Privacy Policy – Australia
1. Introduction
We respect the personal information of individuals (employees, Independent Professionals (IPros) and/or contractors), clients and prospective client’s contractors and their right to privacy. Protecting privacy when handling personal information is very important to People2.0 and is fundamental to the way the company services everyone.
This Privacy Policy has been developed to outline how People2.0 manages personal information. It describes the information that may be collected by People2.0, the choices an individual can make to access and correct their personal information and how People2.0 protects and discloses this information.
Personal information is described as information People2.0 holds about individuals (employees, IPros and/or contractors), clients and prospective clients contractors from which an identity is either apparent or can be reasonably determined.
People2.0 has adopted the 13 Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). The APPs govern the way in which the company collects, uses, discloses, stores, secures and disposes of personal information. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at http://www.oaic.gov.au/.
This Privacy Policy applies to online websites operated by People2.0, which is used to1 provide access to information about our services and products; access to ‘Entity Online’ (online Portal service) and 'Entity Mobile' (mobile phone application) which allows users to provide information and conduct certain transactions using electronic means; and internal information management of everyone.
By visiting the website, Entity Online or Entity Mobile of People2.0 or otherwise providing us with your personal information, you are accepting the practices of People2.0 with respect to the collection, storage and use of personal information.
2. Privacy collection statement
Personal information is collected in accordance with the Privacy Act 1988 (Cth) and may be sought from you when you:
- apply for an available position
- are requested during an interview
- completing forms
- request information from People2.0
- download certain documents and information
- register for a demonstration of certain products or services
- sign up or subscribe to a newsletter; or
- various forms of business transactions.
Examples of personal information that the company collects, include: names, addresses, email addresses, phone and facsimile numbers, emergency contacts, bank details, superannuation
and all information related to remuneration including bonuses and salary sacrificing.
People2.0 may also collect statistical information regarding the use of the website or the portal. The information collected includes the visitor’s computer Internet Protocol (IP) address, the date and time of the visit, previous site visited and browser type. This information is collected to provide People2.0 with information about the use to help maintain and develop to provide better information to users of the website, Entity Online or Entity Mobile
People2.0 website and Entity Online use cookies for the purposes of session tracking. However, People2.0 does not collect any personal information from the cookies, including any habits when accessing the website or Entity Online.
The personal information collected by People2.0 is for the primary purpose of providing services, and product information to individuals (employees, IPros and/or contractors), clients and prospective client’s contractors. The personal information may also be used for the following purposes:
- To discharge any statutory or reporting obligations;
- To provide information to you about People2.0 products and/or services;
- To contact you and respond to your queries;
- To enforce rights and to fulfil obligations under any agreement between People2.0
and its clients;
- To enforce rights and to fulfil obligations under any agreement between you and People2.0;
- To record statistical data for marketing analysis; and
- Any other purpose which are permitted under any agreement between you and People2.0.
While People2.0 will endeavour to collect personal information directly from you, People2.0 may collect some of the personal information indirectly from others, such as the clients or prospective clients of People2.0, or your employer who may be located Australia or internationally.
If at any time you provide personal information about another individual to People2.0 you must ensure that the individual has read and understood this policy and separately consented to that personal information being used and disclosed by People2.0 for the purpose set out in this policy.
3. Disclosure
People2.0 recognises the trust with you to provide personal information, and such personal information will not be disclosed within Australia or internationally except as follows:
- To the clients of People2.0 (as part of an engagement or prospective engagement in which you are involved or likely to be involved);
- On a confidential basis to agents and service providers that People2.0 uses in the
ordinary operation of its business;
- Personal Information that is “Sensitive Information” will not be disclosed without your consent;
- To third parties where you consent to the use or disclosure; or
- Where required or authorised by law.
People2.0 may also use this information for secondary purposes closely related to the
primary purpose, in circumstances where it would be reasonable to expect such use or
disclosure.
