A. RecruitPack Service Terms
These terms apply to all services provided by Nuage Software Pty Ltd (recruitpack.com) and all users of RecruitPack including RecruitPack sub-domains such as https://yourcompany.recruitpack.com ("RecruitPack Site") identified as "Users" agree to be bound by the following Service Terms.
1. Your access to the RecruitPack Site is conditional upon your acceptance and compliance with the terms contained in this document and elsewhere on the RecruitPack Site ("Service Terms"). Your use of, and/or access to, the RecruitPack Site constitutes your agreement to the Service Terms. RecruitPack and the Service Provider reserve the right to amend the Service Terms at any time. Since you are bound by the Service Terms, you should periodically refer to them in this document and elsewhere on the RecruitPack Site.
2. As a condition of using any services supplied by Nuage Software Pty Ltd ("RecruitPack") owned and operated by Nuage Software Pty Ltd ("the Service Provider"), Users must comply with the Human Rights and Equal Opportunity Commission Act 1986 (Commonwealth) and all anti-discrimination and equal opportunity legislation applicable in the State or Territory in which they conduct business. Where an exemption to comply with the legislation has been granted, the exemption number must be included in any Job or Assignment or Advertisement copy added to the RecruitPack site.
Requests must be made in writing to RecruitPack for permission to use RecruitPack logos or trade marks and/or to the User for permission to use the User logo or trade marks for the purpose of linking to the RecruitPack Site from other websites.
4. Users agree to keep confidential any Username(s), password(s) and/or private web addresses (URLs or Uniform Resource Locators) allocated to you and to take reasonable steps to keep them secure. You agree to notify us promptly in writing if you have reason to believe that any Username(s), password(s) and/or web addresses (URLs) may have been disclosed to any unauthorized party, accidentally or otherwise.
5. Whilst RecruitPack does not review all Job, Assignment, Advertisement or Screening Questions copy, RecruitPack reserves the right to withdraw without notice to the User (at the option of RecruitPack or the Service Provider) any copy posted to the Users RecruitPack Site, Job or Assignment Advertisement that may be in breach of any clause of these Service Terms or of any law or regulation. Each of RecruitPack and the Service Provider also reserve the right to terminate this Agreement if the User posts any Advertisement that may be in breach of any law or regulation. Further, each of RecruitPack and the Service Provider reserve the right, in their absolute discretion, to reject or remove Job or Assignment or Advertisement copy or Screening Questions from the RecruitPack Site for any reason.
6. You must not use the RecruitPack Site in any manner or for any purpose in breach of the laws of any Australian or any other jurisdiction or in any manner which violates any right of RecruitPack or the Service Provider or any other party or restricts or inhibits any other User from using or enjoying the RecruitPack site or which is otherwise prohibited by the Service Terms.
7. Users must not use the RecruitPack Site to post any pyramid or similar scheme on the RecruitPack Site and also must not ask or require any candidate to pay a fee, charge, cost or any money whatsoever to apply for any job advertised on the RecruitPack Site whether such fee, charge, cost or money is asked or required of the Applicant in the Job Advertisement itself or in any communication with the applicant that takes place as a result of a Job Advertisement placed on the RecruitPack Site.
8. Users agree not to use any feature of the RecruitPack Site to send unsolicited commercial email to applicants, whether individually or as a group. Applicant management tools may only be used to communicate with candidates about the specific vacancies for which they have applied, or for future vacancies for which the candidate is suitable.
9. Users must ensure that all Job Advertisements posted to the RecruitPack Site comply with all applicable legislation, regulations, by-laws, ordinances and codes of conduct ("Laws").
10. Users indemnify and will keep indemnified RecruitPack and the Service Provider, its officers, employees and agents against all claims, actions, suits, liabilities, actual or contingent costs, damages and expenses incurred by RecruitPack in connection with:
a. any breach of this agreement by the User;
b. any negligent act or omission by the User;
c. the showing of Job Advertisement copy and Screening Questions by the User on the RecruitPack Site or any related site.
d. an actual or alleged breach by a User of any Laws which occur as a consequence of the User's Job Advertisement or Screening Questions appearing on the RecruitPack Site.
e. any file delivered to RecruitPack or the Service Provider containing any defects, infections or viruses.
11. RecruitPack and the Service Provider cannot guarantee to the User that files available for downloading through the RecruitPack Site will be free of infection or viruses, worms, malware or other code that manifest contaminating or destructive properties. Users are responsible for implementing sufficient procedures and checkpoints to satisfy their particular requirements for accuracy of data input and output, and for maintaining a means external to the RecruitPack Site for the reconstruction of any lost data.
