Skills Migration Privacy Policy
Skills Migration Pty Ltd ACN 636 600 863 (“SM”, “we”, “us” and “our”) will always protect the privacy of any individual or entity that we come into contact with. We adhere to all of the relevant privacy laws including, but not limited to, the Privacy Act 1988 (“the Act”), the Australian Privacy Principles (“APP”), and any privacy codes made in connection with the Act.
The APP sets out 13 principles that SM must adhere to when dealing with ‘personal information’. Personal information is defined by section 6 of the Act as any:
“information or an opinion about an identifiable individual, or individual who is reasonably identifiable:
whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.”
To find out more about the APP you can contact the Office of the Australian Information Commissioner (“OAIC”) by email at the following address: [email protected]. Specific information about the APP may be accessed via the following link: https://www.oaic.gov.au/privacy/australian-privacy-principles/
This privacy policy sets out the way that we manage personal and other information that may be provided to us. It also details how you can make a complaint to the office of the OAIC, should you feel that we are not adhering to our privacy law obligations.
The kinds of personal information collected and held by us
We may collect and hold a range of personal information. This information may include the following:
- names and contact details including phone numbers, postal addresses and e-mail addresses;
- identity documents such as passports, driver’s licenses, national ID’s, birth certificates, marriage certificates, household registration documents, bank cards, Medicare cards and private health insurance cards;
- employment information such as employment contracts, payslips, superannuation documents, taxation documents and employer references;
- company information including the company’s ACN, ABN and the names and contact details of the company’s officers, employees and representatives;
- financial information including, but not limited to, credit card information and financial institution account information;
- company financial information such as profit and loss statements, balance sheets, cash flow statements, taxation documents and depreciation schedules.
Please note that this is not intended to be an exhaustive list, and there may be instances where we collect and hold forms of personal information that is not referred to above.
How we collect and hold your personal information
We may collect personal information via the following sources:
- directly from the individual or entity that we have dealings with during the course of a meeting, by telephone, written correspondence in electronic or paper form, by providing a submission to a request for information from our website, CRM or any other tool capable of collecting data that would constitute personal information;
- via publicly available databases including, but not limited to, information held by the Australian Securities and Investment Commission, the Australian Financial Services Authority, or via internet search engines;
- via our website (ie. online forms, cookies, log files etc).
We may also use Google analytics to collect information about how visitors use our website. The information obtained is used to help us understand our website user’s needs so that we can offer a better user experience. Google analytics uses cookies to collect information about which pages have been visited, how long the visitor was on a website, how the visitor got there (for example from a search engine, a link, an advertisement, etc) and what selections are made on the website. Information collected by the cookies (including your IP address) is transmitted to and stored by Google on servers in Australia and overseas. You can opt out of Google analytics if you disable or refuse the cookie, disable JavaScript, or use the opt out service provided by Google.
Our online services may contain links to other websites. We cannot be held responsible for the privacy practices or policies of those sites and we recommend that you review their privacy policies before you use these sites.
Under the APP, you have the right to anonymity and pseudonymity in your dealings with us. However, if you fail to provide us with any personal information we have requested from you, then we may decline to engage with you any further.
We may hold your personal information in electronic and/or hard copy format, both at our head office, branch premises and with our agents and/or third-party service providers. We implement a range of reasonable measures to ensure the security and integrity of your personal information. Careful measures are also undertaken in respect of destroying personal information that is no longer required to be held or needed by us for any lawful purpose.
How we use your personal information
We collect and hold your information for the following reasons:
- To provide updates, news, information, and promotions regarding our activities.
- For administrative, operational, strategic, and marketing purposes.
We will not use your personal information for marketing purposes if you expressly indicate that you do not wish it to do so.
We may disclose your personal information:
- To other members, related entities and/or partners for any purposes related to any supply of any of our services requested by you.
- To any legal advisors and/or recovery agencies for purposes associated to any debt collection and/or dispute concerning you.
- To any party or institution as may be required by law.
We may also disclose your information to your authorised representatives when you provide us with written authority to do so.