4. Spam Act
When communicating electronically with individuals (employees, IPros and/or contractors),
clients and prospective clients contractors People2.0 will follow three key elements in
order to comply with the Spam Act 2003:
a – Consent
The company will only send commercial electronic messages with the addressee’s consent –
either express or inferred consent.
b – Identify
The company will include clear and accurate information about the person or business that is
responsible for sending the commercial electronic message.
c – Unsubscribe
The company will ensure a functional unsubscribe facility is included in all commercial
electronic messages and deal with unsubscribe requests promptly. Individuals are able to
unsubscribe from mailing/marketing lists at any time; by advising People2.0 (see
‘Contact the company’ details on page 8 Section 12 of this document), or by following the
steps outlined in the email communication.
5. Anonymity
Subject to an agreement to the contrary, you are not required to provide People2.0 with
your personal information. However, the services and products offered by People2.0 rely
on such information. If you do not provide your personal information, then People2.0
may not be able to engage you or provide services to you.
6. Security of Personal Information
Personal information is stored in a manner that reasonably protects it from misuse, loss,
unauthorised access, modification or disclosure. The information is stored on secure servers, at
a data warehouse, onsite, or at an eternal archiving facility. People2.0 employees are
obliged to respect the confidentiality of any personal information held by People2.0.
However, security of communications cannot be guaranteed, and therefore absolute assurance
that information will be secure at all times cannot be given. To the extent permitted by law,
People2.0 does not accept responsibility for events arising from unauthorised access to
personal information.
When personal information is no longer needed for the purpose for which it was obtained, the
company will take reasonable steps to destroy or permanently de-identify personal
information. However, most of the personal information is or will be stored in files which will be
kept by the company for a minimum of seven (7) years.
External Service Provider
The websites, Entity Online and Entity Mobile of People2.0 and its electronic mail
servers may be managed by a third party hosting service provider. When you access the
websites, portals or mobile application of People2.0 or transmit electronic mail to People2.0, you may be communicating with a third party’s server that maybe located outside of
Australia.
People2.0 and links to other websites
The People2.0 website may contain links to other websites. These link sites are not
under the control of People2.0. People2.0 is not responsible for the information
handling practices, conduct or the content of those sites.
Unsolicited personal information
If People2.0 receives personal information that the company did not solicit the company
will as soon as possible but only if lawful to do so, destroy the information or ensure that the
information is de-identified.
7. Access to Personal Information
People2.0 will, upon request, and subject to applicable privacy laws, provide individuals
(employees, IPros and/or contractors), clients and prospective client’s contractor’s access to
personal information held by People2.0. If making a request, we ask that the type/s of
personal information requested is clearly listed in writing and sent to your relevant People2.0 representative or by contacting the People2.0 Data Protection Officer (see
‘Contact the company’ details on page 9 Section 13 of this document).
The company will deal with the request in a reasonable timeframe and in most instances within
30 days of receipt of a request. In order to protect personal information, People2.0 will
require identification before releasing such information. Personal information sought by
spouses or other family members requires written authority by the individual the information is
being sought for prior to making such a request. If the evidence is insufficient People2.0
may deny the request.
People2.0 will not charge for lodging a request, but may recover reasonable costs
incurred in supplying the information.
Exceptions:
The right to access personal information is not absolute. In certain circumstances, the law
allows the company to refuse a request for information, such as circumstances where:
- Access would pose a serious threat to the life or health of any individual;
- Access would have an unreasonable impact on the privacy of others;
- The request is frivolous or vexatious;
- The information relates to a commercially sensitive decision making process;
- Access would be unlawful; or
- Access may prejudice enforcement activities, a security function or commercial;
negotiations
8. Freedom of Information Laws
In addition to Privacy Laws, individuals may have rights to access their personal information
contained in certain company documents. Details on how to apply for access to these
documents are contained in the Freedom of Information Act 1982 (FOI Act).