12. RecruitPack and the Service Provider accept no responsibility for any errors or omissions in Advertisements or Screening Questions and requires that Users check their Advertisements and Screening Questions for errors as soon as they are placed on the RecruitPack Site(s) or Job Boards. All reasonable efforts will be undertaken by RecruitPack and the Service Provider to edit errors brought to RecruitPack and the Service Provider's attention as soon as reasonably possible.
13. RecruitPack and the Service Provider will use reasonable efforts to publish Job Advertisements and Screening Questions in reasonable time.
14. Users may not assign or transfer any rights and obligations pursuant to this agreement to any other person or entity without prior written approval (which will not be unreasonably withheld) of RecruitPack. If you are a company, any change in your effective control shall be deemed an assignment for the purpose of this clause.
15. Users agree that RecruitPack and the Service Provider retain all intellectual property rights contained in any of the goods and services provided by RecruitPack
16. Applicants and Users acknowledge and agree that RecruitPack acts as a medium through which individuals look for employment opportunities and that RecruitPack does not vet nor is it responsible for vetting job applicants or the representations (whether oral or in writing - including those representations appearing in job applicant resumes appearing on the View Applicants page) made by them.
17. Users agree at all times to deal with any information or products provided by RecruitPack or the Service Provider or accessed from the RecruitPack Site in a manner which abides by all applicable laws of Australia, or of any other relevant jurisdiction (including, without limitation, privacy and copyright laws).
18. Users may access and use the information stored on Applicants solely for the purpose of identifying Applicants whose work preferences, work type, and abilities match the Users current job Advertisements and Screening Questions. Advertisers must not use or forward an applicant's resume without their permission.
19. The RecruitPack Site may contain hyperlinks and other pointers to Internet websites operated by third parties. These linked websites are not under the control of RecruitPack the Service Provider and/or the Users and they are not responsible for the contents of any linked web or any hyperlink contained in a linked website. Any relationship between RecruitPack and a linked website is independent of the RecruitPack Site notwithstanding that RecruitPack and the Service Provider may receive a fee for the provision of the hyperlink. RecruitPack provides these hyperlinks to you as a convenience only, and the inclusion of any link does not imply any endorsement of the linked website by RecruitPack or its affiliated corporation. You link to any such website entirely at your own risk.
20. The RecruitPack Site may contain Communication Facilities ("Communication Facilities") which provide for interaction between Applicants and Users and RecruitPack, the RecruitPack Site and real-time interaction between Applicants and Users by means of electronic bulletin boards, chat rooms, forums and other electronic messaging and notice services.
It is a condition of your use of any Communication Facilities and your access to, and use of, the RecruitPack Site that you do not do any of the following:
a. restrict or inhibit any other User from using or enjoying any Communication Facility;
b. post or transmit any unlawful, threatening, abusive, defamatory, obscene, vulgar, pornographic, profane or indecent information or material of any kind, including without limitation any transmissions constituting or encouraging conduct that would constitute a criminal offence, give rise to civil liability or otherwise violate any applicable Laws;
c. post or transmit any material of any kind which violates or infringes upon the rights of any other person, including material which is an invasion of any privacy or publicity rights or which is protected by copyright, trademark or any other proprietary right, or derivative works with respect thereto, without first obtaining permission from the owner or relevant right holder;
d. post or transmit any material of any kind which contains a virus or other harmful component;
e. post, transmit or in any way exploit any material of any kind for commercial purposes, or which contains any promotional material or advertising;
f. delete any author attributions, legal notices or proprietary designations or labels in any file that is uploaded; or
g. download any file posted by any other User of a Communication Facility if you know, or reasonably ought to know, that the file cannot legally be distributed in such manner.
RecruitPack and the Service Provider may from time to time, but has no obligation to, monitor or review the contents of its Communication Facilities. You expressly acknowledge and agree that the Communication Facilities provide a means of public and not private communications.
21. RecruitPack and the Service Provider reserves the right at all times without the need to have to provide any notice to Users or Applicants, to alter the functionality and appearance of its products and services available from RecruitPack or through the RecruitPack Site, where RecruitPack believes changes are required in order to promote a consistent experience for Applicants and Users using the RecruitPack Site.
