Our Privacy Policy

Job Futures Ltd ABN 13 080 037538 (trading as CoAct) is committed to protecting the privacy of the personal information we collect as part of the services we offer. CoAct is bound by the Law to comply with the Privacy Act 1988 (Cth) (Act) including the Australian Privacy Principles (APP).

Purpose

This Privacy Policy provides CoAct with a clear understanding of its obligations regarding the collection, holding, use and disclosure by CoAct of personal information, including sensitive information relating to an individual, in accordance with the Law.

For individuals from whom we collect personal information, this Privacy Policy explains:

  • The purposes for which we collect and hold personal information
  • The kinds of personal information we may collect and hold
  • How your personal information is collected, used, disclosed, held and managed by us
  • How you may access your personal information or seek correction of your personal information if required
  • How you may make a complaint about a breach of privacy.

Scope

This Policy applies to all CoAct directors, officers, employees, contractors and volunteers, who are engaged by CoAct and handle personal information collected by CoAct (we, us). It is the responsibility of every person within this scope to ensure they comply with the Policy.

The Policy applies to personal information we collect and hold for individuals who are external to us such as customers (job seekers and apprentices), staff of member organisations, service partners, employers, suppliers and other related third parties (you, your).

By providing your personal information to us, you consent to the use, storage and disclosure of that information as described in this Policy.

As both a Principal and Subcontractor of government funded employment services, CoAct collects/has access to customer personal information including sensitive information. We deal with this personal information in accordance with the obligations under Privacy legislation together with the Privacy requirements of the relevant program Deed (see references at end of Policy).

CoAct Service Partners delivering services under subcontract to CoAct are required to comply with Privacy legislation and the privacy requirements as set out in the Deed of the relevant service.

Policy

1. What is personal information?

“Personal information” means any information that can be used to identify a person.

This may include an individual’s name; address, contact number and email address and can also include sensitive information such as cultural and health information and criminal records.

If the information we collect about you personally identifies you, or you are reasonably identifiable from it then the information will be considered personal information and protected in accordance with this Policy.

2. Why do we collect, use and store your personal information?

We collect, use and store relevant personal information in order to provide services to our customers, members, service partners, employers, suppliers and other related third parties. This includes:

  • Engaging and providing customers and employers with Employment and Related Services
  • To comply with the requirements of funding bodies as part of a funding agreement with us
  • Marketing purposes in order to inform you of the services we offer
  • Providing service partners with access to business systems
  • Tender submission on behalf of service partners
  • Business relationship management
  • Providing relevant stakeholders with information about events and network activities
  • Recruiting staff
  • From time to time, CoAct may survey you on a range of issues to identify and analyse the ongoing needs of our stakeholders and the quality of our services and interactions with you. (See below – 7. Contacting you)

3. What information do we collect and hold?

We only collect personal information about you that is reasonably necessary for, or directly related to, one or more of our business activities or functions.

This may include:

  • Contact information (name, address, email address, telephone number etc.)
  • Commonwealth Identifiers (e.g. JSID, CRN, TFN)
  • Employment and education information
  • Bank account details
  • Sensitive information, such as health/medical history, cultural information, criminal history, police and working with children checks. This information enables us to tailor our services to meet individual needs. (change back)
  • Personal information of “relevant persons” required to submit tenders on behalf of service partners
  • Information to assist us in managing our business (e.g. employer information, potential member information).

4. Anonymity or use of pseudonym

You can choose to deal with us anonymously or under a pseudonym provided that it is lawful and practicable to do so. Where this will render us unable to conduct business with you or provide you with the service, we may request that you identify yourself.

5. How do we collect personal information?

Where possible, CoAct will collect personal information directly from you. Information may be collected through various means, including telephone and face-to-face interviews, by post, email, SMS,  paper forms, or via an on-line form or portal.

We will only collect sensitive information from you which is reasonably necessary to provide you with the service and we have your consent to collect this information, or the collection of the information is required or authorised by law.

For customers commencing with our employment services, we will explain to you the funding Department’s Privacy Consent Form, which sets out why your personal information is collected, how we use it and to whom we may disclose it in order to provide the services. We will ask you to sign this form.

