1 WorkSec commitment to privacy

(a) WorkSec Pty Ltd (ACN: 659 249 411), its subsidiaries and affiliates in Australia (collectively referred to as “WorkSec”, “we” and “us”) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), the Protective Security Policy Framework (PSPF) and in accordance with other applicable privacy laws.

(b) This document sets out our policies for managing your personal information and is referred to as our Privacy Policy.

(c) In this Privacy Policy, “WorkSec”, “we” and “us” refers to WorkSec Pty Ltd and “you” refers to any individual about whom we collect personal information.

 

2 About WorkSec

(a) WorkSec is a private company Defence Industry Security Program (DSIP) member organisation building a talent pool of skilled, security-cleared, and Defence-ready personnel to deliver Australia’s sovereign capability.

(b) WorkSec offers a complete range of services, including security clearance application facilitation and sponsorship, Security Officer as a Service (SOaaS) and other personnel security governance services.

(c) Please contact us for a full list of the companies which comprise WorkSec and which are subject to this Privacy Policy.

 

3 What information does WorkSec collect about you?

3.1 Clients and prospective clients

(a) When you enquire about our services or when you become a client of WorkSec, a record is made which includes your personal information.

(b) The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:

(i) your name, e-mail, phone number, address and other contact details;
(ii) information about your employer or an organisation who you represent;
(iii) your professional details; and
(iv) any additional personal information you provide to us, or authorise us to collect, as part of your interaction with WorkSec.

3.2 Security clearance applicants

(a) If you apply for a security clearance or clearance sponsorship through us, we will collect your personal and sensitive information to assess your suitability to hold and maintain a security clearance. This may include:

(i) name or identity including gender, and related information (copies of identity documents, name, previous names, gender);
(ii) birth details (date of birth and place of birth);
(iii) marital status, including the details of your current spouse or partner;
(iv) address, including details of any house mates;
(v) contact details (phone and email address) and history of residential and postal addresses;
(vi) citizenship status (Australian and overseas) or nationality and, if applicable, details of any work visa;
(vii) financial information, including information about a mortgage, significant debt, changes to household income, and receipt of lump sum payments;
(viii) health, medical or psychological circumstances;
(ix) details of any criminal history, police involvement or association with criminal activity;
(x) club, society, association or interest group membership;
(xi) details of any disciplinary procedures;
(xii) illicit or illegal drug use;
(xiii) residence (in a foreign country);
(xiv) overseas travel history, and connections;
(xv) religious beliefs;
(xvi) details of any security incidents;
(xvii) your business interests;
(xviii) details to conduct a digital footprint check such as the names or handles you use on your social media and other online accounts;
(xix) legal proceedings;
(xx) employment history; and
(xxi) education history.

3.3 Other individuals

(a) WorkSec may collect personal information about other individuals who are not clients of WorkSec. This includes customers and members of the public who participate in events we are involved with, individual service providers and contractors to WorkSec, and other individuals who interact with WorkSec on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with WorkSec.

(b) If you are participating in an event we are managing or delivering, we may take images or audio-visual recordings which identify you.

(c) In limited circumstances, WorkSec may collect information which is considered sensitive information. For example, if you are injured at an event promoted or delivered by WorkSec we may collect health information about you in an emergency or otherwise with your consent.

(d) We may collect personal information about children (for example, when children participate in events we are involved with). Where children do not have sufficient maturity and understanding to make decisions about their personal information, we will require their parents or guardians to make decisions on their behalf.

(e) You can always decline to give WorkSec any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

3.4 Visitors to our websites

The way in which we handle the personal information of visitors to our websites is discussed below.

 

4 How and why does WorkSec collect and use your personal information?

(a) WorkSec collects personal information reasonably necessary to carry out our business, to assess and manage security risks, assess and manage our clients’ needs, and provide services including security clearance sponsorship, Security Officer as a Service (SOaaS) and personnel security governance services. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing client relationships.

(b) The purposes for which WorkSec usually collects and uses personal information depends on the nature of your interaction with us, but may include:

(i) responding to requests for information and other general inquiries;
(ii) managing, planning, advertising and administering programs, events, competitions and performances;
(iii) researching, developing and expanding our facilities and services;
(iv) informing you of our activities, events, facilities and services;
(v) recruitment processes (including for volunteers, internships and work experience);
(vi) responding to enquires and complaints;
(vii) to conduct pre-employment suitability and workforce screening;
(viii) to assess your ongoing suitability to obtain and maintain a security clearance; and
(ix) to fulfil reporting obligations to the relevant regulatory bodies.