22. Users must not release to the public any news release, advertising material, promotional material or any other form of publicity relating to RecruitPack without RecruitPack prior written approval.
23. Users agree that pursuant to the Privacy Act 1988 (Cth), RecruitPack and the Service Provider may obtain from either a credit reporting agency or other credit providers:
a. personal credit information about the User and/or its directors for the purpose of assessing an User's commercial credit application; and
b. a consumer credit report about the User for the purpose of collecting overdue payments relating to commercial credit owed by the Advertiser.
24. Users must comply at all times with the Privacy Act 1998 (Cth) and any other legislation, principles, industry codes and policies ("Privacy Laws") relating to the handling of all information about a person which is "personal information" as defined in Privacy Laws ("Personal Information") collected, used, disclosed or submitted via the RecruitPack Site and services available from RecruitPack and the Service Provider.
26. Users acknowledge and agree that:
a. by consenting to disclosures to overseas recipients as contemplated under clause 25, subclause 8.1 of the Australian Privacy Principles will not apply to the disclosure;
b. RecruitPack and the Service Provider may use and disclose any Personal Information and any application details provided by a User for statistical analysis and internal research purposes; and
c. RecruitPack and the Service Provider may retain the User's Personal Information and any application details for a period of seven (7) years [confirmed period] to provide to a Job Advertiser on the RecruitPack Site for the purposes of:
i. contacting the User in relation to future vacancies and positions; and
ii. maintaining adequate employment records.
27. If a User does not want their information to be considered by Job Advertisers for future vacancies or positions, the User can request at any time that RecruitPack and the Service Provider cease to provide that User's Personal Information and application details to Job Advertisers. Any requests to no longer be contacted by a Job Advertiser directly, or to be removed from a Job Advertiser's database, must be made to the Job Advertiser directly. RecruitPack accepts no responsibility for the content of communications made to a User by a Job Advertiser.
28. The RecruitPack Checklist and Profiling Systems used on this RecruitPack Site have been developed by RecruitPack and the Service Provider under the supervision of qualified and licensed professionals in relevant disciplines. No such system is ever perfect and whilst every care has been taken in the development of these systems, neither RecruitPack nor the Service Provider represent that any Report is either a perfectly accurate or complete representation of an applicant nor do we represent it as predictive of past or future behaviours or potentials.
29. The characterisation of individuals using such survey methodologies as are made available here is inexact and subject to errors. Our Report is a professional interpretation of the data only based on research findings and experience. Responses are interpreted in line with statistical research findings and experience in large numbers of individuals. Since every individual person is unique, no representation is made by us that every single report will accurately describe the characteristics of the individual completing it.
30. To the extent that any implied conditions, warranties, representations and/or rights (including those implied by statute) can be excluded, they are excluded. If they cannot by law be excluded, RecruitPack limits its liability in respect of them to the maximum extent permitted by law including, in respect of conditions or warranties implied by the Competition and Consumer Act 2010 (and equivalent state or Territory legislation), RecruitPack' liability for breach is limited (at its option) to:
a. the supply of the relevant services again;
b. the payment of the cost of having the services supplied again.
31. Without limiting condition 26, but subject to mandatory operation of law to the contrary:
a. RecruitPack' maximum liability to any person for any matter or thing arising out of or in connection with the supply of services by RecruitPack or the Contents or use of the RecruitPack Site (including for breach of contract by RecruitPack or the negligence of RecruitPack or its officers, employees, contractors, or agents or related bodies corporate within the meaning of the Corporations Act 2001 (collectively "RecruitPack Parties")) is limited to the aggregate fee charged by RecruitPack to that person for the provision of the services; and
b. none of the RecruitPack Parties is liable for any indirect, incidental, special and/or consequential damages (including loss of revenue, loss of profit, loss of opportunity or liability to third parties) arising directly or indirectly from:
i. the provision of any services by the RecruitPack Parties;
ii. the use of or access to, or the inability to use of access, the RecruitPack Site; or
iii. any of the Content or any information or other thing contained in any Report.
32. RecruitPack reserves the right to cooperate fully with any law enforcement authority in any jurisdiction in respect of any lawful direction or request to disclose the identity or other information in respect of anyone posting any materials which violate any applicable or relevant Laws.
33. If any dispute arises relating to or in connection with the services provided by RecruitPack, the Contents, or the use of the RecruitPack Site or any other matter under these Service Terms, the dispute must be resolved in accordance with the following procedures.