CoAct’s website online enquiry facility explains why we are collecting the information and requests your consent for the collection of this information.

Personal information collected from a third party

  • Customers: We may need to collect personal information from third parties you have consented to, such as Employers, Hosts, Support Services, medical providers in order to provide you the service.
  • Service Partners/employers/contractors: We would only collect information about you from a third party or publicly available source where it is necessary for one or more of our business activities or functions.
  • Where personal information about you is collected in this way, you will be informed in a reasonable time of the identity of the organisation from which we sourced the information and why we sourced the information in this way.

6. Dealing with unsolicited personal information

We may receive unsolicited personal information (i.e. information we have not asked for) from individuals or other sources.

We will review such information within a reasonable time period to determine if we could have requested and collected the information from you in order to support the delivery of a service or another business activity.

Where we determine we could have collected the personal information and the information is retained, it will be treated as if we had requested the information in line with this Policy and the APP.

If we determine that we could not have collected the personal information (and the information is not contained in a Commonwealth record), as soon as practicable we will destroy the unsolicited information or ensure it is de-identified but only if this is lawful and reasonable to do so.

7. Contacting you and direct marketing

We may contact you in a variety of ways, including by post, email, SMS or telephone call or any other electronic means.

From time to time, CoAct may send you information about our services (direct marketing) or survey you on a range of issues to identify and analyse the ongoing needs of our stakeholders and the quality of our services and interactions with you. We do not use your personal information for the purpose of direct marketing of products or services that are unrelated to the services for which you have engaged with us.

We do not disclose personal information to other organisations for the purpose of direct marketing.

We will only send you commercial electronic messages such as SMS or emails as permitted by the Spam Act (for example, if we have your express or inferred consent to do so).

Any commercial electronic message that we send will identify CoAct as the sender and will include our contact details. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please let us know. Our contact details are also provided at the end of this policy

8. Use or disclosure of personal information

For Primary Purpose

We will use our best efforts to ensure that the information you provide to us remains private and is used only for the purpose for which it was collected and of which you were notified (primary purpose).

We may, however, disclose the personal information we collect about you to third parties engaged by us to carry out, advise or assist with the carrying out of our business activities. These third parties include our service partners, business partners, government agencies as required or authorised by law, contractors, financial institutions, payroll processing organisations, verification services, as well as any third parties that you have directly authorised to receive your personal information.

Analysis and Research

As part of our business activities CoAct analyses customer personal information in order to better target our and our service partners’ services (e.g. age groups, homelessness, type of disability). Should CoAct share these reports with third parties external to our service partners, the personal information will be de-identified.

Secondary (Another) Purpose

We would only use or disclose your information for another purpose (secondary purpose) where:

  • You have consented to the use or disclosure of the information, or
  • You would reasonably expect us to use or disclose the information
  • We reasonably believe disclosure will prevent or lessen a serious threat to an individual’s life, health or safety, or the public’s health or safety*
  • The release is required or authorized by Australian law*
  • We reasonably believe use or disclosure is necessary for enforcement related activities conducted by, or on behalf of, an enforcement body*

* We have in place processes to manage such situations.

9. Cross border disclosures

As per our responsibilities under our government employment services contracts, CoAct does not disclose any customer personal information to any overseas recipient nor store any such customer data offshore.

For other general purposes, when we use third party cloud-based technology for activities such as surveys, website analytics and campaign management, basic personal information may be stored in cloud servers not located in Australia. We will take reasonable steps to ascertain that the third party is bound by law or a binding scheme that has the effect of protecting the information in a substantially similar way in which the APPs protect the information.

10. Quality of personal information

We will take reasonable steps to ensure that the personal information that we collect, store, use and disclose is accurate, complete and up to date. You are encouraged to help us keep your personal information accurate, complete and up to date by contacting us and informing us of any changes in your details. In the first instance you should speak with your usual point of contact in CoAct or via the contact details provided at the end of this policy.

11. Storage and security of personal information

We are committed to ensuring your information is safe and secure.

