Privacy Notice

(Updated 4th May, 2022)

Civica Pty Limited ACN 003 691 718 and all subsidiaries thereof, that are registered in Australia (Civica) take data privacy seriously and we are committed to protecting and respecting the rights of all individuals. We are dedicated to ensuring the confidentiality and privacy of information entrusted to us and aspire to be transparent when we collect and use personal data.

This policy sets out how Civica will handle personal information in line with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and the associated Australian Privacy Principles (APPs).

The purpose of our Privacy Policy is to provide information about:

  • what personal information we collect and hold; 
  • how we handle that information, including how we use and store it; 
  • how we keep it secure; 
  • how, and to whom, we share your personal information, including overseas, and why; 
  • your right to access and correct it; and 
  • how you may contact us if you wish to make a complaint or enquire about privacy matters.

Our Contact Details

Civica has its Australia headquarters located at:
Civica
Level 10
163-175 O' Riordan Street
Mascot
NSW 2020

If you have any questions regarding the contents of this policy, we invite you to direct your correspondence either to the above postal address (marking the envelope FAO – Compliance and Improvement Team, or to DPO@civica.co.uk.

How Civica collects personal information

Personal information is any information that can be used to personally identify you. If the information that we collect personally identifies you, or you are reasonably identifiable from it, then we will treat that information as personal information.

When collecting personal information directly from you, we may collect it in various ways, including:

  1. through your access to and use of our website, 
  2. during conversations between you and our representatives, 
  3. when you give us your business card, 
  4. when you submit a job application, 
  5. when you visit our offices or attend events, conferences and meetings, including through CCTV located at some Civica offices which may be operated by Civica or a third party, 
  6. when you subscribe to our newsletters and user groups, 
  7. when you communicate with us via email, post or fax, 
  8. through your interaction with us on social networking platforms 
  9. during the course of providing of our services to our customers.

We may also collect personal information about you from third parties where it is unreasonable or impracticable for us to collect the personal information directly from you, such as:

  1. your employer,
  2. your authorised representatives (e.g., recruiters who provide us with your CV), 
  3. data brokers that share business contact information with us or your other professional advisors, 
  4. companies providing security background checks, or
  5. publicly available sources such as LinkedIn, or freely available news articles.

Civica provides services to other organisations and businesses. As a result, certain personal information about you which we collect and use, will come from other organisations to whom we provide services and products as described on our website from time to time. These organisations are required to inform you of the purposes for their collection and use of your personal information. We will use reasonable efforts to notify you that we are handling your personal information except where it is unreasonable or impracticable to do so.

The types of personal information we collect and why

We collect and hold personal information necessary to run our business and to enable us to provide services to our customers.

We will only solicit and collect personal information that is reasonably necessary for, or directly related to, one or more of our functions as a business.

The purposes for which we collect, hold, use, and disclose your personal information relate to one or more of our functions of our business, which include (but are not limited to) the following:

  1. providing our services; 
  2. managing our business; 
  3. auditing and managing the usage of our website and our services; and 
  4. to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or other governmental authority.

The types of personal information we collect will depend on the purpose for collection and may include (but are not limited to):

  1. your name; 
  2. contact details including mailing or street address, email address, and telephone number(s); 
  3. gender; 
  4. age; 
  5. financial details; 
  6. government identifiers (including driving license, social security numbers, passport numbers or birth/death certificates); 
  7. income; 
  8. drug test results; 
  9. details about your health or ethnicity, 
  10. details about your education, employment and skills, or 
  11. details of any fines, penalties or offences.

Cookies

We use cookies and similar technologies on our websites. Cookies are data files that are placed on your device and often include an anonymous unique identifier. These technologies assist us to improve your experience on our websites. If you elect to disable cookies, this could affect your experience of our websites. Please refer to the Cookie Policy on our website for more information.

Sensitive Information

In some instances, we may ask for sensitive information, for example:

  • when you are applying for jobs with us, we may ask whether you have a disability in order to provide assistance to you with the application process; or 
  • we may ask you whether you are from a culturally or linguistically diverse background for statistical purposes, to ensure equal opportunities, and to make reasonable adjustments to our products and services.

In most cases, we may collect sensitive information either directly from you and with your consent or from third parties and government bodies that you have authorised to collect and disclose such sensitive information to us.

If you do not agree to the disclosure of your personal information to Civica in any other circumstances, this may affect our ability to conduct our business. For example, we may be unable to provide you with assistance, information or services you have requested from us or from our customers.