34. The parties to the dispute must each appoint a senior representative of their respective organisations with authority to resolve the dispute and must notify the other party of the name and contact details of that representative. The representatives must as soon as possible after that notification (and in any case within 10 business days of a party first notifying the other party of the presence of a dispute), meet and attempt in good faith to resolve the dispute or negotiate a further process to resolve the dispute.
35. If the dispute is not resolved within 10 business days of that meeting, either party may, by written notice to the other, require the dispute to be mediated by a mediator appointed by the Resolution Institute.
36. Each party must co-operate with that mediator and otherwise comply with the any rules imposed by the Resolution Institute. No party to a dispute may take any enforcement action in relation to a dispute before the mediator determines that there is no reasonable prospect of the dispute being resolved by the mediation.
40. You must not copy, reproduce, republish, transmit or distribute any source code given to you or divulged to you by any other means. You must not copy or make use of work-flows and methodologies used on this website other than through your RecruitPack service. You must not attempt to reverse-engineer or copy any software or computer code you access via this site. You undertake not to develop, create or market a similar product for 5 years from the date of your last usage of the RecruitPack Service.
41. Unless you notify RecruitPack otherwise, RecruitPack will use the e-mail address you have given RecruitPack to communicate with you as required for the conduct of the RecruitPack Service. Additional information about other services may form part of this communication. All communication sent to the email address you supplied RecruitPack will be deemed to have been received by you, whether returned or not. It is your responsibility to maintain a current working email address with RecruitPack at all times.
42. All rights not expressly granted herein are reserved.
Advertisement Posting via APIs
Advertisement Posting via APIs is a Self-service function to publish Job Ads on third-party websites. Published ads are not reviewed by RecruitPack prior to exposure on the third-party website.
If you make changes in your Ad (Job Title, Sub-title or Job Ad Copy (including embedded video) these changes will not automatically appear on the third party until you explicitly update them.
RecruitPack has used all reasonable endeavour to make these service accurate but cannot be held responsible for the results on the third party website. In using these services you absolve RecruitPack of any responsibility for results on the third-party platform that are not under our exclusive control.
Your ad will not necessarily appear on the third-party website exactly as it is formatted on RecruitPack - its appearance will be determined by the third party's publishing policies from time-to-time and thus is beyond our control. RecruitPack does not guarantee that the third-party will publish the ad in a timely fashion or even at all.
Other than technical and usage questions about this interface, all questions and support requests should be directed to the third-party provider.
You must not publish material that is misleading, obscene, offensive, unlawful, discriminatory or subject to copyright (without written permission from the copyright holder).
Nuage Software Pty Ltd Business Affairs
Nuage Software Pty Ltd ABN Nuage Software Pty Ltd
PO Box 100 St Agnes SA 5097
The privacy of your personal information is afforded the highest level of importance by Nuage Software Pty Ltd ABN Nuage Software Pty Ltd
PO Box 100 St Agnes SA 5097.
We are also required to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) to the extent that we collect the personal information of residents of the European Union. Expr3ss! is a data controller for the purposes of the GDPR.
What is "personal information"?
Personal information is information that identifies a particular individual. A person does not have to be mentioned by name for information to be "personal information". A record or information will contain personal information if an individual can be "reasonably identified" from the record or information. Personal information can include information and opinions, regardless of whether the information is true or not. Personal information may also be referred to in this policy as personal data.
What is "sensitive information"?
Sensitive information is an important type of personal information. Sensitive information is personal information relating to an individual's:
• racial or ethnic origin, including country of birth;
• political opinions;
• membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual orientation or practices;
• criminal record; and
• child related employment screening reports.
Sensitive information also includes information relating to:
• genetics; and
Sensitive information may also be referred to in this policy as "special category data" for the purposes of the GDPR.
What is a "data controller"?
A data controller for the purposes of the GDPR means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information.
What is a "data processor"?
A data processor means a natural or legal person, public authority, agency or other body which "processes" personal data on behalf of a data controller, and in accordance with the data controller's instructions.
What is a "data subject"?
For the purposes of the GDPR, a data subject is an individual who is physically located in the European Union at the time that their personal information is collected by Expr3ss!. A person does not need to be a citizen of a European country in order to considered a data subject. Throughout this policy we use the term "European Resident" to refer to a data subject.
What is a Member State?
For the purposes of the GDPR, a Member State refers to any one of the member states of the European Union.
What is the Expr3ss! Site
The site located at https://stpeters.recruitpack.com
What is a Job Advertiser ?
