Global Privacy Policy
This policy applies to thethe White Bay group of companies, which is ultimately owned by White Bay Search Pty LTD ABN: 44 611 475 006 of 100 Harris Street, Sydney, Australia, NSW 2009
References in this policy to “we”, “us” or “our” are references to the White Bay Group.
What We Do
The White Bay Group provides:
recruitment consultancy services placing candidates on a permanent, contract and interim basis across a range of industries and geographies under the White Bay brands (“Recruitment Services”);
business process outsourcing services assisting companies with their permanent recruitment, temporary recruitment, supply chain and labour supply and screening (commonly known as “RPO”, “MSP” and “Service Procurement Desk Services” which for the purpose of this policy are collectively referred to as “Outsourced Services”);
other consultancy, technology and advisory services (“Consultancy Services”).
We operate through a global network of affiliated entities and utilise vendors where needed, to ensure we provide the best solutions to our clients across the countries where we perform services.
Unless we notify you otherwise, we operate as a data controller when processing your personal data for our Recruitment Services and Consultancy Services. If we share your personal data with our clients as part of our Recruitment Services or Consultancy Services, it is likely that our clients will process your personal data as a data controller. Our clients may request additional personal data from you as part of their hiring processes.
Unless we notify you otherwise, we are the data processor and our clients are the data controllers of your personal data processed by us for our Outsourced Services. Where we act as a data processor, the privacy policy of our client will apply. Unless we notify you otherwise, if a company within the White Bay Group engages you on a temporary assignment, the White Bay Group company who engages you will be the data controller of your personal data.
If you are uncertain about who the data controller of your personal data is, please contact us using our contact information set out in section 13 of this policy.
The purpose of this Global Privacy Policy (“policy”) is for us to inform you how we collect, use and disclose your personal data. It is important that you read this policy in conjunction with any notices or statements relating to data, data protection, fair processing and/or privacy that we may issue at the time of collecting your personal data where applicable in the jurisdiction. They are not intended to override the policy unless stated otherwise by us in such policy, notice or statement.
1. What personal data do we collect?
Personal data is any information relating to an identified or identifiable person.
We will only collect personal data that we are permitted to collect by law on a jurisdictional basis. We have set out below a non-exhaustive list of the types of personal data that we most commonly collect.
Type of Personal Data | Description of Personal Data |
Identity data |
|
| Your delivery address, email address and telephone numbers, emergency contact details and contact details history. |
Historical data |
|
| Your current remuneration, pension and benefits, what role you are looking for, what work-related areas interest you, third party references (if taken) and interview and assessment feedback created either ourselves or by our client following an interview or assessment. |
| A copy of your driving licence, passport, identity card or another form of identification and referee details. |
| Your bank sort code and account number and tax-related information and credit checks. |
| We may collect diversity data for governmental reporting purposes, which may include racial or ethnic origin, religious or other similar beliefs and physical or mental health, including disability-related information. |
Technical data |
|
Profile data |
|
Usage data |
|
| Your preferences in receiving marketing from our third parties and us and your communication preferences. |
| Your contact and identity information, immigration history (including residency, immigration status and travel history), character disclosures (including offences, disclosures and information relevant to meeting character requirements), health disclosures and information relevant to meeting health criteria. |
Video |
|
Sensitive or special category personal data - during the recruitment process or in the course of the services we operate, we may collect personal data that is considered sensitive or special category in certain countries. We may be required by local privacy laws to obtain your explicit consent to handle this type of personal data. You will be provided with a consent form if your express consent is required. Please contact us if you have not been provided with a consent form and you believe we hold your sensitive or special category personal data.
In respect of candidates and users of White Bay Group websites, we also handle the following types of data:
Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy; and
Anonymised Data, which is data created from your personal data where your identity has been removed and you cannot be traced to it.
The age at which an individual is regarded as a child differs per country. We do not typically collect personal data relating to individuals under 18.
2. How we collect personal data
We generally collect your personal data directly from you. For example, we collect your personal data when you:
deal with us in person, by telephone, letter, fax, email or via our websites;
register with us (e.g. at career fairs);
submit any other information to us, such as a CV;
complete psychometric assessments or other assessments;
subscribe to job alert emails;
subscribe to our publications;
attend an event we have organised;
enter a competition, promotion or survey; and/or
give us feedback.
We may also use the following third party channels to collect your personal data:
pre-employment screening and background checking organisations where permitted in the jurisdiction;
our clients and their third party suppliers;
governmental and regulatory bodies, such as tax and social security authorities;
third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain;
other recruitment agencies;
analytics providers, such as Google Analytics and various job boards; and
communication platforms, such as Adobe Marketo, Cison and PR.
