Effective as at 25 July 2022

About Simon 

Simon is a product, part of Qtiviti Consulting Group Pty Limited (ABN 82 614 348 748) (‘Qtiviti’, ‘we’, ‘us’, ‘our’). We provide a digital solution for the capture and delivery of information though tailored experiences on behalf of our Customers. Our Services include generating and delivering contracts including employment offers, capturing information through standard and customised forms and the delivery of information through various modules within our system. We also provide a range of other recruitment and/or HR consulting services (‘Services’). We are committed to our responsibilities under the Australian Privacy Principles - Privacy Act 1988 (Cth). This Privacy Policy explains how we manage and protect the privacy of your Personal Information.

Personal Information 

Personal information for the purposes of this policy means information we collect about you, from you or by somebody else about you. This includes, but is not limited to: 

a. Your name(s), address and contact number(s);
b. Details regarding your gender, date of birth and marital status;
c. Salary information (both historical and future);
d. Details about your superannuation fund;
e. Tax information;
f. Job qualifications, job history, occupation and profession;
g. Your computer (or device) IP address; and
h. Any other additional information relating to you that you provide to us directly or indirectly through the Services. 

Collecting personal information 

When you use our Services, we will collect your Personal Information directly from you. We may also collect your Personal Information from third parties such as your employer (including their employees, agents or representatives), or a service provider (our Customer) with whom you have engaged or provided your consent, during the creation and maintenance of your profile within our systems.

We will collect your Personal Information when: 

a. A profile is created for you or you are registered by our Customer to use the Services;
b. You use the Services as a registered user via your user profile;
c. You use the Services as an authorised representative of our Customer;
d. You contact us for support or if you have questions about the Services; and
e. You are informed by us that we will collect your Personal Information by any other means. 

If you do not want to provide your Personal Information to us, we may not be able to provide you with our Services.

Your personal information may be provided by others 

The nature of the Services means that there are circumstances where your Personal Information will be provided to us by our Customer. This may happen when our Customer is providing us with your Personal Information in order for us to fulfil the Services.

If you provide us with Personal Information about someone other than yourself, you must:

a. First ensure you are authorised by or on behalf of that person to do so;
b. Have the consent from the person that their Personal Information can be collected by us; and
c. We do not need to do anything further required by any applicable data protection or privacy legislation to collect, use and disclose such information for the purposes we describe in this policy. 

Essentially, you need to ensure that any person concerned is aware of and/or consents to their Personal Information being collected by us, the purposes for the collection and the intended recipients of that information, and a person’s right to access that information. You must also provide the person with information about us, including how they can contact us. 

Depending on the circumstances, we may ask you to assist us with any requests we receive to access and/or correct Personal Information you have collected from them and provided to us through the Services. 

Use and disclosure of personal information 

As stated earlier, we collect Personal Information so that we can provide the Services. In doing so, we may use (and if required, disclose) the Personal Information we have collected about you for the purposes of providing the Services including to: 

a. Verify the identity of a person;
b. Generate and deliver an employment offer;
c. Provide employment related services to our Customers including induction, changing roles (or your status of employment) or ending your employment;
d. Providing related disclosures (whether through your actual or implied consent) to your potential or actual employer. This may mean that we provide or disclose your Tax or Government identity numbers where and to the extent necessary for employment and/or tax purposes;
e. Conduct or facilitate others to conduct reference, background, police and/or other probity checks;
f. Support the identification, investigation and resolution of technical support or other issues relating to the Services and;
g. Comply with, or otherwise use the information as permitted by legislation and regulations in the applicable jurisdiction.

By using the Services, you consent to your Personal Information being collected, held and used in this way, and for any other use you may authorise. We will only use your Personal Information for the purposes described in this Policy or otherwise with your express permission.

We will only disclose the Personal Information you have provided to us to third parties if it is necessary and appropriate to facilitate the purpose for which your Personal Information was collected in accordance with this Policy, including the provision of our Services. 

We may also disclose your Personal Information if such disclosure is necessary to:

a. Comply with legal process (such as a court order) or other legal requirements of any government authority;
b. Protect our rights or property;
c. Enforce an applicable Services Agreement with our Customers;
d. Protect your interests as a user of the Services or that of any other person; and
e. Operate or conduct maintenance and repair of our Services or equipment, as authorised by law. 

Where possible and if it is appropriate, we will notify you if we have been required by law to disclose your Personal Information.

Aggregating non-personally identifiable data

We may gather, extract, analyse, use, reproduce, publish, display or disclose data from the Services in a manner that does not personally identify an individual. We use this information to provide, maintain or improve the Services and administer and operate the Services and our business, including, without limitation, analysing trends, tracking your movements around the Services, and gathering demographic information about users as a whole, and for other reporting, compliance and marketing purposes.

Security of personal information 

We are committed to protecting the security of your Personal Information and we make every reasonable effort to protect such Personal Information from unauthorised access, modification or disclosure.

When you use the Services, the connection between your internet browser and our servers are encrypted using HTTPS (and SSL certificates). 