An organisation or agency who has engaged Expr3ss! to, among other things, collect and manage applications from prospective employees in response to advertisements placed on the Expr3ss! Site by that organisation or agency.
Collection of Information
We will only collect personal information where it is reasonably necessary to do so for the conduct of our business. We generally collect your personal information through your submissions on the Expr3ss! Site.
The kinds of personal information that we collect and hold may include:
• your name, birth date and gender;
• your contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses;
• questions specific to the requirements of the employer;
• your education;
• your employment history;
• passport and visa details;
• academic records, transcripts, enrolment and assessment details.
• submitted video recordings.
Any collection of personal information by us will be fair and lawful and will not be intrusive.
Expr3ss! will only solicit and collect sensitive information if:
• it is required to do so by law; or
• it has the consent of the individual to whom the information relates, and it is reasonably necessary for Expr3ss! to collect the sensitive information to enable it to carry out a relevant function or activity.
Expr3ss! will only collect sensitive information where the information is necessary for a relevant function or activity. Examples of a relevant function or activity include (are but not limited to):
• to determine whether an individual is permitted to work in Australia, having regard to Visa requirements; or
• qualification for particular employment/recruitment programs, financial or other assistance which may be allocated by reference to matters which constitute sensitive information, such as cultural background.
Expr3ss! may also collect sensitive information about an individual in order to comply with Expr3ss! obligations under Australian law, including but not limited to:
• language or cultural background;
• citizenship status;
• status as an Indigenous Australian;
• disability status; and
• health information.
We may also collect and hold information about you that is not personal information, including:
• data relating to your activity on the Expr3ss! Site via tracking technologies such as cookies; and
• the identity of your Internet browser, the type of operating system you use, your IP address and the domain name of your Internet service provider.
We may use this information for internal purposes, including administering our services, diagnosing problems, generating statistics and trends, and improving the quality of our products and services. We may also use this information to identify any submissions you make on the Expr3ss! Site and to assess your engagement with the Expr3ss! Site and the materials herein.
Expr3ss! will generally collect your personal information from you directly, unless:
• you consent to the collection of the information from someone else; or
• Expr3ss! is required or authorised by law to collect the personal information from a third party; or
• it is unreasonable or impracticable to obtain the personal information from you directly.
If it is reasonable and practical do so, we will only collect personal information from the individual to whom the information relates.However, you authorise us to collect information from external sources including government agencies and other third parties such as advertisers, mailing lists, recruitment agencies, contractors and business partners as and when required.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information. We will not, however, make any such request to any third party in circumstances where it would not be practical to do so.
Use of Personal Information
Expr3ss! collects and uses your personal information on the lawful basis that it:
• Is pursing its legitimate interests. This includes:
◊ To communicate with you in respect of news and information about our products and services;
◊ To provide Job Advertisers with the services and/or products which we have undertaken to provide them with under contract;
◊ To collate your contact details
◊ To facilitate communication and engagement between you and Job Advertisers who utilise our services as part of their recruitment processes; Expr3ss!;
◊ to facilitate future employment opportunities in the event your initial employment application is unsuccessful;
◊ to operate and maintain its information technology systems;
◊ to improve the functionality of its website;
◊ to personalise your experience with our products and services, for example, via connectivity with social media services;
◊ to enable third party organisations to provide us with technical and support services;
◊ to obtain legal, financial, business and other professional advice in respect of its operations;
◊ to carry out direct marketing;
◊ to carry out statistical analysis and internal research in respect of its customer base, products and services; and
◊ [insert any other purposes necessary or incidental to the provision of your products and services with as much specificity as you can]
• Is complying with its legal obligations. This includes
◊ the Corporations Act 2001 (Cth) which requires the disclosure of your personal information to third parties in certain circumstances
◊ [insert any other obligations that Expr3ss! has under law, including statute, regulation or Code etc]
• is necessary to protect your vital interests. This includes:
◊ Releasing sensitive personal information where Expr3ss! considers that there is an imminent threat to your health, safety or life generally, or where it considers that it is necessary to avoid, lessen or prevent a serious emergency or crime.
Disclosure of personal information
The primary purpose for using or disclosing an individual's personal information will include:
• to identify an individual and verify their identity;
• to provide Expr3ss! services to an individual and Job Advertiser;
• to do any of the things listed in the section of this Privacy Statement entitled "Use of Personal Information"; and
• to communicate with an individual.