We may also collect your personal data from publicly available sources where permitted in the jurisdiction, including:
your identity and historical data from social media sites, such as LinkedIn, Twitter and Facebook;
your identity and contact data from company and commercial registers or electoral registers; and
your identity, from qualification and membership lists of professional bodies.
We allow you to sign up or login to a White Bay Group account with a LinkedIn account (“Social Media Account”) so you can use our online services simply and easily without having to create a specific account with us. If you choose to use this feature, we will process your name and primary email address on your Social Media Account in accordance with this policy.
Cookies are small text data stored on your PC or mobile device and are created by the website's servers. We collect your personal data automatically via cookies when you visit White Bay Group websites, in line with the cookies settings in your browser. You can find out more about these cookies, including how we use them and what choices are available to you, by reading our Cookies Policy. You can find out more about the use of cookies on http://www.allaboutcookies.org/
3. How we use personal data
We will only use your personal data when the law permits us to, and the uses set out below will be subject to that requirement.
Candidates
Your personal data will be collected and handled by us in order to:
provide careers, recruitment and/or related intermediary services to or for you;
match your details against job vacancies which we consider are appropriate for you in order to assess your suitability for them;
allow you to submit your CV, apply for specific jobs or to subscribe to our job alerts so that we can notify you when relevant job vacancies arise;
apply for jobs on your behalf by sending your personal data to clients;
facilitate the recruitment process if a client wishes to progress your application;
fulfil our contractual obligations to our clients;
inform you about any relevant industry developments, events, promotions and competitions, and to communicate any other relevant information;
answer your enquiries or questions;
conduct statistical analysis;
monitor diversity;
comply with our regulatory commitments;
pursue or defend a legal claim;
conduct pre-employment screening;
prevent or detect a crime, where the law requires us to carry out such monitoring; and
provide you with further information which may be of interest to you in regard to the employment market and opportunities.
Website users
Your personal data will be collected and handled by us in order to:
improve our customer service and make the way we operate more useful to you (which includes tailoring our websites to suit your requirements);
let you know about our recruitment services across all areas of our business;
send you communications where you have indicated you are happy to receive such information or have purchased products or services from us, which may include the following:
E-newsletters and hard copy newsletters;
Emails about the services we offer and new product launches;
Reminders when your products or services may be due for renewal; and
Opportunities to participate in market research.
Depending on the contact preferences you select, we will communicate with you by post, telephone, SMS, email or other electronic means such as via social and digital media. We may use your usage data to help ensure that this messaging is personalised and relevant to you.
Referees:
We will use your personal data purely for the purpose of conducting a reference check on a candidate.
4. Who your personal data is shared with
Subject to local regulations in the jurisdiction, we may disclose your personal data to:
any company in the White Bay Group;
prospective employers or engagers;
other recruitment companies or intermediaries involved in managing the supply of personnel;
data processors of the White Bay Group;
pre-employment screening and background checking organisations;
your referees;
your past employers and relevant education institutions;
your professional bodies;
government and regulatory bodies, such as tax and social security authorities;
third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain; and
third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business structure, any new owners may use your personal data in the same way as set out in this policy.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes compliance with this policy.
5. Legal grounds
In certain countries our companies that act as a data controller are required to establish legal grounds as set forth by applicable law to process your personal data. Depending on our relationship with you, if required to do so, we will rely on one or more of the following legal grounds:
Legal Ground | Permitted Purpose |
Where you have given us consent to use your personal data for one or more permitted purposes. | For example:
|
Where we need to process your personal data to comply with a legal or regulatory obligation. | For example:
|
Where we need to process your personal data to perform the contract, we are able to enter or have entered into with you. | For example:
|
Where the processing of your personal data is necessary for the pursuit of our legitimate business interests and your interests and fundamental rights do not override those interests. | For example:
|
If you would like to know what legal grounds we rely upon to process your personal data, please contact us using our contact details in section 13 of this policy.
6. Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We view our relationship with you as being one which is to support your career through numerous roles and assignments. Accordingly, we may retain your data for a period of time which is materially greater than simply one placement if we reasonably believe that we will continue to have an ongoing relationship with you.
We will appropriately and securely dispose of your personal data when it is no longer required. To determine the appropriate retention period for personal data, we will consider the following factors:
amount and nature of the personal data;
its sensitivity;
the potential risk of harm from unauthorised use or disclosure of the personal data;
the purposes for which we handle your personal data;
whether we can achieve those purposes through other means; and
applicable legal requirements.
When we act as a data processor to our clients, the data controllers, we will retain your personal data in accordance with the retention periods prescribed by our clients.