9. Quality of Personal Information
It is an important part of providing services to our clients that personal information is up to
date. The APP provides guidance that the company takes reasonable steps to make sure that
personal information is accurate, complete and up-to-date.
It is important that individuals advise People2.0 at the earliest opportunity, of any
changes to personal information so that the People2.0 records can be updated. This can
be done by contacting your relevant People2.0 representative or by contacting People2.0 Data Protection Officer (see ‘Contact the company’ details on page 8 Section 12 of this document).
10. Consequences of Breach of Privacy and Personal/Sensitive Information
Individuals (employees, IPros and/or contractors) are expected to act a manner consistent
with the matters set out in this policy where they have responsibility for personal information.
Failures to do so may be subject to disciplinary action, and may result in warning letter,
demotion or termination depending on the level or seriousness of the breach.
If anyone suspects or is aware of a breach of privacy, you have an obligation to report this breach to the People2.0 Data Protection Officer so immediate action can be taken
to eradicate the situation. Contact details of the Privacy Officer are provided in Section 13 of this document.
11. Privacy/Data Protection Obligations
Individuals (employees, IPros and/or contractors) are expected to act a manner consistent with the matters set out in this policy, where they have responsibility for personal information.
If an Individual suspects or becomes aware of a breach, they also have an obligation to report this immediately to People2.0 Privacy/Data Protection Officer. Failure to comply will
be subject to disciplinary action, and may result in warning letter, demotion or termination depending on the level or seriousness of the breach.
12. Procedure
If Individuals (employees and/or contractors) become aware of a breach of personal data,
they have an obligation to report this breach to the People2.0 Privacy/Data Protection Officer
immediately.
An Individual can also make a complaint if they feel their personal data has been handled
inappropriately by People2.0 and is in breach of its obligations under the Act. In the first instance,
any concern or complaints must be directed to People2.0 Data Protection Officer in writing.
People2.0 will investigate the complaint and/or concern and take necessary steps to rectify the
matter.
Please contact the People2.0 Data Protection Officer via the following means:
Emailing:
compliance@entitysolutions.com.au
or
Calling: +61 (03) 9600-0333; or
Writing:
Legal & Compliance
People2.0 Group
Level 24, 150 Lonsdale Street
Melbourne VIC 3000
13. Policy Updates
This Privacy Policy may change from time to time. People2.0 Privacy Policy is available
at the People2.0 offices, intranet, portal or website. People2.0 reserves the right to
make changes to this Privacy Policy from time to time as business or technical needs require
Privacy Policy – New Zealand
1. Introduction
We respect the personal information of employees, IPros and/or contractors and their right to
privacy. Protecting privacy when handling personal information is very important to People2.0 and is fundamental to the way People2.0 services its employees IPros, and/ or contractors. This Policy has been developed to outline how People2.0 manages personal
information.
This Privacy Policy applies to the management of staff, services and products offered online and
websites operated by People2.0. People2.0 also uses the internet to provide access to
‘Entity Online’ (online Portal service) and ‘Entity Mobile’ (mobile phone application) to allow users
to provide information and conduct certain transactions using electronic means.
People2.0 has adopted the 12 Privacy Principles (PPs) contained in the Privacy Act 1993
The PPs govern the way in which People2.0 collects, uses, discloses, stores, secures and
disposes of personal information.
A copy of the PPs may be obtained from the website of the Office of the Privacy Commissioner at www.privacy.org.nz
By visiting the website or portals of People2.0 or otherwise providing us with your personal
information, you are accepting the practices of, People2.0 with respect to the collection,
storage and use of personal information
2. What personal information and how is it collected?
Personal information means information People2.0 holds about an identifiable individual.
Examples of personal information that People2.0 collects, include: names, addresses, email
addresses, phone, facsimile numbers, emergency contacts, bank details, superannuation and all
information related to remuneration including bonuses and salary sacrificing.