Some Expr3ss! employees and contractors will have access to your personal information to a level that is necessary to enable them to perform their roles within Expr3ss!. They are obliged to respect the confidentiality of any personal information held by Expr3ss! Expr3ss! will take reasonable steps to ensure that personal information is not disclosed to a third-party, except in certain permitted situations. These include:
• where Expr3ss! obtains your consent;
• where it is necessary to provide that information to a third-party who provides services to Expr3ss!;
• where the disclosure is required or authorised by law or regulatory obligations; or
• any other circumstance permitted by the APPs.
Any disclosure that is required to be made to any third party will be made primarily for the purpose of providing or offering goods and services to you. If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
Any personal information submitted via our online form may need to be processed by a third party.
By submitting personal information via an online form on the Expr3ss! Site, you consent to the disclosure of that information to a third party, which may be located overseas, for the sole purpose of processing the online form. For the avoidance of doubt, third parties in Australia to whom your personal information might be disclosed include:
• Job Advertisers registered with us, but only those Job Advertisers with whom you have lodged an employment application either contemporaneously or in the past;
• contracted service providers including:
◊ information technology service providers, including cloud service providers;
◊ external business advisors, including accountants, auditors and lawyers;
◊ third party marketing providers; and
◊ [insert any other third parties here].
Third parties outside of Australia to whom your personal information might be disclosed include:
◊ information technology service providers, including cloud service providers;
◊ third party service providers;
◊ third party marketing providers.
In the event that the personal information being processed by a third party is the personal information of a European Resident, Expr3ss! will ensure that the requirements set out in the "Contracts with Third Party Data Processors" section of this Policy are adhered to.
Under the Act and APPs
Expr3ss! may, on occasion and where reasonable and appropriate, use your personal information for the purpose of sending you direct marketing materials which we consider may be of interest to you. Direct marketing may occur by mail, email, SMS or telephone.
Expr3ss! may also disclose your information to third parties or related entities for the purpose of allowing them to send you direct marketing materials directly.
Where the direct marketing is transmitted electronically or by telephone, Expr3ss! will at all times comply with any applicable laws including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Direct marketing will only occur if:
• Expr3ss! has the consent of the individual or where otherwise permitted by law (including where the use or disclosure is necessary to meet a contractual obligation to the Commonwealth);
• the individual would reasonably expect Expr3ss! to use or disclose the personal information a direct marketing purpose;
• Expr3ss! provides a simple and readily identifiable means by which the individual may refuse to receive direct marketing from Expr3ss! (a refusal request);
• Expr3ss! provides a simple and readily identifiable means by which the individual may opt out from receiving direct marketing from Expr3ss! which they had previously consented to receiving (an opt out request); and
• the individual has not made an opt out or refusal request to Expr3ss! .
Direct marketing, as it relates to sensitive information, will be identical to that set out above for broader personal information, save and except for Expr3ss! obtaining the express consent of the individual concerned to use or disclosure the sensitive information for a particular purpose.
Requirements of the GDPR
Expr3ss! may, on occasion and where reasonable and appropriate, use the personal information of European Residents in direct marketing. Direct marketing may occur by mail, email, SMS or telephone
To the extent that any direct marketing material is transmitted electronically to European Residents, the requirements of the GDPR and the ePrivacy Directive (or any equivalent law that may be in place from time to time) will be adhered to. In particular, Expr3ss! will ensure that it has obtained the consent of the European Resident via an opt-in method before the direct marketing material is sent.
Storage and Security of Personal Information
The individual providing the personal information to Expr3ss! must also ensure that the personal information is both relevant and accurate.
We will generally hold your personal information as either physical records, records on our servers, and in some cases, records on third party servers, which may be located overseas.
Expr3ss! will, wherever possible, keep all personal information strictly confidential.
Expr3ss! will take reasonable steps to protect of the personal information it holds, in both hard copy and electronic form, from:
• misuse, interference and loss; and/or
• unauthorised access, modification or disclosure.
For example, Expr3ss! has in place:
• data is encrypted in transit and at rest.
• your personal data is accessible only to registered employees and contractors of the employer via password protected logins.
Expr3ss! has in place systems to manage all personal information so that it is able to destroy or permanently de-identify personal information, wherever reasonable and practicable, that is no longer needed for any reason.
