Privacy and data collection policy

In Australia, the National Privacy Principles were established by the Privacy Act of 1988 and subsequent amendments and apply to all companies such as MPI Recruitment.

This policy describes how MPI protects the privacy of your personal information, as well as your rights in relation to our use of that information.

Most of the personal information retained by MPI is gathered from Australian residents and as such, the policy is, in the main, written to comply with the principles in the Australian Privacy Act.

Non-Australian residents who share their personal information with us may have more or less protection available to them, under data protection and privacy laws applicable in their country of residence.

This privacy policy applies to SSTAR HR International Pty Ltd trading as MPI Recruitment,  miningpeople.com.au and Minedex Pty Ltd minedex.com.au, a wholly owned subsidiary of MPI.

What is your personal information

This is any information that can be used to individually identify a person and may include, but is not limited to, name, email address, postal or other physical address, title and other personally identifiable information such as work experience and qualifications.

Sensitive information

Some of the personal information we retain may be sensitive and may include, but not be limited to:

• Information or an opinion about your work performance (whether true or not)
• Medical history or condition
• Aptitude test results
• Trade or professional memberships
• Criminal record
• Financial information For example, bank account details and tax file numbers.

In most cases, sensitive information can only be collected with your consent but we will only collect information that is necessary for the performance of services.

Under no circumstances do we collect or use personal information for the purposes of unlawful discrimination.

Passive information collection

If you simply browse our website, but don’t register for services or apply for a job, we do not collect information that identifies you personally, though we may collect information related to your visit to our website. This might include things like:

• The IP address of your device
• The browser you used
• The pages where you entered and exited our site.

This information is transmitted to us so we can determine how users are interacting with our services, to assist us with improving our services and to correct any problems that may occur.

Your choice

You can choose whether to provide personal data to MPI but note that you may be unable to access certain options, offers and services if they require personal data that you have not provided.

If you register as a jobseeker or apply for a job, we assume you have given us consent to send you information containing job alerts or information about getting a job.

If at any time you would like to discontinue receiving these communications, you can update your preferences by using the ’Unsubscribe’ link found in all such emails or by contacting us using the ‘Contact Us’ section of our website.

You can also adjust the types of communications you receive by logging in using your personal profile and adjusting your preferences.

How will we collect your personal information?

Your personal information can be collected in several different ways including:

• When you send an application to us via e-mail, online or post
• During the interview at our office or via phone
• When we conduct reference and/or police checks
• Via conversations – verbal and electronic
• When we receive results of medical tests
• When you submit an application form or your resume through a third-party website
• If we receive a complaint from or about you
• When we receive reports about your work performance and/or work place incidents which may then lead us to receive information about insurance investigations and disciplinary, legal or criminal matters
• When we receive reports about background checks and various other assessments and inductions conducted in the workplace
• Other information provided to us by you or your employer to assist us deliver our career guidance and outplacement services.

We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way. Sometimes the technology that is used to support communications between us will also provide us with personal information.

Why do we collect your personal information?

We collect and retain personal information about you, only where it is reasonably necessary and to:

• Assess your suitability for placement into positions
• Provide you with other career related services
• Keep records of you work performance and training so as to improve our ability to more efficiently assess you against future job prospects
• Support investigations into workplace incidents
• Assist MPI comply with statutory obligations including, but not only, payments of taxes, charges and superannuation as well as reporting of safety statistics
• Enable marketing and to let you know about products and services you may be interested in
• Carry out any administrative tasks relating to our business.

We only collect personal information that is relevant to the purpose for which it is to be used.

Sharing your personal data/use and disclosure of personal information

We do not sell your data to third parties unless you grant us permission.

The main reasons we may disclose your private information is to assist in the provision of all of the job placement and career related services as described above.

We will also share data within MPI and its affiliated companies, as well as third party service providers for purposes of data processing or storage.

We also share personal data with business partners, service vendors and/or authorized third-party agents or contractors so as to provide requested services or transactions including processing orders, credit card transactions, hosting websites and providing customer support.

We may also respond to subpoenas, court orders, or similar legal processes by disclosing your personal data and other related information, if necessary.

We may collect and share personal data to assist investigating or prevent illegal activities, for example, but not only, fraud.

While using our services, if you are redirected to a third-party who collects information on behalf of MPI, MPI’s privacy policy will govern how your information is used by those parties.

If you are redirected to non MPI sites or services, you should review that third-party service providers privacy policy prior to use.

If we were to sell part or all of the MPI business or its assets, user information may be one of the assets transferred or acquired.

Any acquirer of our assets may continue to use your data according to the terms of this policy.

Transfer and storage

We deliver our services from Australia, however some of the data we hold may be hosted by third party service providers outside of Australia.

We aren’t able to guarantee that any overseas recipient of your personal information will protect it to the standard to which it would be protected in Australia.