(c) For security clearance applicants, WorkSec needs your personal information to assess, manage, and review your suitability for security clearance sponsorship, as per the following:

(i) WorkSec collects, uses and discloses your personal information as set out in this policy to assess, manage, and review your eligibility and suitability to apply for and hold a security clearance.
(ii) WorkSec may also collect, use or disclose your sensitive information for these purposes. Sensitive information is defined by the Privacy Act to include political opinions, memberships of associations, philosophical beliefs, sexual practices, criminal record and health information, among other things.
(iii) WorkSec will collect and use your personal information for the life of your security clearance sponsorship, and may use this personal information to assess, manage or review any future security clearance sponsorship applications you may make or security clearances you are granted, unless you withdraw your consent. If you withdraw your consent, WorkSec may still use or disclose any of your personal information that we have already collected for purposes permitted by the Privacy Act which do not require your consent.

(d) In addition, WorkSec may also collect, use or disclose your personal information for other purposes where:

(i) you provide your consent;
(ii) it would reasonably be expected by you that such a disclosure would occur and the disclosure is related, or directly related to your security clearance;
(iii) disclosure is required or authorised by or under Australian law or a court / tribunal order;
(iv) a ‘permitted general situation’ exists as defined in section 16A of the Privacy Act in relation to the use or disclosure of the information; or
(v) the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

(e) WorkSec generally collects personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person.

(f) WorkSec may also conduct checks and inquiries and may collect and use personal information from third parties to assess, manage, or review your eligibility and suitability to hold or maintain a security clearance. These collections may include:

(i) referee checks;
(ii) identity checks;
(iii) national police checks;
(iv) financial/credit history checks;
(v) digital footprint checks; and
(vi) additional vetting checks or assessments where the check or assessment is relevant to addressing any concerns identified or not able to be resolved.

(g) WorkSec may collect personal and sensitive information from your referees and supervisors, and people identified through WorkSec’s intelligence practices and security protocols including:

(i) from the referees and supervisors you nominate in your application.
(ii) from persons you do not nominate in your application, but who WorkSec identifies through its intelligence practices and security protocols.

(h) WorkSec may use your personal information to verify or corroborate the personal information WorkSec has collected from you and other third parties.

(i) WorkSec also collects and uses personal information for market research purposes, to innovate our delivery of products and services and to share with the relevant government agencies and departments as required under our DISP obligations.

 

5 How does WorkSec interact with you via the internet?

(a) You may visit our website (https://worksec.au/) without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to WorkSec will be managed in accordance with this Privacy Policy.

(b) WorkSec’s website uses cookies. A “cookie” is a small file stored on your computer’s browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites. You are not identifiable from such information.

(c) You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.

(d) WorkSec’s website may contain links to third-party websites. WorkSec is not responsible for the content or privacy practices of websites that are linked to our website.

 

6 Can you deal with WorkSec anonymously?

(a) WorkSec will provide individuals with the opportunity to remain anonymous or use a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry).

(b) Generally, it is not practicable for WorkSec to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.

(c) For WorkSec to assess, manage, and review your eligibility and suitability to be sponsored for an Australian Government security clearance, it is necessary for WorkSec to be able to positively identify you. As such, it is not practical or possible for WorkSec to provide security clearance applicants with the option of not identifying themselves, or using a pseudonym.

 

7 How does WorkSec hold information?

(a) WorkSec stores information electronically in secure databases (including trusted third-party cloud storage providers based in Australia). Personal information may be collected in electronic form for use or storage. We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

(b) WorkSec maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

(c) Our websites use encryption and other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

(d) We take steps to destroy or de-identify information that we no longer require.

 

8 Does WorkSec use or disclose your personal information for direct marketing?

(a) WorkSec may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below.

(b) If you opt-out of receiving marketing material from us, WorkSec may still contact you in relation to its ongoing relationship with you.

 

9 How does WorkSec use and disclose personal information?

9.1 For clients

The purposes for which we may use and disclose your personal information will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to service providers where this is relevant to our services.

9.2 For customers and participants

If you are a customer or participant in an event, we may disclose your personal information to our clients and venues where this is reasonably necessary for, and relevant to, the delivery of the event. We may use images or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur.

9.3 For security clearance applicants

(a) WorkSec may disclose your personal information to government departments, such as the Australian Government Security Vetting Agency (AGSVA), to conduct its security clearances assessment or review, then collect and use the response.

(b) WorkSec may disclose your personal information to Defence departments and agencies such as ASIO, Department of Home Affairs, Defence Industry Security Office (DISO) and DISP amongst others where required to do so as part of reporting or audit obligations or where matters of national security may be at stake.

(c) WorkSec may disclose your personal information to third parties to perform a criminal history check, and collect and use the response as part of the assessment, management, or review of your eligibility and suitability to hold a security clearance. The personal information WorkSec discloses may include, where applicable, your name (including previous names), birth details, contact details, passport details, Australian drivers licence details and history of residential addresses.