We have put in place suitable physical, electronic and managerial procedures to reasonably secure any information collected from you from misuse, interference or loss and in order to prevent unauthorised access to, modification or disclosure of that information. Some of the ways we do this include:

  • Confidentiality requirements for our employees, contractors, volunteers
  • Access control to premises
  • Hard copy document storage and security practices
  • Providing a discrete environment for confidential interviews
  • Security measures for access to computer systems to protect personal information from unauthorised access, modification or disclosure, loss, misuse or interference
  • Firewall protection for our systems
  • Password protected data storage devices such as laptops, tablets and smart phones
  • Encryption of personal data stored on laptops.

We will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer required for any purpose as per our Records Retention Policy.

Note: each Employment Services Deed included specific record retention requirements.

12. Notifiable Data Breaches Scheme

The Notifiable Data Breaches (NDB) Scheme applies where your personal information held by us has been inadvertently lost or disclosed or improperly accessed and that loss, disclosure or access may result in serious harm to you. We have in place processes to investigate suspected breaches, mitigate any harm and report in accordance with the requirements.

13. Website privacy

In order to properly manage our websites and applications, we may log certain statistics about the users who visit these, for example the users’ domains and browser types. This information does not specifically identify an individual and is used for statistical, reporting and website administration and maintenance purposes.

From time to time, our website may use ‘cookies’. A cookie is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. If you are concerned about cookies, most browsers recognise when a cookie is offered and permit you to opt out of receiving it or you can configure your web browser to reject cookies.

In addition, we use social media platforms, for example Facebook, LinkedIn, Twitter and YouTube. Any content or information you disclose on these sites may be viewed, collected and used by other users. CoAct is not responsible for the privacy practices or data collection methods used by these sites. Please refer to each platform’s privacy statements.

14. Use of Commonwealth Government identifiers

Unless expressly authorised or required under the relevant Deed/Agreement we will not adopt a government related identifier as our own identifier of that individual or use or disclose a government related identifier of an individual.

15. Access to and correction of your personal information

If you wish to access your personal information held by us, in the first instance please speak with the staff member who is your usual contact who will outline options regarding your request.

Please note that requests under Freedom of Information for personal information held for government funded contracts will need to be referred to the funder.

Alternatively, you may contact the CoAct Privacy Officer at the address below.

We will acknowledge your request within a reasonable period of time after the request being received, with full details of the process including the reasons (by Law) where we may not be able to give you access (Section 12.3 Australian Privacy Principles).

We will provide access to information within a reasonable period of time after the request is made, if it is reasonable and practicable to do so.

We may charge a reasonable fee for access to personal information.

You will need to verify your identity and authority before access to your personal information is granted.

Where we refuse to give you access, we will provide the reason for the refusal in writing and the mechanisms available to complain about the refusal.

Correction of your personal information

If you request to correct the personal information we hold about you; we will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

If we have previously disclosed the relevant information to another organisation/s and you request that we notify the organisation/s of the correction, we will take reasonable steps in the circumstances to give that notification unless it is impracticable or unlawful to do so.

Where we refuse to make changes to the information we hold about you, we will provide the reason for the refusal in writing and the mechanisms available to complain about the refusal.

16. How to make a privacy complaint

If you have an enquiry or a complaint concerning collection, use or management of your personal information, please direct your enquiry to the staff member who is your usual contact who will outline options regarding how your enquiry or complaint may be resolved.

Alternatively, you may contact the Privacy Officer, in writing on the details below.

Post: CoAct
PO Box K43
Haymarket NSW 2143
Attention: Privacy Officer

Email: [email protected]
Phone: (02) 8281 2400

The complaints management process will be guided by the following principles:

  • We will treat your enquiry or complaint confidentially
  • The person making the complaint will be treated fairly and without fear of recrimination;
  • The complaint will be acknowledged within 5 business days of receipt
  • Where an investigation is required, it will be objective, impartial, clearly documented and managed in accordance with this Privacy Policy
  • CoAct will attempt to provide a written response to all complaints within 14 days. More complex complaints may require more time to investigate and, in such circumstances, CoAct will communicate the revised timeframe expectations.

You may contact the Australian Information Commissioner wherever you believe that your rights to privacy have been breached by us. (www.oaic.gov.au)