1. Outline
    1. This document describes the Privacy Policy of Humanforce.
    2. Humanforce and its Related Bodies Corporate have sought to adopt a uniformly rigorous and best practice approach to collecting, using, disclosing and protecting personal information. This is necessarily subject to applicable Data Protection Laws and Regulations in relevant jurisdictions. Accordingly, other Related Bodies Corporate may have a different Privacy Policy.  Please refer to such policies when dealing with the relevant Related Body Corporate.
    3. This Privacy Policy is not incorporated into the terms of engagement or employment of a person to whom it is intended to apply. It does not create contractual rights against Humanforce.
    4. We may change, vary or modify all or part of this Privacy Policy at any time.
    5. If we adopt a new Privacy Policy:
      1. we will post the new Privacy Policy on the Platform; and
      2. it will thereupon apply through your acceptance of it by subsequent or continued use of the Platform or the Humanforce system or by virtue of notice given to you (actual or constructive).
    6. It is your responsibility to check the Platform periodically for changes.
    7. The Privacy Act 1988 (Cth) and the APPs regulate the collection, use and disclosure of personal information.
  2. Scope
    1. This Privacy Policy explains information of relevance to the collection of personal information, its use, disclosure, security, correction and other pertinent matters.
    2. This Privacy Policy governs all personal information collected by and provided to us with respect to our business.
  3. Purpose
    1. We collect your personal information for the following purposes (Primary Purpose):
      1. to lawfully carry out our functions and activities;
      2. to Process such personal information, most usually as a data processor in respect of use of a relevant Humanforce system or Humanforce software by a relevant customer and/or User, but also as a data controller in some instances (e.g. in our own capacity as an employer and with respect to our own business activities separate to data Processing activities);
      3. to verify your identity;
      4. to assess whether you are a permitted User of a relevant instance of the Humanforce system;
      5. upon direction of your employer or in connection with your employment, to conduct visa and/or migration checks via third party service providers or a relevant governmental body or agency via integrated functionality within the Humanforce system or an application which operates in conjunction with it or by other means;
      6. to deliver the software and/or services that you or another person has requested or contracted to acquire;
      7. to store in a relevant database;
      8. to provide you with further information about the software and/or services you or another person has requested or contracted to acquire;
      9. to personalise and customise your experiences with us;
      10. to develop insights used in reports or other content developed by us;
      11. for administration purposes, including charging, billing and collecting debts;
      12. when considering making offers to job applicants and prospective employees or prospective contractors or for Employment Purposes; and
      13. to receive services from you or the organisation which employs you.
    2. In addition to the Primary Purpose, we may use the personal information we collect and you consent to us and our Related Bodies Corporate using your personal information to:
      1. provide you with news about any software and/or services;
      2. send you marketing and promotional material that you may be interested in;
      3. communicate with you, including by email, telephone and mail;
      4. manage and enhance software or your experience on our Platform or a relevant Humanforce system and/or the domains of our Related Bodies Corporate;
      5. conduct surveys or promotions;
      6. investigate any complaints about, or made by you, or if we have reason to suspect you have breached any relevant terms and conditions; and
      7. as required or permitted by any law.
  4. Collection
    1. Personal information we collect about you may include your name, date of birth, address, telephone number, gender, authentication data, biometric data (such as biometric finger vein scans and facial scan data), payment information, geolocation data, social media identifiers and email addresses, including any information you enter to register on or use our Platform and/or a relevant instance of the Humanforce system or, provide to use or access our software and/or services (as the case may be) and/or any information you (or an agency) provide as a job applicant or prospective contractor as well as any other information from which your identity is apparent or can be reasonably ascertained.
    2. We will only collect or otherwise Process sensitive information if it is reasonably necessary for one or more of our functions or activities and you consent to such collection or Processing, unless an exception applies.
    3. We also collect information, that is most likely not personal information, such as data relating to your activity on the Platform or a relevant instance of the Humanforce system (Other Information).
    4. Other Information we collect may include:
      1. the Internet Protocol address and a component of the domain name used (e.g. .com or .net);
      2. the type of browser and operating system you used;
      3. the date and time you visited the Platform or a relevant instance of the Humanforce system;
      4. the web pages or services you accessed at the Platform;
      5. the time spent on individual pages and the Platform overall;
      6. which files you downloaded; and
      7. information about your computer and Internet connections using cookies.
  5. Collection methods