By using our services and providing us your data, you consent to the transfer and storage of your data in locations and with service providers that we deem secure.

While enforcing privacy rights in foreign jurisdictions is highly impractical, we generally only use service providers outside of Australia for database hosting and marketing list management.

We also take steps to ensure the service providers we select are secure and highly reputable.

Security of your personal information

MPI is committed to protecting the personal data you share with us. We take all reasonable steps to ensure it is protected against misuse, interference and loss and from unauthorised access, modification or disclosure.

We may hold it in both hard copy and electronic formats. Some may be held on portable devices such as mobile phones, laptop computers or in diaries operated and held by our staff members. Some may be held on devices owned by clients of MPI for purposes associated with managing your placement.

How to access and control your personal data

We want you to be in control of your personal data and under the Privacy Act, you have certain rights that allow for this. Under certain conditions you may:

• Gain access to your personal data
• Seek correction of it
• Order us to delete it.

If you would like to access or ask us to correct or delete the personal information MPI holds, or in fact, if you would like to know anything more about our approach to privacy, please contact us here.

To obtain access to your personal information, you will need to prove to us who you are. We would also ask that you be as specific as possible about the information you require. MPI will endeavour to respond to your request within 30 days of your request.

Inquiries and Complaints

If you have concerns regarding a breach of privacy, or would like further information, please contact us here.

You are also free to lodge a complaint with the Office of the Australian Information Commissioner.

Data breach response policy

In Australia, data breaches of personal information are regulated by the Privacy Amendment (Notifiable Data Breaches) Act 2017 and came into effect on 22nd February, 2018.

Most of the personal information retained by MPI Recruitment, is gathered from Australian residents and the policy is, in the main, written to comply with the principles in the Australian Privacy Act.

Non-Australian residents who share their personal information with us may have more or less protections available to them, under data protection and privacy laws applicable in their country of residence.

What is a data breach?

A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure, or other misuse.

What is unauthorised access?

Unauthorised access of personal information occurs when personal information is accessed by somebody who is not permitted to have access to it. This could include an employee or contractor towhom we have not given permission to access.

What is unauthorised disclosure?

Unauthorised disclosure of personal information occurs when confidential information is disclosed to outside parties in a way that is not permitted under the Privacy Act.

What is loss of information?

Loss of personal information refers to the accidental or inadvertent loss, in circumstances which are likely to result in unauthorised access or disclosure. For instance, an employee leaves personal information on public transport.

It could also include the on-line theft of personal information.

To whom do we report data breaches?

We are required to report to the Office of the Australian Information Commissioner (OAIC) any data breach that, in the opinion of a reasonable person, is likely to result in serious harm.

How do we assess the seriousness of a data breach?

In assessing whether the data breach is likely to result in serious harm, we shall consider the following information:

• The kind of information breached
• The sensitivity of the information breached
• Whether the information is protected by one or more security measures
• The persons or kinds of persons who obtained, or could obtain, the information
• If a security technology or methodology was in place, was the technology or methodology designed to make the information unintelligible or meaningless to persons who are not authorised to access the information
• The nature of the harm and
• Any other relevant matters.

What do we advise if we suspect a data breach has or may have occurred?

• Any staff member who knows, or has a reasonable suspicion that a data breach has occurred must report that immediately to their Business Unit Manager
• The Business Unit Manager will investigate the seriousness of the breach and if the breach is serious, report it to the Managing Director (MD) immediately
• The MD will determine whether the data breach or suspected data breach is an ‘eligible data breach’ that requires notification to the Office of the Australian Information Commissioner (OAIC). In making this determination, the MD will consider:
  - Are multiple individuals affected by the breach or suspected breach?
  - May there be a real risk of serious harm to the affected individuals?
  - Does the breach indicate a systemic problem?
  - Could the breach attract stakeholder attention?

How do we respond to a data breach?

The Business Unit Manager, in conjunction with the MD, will take urgent action to contain the breach as far as possible

• We will conduct an initial investigation and promptly collect information about the breach including:
  - The date, time, duration and location of the breach
  - The type of information involved
  - How the breach was discovered
  - The cause and extent
  - A list of the affected individuals or possibly affected individuals
  - The risk of serious or other harms
• The Business Unit Manager and MD will determine whether to notify affected individuals. A notification to the individuals affected and the OAIC should include the following information:
  - The identity and contact details of the organisation
  - A description of the breach
  - The kinds of information concerned and
  - Recommendations to the individuals, about steps they should take in response to the breach
• The Business Unit Manager and MD will consider whether security needs be updated, adjust policies and procedures and revise staff training if necessary.

Inquiries and Complaints

If you have concerns regarding a breach of privacy or would like further information please contact us here.

You are also free to lodge a complaint with the Office of the Australian Information Commissioner.