Access to and correction of personal information held by us
You may access information held by us about you by submitting a request in writing by email or hard copy using either of the following address:
Or
The Privacy Officer
Skills Migration
Suite 2, Level 3, 143 Charlotte Street, Brisbane, QLD, 4000
You will need to provide us with sufficient proof of identity before we will respond to any request for access or correction.
We typically respond to any requests of this nature within 30 days. However, the requested information will only be supplied if:
- we are required by law to do so; or
- if we choose to do so.
If we decline your request, we will provide you with our reasons for this decision in writing.
We have the discretion to charge you any fees associated with obtaining and providing you with access to any of your personal information held by us. This includes the costs of locating, retrieving, compiling, copying, and delivering the requested information.
Requests to correct any errors and/or omissions regarding any of your personal information can also be made. These requests must be put in writing and sent to either of the addresses set out above.
We will typically process your correction request within thirty (30) days and will notify you of the corrections made in writing once they are completed. If we decline to make any of the corrections requested, we will provide you with our reasons for this decision in writing.
Disclosure of personal information to third parties
We may need to disclose your personal information to third parties such as translators, the Department of Home Affairs, the Australian Federal Police, Bupa Migration Health Services, or any relevant Australian State or Territory Government agencies. We will always obtain your prior written consent before disclosing your personal information to these, or any other, third parties.
Disclosure of personal information to overseas recipients
The third parties to whom we disclose your personal information to may be located in Australia as well as overseas. We undertake steps to ensure that we only disclose personal information to overseas recipients that agree to protect the privacy and security of the personal information, and to use the information only for the purpose for which it is disclosed.
How you may complain about an alleged breach of the Australian privacy principles or a registered privacy code by us
Should you wish to make a complaint about the way in which we have dealt with your personal information and/or our adherence to any relevant privacy laws, please make your complaint in writing to either of the following addresses:
Or
The Privacy Officer
Skills Migration
Suite 2, Level 2, 143 Charlotte Street, Brisbane, QLD, 4000
We will typically respond to your complaint in writing within thirty (30) days unless your complaint requires us to obtain further information from you or to make enquiries with any related or unrelated third parties. We will endeavour to deal with your complaint as quickly as possible given the circumstances. If it is likely that a final response to your complaint will not be provided within thirty (30) days of receipt of your complaint, we will notify you of the reasons for this delay and provide you with a revised timeframe for our response.
If you are dissatisfied by our response to your complaint, you can make a complaint to the Office of the Australian Information Commissioner. For detailed information on how to make a complaint to the OAIC, please visit the following web link:
https://www.oaic.gov.au/privacy/privacy-complaints/
The contact information of the OAIC is also set out below.
Phone number: 1300 363 992
Email: [email protected]
Fax: 02 9284 9666
Post: Sydney Office, GPO Box 5218 Sydney NSW 2001
How eligible data breaches are handled
Eligible data breaches happen where there is an unauthorised access to, unauthorised disclosure of, or loss of personal information held by us which may result in serious harm to an individual.
Pursuant to the Australian Privacy Protection Principles, we must take all reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, and disclosure.
Our data breach response plan outlines processes as to how a data breach will be contained, evaluated, and managed. The plan also outlines how we decide whether it is necessary to notify an individual of a data breach.
Our data breach response plan is as follows:
- Contain the breach;
- Initiate a preliminary assessment by an appropriately qualified Data Breach Response team;
- Assess the risks for individuals associated with the breach;
- Determine who needs to be made aware of the breach;
- Review the incident and take action to prevent future breaches.
When deciding whether an individual is required to be notified, the following factors will be considered:
- Whether there is a risk of serious harm to the individual;
- Whether notification will avoid or mitigate possible harm;
- Whether the compromised information is sensitive or likely to cause humiliation or embarrassment for the individual; and
- Whether there are legal and/or contractual obligations to notify.
If we reasonably believe there is a risk of serious harm to the individual due to a data breach, we will notify the Commissioner. In some situations, we may also notify other third parties, such as law enforcement officers.