Generally, subject to your right to erasure, personal information retained by Expr3ss! will be stored for as long as Expr3ss! requires it to:
• fulfil our obligations under law;
• discharge our contractual obligations;
• carry out the purpose for which the personal information was collected; and/or
• otherwise facilitate the reasonable conduct of our business operations
following which time it will be either destroyed or anonymised.
Expr3ss! reserves the right to retain the personal information of European Residents which it holds for the following purposes indefinitely:
• archiving purposes in the public interest;
• scientific or historical research purposes; or
• statistical purposes.
Expr3ss! will manage all data breaches in accordance with the mandatory Notifiable Data Breaches Scheme (NDB Scheme) in Australia, as well as the mandatory notification obligations under the GDPR.
Obligations of Expr3ss! under the NDB Scheme
In accordance with the NDB Scheme, in the event of a suspected data breach Expr3ss! will:
• contain the breach and, if possible, take remedial action; and
• commence the requisite assessment process to determine whether the data breach is likely to be an "eligible data breach" for the purposes of the NDB Scheme. An "eligible data breach" being one where:
◊ there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by it;
◊ the access, disclosure or loss is likely to result in "serious harm" to any of the individuals to whom the information relates. In this context, "serious harm" refers to serious physical, psychological, emotional, financial or reputational harm to an individual or individuals; and
◊ Expr3ss! has not been able to prevent the likely risk of serious harm with remedial action.
If Expr3ss! has reasonable grounds to believe that an "eligible data breach" has occurred, it will:
• prepare a statement to the Office of the Australian Information Commissioner (OAIC) as soon as practicable (OAIC Statement);
• notify the individual to whom the information relates as soon as practicable after the statement has been prepared; and
• provide that individual with a copy of the OAIC Statement.
If Expr3ss! is unable to locate the individual to whom the eligible data breach relates for the purpose of providing them with a copy of the OAIC Statement, a copy of the OAIC Statement will be posted on our website.
Obligations under the GDPR
In accordance with the GDPR, Expr3ss! will ensure that:
• on becoming aware of a data breach, it will:
◊ attempt to contain it and assess the potential adverse consequences for individuals involved; and
◊ if, after conducting an assessment, it considers that:
† there is a risk to an individual's rights and freedoms as a result of the personal data breach, it will report the breach to the relevant Supervisory Authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach; and
† there is a high risk to an individual's rights and freedoms as a result of the personal data breach, it will report the breach to the relevant Supervisory Authority in accordance with the clause above and notify the individual affected without undue delay.
Expr3ss! will keep a record of all personal data breaches, regardless of whether or not they need to be reported to the Supervisory Authority.
Expr3ss! will not report a personal data breach in the event that, after conducting an assessment, we consider that the risk of harm to an individual's rights and freedoms is unlikely.
A "personal data breach" for the purposes of the GDPR includes, but is not limited to, whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.
Contracts With Third Party Data Processors
In the event that Expr3ss! engages a data processor to process the personal data of European Residents on its behalf, it will only do so if that data processor has provided Expr3ss! with sufficient guarantees that it will implement appropriate technical, contractual and organisational measures that ensure compliance with the GDPR, and the protection of the personal information of European Residents.
To the extent that Expr3ss! engages a third party data processor, it will ensure that it enters into a written agreement with that data processor, which sets out, as a minimum, terms which require the processor to:
• only act on the written instructions of Expr3ss! as the data controller;
• ensure that people processing the data are subject to a duty of confidence;
• take appropriate measures to ensure the security of processing;
• only engage sub-processors with the prior consent of Expr3ss! and under a written contract;
• assist the controller in providing subject access and allowing data subjects to exercise their rights under the GDPR;
• assist Expr3ss! in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
• delete or return all personal data to Expr3ss! as requested at the end of the contract; and
• submit to audits and inspections, provide Expr3ss! with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell Expr3ss! immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.
Data Access & Correction
You can review your personal information online via the Expr3ss! Site, or you may request access to your personal information at any time by sending a written request to our Privacy Officer by mail at Expr3ss! Pty Ltd ACN 102 229 961 LG 146 Arthur Street, North Sydney NSW 2060, Australia, Australia, or by using the contact form on the Expr3ss! Site.
You do not need to provide a reason for your request.
Expr3ss! will not impose a fee for making an access or correction request in the first instance. However, we may charge a small fee for administrative costs incurred by us in providing access to your personal information in those circumstances where the request is manifestly unfounded or excessive, and requires a significant amount of time to locate or collect your information or to present it in an appropriate form.Expr3ss! will generally grant an individual access to their personal information unless an exception applies. Exceptions include where:
• giving access would have an unreasonable impact on the privacy of other individuals;
• the request for access is frivolous or vexatious;
• the request is manifestly unfounded or excessive (taking into account whether the request is repetitive in nature); or
• the access would be unlawful.