(d) WorkSec may disclose your personal information to third parties, including a consumer credit reporting organisation such as Equifax, for the purpose of obtaining your credit reporting information to determine your financial situation. WorkSec may collect and use your personal information to inform its financial history assessment required by the PSPF.

(e) The PSPF requires WorkSec to share information about security risks identified whilst sponsoring security clearances. To meet this requirement, where WorkSec identifies security risks through its ongoing risk assessment and personnel security processes, WorkSec may disclose information about this risk to AGSVA or other Australian Government departments.

(f) In addition to the collections, uses and disclosures set out above WorkSec may also do any of the following during the assessment, management, or review process, and for the duration you have applied for or hold security clearance sponsorship:

(i) collect your personal information from public records and public source information;
(ii) disclose and collect your personal information to and from third parties relevant to the assessment and monitoring of suitability, such as supervisors;
(iii) collect and disclose your personal information to and from current and previous private employers, for the purpose of corroborating previous employment;
(iv) collect and disclose your personal information to and from other vetting service providers, such as contracted vetting providers and financial institutions use the personal information WorkSec has collected about you to check documentation in relation to schools, colleges and tertiary institutions, which may require WorkSec to disclose your name and date of birth;
(v) collect and disclose your personal information to third parties to verify your medical status; and
(vi) use your personal information to conduct a check of your digital footprint by examining the unique pattern of electronic transactions made by your online presence, and may collect additional personal information through this assessment.

(g) WorkSec may disclose your mobile phone number to a third-party communications service provider to send you SMS alerts regarding your security clearance application.

9.4 For administration and management

(a) WorkSec will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

(i) administering billing and payments and debt recovery;
(ii) planning, managing, monitoring and evaluating our services;
(iii) quality improvement activities;
(iv) statistical analysis and reporting;
(v) training staff, contractors and other workers;
(vi) risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);
(vii) responding to enquiries and complaints regarding our services;
(viii) obtaining advice from consultants and other professional advisers; and
(ix) responding to subpoenas and other legal orders and obligations.

9.5 Disclosure to other contractors and other service providers

(a) WorkSec may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.

(b) Personal information may also be shared between related and affiliated companies of WorkSec, located in Australia or overseas.

(c) Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

9.6 Other uses and disclosures

(a) WorkSec may de-identify and use your personal information, including sensitive information, for secondary purposes including training, education, research and sharing with government departments to uplift national security posture.

(b) We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.

10 How long does WorkSec retain your personal information for?

10.1 For clients

WorkSec retains personal information related to Contracts and commercial negotiations, financial, security and incident data for a period of seven (7) years from the date of termination or cessation of the agreement.

10.2 For customers and participants

WorkSec retains financial, security and incident data for a period of seven (7) years.

10.3 For security clearance applicants

(a) To fulfill our governance requirements set forth by the Australian Government Security Vetting Agency (AGSVA) and the Protective Security Policy Framework (PSPF), WorkSec retains personal data related to security clearance sponsorship for a period of seven (7) years following the cessation of clearance sponsorship. This includes, but is not limited to, personal identification details, background checks, vetting outcomes, and any other information collected as part of the security clearance and vetting process.

(b) The purpose of retaining this information for the specified period is to:

(i) Comply with our legal and regulatory obligations under the AGSVA guidelines and the PSPF.
(ii) Facilitate the re-evaluation of security clearances should it be necessary within the retention period.
(iii) Ensure that WorkSec can adequately respond to and support any future governance, compliance audits, or inquiries related to the security clearances we sponsor.

(c) Upon reaching the end of the retention period, WorkSec will securely dispose of the personal, ensuring that it cannot be reconstructed or retrieved. We will undertake this process in a manner that respects your privacy and complies with applicable Australian data protection and privacy laws.

 

11 How can you access or seek correction of your personal information?

(a) You are entitled to access your personal information held by WorkSec on request. To request access to your personal information please contact our privacy officer using the contact details set out below.

(b) You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.

(c) We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

(d) However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

(e) We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

 

12 What should you do if you have a complaint about the handling of your personal information?

(a) You may contact WorkSec at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

(b) You may make a complaint about privacy to the privacy officer at the contact details set out below.

(c) The privacy officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

(d) If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

(e) In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

(f) If you are not satisfied with our response to your complaint, or you consider that WorkSec may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website (www.oaic.gov.au).

 

13 How are changes made to this Privacy Policy?

WorkSec may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website (https://worksec.au/) regularly to keep up to date with any changes.

 

14 How can you contact WorkSec?

The contact details for WorkSec are:

WorkSec privacy officer: Stuart Rainsford
81-83 Campbell St, Surry Hills, New South Wales, 2010
[email protected]

This Privacy Policy was last updated on 01 Sep 2023