Privacy Policy

National Police Checking Service information

Vetting.com is classified as an Accredited Body by the Australian Criminal Intelligence Commission (ACIC) meaning it has been authorised to use ACIC's National Police Checking Service (NPC Service) to help individuals apply for, and submit, a Nationally coordinated criminal history check (National Police Check).

Accredited Bodies may use the NPC Service to request National Police Checks for:

• their own employees;
• any individual; and/or
• another organisation (known as a Legal Entity Customer or Related Government Entity).

As an Accredited Body, Vetting.com may submit National Police Checks on behalf of individual Applicants or our clients (Clients) either directly or via another Legal Entity Customer of the NPC Service.

A National Police Check is a name-based search against ACIC's database to identify any potential criminal conviction information or police information relevant to an Applicant's application.

Personal information that may be collected using the ACIC NPC Service includes police interaction and conviction information about an individual that has been determined releasable by Australia's police agencies.

Other PT Service information

We also need to collect personal information to effectively run our business and to provide our PT Services, including verifying the identity of Applicants. In particular, we may collect and hold the following personal information in relation to Applicants:

• contact details (including, but not limited to, full name and address);
• address history;
• identification information (including date of birth and passport information);
• biometric information (including facial biometric data from photographs);
• information relating to criminal convictions; and/or
• information relating to firearm and vehicle registration.

To provide our PT Services in relation to verifying the identity of Applicants, we use the Australian Government's Document Verification Service (DVS) to check the identity information on Australian Government issued identity documents and we collect the results provided by the DVS.

Website

Our website explains how we handle personal information collected via this website including our Cookies Policy.

How we collect personal information

Where it is practicable to do so, we collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party such as our Clients who are seeking our PT Services in response to an application by the Applicant, or from another ACIC Accredited Body that is a Legal Entity Customer. We may also collect personal information indirectly, for example, where it is included in a communication with us.

Some examples of how we collect personal information include:

• directly from individuals during telephone calls or meetings;
• through other forms of communication such as when individuals email us;
• through our website; and
• when we are permitted or required to collect personal information by or under law.

To provide our PT Services, we collect personal information directly from individuals via a web- based portal for our Clients to input data and upload documents, including identity documents and photographs, provided via a face-to-face interview with Applicants.

We take steps to ensure that individuals, including Applicants, provide their informed consent for the handling of their personal information by us.

Storage and security of personal information

We take the security of the personal information we hold seriously and take measures to ensure its protection. All Vetting.com staff handle personal information sensitively and in accordance with the APPs.

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.

Retention

If we no longer need the personal information that we hold physical copies of we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely for IT back up and electronic audit trail purposes.

In relation to personal information stored for the purposes of conducting National Police Checks, to meet our obligations as an Accredited Body with the ACIC we will retain the application information of an Applicant and any identity documents remotely presented by the Applicant for a minimum period of twelve (12) months after the application to use our PT Services was submitted.

How we use personal information and for what purposes

We use the personal information that we collect in order to provide our PT Services, such as conducting National Police Checks on behalf of Applicants and/or Clients and checking the identity information on Applicant identity documents, including via the DVS.

Where necessary, we may use personal information to comply with applicable laws (e.g. to meet obligations we may have under legislation).

We use the personal information that we hold for audit and quality assurance purposes to ensure that access to the personal information we hold is monitored, recorded and auditable. We also use the personal information that we hold to develop and train staff on system improvements and enhancements.

Access to, and use of, personal information held by us in relation to Applicants is consistent with the APPs and the Australian Government's Protective Security Policy Framework. In order to use an Applicant's personal information for the purposes of providing our PT Services, we take steps to ensure that the Applicant has provided informed consent for the handling of their information by us.

We only use personal information in accordance with APPs and are committed to maintaining confidentiality.

Disclosure of personal information

As part of providing our PT Services we may disclose the personal information that we collect:

• to the ACIC NPC Service to submit National Police Checks;
• to another ACIC Accredited Body that is a Legal Customer Entity;
• via the DVS to check identity information on identity documents; and/or
• to our Clients using our PT Services on behalf of Applicants.

In order to conduct our business and provide our PT Services, we may disclose personal information where permitted under the APPs, including:

• where the individual to whom the information relates agrees to the disclosure by providing their informed consent;
• where the disclosure is for the primary purpose that the personal information was collected;
• in circumstances where the individual about whom the personal information relates would reasonably expect this disclosure to occur; and/or
• where required to do so by law.

We do not disclose personal information overseas.

Incident Reporting and Potential Data Breaches

If you suspect that your data has been breached as a result of our processing, or that of one of our subprocessors, then please send an email to security@vetting.com with details of the incident, including:

• The date and time it occurred
• What you were doing when it happened
• Details of any suspicious content (e.g hyperlinks)
• Details of suspicious contacts (i.e names, email addresses)
• Anything else you think is relevant to help investigate

We will then complete an investigation within 48 hours and provide an appropriate response, with any discoveries or mitigations put in place.