Privacy Policy

In this Privacy Policy, 'VETTING.com', 'we' or 'us' means VETTING.com Pty Limited and VETTING.com (NZ) Limited.

This Privacy Policy explains how VETTING.com handles personal information, including how we collect, use and disclose personal information.

VETTING.com is committed to complying with:

the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Australian Privacy Act); and
the information privacy principles (IPPs) set out in the Privacy Act 2020 (New Zealand) (New Zealand Privacy Act),

(together the Privacy Laws).

We are committed to being open and transparent about our personal information handling practices. In Australia, VETTING.com has opted-in to be bound by the APPs, as can be confirmed on the website of the Office of the Australian Information Commissioner (OAIC). We respect the confidentiality of the personal information that we hold and take steps to safeguard that information.

The personal information we collect (and why)

VETTING.com needs to collect personal information (meaning personal information as defined in the Privacy Act) to provide our services (PT Services) including conducting employment screening and providing probity information related to applicants (Applicants) who are seeking:

employment;
Australian citizenship; and/or
appointments to positions of trust.

'Personal information', in Australia, has the meaning set out in the Australian Privacy Act and, in New Zealand, has the meaning set out in the New Zealand Privacy Act.

National Police Checking Service information

VETTING.com is classified as an Accredited Body by the Australian Criminal Intelligence Commission (ACIC) meaning it has been authorised to use ACIC's National Police Checking Service (NPC Service) to help individuals apply for, and submit, a Nationally Coordinated Criminal History Check (NCCHC).

Accredited Bodies may use the National Police Checking Service to request National Coordinated Criminal History Checks for:

their own employees;
any individual; and/or
another organisation (known as a Legal Entity Customer or Related Government Entity).

As an Accredited Body, VETTING.com may submit National Police Checks on behalf of individual Applicants or our clients (Clients) either directly or via another Legal Entity Customer of the NPC Service.

A NCCHC is a name-based search against ACIC's database to identify any potential criminal conviction information or police information relevant to an Applicant's application.

Personal information that may be collected using the ACIC NPC Service includes police interaction and conviction information about an individual that has been determined releasable by Australia's police agencies.

New Zealand Ministry of Justice Criminal Conviction History Checks and Police Vetting Checks

VETTING.com has been approved by the New Zealand Ministry of Justice to request criminal conviction history checks in relation to individuals who have authorised the release of their history to VETTING.com (NZ CCH Check). A NZ CCH Check is a name-based search against the Ministry of Justice's databases to identify any potential criminal conviction history relevant to an Applicant.

VETTING.com is also authorised by the New Zealand Police to request New Zealand Police Vetting Services (NZ Vetting Check) on behalf of approved agencies. The New Zealand Police Vetting Service provides conviction history reports and other relevant non-convicted information on potential and current employees, volunteers and vocational trainees. Vetting is provided for approved agencies who are responsible for care, protection, or education of vulnerable individuals such as children, the elderly or disabled; government agencies, agencies involved in law enforcement, national security or those who have a legislative obligation to obtain police vetting.

Personal information that may be collected during such checks includes police interaction and conviction information or other police information.

Other PT Service information

VETTING.com also offers scored negative consumer bureau credit checks in Australia and New Zealand and may from time to time offer other checks as part of our PT Services (including for example, credit checks bankruptcy checks, court searches, directorship and shareholding checks and disqualified director checks).

We need to collect personal information to effectively run our business and to provide our PT Services, including verifying the identity of Applicants. In particular, we may collect and hold the following personal information in relation to Applicants:

contact details (including, but not limited to, full name and address);
address history;
identification information (including date of birth and passport information);
biometric information (including facial biometric data from photographs);
digital identification information (including IP address and browser data);
information relating to criminal convictions; and/or
information relating to firearm and vehicle registration; and/or
credit information (including reports on your credit-worthiness and debt repayment history).

To provide our PT Services in relation to verifying the identity of Applicants we use a third party platform to connect to:

the Australian Government's Document Verification Service (DVS) to check the identity information on Australian Government issued identity documents; and
the New Zealand Department of Internal Affairs' Identity Verification Service (IVS).

The information returned from the DVS, IVS or issuing authority may include additional personal and sensitive information (unsolicited information). This and any other unsolicited personal information will not be recorded other than in the form it was received and will be deleted as soon as practical. This includes Australian Driving Licence card numbers that are used for the identity matching request only and is deleted from our systems once verification is complete.

The DVS only allows access to their services from within Australia except where an application for an exemption is made. These applications are made and approved by the DVS on a case-by-case basis.

Correction of personal information may not be possible once check is completed as this information has been used to verify your identity. During the check you will be presented with the opportunity to correct any data our system has not properly recorded from your identity document. If the incorrect data is sent to the DVS or other issuing authority then the check may not complete, and the verification may be invalid (or not complete) and need to be resubmitted.

Website

Our website explains how we handle personal information collected via this website including our Cookies Policy.

How we collect personal information

Where it is practicable to do so, we collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party such as our Clients who are seeking our PT Services in response to an application by the Applicant, or from another third party. We may also collect personal information indirectly, for example, where it is included in a communication with us.

Some examples of how we collect personal information include:

directly from individuals during telephone calls or meetings;
through other forms of communication such as when individuals email us;
through our website; and
when we are permitted or required to collect personal information by or under law.