You must however understand that because the internet is not itself a secure environment, we cannot give you an absolute guarantee that your Personal Information will be secure at all times. Any information you provide to us (and that we collect) over the internet is at your own risk. You need to ensure that you only enter (or consent to the entering of) your Personal Information within the Services in secure environment. 

You are responsible for ensuring your passwords for entering the Services are kept safe. You should notify us as soon as possible if you become aware of any misuse of your password.

Storage of personal information 

Your Personal Information collected by us is transferred to our servers. Our servers are hosted by Amazon Web Services (AWS) and are located in the Asia Pacific (Sydney, Australia) region. Your Personal Information will be routed through and stored on those servers as part of the Services.

By providing your Personal Information to us, you consent to us storing your Personal Information on servers hosted in Sydney, Australia. While your Personal Information will be stored on those servers located in that region, it will remain within our control at all times.

The role of AWS is limited to providing a hosting and storage service to us. We ensure that our server hosts do not have access to and use the necessary level of protection for, your Personal Information. 

We will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and in accordance with our internal record keeping policies.

Accessing personal information 

We acknowledge that you have the right to access your Personal Information. With respect to Personal Information provided by our Customer to us, we collect such information under the direction of that Customer and have no direct relationship with the users whose Personal Information we process.

If you are a user of our Customer and would no longer like to be serviced by our Customer, please contact our Customer directly. If you seek access or want to correct, amend, or delete inaccurate data, you must direct such request to our Customer (the data controller). If requested to remove data, we will respond within a reasonable timeframe. We may transfer Personal Information to companies that help us provide our Services. Transfers to subsequent third parties are covered by our service agreements with our Customer. 

We will retain Personal Information that we process on behalf of our Customer for as long as needed to provide the Services to our Customer. 

Use of cookies 

To provide you with the Services, we may utilise “cookies”. A cookie is a small text file that is stored on your computer and is used for record-keeping purposes. While a cookie does not identify you, or contains information about you, it does identify your computer (or the device you are using to access the Services). 

We, and some of our affiliates and third-party service providers, may use a combination of ‘persistent cookies’ (cookies that remain on your hard drive for an extended period of time) and ‘session ID cookies’ (cookies that expire when you close your browser) to, for example, track overall site usage, and track and report on your use and interaction with the Services. 

You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance. However, you should note that refusing cookies may have a negative impact on the functionality and usability of the Services. 

Information specific to European Economic Area ('EEA') users

Legal basis for controlling personal data 

If you are an individual in the European Economic Area (EEA), we process information about you only where we have a legal basis for doing so under applicable EU laws. This means we use your Personal Information on the following legal grounds:

Legitimate interests: Where we consider use of your Personal Information as necessary for our own, or our Customers legitimate purposes except where this interest is overridden by your own interests or fundamental rights. Or means our interest in conducting and managing our business, to enable us to give you the best experience when using the Services. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Consent: You have provided consent (either to us or our Customer) to our processing of your Personal Information specific to the delivery of the Services.

If you have consented to our processing of Personal Information about you, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are processing your Personal Information because we or our Customer (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

We acknowledge that you have the right to access, correct, amend, or delete your Personal Information. See Accessing Personal Information in this policy for details about how we do this.

Our role 

Our Customers engage us to provide Services specific to the collection and delivery of Personal Information on their behalf, from users with whom they have a relationship and consent to collect such information.

We collect and process Personal Information about you on behalf of our Customer. Typically this is your employer, or a service provider with whom you hold a relationship and have provided consent to collect your Personal Information. Our role is to provide a platform for the collection of your Personal Information on their behalf. 

Where you use our Services, or your Personal Information is processed using our Services, we will be the data processor of your information. We may collect, use, and share Personal Information that we obtain about you directly or indirectly in accordance with applicable data privacy laws.

International Transfer 

Where you use our Services from within the European Economic Area (‘EEA’) the Personal Information you provide us will be transferred to countries outside the EEA (specifically Australia) as outlined in Storage of Personal Information in this policy. Our Services are fulfilled using Australian based data centres. We take the necessary steps to ensure your privacy rights continue to be protected as outlined in this Privacy Policy.

Complaints and Enquiries 

Your information is processed by us. If you have questions or wish to lodge a complaint with us about any breach of our Privacy Policy and our obligations in protecting the privacy of your information please contact our Privacy Officer. You can also make additional enquiries about our Privacy Policy by contacting us.

Privacy Officer
Qtiviti Consulting Group Pty Limited
B5b/5 Grevillea Place
Brisbane Airport,
Queensland, 4008 Australia
or via email at privacy@qtiviti.com.au. 

Information according to Art. 27 EU GDPR

We are a company located outside of the European Union and outside the United Kingdom. In order to comply with Art. 27 GDPR (EU), PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG has been nominated as our representative in the European Union. In order to comply with Art. 27 GDPR (UK), PrighterUK-Rep by Prighter Ltd has been nominated as our representative in the United Kingdom. If you want to make use of your data privacy rights, please visit:  Our public Privacy dashboard.

Changes to our privacy policy 

We reserve the right to change this policy at any time, and any amended policy is effective as at its effective date (noted above). 

We will make every reasonable effort to communicate any significant changes to you via email or notification via the Services. Your continued use of the Services will be deemed an acceptance of any amended policy.