We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This condensed policy applies to information collected by Alecto Consulting Pty Ltd.
We only collect information that is reasonably necessary for the proper performance of our activities or functions.
We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
By following the links in this document, you will be able to find out how we manage your personal information as an APP Entity under the Australian Privacy Principles.
You will also be able to find out about the information flows associated with that information.
If you have any questions, please contact us.
Alecto manages personal information, as an APP Entity, under the Australian Privacy Principles.
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
If you wish to know whether this applies to you, please contact us.
When we collect your personal information:
- we check that it is reasonably necessary for our functions or activities as an employment agency and consulting firm
- we check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;
- we record and hold your information in our Information Record System. Some information may be disclosed to overseas recipients.
- we retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again – especially if some time has passed since we last checked.
- subject to some exceptions, we permit you to access your personal information in accordance with APP:12 of the (APPs).
- we correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs).
- we destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.
2.Kinds of information that we collect and hold
Personal information that we collect and hold is information that is reasonably necessary for the proper
performance of our functions and activities as an employment agency and consulting firm and is likely to differ depending on whether you are:
- a Workseeker;
- a Client;
- a Referee.
The type of information that we typically collect and hold about Workseekers is information that is necessary to assess amenability to work offers and work availability; suitability for placements; to assist you in emigrating to Australia and qualifying to work as a doctor here; or to manage the performance in work obtained through us and includes, but is not limited to:
- A current and up-to-date curriculum vitae
- Proof of qualifications
- Application forms to various bodies and agencies (eg., AMC, AHPRA, RACGP, Medicare)
- Visa information
- Passport information
- Reference checks (collected via third parties, nominated by you)
- Signed contracts or letters of offer
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
- Business names and contacts of employees or business owners who are direct contact points
- We collect information such as names, job titles and contact numbers for clients, as well as noting if and when they leave a company
- We do not solicit personal information, or keep personal information
- We do, however, keep all phone numbers and email addresses provided to us unless and until instructed to remove them from our database
- When staff leave a client company, we hide but do not delete, the business information we had for them (name, role, contact number, email address, etc)
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Workseekers for particular jobs or particular types of work and includes:
- Your name, contact details, and your relationship to the workseeker
- The substance of what you said as part of providing a reference, generally in the form of notes on the reference conversation you had with our consultants
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
- a Workseeker;
- a Client;
- a Referee.
The following sections are also relevant to our use and disclosure of your personal information:
- Our Policy on Direct Marketing
- Overseas Disclosures
Information that we collect, hold, use and disclose about Workseekers is typically used for:
- work placement operations;
- recruitment functions;
- statistical purposes and statutory compliance requirements;
- communication with various bodies, including Medicare, AHPRA, AMC, and the RACGP, on behalf of workseekers (after a contract is agreed);
- assisting clients in sponsoring workseekers for visas (after successful placement);
- communicating with you, before, after and during the placement process;
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- client and business relationship management;
- recruitment functions;
- consulting functions;
- marketing our services to you;
- statistical purposes and statutory compliance requirements;
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- to confirm identity and authority to provide references;
- Workseeker suitability assessment;
- recruitment functions;
3.4.Our Policy on Direct Marketing
- Your personal information such as names and email addresses may be used for direct marketing
- We do not provide your information to any third parties for marketing purposes
- We do not obtain personal details from any third parties for marketing purposes
- You may opt out of marketing emails at any time by electing to unsubscribe
- We comply with anti-spam legislation, and you may opt to discontinue receiving marketing materials from us at any time
4.How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
- a Workseeker
- a Client
- a Referee
We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on Electronic Transactions.
See also the section on Photos & Images.
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.
Personal information is also collected when:
- You email us information or documents;
- We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites;
- We may also collect information from you from third parties to cross-check information provided by you
Personal information about you may be collected:
- when you provide it to us for business or business related social purposes;
- We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites.
Personal information about you may be collected when you provide it to us:
- in the course of our checking Workseeker references with you and when we are checking information that we obtain from you about Workseekers;
4.4.Photos & Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
We do collect scans of passports to provide them as required to government agencies in order that you may work as a doctor in Australia. Passports are held on our Information Record System until such time as you begin work, at which time they are deleted from our system as they are no longer required.
Depending on the nature of your job placement in Australia, we may also request a photo of you, which will be provided to third parties only with your specific and explicit permission.
4.5. Electronic Transactions
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- ask to be on an email list such as a job notification list;
- register as a site user to access facilities on our site such as a job notification board;
- make a written online enquiry or email us through our website;
- submit a resume by email or through our website;
- consent to having their information forwarded to us by EU Health Staff;
- submit a resume or job application to us via SEEK;
- submit a resume or job application to us via another job posting website;
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC’s resource on Internet Communications and other Technologies.
You can contact us by land line telephone or post if you have concerns about making contact via the Internet.
4.5.1.Privacy of Electronic Transactions and IT Systems
- Social networks and web searches: We run Google searches on all new candidates, and store images of the first two pages of Google on our VPS.
- Browsing: We collect anonymised data about your visit to our website. The information is neither personalised nor identifiable.
- Cookies: Cookies are text files which are stored locally on your computer, and are accessible by websites on the domain which first created them. They are not personally identifiable and are destroyed after 14 days.
- Emails: We save all emails to, from, and about you we send or receive on our email server. Any email from or to an email address we have saved to your database file will also be synced to the database.
