Privacy Policy

This Privacy Policy explains how Vetting.com Pty Ltd (Vetting.com) handles personal information, including how we collect, use and disclose personal information. 'We' or 'us' means Vetting.com.

Vetting.com is committed to complying with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) and to being open and transparent about our personal information handling practices. Vetting.com has opted-in to be bound by the APPs, as can be confirmed on the website of the Office of the Australian Information Commissioner (OAIC). We respect the confidentiality of the personal information that we hold and take steps to safeguard that information.

The personal information we collect (and why)

Vetting.com needs to collect personal information (meaning personal information as defined in the Privacy Act) to provide our services (PT Services) including conducting employment screening and providing probity information related to applicants (Applicants) who are seeking:

National Police Checking Service information

Vetting.com is classified as an Accredited Body by the Australian Criminal Intelligence Commission (ACIC) meaning it has been authorised to use ACIC's National Police Checking Service (NPC Service) to help individuals apply for, and submit, a Nationally coordinated criminal history check (National Police Check).

Accredited Bodies may use the NPC Service to request National Police Checks for:

As an Accredited Body, Vetting.com may submit National Police Checks on behalf of individual Applicants or our clients (Clients) either directly or via another Legal Entity Customer of the NPC Service.

A National Police Check is a name-based search against ACIC's database to identify any potential criminal conviction information or police information relevant to an Applicant's application.

Personal information that may be collected using the ACIC NPC Service includes police interaction and conviction information about an individual that has been determined releasable by Australia's police agencies.

Other PT Service information

We also need to collect personal information to effectively run our business and to provide our PT Services, including verifying the identity of Applicants. In particular, we may collect and hold the following personal information in relation to Applicants:

To provide our PT Services in relation to verifying the identity of Applicants, we use the Australian Government's Document Verification Service (DVS) to check the identity information on Australian Government issued identity documents and we collect the results provided by the DVS.

Website

Our website explains how we handle personal information collected via this website including our Cookies Policy.

How we collect personal information

Where it is practicable to do so, we collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party such as our Clients who are seeking our PT Services in response to an application by the Applicant, or from another ACIC Accredited Body that is a Legal Entity Customer. We may also collect personal information indirectly, for example, where it is included in a communication with us.

Some examples of how we collect personal information include:

To provide our PT Services, we collect personal information directly from individuals via a web- based portal for our Clients to input data and upload documents, including identity documents and photographs, provided via a face-to-face interview with Applicants.

We take steps to ensure that individuals, including Applicants, provide their informed consent for the handling of their personal information by us.

Storage and security of personal information

We take the security of the personal information we hold seriously and take measures to ensure its protection. All Vetting.com staff handle personal information sensitively and in accordance with the APPs.

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.

Retention

If we no longer need the personal information that we hold physical copies of we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely for IT back up and electronic audit trail purposes.

In relation to personal information stored for the purposes of conducting National Police Checks, to meet our obligations as an Accredited Body with the ACIC we will retain the application information of an Applicant and any identity documents remotely presented by the Applicant for a minimum period of twelve (12) months after the application to use our PT Services was submitted.

How we use personal information and for what purposes

We use the personal information that we collect in order to provide our PT Services, such as conducting National Police Checks on behalf of Applicants and/or Clients and checking the identity information on Applicant identity documents, including via the DVS.

Where necessary, we may use personal information to comply with applicable laws (e.g. to meet obligations we may have under legislation).

We use the personal information that we hold for audit and quality assurance purposes to ensure that access to the personal information we hold is monitored, recorded and auditable. We also use the personal information that we hold to develop and train staff on system improvements and enhancements.

Access to, and use of, personal information held by us in relation to Applicants is consistent with the APPs and the Australian Government's Protective Security Policy Framework. In order to use an Applicant's personal information for the purposes of providing our PT Services, we take steps to ensure that the Applicant has provided informed consent for the handling of their information by us.

We only use personal information in accordance with APPs and are committed to maintaining confidentiality.

Disclosure of personal information

As part of providing our PT Services we may disclose the personal information that we collect:

In order to conduct our business and provide our PT Services, we may disclose personal information where permitted under the APPs, including:

We do not disclose personal information overseas.

Incident Reporting and Potential Data Breaches

If you suspect that your data has been breached as a result of our processing, or that of one of our subprocessors, then please send an email to security@vetting.com with details of the incident, including:

We will then complete an investigation within 48 hours and provide an appropriate response, with any discoveries or mitigations put in place.