Privacy Policy

Your Privacy Matters

Checkworkrights (‘CWR’) is committed to ensuring that your personal information is handled responsibly, in accordance with Australian Privacy laws. The CWR Privacy Policy ('the Policy') outlines how CWR collects, stores, communicates and otherwise deals with your information.

What Information does CWR Collect?

CWR is required to collect information from you in order provide its services. CWR services include the provision of an automated visa checking service that is linked with the Department of Immigration’s (‘the Department’) Visa Entitlement Verification Online (VEVO) tool. The primary purpose of the service is to confirm work entitlements for visa holders in Australia.

In the provision of these services, CWR will be required to collect identifying data, which may include:

  • Passport(s);
  • Information and consent related to use of the VEVO tool;
  • Citizenship information;
  • Personal identifying information such as your name, date of birth, physical address, email address, contact numbers;
  • Company information such as business name, business unit and employee identifying information necessary for the operation of CWR services;
  • Employer information such as employing entity, location of work, manager;
  • Any other information relevant to the provision of CWR services.

Wherever reasonably possible your consent will be sought prior to collecting your identifying information. Your identifying information will not be collected for purposes not related to the primary services of CWR without your express consent.

What About Sensitive Information?

The Australian Privacy Principles (APP) distinguish between personal information and sensitive information.

These terms are defined under Australian privacy law. CWR will not collect any sensitive information from you without your consent, and for which is not reasonably necessary in the performance of its services.

Please refer to the text for more information about your rights under the APP.

How is Your Information Collected and Held?

CWR may collect your personal information directly from you or your employer. Methods of collection may include electronic copies of personal documents collected via email and cloud based software.

All personal information collected by you is held securely on CWR databases.

How is Your Information Protected?

CWR is committed to protecting your information. CWR uses a number of security methods to ensure your information is kept safe. A more detailed description can be found in the CWR Data Maintenance Policy.

How is your Information Used?

VEVO Checking

CWR will use identifying information for the purpose of conducting automated VEVO check’s via the Department of Immigration’s visa checking platform.

By supplying identifying information to CWR your information will be used for this purpose.

By supplying identifying information CWR may be required to supply this same information to the Department for the purpose of conducting VEVO checks. In providing this identifying data to the Department, CWR accepts no responsibility for how the Department or other Government bodies may use your information and any subsequent action taken against you.

Direct Marketing

CWR will not use your identifying information for the purpose of direct marketing without obtaining your prior consent. In the event that your information is used for the purposes of marketing, you will be provided with an option to easily ‘opt out’ of having your information used in this manner.

Disclosure to Third Parties

In the course of providing its services, CWR may be required to disclose your information to third parties.

These may include:

  • An employer (prospective or existing);
  • An employee (prospective or existing);
  • CWR related entities;
  • Government bodies (including the Department);
  • Educational institutions.

CWR will not disclose your identifying information except in the course of the provision of the services for which the information was collected. Your consent will be sought prior to disclosing identifying information that does not relate to the purpose for which the information was collected.

Disclosure of Personal Information to Overseas Recipients

CWR will not disclose your personal information to overseas recipients.

If CWR needs to disclose your information to overseas recipients, for example in circumstances where your employer has internationally located associated entities, we will seek your prior written consent prior to disclosure.

Access and Destructions of Records

You will be provided access to your personal information on request to CWR, except to the extent that CWR is permitted to refuse access under the APP.

In order to account for the expense in accessing your personal information, CWR may request a reasonable access charge to provide you with the requested information.

Personal information held by CWR that is no longer required for the purpose(s) for which it was collected, will be destroyed or de-identified within a reasonable period of time.

You may contact CWR at any time, using the contact details listed in this policy, for the purposes of correcting or updating your personal information.

How to notify for breaches of the Australian Privacy Principles

If you believe there has been a breach to your privacy or of the Australian Privacy Principles, you may contact CWR to notify us of your concerns. Depending on the breach, CWR may take a number of steps in response to suggested breach, including:

  • Investigating the nature of the suggested breach;
  • Identifying the substance of the breach;
  • If a material breach is identified, remedying the breach;
  • Notifying you that the complaint has been investigated, whether a breach was identified, and if a breach was identified, steps taken to remedy the breach.

CWR will make all reasonable efforts to provide you with a response within 14 days of receipt of your communication regarding the suggested breach.

Privacy and the Internet

CWR operates a cloud based service which is delivered via the internet. CWR may require you to input information and identifying data in order to provide this service.

CWR may place cookies on your computer or device to allow us to recognise you for future visits to the website, provide the most relevant information to you, for market research purposes and to prevent data breaches, fraud and ensure that your information is kept as secure as possible.

Your internet browser may allow you to alter the settings to prevent cookies being stored on your computer or device. In order to take advantage of the full function and operability of CWR it is recommended that you allow cookies.

CWR may use website analytical tools in order to monitor traffic and maintain security across the platform. This will not be done for the purpose of collecting personal or sensitive information.

Data Breach Response Protocol

In the event of a data breach, such as the authorised access of personal information, CWR responses are as follows:

Contain breach and make preliminary assessment

  • CWR will take immediate steps to contain the breach. This may include shutting down CWR service to prevent further security breaches if necessary:
    • Initiate preliminary assessment:
    • Assessment of personal information involved in breach;
    • Identifying cause of breach;
    • Identifying the extent of the breach and impact on affected persons;
    • Assessing how the breach can be further contained if necessary.

Evaluate the risks associated with the breach

  • After making a preliminary assessment and containing the immediate effects of the breach, a broader assessment and evaluation of the breach will be conducted:
    • Consider what personal information is involved;
    • Determine whether the context of the information is important, including who has gained access to the personal information and how that information might be used;
    • Establish the cause and extent of the breach
      • Is there a risk of ongoing breaches or further exposure of the information?
      • Is there evidence of theft?
      • Is the personal information adequately encrypted, anonymous or otherwise not easily accessible?
      • What was the source of the breach?
      • Has the personal information been recovered?
      • How many individuals are affected by the breach?
    • Identify the risk of harm to affected persons

Notification

  • After assessing the risks and potential harms as a result of the breach, CWR will, where appropriate, notify the affected individuals and other relevant parties based on:
    • What is the risk of serious harm to the individual?
    • What is the ability of the individual to avoid or mitigate possible harm if notified of a breach (in addition to steps taken by CWR)?
    • Even if the individual would not be able to take steps to fix the situation, is the information that has been compromised sensitive, or likely to cause humiliation or embarrassment for the individual?
  • Where CWR has determined it appropriate to notify an individual or affected third party, such as a user of CWR services, it will do so as soon as possible, and via email;
  • The notification will include the following information:
    • Incident Description
    • Type of personal information involved
    • Response to the breach
    • Assistance offered to affected individuals
    • Other information sources — Sources of information designed to assist individuals in protecting against identity theft or interferences with privacy.
    • CWR contact details and how affected persons may communicate with CWR concerning the breach;

Review the Incident and take action to prevent future breaches

  • Following notification of the breach, CWR will take the following actions:
    • Consider developing a data breach prevention plan
    • Consider updating data breach response protocol and privacy policy
    • Make appropriate changes to CWR service to ensure future security and integrity of information.

Updates to the Policy

CWR may change this Policy from time to time for any reason. We will make all reasonable efforts to update you about any changes to the Policy.

Contact CWR

Please contact CWR if you have any questions or concerns relating to any of the information detailed in the Policy.

Level 3, 7 Howard Street, Richmond VIC 3121

Telephone +61 3 9421 1020 or email aaron@checkworkrights.com.au


Updated: July 23, 2018


Try Checkworkrights