    1. Personal information may be provided by you using the Platform, or by you and/or your employer using a relevant instance of the Humanforce system (including via mobile or other device functionality) or by telephone, business cards, contracts, applications, competition entries, order forms, mail or email, by attending events or webinars, face-to-face, in writing or by other means.
    2. If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Data Protection Laws and Regulations, we will within a reasonable period, destroy or de-identify such information received.
    3. You are not obliged to give us your personal information as a general rule but may be by relevant laws or your agreement with a relevant employer or other person. If you would like to access any of our software, services or features of our Platform on an anonymous basis we will take reasonable steps to comply with your request. However, we will require you to identify yourself if:
      1. we are required by law to deal with individuals who have identified themselves; or
      2. it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.
    4. We use Google Analytics to obtain a more detailed understanding of our Platform users and their potential needs.  We do not collect personal information by such methods; only aggregate data is used for planning purposes.
    5. If you are applying for employment or to become a contractor and you do not provide your personal information or your consent in accordance with this Privacy Policy, then we may be prevented from or limited in undertaking proper administration required to:
      1. offer you employment or a role as a contractor; or
      2. comply with our legal obligations or a regulatory requirement of government and other bodies.
  6. Use
    1. We will only use and disclose your personal information:
      1. for the Primary Purposes;
      2. if we otherwise get your consent to do so; or
      3. if it is lawful to do so otherwise, in accordance with this Privacy Policy and the Data Protection Laws and Regulations
    2. Except to the extent to which consent has been given or applicable law allows, we will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.
    3. Additionally, we will not disclose your sensitive information without your consent, unless there is a need to disclose such information in accordance with the Data Protection Laws and Regulations or to comply with any other regulatory requirement or as permitted by applicable law.
    4. We will only use or disclose your personal information for the purposes of direct marketing to the extent permitted by the Data Protection Laws and Regulations.
    5. You may opt out of receiving any such communications by:
      1. clicking a link on the email communications sent to you; or
      2. contacting our Privacy Officer (see clause 14 below) for that purpose.
  7. Disclosure
    1. We may disclose personal information and you consent to us disclosing such personal information to:
      1. third parties engaged by us to perform functions or provide software and/or services on our, or their, behalf such as mail outs, marketing or advertising;
      2. Related Bodies Corporate;
      3. AWS, pursuant to the terms of a relevant AWS Customer Agreement or otherwise;
      4. to cloud based service providers and applications;
      5. your referees and former employers;
      6. credit agencies;
      7. our professional advisors, including our accountants, auditors and lawyers;
      8. persons authorised by you to receive information held by us;
      9. any persons as required or permitted by any law; or
      10. a party to a transaction involving the sale of our business or its assets.
    2. Clauses 1.1, 7.1.5 to 7.1.7 and 7.1.10 do not apply to sensitive information.
    3. We may in some circumstances as necessary or if we consider appropriate transfer your personal information to overseas persons to facilitate or ameliorate the provision of our products or services to you or your employer. This may be for the purposes of disclosure but commonly will be for the purposes of use or Processing (i.e. without releasing the subsequent handling of personal information from our effective control).
    4. The countries in which likely overseas recipients of personal information are located includes the United States of America, European Economic area countries and the United Kingdom.
    5. We consider that overseas recipients of personal information in such named jurisdictions are subject to a law, or binding scheme, that has the effect of protecting personal information in a way that, overall, is at least substantially similar to the way in which the APPs protect personal information and there are mechanisms that a relevant individual can access to take action to enforce that protection of the law or binding scheme.
    6. In any event, we customarily seek enforceable contractual arrangements with overseas recipients that require the recipient and any sub-Processors to handle personal information in accordance with relevant Data Protection Laws and Regulations (including, as relevant, the APPs).
  8. Humanforce system
    1. Further information about the collection of personal information via use of the Humanforce system is available from our Privacy Officer (see clause 14 below).
  9. GDPR
    1. If we become aware that you are a citizen of, or are located within, the European Union at the time when we collect personal information about you, or at the time when we propose to transfer personal information about you overseas, we will take steps to ensure (to the extent relevant) that we comply with Articles 45 to 49 of the GDPR in relation to the transfer of your personal information However, you acknowledge that as we conduct our business from and predominantly within Australia, you are required to provide us with written notice of our need to comply with the GDPR in relation to your personal information if you wish for us to take steps that are not already set out in this Privacy Policy.