Secondary use of personal information and disclosures

We will only hold, use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:

  1. we obtain your consent to use personal information for a different purpose (secondary use); 
  2. you would reasonably expect us to use or disclose your personal information for a different purpose, and that purpose is related to the primary purpose; 
  3. the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order; 
  4. we reasonably believe that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or 
  5. another exception in APP 6 applies.

We may disclose your personal information to a third party such as:

  1. Civica-group businesses, contractors or third-party service providers in connection with the provision of Civica's services, including any suppliers of any third party services that are integrated or embedded into our services; 
  2. third parties that we engage on behalf of our customers or which they engage directly in connection with the services we provide, including auditors, accountants, third party experts and other consultants or advisors; 
  3. our insurers and our professional advisors, including our accountants, business advisors and consultants; 
  4. third-party service providers who provide marketing, marketing automation and lead-generation services for us; 
  5. any legal industry regulatory body in any of the States and Territories that we operate in; and 6) any other organisation or individual for any authorised purpose with your consent.

We will never sell your information to third parties. We may, however, share your information with companies with whom we have a direct business arrangement in order to jointly market Civica-related products.

We have contracts in place with our service providers. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation, and they will hold it securely and retain it only for the period we instruct.

Direct Marketing

We may use your personal information for the purposes of sending you direct marketing communications (including via email, post, SMS, MMS, targeted digital advertising, phone calls or any other means) where:

  • you have provided consent for us to do so; or
  • we are otherwise permitted to do so by law.

You can opt-out of receiving direct marketing communications at any time by contacting us using the details above or by using the unsubscribe facilities provided in direct marketing communications.

International transfers of data

Civica operates and provides services from its locations across the globe. As such we may transfer personal information to Civica group locations and third-party service providers outside of Australia in order to provide our products and services. It is not practical for us to list every country where such overseas recipients may be located, however such countries are likely to include the UK and India. Except where an exemption applies, we only transfer information where the overseas recipient is bound by a law or binding scheme that is no less robust that the requirements of the APPs.

Where the recipient country does not provide a level of protection that is substantially similar to the APPs, we will ensure that commercially reasonable steps are taken to ensure the protection of the information in accordance with Australian law.

Security

We take reasonable steps to ensure your personal information is protected from misuse and loss, and from unauthorised access, modification or disclosure. As the internet is inherently insecure, Civica does not guarantee the security of any personal information you provide to us over the internet. You provide personal information to us over the internet at your own risk.

To the maximum extent permitted by applicable laws, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, modification of, disclosure of, misuse of or loss or corruption of any personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law, including the Competition and Consumer Act 2010 (Cth), or any liability which cannot be excluded due to the operation of an applicable law. We may hold your information in either electronic or hard copy form. We have in place reasonable policies and information protection procedures relating to data security, including:

  1. physical secure file storage; 
  2. password protection of electronic databases; 
  3. the provision of secure rooms where appropriate; 
  4. electronic information ‘firewalls’ between sites; ; 
  5. the provision of information to staff on a ‘need to know’ basis; 
  6. Civica will use reasonable endeavours to ensure that all staff and internal and external consultants are subject to contractual obligations of confidentiality; and 
  7. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later).

Your rights

You have a right to access personal information that we hold about you. We hold personal information if we control the manner in which such personal information is processed. In most cases, we only process personal information for and on behalf of a customer to provide our services, and our right to process such personal information is limited by our contractual obligations to that customer.

If you believe that any of your personal information that we hold is inaccurate, out of date, incomplete, irrelevant or misleading, you also have a right to request corrections to any personal information that we hold about you. In cases where we are processing your personal information for and on behalf of a customer, you will need to contact that customer directly in order to request access to, or correction of, your personal information.

Before we provide you with access to your personal information, we may require verification of proof of identity. This helps us to ensure that personal information is not disclosed to any person who has no right to receive it.

We can decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act. Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.

Depending on the circumstances, we may be unable to fulfil your request based on other lawful grounds.

How to make a complaint

If you would like to complain about a breach of the APPs, you may contact our Data Protection Officer. We ask that you to put your complaint in writing and to provide relevant details to DPO@civica.co.uk or in a letter to the Compliance and Improvement team at the Civica address listed in the ‘About Civica’ section.

We will respond to your complaint in a reasonable period of time (usually within 30 days). If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted at:

GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
enquiries@oaic.gov.au 

Changes to this Privacy Notice

By using our website, liaising with us, and/or providing information to us, you accept and agree to the collection, use, holding and disclosure of your personal information for the purposes described in this policy. We review our policies regularly and occasionally may need to change or update them. Any updated versions of this privacy policy will be posted on our website and will be effective from the date of posting.