7. Your rights
The country you are located in and the applicable privacy laws determine your rights in respect of your personal data. These may include:
Right | Description of Right |
Right to be informed | about your personal data and details of the handling and processing of that personal data and information, including, as applicable the safeguards used to protect your personal data in the event that we transfer it outside the territory it was collected in; |
| to your personal data and to obtain information about how we handle and process it; |
Right to have inaccuracies corrected | if your personal data is inaccurate, including to have incomplete personal data completed; |
Right of erasure | of your personal data, which is also known as the “right to be forgotten”. We do not delete personal data from our back-up files that are created for disaster recovery purposes and are not easily accessible; |
Right to restrict handling and processing | of your personal data, which includes requesting us to suppress your personal data file; |
Right to move, copy or transfer | your personal data to another organisation, also known as “data portability”; |
Right to object | to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests; |
Right to withdraw consent | or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means; |
Rights in relation to automated decision making | where such automated decision making has a legal effect on you or otherwise significantly affects you; and |
Right to complain | to us in relation to the handling of your personal data; or the regulatory body which enforces data protection law in your locality. |
Please contact us using our contact details set out in section 13 of this policy if you wish to exercise any of your legal rights.
Where permitted by law, you may be charged a fee to access your personal data or to exercise any other right that may apply. We will let you know if a fee applies to your request before we complete it.
We may also request certain information to help us confirm your identity, ensure your right to exercise any of rights in the table above and to prevent your personal data being disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within any legal timeframes.
8. Technology
We will always use your personal data fairly. We may on occasion use technological filters to sort through the job applications we receive and to match candidates to specific job vacancies. If we have used technological tools to a significant extent when assessing your job application, we will inform you of this. Please let us know when we contact you if you feel there are other factors that we should consider as part of your job application.
9. Data security
We hold your personal data in a combination of secure computer storage facilities and paper-based files.
We have in place an appropriate level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:
locks and security systems;
encryption
usernames and passwords;
virus checking;
auditing procedures and regular data integrity checks; and
recording of file movements.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality.
We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.
If you suspect any misuse, loss of or unauthorised access to your personal data, please contact us immediately using our contact details in section 13 of this policy.
10. Personal data storage and transfer
Personal Data originating from the UK or European Economic Area (“UK or EEA Personal Data”)
Due to the global nature of our business we may need to transfer UK and EEA Personal Data outside of the UK and EEA. For example, we may transfer personal data to White Bay Group companies, service providers and government or public authorities in order to perform our recruitment services and comply with our legal obligations.
If we do transfer UK and EEA Personal Data outside of the UK and EEA, we will make sure that appropriate safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply, or we are authorised to do so. If requested, we will provide you with details of the safeguards that we have implemented.
We, our service providers and/or the third parties to whom we may disclose UK and EEA Personal Data may transfer such data outside of the UK and EEA.
Personal Data originating from outside the UK or EEA (“Non-UK and Non-EEA Personal Data”)
We collect personal data relating to individuals in the following countries outside the UK and EEA: Africa, Australia, Brazil, Canada, Chile, China (including Hong Kong and Taiwan), India, Indonesia, Japan, Malaysia, Mexico, Middle East, New Zealand, Philippines, Singapore, South Africa, South Korea, Switzerland, Thailand, United States of America and Vietnam.
Due to the global nature of our business we may need to transfer Non-UK and Non-EEA Personal Data outside the original territory in which the data was collected (“Original Territory”). For example, we may transfer personal data to White Bay Group companies or potential employers internationally in any of the countries listed above, and to service providers and government or public authorities in order to perform our services and comply with our legal obligations.
If we do transfer Non-UK and Non-EEA Personal Data outside the Original Territory, we will make sure that such transfers are performed in compliance with applicable law. We, our service providers and/or the third parties to whom we may disclose Non-UK and Non-EEA Personal Data may transfer such data outside of the Original Territoy.
11. Privacy policies of third parties
This policy explains how the White Bay Group handles your personal data. Please also read the privacy policies of the social media platforms and third party websites through which you arrive at a White Bay Group website. We encourage you to read the privacy policies provided by these sites before giving them your personal data.
12. Changes to this policy
We reserve the right to change this policy from time to time. Changes will be notified on our website seven days before taking effect. We may make emergency changes to this policy when we believe it is reasonable to do so e.g. to comply with legal or regulatory requirements.
13. How to contact us
If you have questions or comments about our privacy practices, or if you would like to submit a request exercising your privacy rights, please contact us. You can:
Email us at the mailbox for your country below:
Australia and New Zealand | |
USA and Canada |
14. Country Specific Information
United States of America, California | The data processing activities we carry out on the personal information of California residents (“California data”) does not currently fall within scope of the California Consumer Privacy Act (CCPA). Should this change over time, we will update this policy accordingly. Please rest assured that we do and will continue to ensure that we follow best industry practice when processing California data. |
Australia | Process for lodging a complaint if you believe your personal data has been mishandled by us:
|