This information may be sought from you when you:
- Attend interviews;
- complete forms;
- Request Information from People2.0;
- Download certain documents and information;
- Register for a demonstration of certain products and services; and
- Sign up or subscribe to a newsletter.
While People2.0 will endeavour to collect personal information directly from you, People2.0 may collect some of the personal information indirectly from others, such as the clients or prospective clients of People2.0, or your employer.
If at any time you provide personal information about another individual to People2.0 then
you must ensure that the individual has read and understood this policy and separately
consented to that personal information being used and disclosed by People2.0 for the
purpose set out in this policy.
Website, Entity Online and Entity Mobile
People2.0 may collect statistical information regarding the use of the website Entity Online
and Entity Mobile. The information collected includes the visitor’s computer Internet Protocol (IP)
address, the date and time of the visit, previous site visited and browser type. This information is
collected to provide People2.0 with information about the use, to help it maintain and
develop the website Entity Online and Entity Mobile to provide better information to users.
People2.0 website Entity Online and Entity Mobile use cookies for the purposes of session
tracking. However, People2.0 does not collect any personal information from the cookies,
including any habits when accessing the website, portal or Entity Online.
3. Use and disclosure of personal information
People2.0 collects personal information for the primary purpose of providing services, and
in managing Employees, and IPros and or contractors. This includes the following:
- To discharge any statutory or reporting obligations;
- To provide information to you about People2.0 products and /or services;
- To contact you and respond to your queries;
- To enforce rights and to fulfil obligations under any agreement between People2.0
and its clients;
- To enforce rights and to fulfil obligations under any agreement between you and People2.0;
- To record statistical data for marketing analysis; and
- Any other purpose which are permitted under any agreement between you and People2.0
People2.0 recognises the trust with which you and provide personal information, and such
personal information will not be disclosed except as follows:
- To the clients of People2.0 (as part of an engagement or prospective engagement in
which you are involved or likely to be involved);
- On a confidential basis to agents and service providers that People2.0 uses in the
ordinary operation of its business;
- To third parties where you consent to the use or disclosure; and
- Where required or authorised by law
People2.0 may also use this information for secondary purposes closely related to the
primary purpose, in circumstances where it would be reasonable to expect such use or
disclosure.
Employees, IPros, and/or contractors are able to unsubscribe from mailing/marketing lists at any
time; by advising People2.0 (see “Contact People2.0” details in Part 12 of this
document), or by following the steps outlined in the communication.
4. Unsolicited Electronic Messages Act 2007
When communicating electronically with Employees, IPros and/or contractors, People2.0
will follow three key elements in order to comply with the Unsolicited Electronic Messages Act
2007:
a – Consent
People2.0 will only send commercial electronic messages with the addressee’s consent.
Consent may be either express or inferred consent.
b – Identify
People2.0 will include clear and accurate information about the person or business that is
responsible for sending the commercial electronic message.
c – Unsubscribe
People2.0 will ensure a functional unsubscribe facility is included in all commercial
electronic messages, and deal with unsubscribe requests promptly.
5. Anonymity
Subject to an agreement to the contrary, you are not required to provide People2.0 with
your personal information. However, the services and products offered by People2.0 rely on
such information. If you do not provide your personal information, then People2.0 may not
be able to engage you or provide services to you.
6. Security of Personal Information
Personal Information is stored in a manner that reasonably protects it from misuse and loss and
from unauthorised access, modification or disclosure. The information is stored on secure
servers. People2.0 employees are obliged to respect the confidentiality of any personal
information held by People2.0.
However, security of communications cannot be guaranteed, and therefore absolute assurance
that information will be secure at all times cannot be given. To the extent permitted by law,
People2.0 does not accept responsibility for events arising from unauthorised access to
personal information.
When Personal Information is no longer needed for the purpose for which it was obtained, People2.0 will take reasonable steps to destroy or permanently de-identify Personal Information. However, most of the Personal Information is or will be stored in files which will be kept by People2.0 for a minimum of seven (7) years.
