to maintain the security of any personal information we receive. We use a variety of secure techniques to protect your information, including:
- An Information Security Policy structure spanning the entire business,
- Secure IT infrastructure,
- Locked file cabinets of sturdy construction,
- Encryption of data and connection through digital certificates.
- Encryption of data in transit and at rest.
We have internal policies in place supporting the management of personal information and these are included into the standard training programs to ensure they are followed
We will only keep your personal information when we consider it necessary for one of the purposes you have disclosed and consented to. If we consider that it is no longer necessary to keep your personal information, we will take reasonable steps to destroy or de-identify your personal information.
Access and Correction
On written request, VerifyNow will provide access to any personal and sensitive information we hold about you, subject to some exceptions which are set out in the APPs (Principle 12 – Access to, and correction of, personal information) or the GDPR, as applicable.
VerifyNow will respond to any written request for access to personal and sensitive information within 30 days after the request is made. If requested, we will provide your personal and sensitive information to you in a structured, commonly used and machine-readable format, or to another entity if requested by you and technically feasible. If permitted by the APPs or the GDPR, we reserve the right to charge a reasonable fee where we do provide access.
If your personal information changes or if you no longer require our services, we will take reasonable steps to correct, update or remove the personal data you have provided to us
We will respond to any written request for correction, update or removal of your personal information as soon as practicable after the request is made. If we do not agree with the corrections you have requested (for example, because we consider that the personal information is already accurate, up-to-date, complete, relevant and not misleading), we are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons within 30 days of the receipt of your request.
On written request but only in certain circumstances as prescribed by the GDPR, we will erase the personal information we hold about you. The circumstances include where it is no longer necessary for us to hold your personal information for the purposes for which it was collected or where you withdraw your consent.
On written request but only in certain circumstances as prescribed by the GDPR, we will restrict our processing of your personal information.
If you make a request to us to correct, erase or restrict the processing of your personal information, we will also inform any third party to whom we have disclosed your personal information to, where reasonable.
Suspected Privacy Breaches
When an applicant’s Criminal History Check result is returned with a Disclosable Court Outcome (DCO), we will notify the applicant of their check result as soon as practicable.
Further, upon an applicant’s written request and verification of the applicant’s identity, we will provide the check result to the applicant.
Applicants are then provided the opportunity to dispute the check result if you believe it is in error, see disputes section below.
Suspected Privacy Breaches
Suspected breaches are handled in accordance with the Privacy Act or the GDPR as applicable. If you suspect your information has been breached, please contact us via the contact information details below. Alternatively, if you would like to make a complaint about a breach of the APPs or the GDPR you can contact us via the details below.
You can also make a complaint to the Office of the Australian Information Commissioner on 1300 363 922 or via their website.
Disputes in Relation to Personal Information
If you disagree with any personal information we hold and wish to dispute its accuracy you can contact us through the contact details below and we will address the issue to the best of our ability.
Where the dispute is in relation to the content of a Criminal History Check the dispute is forwarded to the ACIC for review and investigation. If you have a dispute please contact us through the details found below and we will initiate the process.
The ACIC dispute process is summarised below.
- Review the police check result
- Advise us of any incorrect information in the result
- Provide us with all information and supporting evidence we need to complete and lodge the ACIC’s Nationally coordinated criminal history check Dispute Form (dispute form).
You the applicant can raise a dispute about a police check result for:
- Claim type 1—when police information released does not belong to you
- Claim type 2—when part of the police information released does not belong to you
- Claim type 3—when police information belongs to you, but the details are inaccurate
- Claim type 4—when police information belongs to you, but should not have been released.
We the accredited body will:
- Complete the dispute form on your behalf
- Provide the dispute form and any additional identity and supporting documentation to the ACIC.
We will inform you of the outcome of the dispute as soon as practicable.
Retention and Disposal of Personal Information
A number of specific retention periods are in place for some types of information.
The following are retained for 12 months from check result date then disposed of within 3 months:
- Nationally Coordinated Criminal History Check application
- Copies of identity documents you provided
- Informed Consent forms you completed
The following are retained for less than 12months
- Nationally Coordinated Criminal History Check result report
The following are retained for 3 years:
- Australian Federal Police application
- Copies of identity documents you provided
Meta-data may be retained for longer periods for display onto client dashboards, in accordance with our business requirements for retention of data.
Websites operated by us may contain links to other sites operated by third parties. We make no representations or warranties as to the privacy practices of any third-party site and are not responsible for the privacy policies of other sites.
We may change this policy from time to time and will notify you by posting an updated version of this policy on this website. This document represents our policy as at 11 August 2021.
VerifyNow Pty Ltd
PO Box 140
FYSHWICK ACT 2609