To provide our PT Services, we collect personal information directly from individuals via a web-based portal for our Clients to input data and upload documents, including identity documents and photographs, provided via a face-to-face interview with Applicants.

We take steps to ensure that individuals, including Applicants, provide their informed consent for the handling of their personal information by us.

In relation to the credit information we collect, we collect this on behalf of our Clients directly from you and from third parties (including referees and specialist credit reporting bodies) who have been authorised to provide us with this information. Credit Reporting Bodies may hold and use any credit information we provide to them in conjunction with credit information they have obtained about you from other sources, in order to provide a credit report or credit score for our Clients.

Storage and security of personal information

We take the security of the personal information we hold seriously and take measures to ensure its protection. All VETTING.com staff handle personal information sensitively and in accordance with the Privacy Laws.

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.

Retention

If we no longer need the personal information that we hold physical copies of we take reasonable steps to destroy or de-identify that information, in accordance with the Privacy Laws. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely for IT back up and electronic audit trail purposes.

In relation to personal information stored for the purposes of conducting National Police Checks, to meet our obligations as an Accredited Body with the ACIC we will retain the application information of an Applicant and any identity documents remotely presented by the Applicant for a minimum period of twelve (12) months after the application to use our PT Services was submitted.

In relation to personal information stored for the purposes of conducting NZ Police Checks (including NZ CCH Checks and NZ Vetting Checks), to meet our obligations to the NZ MOJ, the NZ Police or any other relevant Government Agency, we may retain application information of an Applicant and any identity documents presented by the Applicant for a period after the application to use our PT Services was submitted. We will store such information for as long as we are legally obliged to, under any agreements we have entered into with NZ MOJ or the NZ Police or under any applicable laws.

How we use personal information and for what purposes

We use the personal information that we collect in order to provide our PT Services, such as conducting National Police Checks, NZ CCH Checks, NZ Vetting Checks and/or scored negative consumer bureau checks on behalf of Applicants and/or Clients and checking the identity information on Applicant identity documents, including (in relation to Australia) via the DVS.

Where necessary, we may use personal information to comply with applicable laws (e.g. to meet obligations we may have under legislation).

We use the personal information that we hold for audit and quality assurance purposes to ensure that access to the personal information we hold is monitored, recorded and auditable.

We also use the personal information that we hold to develop and train staff on system improvements and enhancements.

Access to, and use of, personal information held by us in relation to Applicants is consistent with the Privacy Laws (including the APPs and the Australian Government's Protective Security Policy Framework in relation to Australia and the IPPs and any applicable privacy codes of practice in relation to New Zealand). In order to use an Applicant's personal information for the purposes of providing our PT Services, we take steps to ensure that the Applicant has provided informed consent for the handling of their information by us.

We only use personal information in accordance with Privacy Laws and are committed to maintaining confidentiality.

Disclosure of personal information

As part of providing our PT Services we may disclose the personal information that we collect:

to the ACIC NPC Service to submit NCCHCs;
to another ACIC Accredited Body that is a Customer;
via the DVS to check identity information on identity documents;
to the New Zealand Ministry of Justice to submit NZ CCH Checks;
to the New Zealand Police to submit NZ Vetting Checks; and/or
to our Clients using our PT Services on behalf of Applicants.

We may also disclose personal information to the New Zealand Ministry of Justice, New Zealand Police, other government agencies or other third party agencies, where required by the terms of our agreements with such agencies.

In order to conduct our business and provide our PT Services, we may disclose personal information where permitted under the Privacy Laws, including:

where the individual to whom the information relates agrees to the disclosure by providing their informed consent;
where the disclosure is for the primary purpose that the personal information was collected;
in circumstances where the individual about whom the personal information relates would reasonably expect this disclosure to occur; and/or
where required to do so by law.

We may disclose your personal information where allowed to VETTING.com entities overseas (including without limitation transfers of personal information between VETTING.com Pty Limited and VETTING.com (NZ) Limited) (Vetting.com Entities). VETTING.com Entities will have safeguards in place for your personal information which are comparable those required under the Privacy Laws.

Incident Reporting and Potential Data Breaches

If you suspect that your data has been breached as a result of our processing, or that of one of our subprocessors, then please send an email to security@vetting.com with details of the incident, including:

The date and time it occurred
What you were doing when it happened
Details of any suspicious content (e.g hyperlinks)
Details of suspicious contacts (i.e names, email addresses)
Anything else you think is relevant to help investigate

We will then complete an investigation within 48 hours and provide an appropriate response, with any discoveries or mitigations put in place. We will comply with our obligations under the Privacy Laws in relation to notifiable privacy breaches.

If you have any questions, comments or concerns or would like to make a complaint, please contact us at:

General
Privacy Officer: GDPR@vetting.com
Sales: sales@vetting.com
Support: support@vetting.com
Phone: +61 2 9999 5100

Australia
VETTING.com Pty Limited ABN 87 625 505 268
41/12-14 Waratah Street, Mona Vale, 2103, Sydney, Australia

New Zealand
VETTING.com (NZ) Limited (New Zealand company number 8667709)
Level 5, 79 Queen Street, Auckland, 1010, New Zealand

Date of Last Review: 11 April 2024