External Service Provider
The websites and portals of People2.0 and its electronic mail servers may be managed by a
third party hosting service provider. When you access the websites or portals of People2.0
or transmit electronic mail to People2.0, you may be communicating with a third party’s
server that maybe located outside of New Zealand or Australia.
People2.0 and links to other websites
The People2.0 website may contain links to other websites. These link sites are not under
the control of People2.0. People2.0 is not responsible for the information handling
practices, conduct or the content of those sites.
People2.0 is not responsible for the information handling practices, conduct or the content
of those sites.
7. Access to Personal Information
People2.0 will, upon request, and subject to applicable privacy laws, provide employees
IPros and/or contractors access to personal information held by People2.0. If making a
request, we ask that the type/s of information requested is clearly listed.If information is
urgently required a request should state this together with the reasons for urgency.
People2.0 will deal with the request in a reasonable timeframe, and in most instances
within 20 working days of receipt of a request. In order to protect personal information, People2.0 may require identification before releasing such information.
People2.0 will not charge for lodging a request, but may recover reasonable costs incurred
in supplying the information
Exceptions:
The right to access personal information is not absolute. In certain circumstances, the law allows
People2.0 to refuse a request for information, such as circumstances where:
- Access would pose a serious threat to the life or health of any individual;
- Access would have an unreasonable impact on the privacy of others;
- The request is frivolous or vexatious;
- The information relates to a commercially sensitive decision making process;
- Access would be unlawful; or
- Access may prejudice enforcement activities, a security function or commercial;
negotiations
8. Maintaining the quality of personal information
It is an important part of providing services to our employees, IPros and/or contractors, that
Personal Information is up to date
It is important that Employees and IPros advise People2.0 at the earliest opportunity, of
any changes to Personal Information so that People2.0 records can be updated.
9. Consequences of breach of privacy and personal/sensitive information
Employees, IPro’s and/or contractors are expected to act a manner consistent with the matters
set out in this policy where they have responsibility for personal information. Failures to do so
may be subject to disciplinary action, and may result in termination depending on the level or
seriousness of the breach.
If anyone suspects or is aware of a breach of Security/Privacy information, you have an
obligation to report this breach to the Data Protection Officer so immediate action can be taken
to eradicate the situation. Contact details of the Data Protection Officer are provided in Section
11 on page 15 of this document.
10. Privacy/Data Protection Obligations
Individuals (employees, IPros and/or contractors) are expected to act a manner consistent
with the matters set out in this policy, where they have responsibility for personal information.
If an Individual suspects or becomes aware of a breach, they also have an obligation to report
this immediately to People2.0 Privacy/Data Protection Officer. Failure to comply will
be subject to disciplinary action, and may result in warning letter, demotion or termination
depending on the level or seriousness of the breach.
11. Procedure
If Individuals (employees and/or contractors) become aware of a breach of personal data, they
have an obligation to report this breach to the People2.0 Privacy/Data Protection Officer
immediately
An Individual can also make a complaint if they feel their personal data has been handled
inappropriately by People2.0 and is in breach of its obligations under the Act. In the first instance, any
concern or complaints must be directed to People2.0 Data Protection Officer in writing.
People2.0 will investigate the complaint and/or concern and take necessary steps to rectify the
matter.
Please contact the People2.0 Data Protection Officer via the following means:
Emailing:
compliance.apac@people20.com
or
Calling: +61 (03) 9600-0333; or
Writing:
Legal & Compliance
People2.0 Group
Level 24, 150 Lonsdale Street
Melbourne VIC 3000
12. Policy Updates
This Privacy Policy may change from time to time. People2.0 Privacy Policy is available at
the People2.0 offices or on the People2.0 Intranet. People2.0 reserves the right
to make changes to this privacy policy from time to time as business or technical needs require.
The amended policy will be posted on People2.0 intranet