We will take reasonable steps to ensure that the personal information we collect about you is accurate, up-to-date and complete, and ensure that the personal information we use or disclose is accurate, up-to-date, complete and relevant. You are free to update your personal information at any time by sending a written request to our Privacy Officer by mail at Expr3ss! Pty Ltd ACN 102 229 961 LG 146 Arthur Street, North Sydney NSW 2060, Australia, Australia, or by using the contact form on the Expr3ss! Site. There is no cost for updating your information.
If we are unable to provide you with access to your information, or make any amendments which you have requested, we will provide you with written reasons for our refusal within a reasonable time period.
Additional Rights Of European Residents Under The GDPR
In addition to the protections afforded under the Privacy Act and the APPs, if you are a European Resident, you have a number of additional rights under the GDPR, including:
• the right to receive personal data you have provided to us in a structured, commonly used and machine readable format, including the right to request that we transmit this data directly to another data controller;
• the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that we use your data (this right is an alternative to requesting the erasure of your data); and
• the right to require us to erase your data in certain circumstances.
In the event that a European Resident requests that their data be erased, Expr3ss! will assess this request against any relevant record keeping obligations it has under any statute or regulation, and retains the right to seek professional advice in respect of any conflict of law issues that might arise as a result of the initial assessment before the European Resident's request for erasure is granted.
Cross-Border Disclosure of Information
We are likely to disclose your information to overseas recipients, including, but not limited to our third party servers, international advertisers, or international branches of Australian based companies. You consent to us disclosing your personal information to such overseas recipients for purposes necessary or useful in the course of operating our business. Such disclosures will be in accordance with the APPs, subject to clause 26.a of the Expr3ss! Service Terms. The countries in which such recipients are likely to be located include, but are not limited to, Hong Kong, New Zealand and the United Kingdom.
If you do not want us to disclose your information to overseas recipients, please let us know.
Expr3ss! may also, from time to time, disclose the personal information of European Residents to third parties outside of the European Union. However, Expr3ss! will only do so where:
• the foreign jurisdiction governing a third party has been assessed as "adequate" in terms of data protection in accordance with the GDPR; and/or
• sufficient safeguards (such as a binding contract or corporate rules or any other safeguards prescribed by the GDPR) have been put in place; or
• a derogation or exception as listed in the GDPR applies.
If you are a European Resident and have any questions about Expr3ss!'s compliance with the GDPR, please contact the Privacy Officer in the first instance.
We take all complaints seriously, and will respond to your complaint within a reasonable period.
If you are interested in obtaining additional information about privacy, you can visit the Australian Privacy Commissioner's website at www.oaic.gov.au.
Please note that there are inherent risks in transmitting information over the Internet. There is a possibility that your information could be accessed by a third party while in transit. Each User of the Expr3ss! Site should make their own assessment of the possible security risks to their information when deciding whether or not to use the Expr3ss! Site.
Expr3ss! cannot ensure or warrant the security of any information transmitted to Expr3ss! online and individuals do so at their own risk. To the extent permitted by law, Expr3ss! accepts no responsibility for the unauthorised access of personal information held by Expr3ss!
Importantly, cookies do not need to identify the user or record any personal information. No attempt is made to identify you or your browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the service provider's logs, or where your usage is causing technical issues for the Expr3ss! Site that may need to be resolved and Expr3ss! needs to contact you. A notice will be posted on the Expr3ss! Site if the Expr3ss! Site attempts to identify individuals from their cookies unless that identification is required by law or to assist in law enforcement.
The default settings of most internet browsers allow cookies. However, users may change their browser settings to disallow cookies. Please note that some parts of the Expr3ss! Site may not function fully for users that disallow cookies.
To the extent that any cookies placed on the Expr3ss! Site by Expr3ss! or a third party can uniquely identify a European Resident, the requirements of the GDPR will be adhered to. In particular, Expr3ss! will ensure that:
• consent is obtained prior to the setting of the cookies
• a European Resident can withdraw their consent at any time by changing the relevant settings;
• a European Resident's consent is renewed every 12 months;
• it documents a European Resident's consent and stores it securely; and
• it deletes the personal information of a European Resident upon request.