  10. Access + Correction
    1. Access. You have a right to access your personal information, subject to certain exceptions provided for in the Data Protection Laws and Regulations.
    2. If you require access to your personal information, please contact the Privacy Officer (see clause 14 below). We may refer you to the Privacy Officer or other relevant person of a relevant employer as the case may require or be appropriate.
    3. You are required to put your request in writing and provide proof of identity.
    4. In certain circumstances we are not obliged to allow access to personal information. If we do so, we will tell you in writing our reasons for refusing and how you can make a complaint.
    5. We request that you keep your personal information as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can contact us as provided in clause 10.2 and we will correct or update your personal information. Where relevant we may refer you to the Privacy Officer or other relevant person of a relevant employer as the case may require or be appropriate.
    6. If you make a request to correct your personal information, we will:
      1. give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
      2. take reasonable steps to include a statement with your personal information we refuse to correct.
      3. We reserve the right to charge you reasonable expenses for making a correction to your personal information, for example, a fee for photocopying relevant information.
    7. If you are a citizen of, or are located within, the European Union at the time at which we collect personal information about you, or at the time at which you make a relevant request, we will take steps to ensure that we comply with a request by you to restrict our use of your personal information pursuant to Article 18 of the GDPR. You acknowledge that, depending on the nature of the restriction you request, we may be unable to provide you with some or all of our products or services (or any part of any product or service) if we comply with your request. In such circumstances, we will advise you of our inability to provide or continue to provide you with the relevant products or services, and if you confirm that you would like us to comply with your request, we may terminate a relevant agreement or other document with you in relation to our products or services.
  11. Security + Protection
    1. We will take all reasonable steps to:
      1. ensure that the personal information that we collect is accurate, up-to-date and complete;
      2. ensure that the personal information that we hold, use or disclose is, with regard to the relevant purpose, accurate, up-to-date, complete and relevant; and
      3. protect personal information from misuse, loss or unauthorised access and disclosure including by means of password access (where applicable) and secure servers.
    2. You acknowledge that the security of communications sent by electronic means or by post cannot be guaranteed. We cannot accept responsibility for misuse, loss or unauthorised access to your personal information where the security of information is not within our control.
    3. If you suspect any misuse or loss of your personal information, please contact us immediately.
  12. Retention period
    1. Subject to any contrary requirement under Australian law, or an order of a competent court or tribunal, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
    2. If you want to learn more about our specific retention periods for your personal information established in our retention policy please contact our Privacy Officer (see clause 14 below) for that purpose.
    3. Upon expiry of the applicable retention period we will take such steps as are reasonable in the circumstances to destroy or ensure that your personal information is de-identified in accordance with applicable laws and regulations.
  13. Complaints
    1. If you have a complaint about how we collect, use, disclose, manage or protect your personal information please contact us in writing.
    2. We will respond to any written complaint within 14 days of receiving the complaint.
    3. Once the complaint has been received, we will try to resolve the matter in an appropriate manner. This may include a request for further information, discussing options, an investigation and/or raising the matter with a relevant employee or other person.
    4. If we are not able to resolve your complaint to your satisfaction you may care to lodge a complaint directly with the Office of the Australian Information Commissioner (OAIC) online, by mail, fax or email. For more information please visit the OAIC website at http://www.oaic.gov.au/privacy/making-a-privacy-complaint.
  14. Contact details
    1. Please forward all correspondence in respect of this Privacy Policy to:
      Privacy Officer TimeTarget Pty Limited, Level 10, 52 Alfred Street, Milsons Point, New South Wales 2061, Australia.
      P:  02 9434 0500
      E:  admin@Humanforce.com
  15. Interpretation + Definitions
    1. Personal pronouns: Except where the context otherwise provides or requires:
      1. the terms we, us or our refers to Humanforce; and
      2. the terms you or your refers to a person who uses or accesses the Platform and/or a relevant Humanforce system (including a User) or other relevant person (not being us or our Related Body Corporate) and includes a person who agrees or by operation of law or contract is bound by the terms of this Privacy Policy by any relevant means.
    2. Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.
    3. Defined terms: In this Privacy Policy unless otherwise provided, the following terms shall have their meaning as specified:

APPs means any of the Australian Privacy Principles set out in Schedule 3 of the Privacy Act.

AWS means Amazon Web Services Inc, P.O. Box 81226, Seattle, WA 98108-1226 or its relevant affiliate, assignee or successor in title as the case may be.

AWS Customer Agreement means the Customer Agreement of AWS from time to time applicable which may be found at: https://aws.amazon.com/agreement/.

Data Protection Laws and Regulations means any and all applicable laws relating to the Processing or use of Personal information or privacy applicable to the performance of any agreement or matters contemplated by this policy, including applicable guidance, codes of practice and codes of conduct issued by the OAIC and any other relevant person, including to the extent applicable under the GDPR and the Privacy Act, such laws as amended and relevant from time to time.

Employment Purposes includes, with respect to employees and contractors: facilitating recruitment and engagement; probity and reference checking; facilitating medical checks; arranging training and personal development; facilitating security arrangements at the workplace; establishing access to and use of information technology systems and other communications devices; preparing material for marketing and sales purposes; administering payroll and vendor payment systems; facilitating and completing travel and secondment arrangements; processing expense reports for reimbursement purposes; management reporting; administering any test or assessment (including medical tests and assessments) that a prospective employee or contractor might be required to undergo; complying with legal and stock exchange obligations; audit purposes; ensuring compliance with other Humanforce policies as well as any related or ancillary purposes.

GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Humanforce means TimeTarget Pty Limited (ACN 140 620 248) whose registered office is at Suite 10.01, Level 10, 52 Alfred Street, Milsons Point, New South Wales 2061, Australia.

Humanforce system means the relevant Humanforce workforce management solution or instance of it which includes or may comprise relevant hardware and Humanforce or Humanforce software that may be licensed for on premise use and/or hosted in the cloud by us or AWS or a relevant employer and/or other person as the case may be.

OAIC means the Office of the Australian Information Commissioner.

personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not, or personally identifiable information under applicable Data Protection Laws and Regulations.

Platform means www.Humanforce.com.

Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.

Privacy Policy means this Privacy Policy of Humanforce as amended from time to time.

Process, Processing or Processed means any operation or set of operations which is performed upon Personal information, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (subject to, as may be relevant, pertinent Data Protection Laws and Regulations).

Related Bodies Corporate has the meaning given in section 50 of the Corporations Act 2001 (Cth).

Sensitive information means:

  1. information or an opinion about an individual’s:
    1. racial or ethnic origin;
    2. political opinions;
    3. religious beliefs or affiliations;
    4. philosophical beliefs;
    5. membership of a professional or trade association;
    6. membership of a trade union;
    7. sexual orientation or practices; or
    8. criminal record; that is also personal information; or
  2. health information about an individual;
  3. genetic information about an individual that is not otherwise health information;
  4. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  5. biometric templates.

User means a person who is permitted to use the Humanforce system in whatever capacity and includes customers, employers, employees, agents and independent contractors (whether with or without administration and/or special access rights).