- Calls and message logs: We do not record calls, however we do frequently log the time and substance of calls in our database.
- Teleconferences and videoconferences: We do not record tele- or videoconferences, however we do frequently log the time and substance of them in our database.
- Database: Our database is password-protected, and accessed and accessible only by Alecto employees, including one employee in the UK.
- Mobile Access: Our email systems are accessed and accessible by Alecto from laptops which are password protected, and from mobile phones which are also password protected. We may also access the database from our laptops in or out of the office.
5.How your personal information is held
Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
5.1.Our Information Record System
- Information is stored on our database, email systems, local hard-drives, and shared (staff access only) hard-drives;
- Some information, such as application forms or correspondence, may be held temporarily as a hard-copy, until it has been entered into our digital storage, at which point it will be shredded;
- Our email systems are accessible and accessed by staff mobile phones;
- The database, email system, and shared hard-drives are accessible and accessed by laptops, sometimes out of the office;
- Our database system and shared hard-drives, are hosted on their own server in Melbourne, and are restricted to password access;
We are committed to protecting your privacy, and for that reason have implemented a number of procedures to ensure it, including:
- Staff training: All staff are trained in the importance of respecting your privacy, including when to disclose information, how to password-protect devices, when to delete information, and so on.
- Just-in-time collection policies: We do not collect information until it becomes necessary to do so.
- Password protection: All devices, including laptops and mobile phones, which may access your data are password-protected.
- Policy on timely culling: We delete high priority personal information such as passport scans as soon as we no longer have a need for it.
- Culling procedures including shredding and secure disposal etc: All personally identifiable documents are disposed of via shredding when they are no longer necessary. We do not discard personally identifiable information except by shredding or otherwise destroying the document.
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.
We may disclose your personal information where we are under a legal duty to do so.
Disclosure will usually be:
- internally and to our related entities
- to our Clients
- to Referees for suitability and screening purposes.
6.1.Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
- Software solutions providers;
- I.T. contractors and database designers and Internet service suppliers;
- Legal and other professional advisors;
- Insurance brokers, loss assessors and underwriters;
- Superannuation fund managers;
- Background checking and screening agents;
- We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
Some of your personal information is likely to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
The likely countries, type of information disclosed and recipients are indicated, so far as is practicable, in the following table:
CountryType of InformationLikely RecipientsUnited KingdomInformation on individuals who first or previously contacted EU Health Staff – personal information held, and status of applications to government agenciesEU Health Staff[links to external website]United KingdomAll personal data held by usRaelene Stanley-Ware, a recruitment consultant employed by us and located in the UK
Alecto uses personal data of our clients, potential recruits, and other business contacts in various ways to develop and strengthen our client, employee and business relationships, provide information about our company, services and publications and communicate about and market our services. In general, Alecto’s consulting arm is a business-to-business service, and does not typically market to consumers or the general public (other than via our website). Rather, our marketing activities are targeted to relevant individuals we identify as decision makers at current or potential client companies.
We use personal, sensitive and special categories of information to provide agreed services to clients and to operate our business. We may also collect sensitive and special categories of personal information directly from clients to provide professional services. The types of special categories of personal and sensitive information that we may collect includes, but is not limited to, contact details, health information, demographic identifiers (i.e. sex, racial or ethnic origins), salary, political opinions, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health information, or criminal record (including information about suspected criminal activities). We may also collect personal information that is publicly available. We may also seek feedback on our services or for market or other research purposes.
We use personal data:
- To fulfil client requests for white papers, reports, or other professional content.
- For surveys or research questionnaires.
- For other purposes which we would describe to you at the point where it is collected or which will be obvious.
We take appropriate steps to maintain the security of personal data collected in the course of our consulting services via Alecto’s IT systems and internal policies as previously stated.
We may modify or amend this privacy statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page. We encourage you to periodically review this privacy statement to be informed about how we are protecting your information.
8.Access & Correction
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.
Important exceptions include:
- evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
For more information about access to your information see our Access Policy.
For more information about applying to correct your information see our Correction Policy.
If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator. You will need to be in a position to verify your identity.
- We endeavour to respond to access requests within 30 days
- We will require you to verify your identity before releasing your personal information to you
- In the event that we refuse access, we will inform you of why access is being refused
- We will then enter into a mediation process with you and attempt to reach a conclusion that is satisfying to all parties
- Please see our complaints section for more information about what to do if your are unsatisfied with the response to your request for access.
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading. We will require you to verify your identity when requesting we correct our data.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
We endeavour to respond to requests for correction within 30 days.
We may refuse to correct the information about you we hold if we are not satisfied the new information is correct, that it is legal for us to alter our records, or other reasons. In that case, we will inform you of the reason for refusal. We will then enter into a mediation process with you and attempt to reach a conclusion which is satisfying to all parties.
Please see below for our complaints process.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
For more information see our Complaints Procedure.
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are:
You can also make complaints to the Office of the Australian Information Commissioner.
Complaints may also be made to RCSA, the industry association of which we are a member.
RCSA administers a Code of Conduct for the professional and ethical conduct of its members.
The RCSA Code is supported by rules for the resolution of disputes involving members.
NOTE: The Association Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of the Associations members.
When we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
- We may ask for clarification of certain aspects of the complaint and for further detail;
- We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
- We will require a reasonable time (usually 30 days) to respond;
- If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
- If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response;
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.
Still have concerns about our commitment to your privacy?
We would be happy to answer your questions. Please contact us.