SENSE Corporation Privacy Statement
SENSE is committed to treating the personal information we collect in accordance with the APP and the Privacy Act. By providing us with your personal information, you accept the following policies, processes, and procedures. If you do not agree to this policy, you can choose not to use SENSE services, our website (www.sensecorporation.com.au), or participate in any information gathering or recruitment activities.
We collect, hold, use and disclose personal information to carry out business functions or activities. These functions and activities include:
- assessing suitable candidates for career opportunities with SENSE
- consulting with clients, strategic partners, and other stakeholders
- maintaining registers, such as Security Clearance Register
- responding to legal and official access to information requests
- communicating with the public, stakeholders and the media including through websites and social media
Your personal information
Personal information is any information that can be linked to an individual or entity known to SENSE is seen as ‘Personal Information’ (see the Privacy Act for full description and definition). This is the case whether the personal information or opinion is true, or whether it is recorded in a material form or not.
The types of personal information that SENSE collects depends on the nature of our business, activity, or engagement with you. At all times we try to only collect the information necessary for the function or activity we are carrying out.
We may collect personal information about you that includes, but not limited to, the following:
- Full legal name – birth name, names changes, maiden name
- Contact details – email address, home, work, and mobile telephone numbers
- Address – work, home, and PO box
- Employment details and history
- Education history
- Qualifications and certifications
- Member ship and status in professional bodies
- Birth details – date of birth, place of birth and country of birth
- Citizenship, immigration, permanent residency, and visa/work permit status
- Travel history – overseas
- Medical records
- Financial details – bank accounts, superannuation, bankruptcy/insolvency
- Insurance details – Professional Indemnity (PI), Professional Liability (PL) and Workers Comp (WC)
- References – contact details, feedback, and reports
- Corporation details – structure
- Next of kin details
- Copies of identity documents – driver licence, passport, Medicare card
- Salary expectations
Direct collection of your personal information
The main way we collect personal information about you is directly from you when you:
- contact us to request a service, such as to initiate a security clearance or police check
- send us your contact details or resume/curriculum vitae via email
- apply for a job vacancy with or via SENSE
In the course of conducting probity checks as part of employment suitability or security clearance eligibility, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:
- your authorised representative if you have one
- the National Police Checking Service (NPCS) via the Australian Criminal Intelligence Commission (ACIC) (see supplementary information below).
We also collect personal information from publicly available sources, such as LinkedIn, to enable us to verify and/or confirm supplied information.
Collecting through our websites
There are several ways in which we collect information though our website, including:
Cookies and Web analytics
Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website.
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
Social networking services
We use social networking services such as Facebook and LinkedIn to communicate with the public about our work. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook and LinkedIn on their websites.
SENSE uses electronic forms constructed utilising Microsoft Word, Excel or Adobe fillable forms. Electronic forms completed and submitted by you via email are stored on our systems. Our systems have a cyber security policy in place to protect against unauthorised access.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact or correspond with us with general questions we will not ask for your name unless we need it to adequately handle your question.
However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, or application, or to supply our services.
SENSE collects personal information so that we can complete our business activities and provide you with the best service possible. It allows us to:
- Provide employment services and support;
- Provide industry relevant consulting and assessment services;
- Perform employment related checks, confirmation, and validation such as reference checks, criminal history checks, psychometric testing, visa checks, nationality checks, medical checks and credit checks;
- Create reports in order to best serve our industry;
- Manage our relationships;
- Maintain the currency of our customer database;
- Monitor our online presence and customer engagement;
- Track usage of our website in order to optimise the customer experience, and;
- Comply with and fulfill legislation, rules and regulations and any other legal obligations relating to the use and storage of personal information.
Common situations in which we disclose information are detailed below.
We may disclose your personal information to:
- Our employees and personnel,
- Your authorised representatives and referees,
- Our strategic partners, agents, contractors, and suppliers that collaborate and assist us in providing services,
- Service providers, e.g., visa administrators, medical assessment agencies, payment processors, accountants, electronic and IT systems administrators, couriers, mailing houses, solicitors, industry consultants and data entry service providers,
- Other parties, organisations, or individuals, with direct consent from you,
- Government or regulatory bodies as required by legislation or in the provision of services,
- Nominated superannuation funds,
- Our clients and customers.
Disclosure to service providers
SENSE uses a number of service providers to whom we disclose personal information. These include providers that host our website servers, manage our IT and manage our human resource recruitment.
To protect the personal information we disclose we:
- enter into a contract or MOU which requires the service provider to only use or disclose the information for the purposes of the contract or MOU
- include special privacy requirements in the contract or MOU, where necessary.
Disclosure to regulators or external dispute resolution schemes
We may disclose information that relates to complaints to other Australian or international regulators, or to external dispute resolution (EDR) schemes. We will generally only disclose your personal information to other regulators or EDR schemes if you agree and where the information will assist SENSE or the other regulator or EDR scheme investigate a matter.
Disclosure of personal information overseas
Generally, we do not disclose personal information overseas, unless required by legislation. We may disclose personal information to customers and third-party service providers and suppliers located overseas. These overseas entities may be located in New Zealand, Papua New Guinea, Europe, USA, Ireland, England and Singapore.
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or LinkedIn, the social network provider and its partners may collect and hold your personal information overseas.
Storage and security of personal information
We take reasonable steps to protect the security of the personal information we hold from unauthorised access and use, from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
- taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
- conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
For further information on the way we manage security risks in relation to personal information we hold see our supplementary material on information technology security practices, below.
We destroy personal information in a secure manner when we no longer need it.
As our site and electronic data system is connected to the internet and the internet is characteristically insecure, we cannot provide any assurances regarding the security of information transmitted online. Accordingly, any information transmitted to us online is done so at your own risk.
SENSE information technology security practices
Microsoft 365 provides information technology services to SENSE. MS is responsible for the safe keeping and maintenance of SENSE material it holds. All of this material is stored in Australia.
SENSE follows Commonwealth and industry best practice in ICT Security Management, including:
- Protective Security Policy Framework
- Australian Government Information Security Manual
- ISO/AS/NZS 31000: 2018 – Risk Management – Principles and Guidelines
- ISO/IEC 27001:2013 – Information Technology – Security Techniques – Information Security Management Systems – Requirements
- ISO/IEC 27040:2015 — Information Technology – Security Techniques – Storage security
For the list of mandatory requirements that cover governance, personnel, information and physical security, please visit the Protective Security Policy Framework website.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date, and complete we:
- record information in a consistent format
- where necessary, confirm the accuracy of information we collect from a third party or a public source
- promptly add updated or new personal information to existing records
- regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
If you wish to complain to us regarding the use or handling of your personal information, please contact our Privacy Officer and submit a complaint in writing. If you need help lodging a complaint, you can contact us. We will review and investigate your complaint as quickly as possible and respond within a reasonable time from the date of receipt of the written complaint.
If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior staff than the staff whose actions you are complaining about.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are not satisfied with our response or find it unacceptable, you may ask for a review by a more senior executive within SENSE (if that has not already happened) or you can complain to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).
How to contact us
You can contact us by phone, email or post via the following:
The Privacy Officer, Nicolas Shaw
0451 112 795
48/112 McMichael Terrace