Certsy's Privacy Statement describes how Certsy Pty Ltd collects, uses and discloses your information in the course of its business operations. This Privacy Statement applies to any personal information you disclose to Certsy through your use of www.certsy.com, https://hirer.certsy.com or any other website controlled by Certsy (the “Sites”).
A User may decide to provide Certsy with health information (particularly COVID vaccination information). A User’s health information may be also shared with SEEK Partners and Organisations with the User’s consent. In addition to addressing the requirements of the Privacy Act, this Statement outlines Certsy’s policies on management of health information, as required by the Health Records Act 2001 (Victoria) and any other relevant health legislation. All references to ‘personal information’ in this Statement include a reference to such health information.
Where used in this Privacy Statement, the following terms have the following meanings:
- “Authorities” means government agencies and other third party authorities and official information sources who we use to provide our Services;
- “Certsy”, “we”, “us” and “our” means Certsy Pty Ltd;
- "Organisations" refers to individuals or entities that use the Sites to access the Certsy Workplace Services;
- “SEEK Partners” means SEEK Limited and each of its related bodies corporate as constituted from time to time;
- “Services” means services for: (a) verifying and sharing work credentials, licences and other information, to assist Users in seeking and applying for jobs (“Verification Services”); and (b) Organisations to receive verified information about a User following use of the Verification Services but only with the User’s express consent (“Certsy Workplace Services”).;
- "Users" refers to individuals with a registered account who use the Sites to acquire the Verification Services; and
- “Visitors” refers to individuals or organisations accessing the Sites and includes Organisations and Users.
The terms “personal information”, “sensitive information” and “Australian Privacy Principle(s)” have the meaning given to those terms in the Privacy Act (Cth) 1988 (“Privacy Act”).
Collecting non-personal information on Certsy Visitors
Certsy collects non-personal information on Site visits by Visitors including, without limitation, which sections of the Sites are most frequently visited, how often, and for how long. This data is always used as aggregated, non-personal information, and may be shared with SEEK Partners and Certsy’s contractors to provide them with information relating to how Visitors 'use' the Sites. This is done for the purpose of providing you with a better and more efficient Sites.
Certsy's web servers gather your IP address to assist with the diagnosis of problems or support issues with our services, and to monitor the use of our Site.
Third Party Measurement
In order to better understand our Visitors, Certsy utilises third party measurement companies to assess Site traffic. A tracking code is used to collect information such as the following on usage of the Sites:
- The number of page views (or page impressions) that occur on the Sites;
- The number of unique visitors to the Sites;
- How long these unique visitors (on average) spend on the Sites when they visit;
- Key actions taken while using the Sites; and
- Common entry and exit points to the Sites.
This aggregated, non-personal information is collated and provided to Certsy to assist in analysing the usage of the Sites. This data is also accessible by media organisations and research companies, for the purpose of conducting industry comparisons with other Internet websites.
Collection of Personal Information
To use the Verification Services, you will need to create an account by registering on the relevant Site. Certsy collects your email address and, if you choose to turn on multi-factor authentication, your phone number as part of the registration process. Each User may only have one account.
When you use Certsy’s Services, you will need to provide us with your accurate, up-to-date and complete personal information or documents containing your personal information, which may include sensitive information (including health information). We will only ask you for the information we need to provide you with the Services. Examples of the types of personal information you may need to provide to use our Services include your legal name, date of birth, gender, document numbers, and images, electronic copies or scans of documents such as a passport, medicare card or COVID-19 vaccination status evidence. Where we receive unsolicited information, we will check whether that information is reasonably necessary to provide you with the Services. If it is, we will handle this information the same way we do with other personal information we obtain from you. If not, we will ensure we delete it, de-identify it, or make it inaccessible.
We may also collect personal information about you from relevant Authorities as required for us to provide our Verification Services. For example:
Police Check: Certsy is an accredited body with the Australian Criminal Intelligence Commission (ACIC), authorised by Agreement to access the National Police Checking Service (NPCS) for nationally coordinated criminal history checks. Any dispute or enquiry relating to your police check should be made directly to Certsy. For more information on the dispute process, see our help centre article
Other Services: Certsy may obtain information from other relevant Authorities, such as Document Verification Service (DVS) and Visa Entitlement Verification Online (VEVO), to provide the other Services we offer. We may also use non-government Authorities to obtain access to relevant verification materials.
To use Certsy Workplace Services, you will need to create an account by registering on the relevant Site. Certsy collects the company name, business number, business address and billing address of Organisations as part of the registration process. Certsy also collects the name, email address and phone number of a primary contact. Organisations can choose to add additional users to their account, in which case Certsy will collect the name, email address and phone number of those other users (each user of an Organisation being an “Organisation User”). Organisations can change any of their details via the relevant Site or by contacting us (see the Contact Us section below). Each Organisation may only have one account.
It is your choice to use the Services and to provide us with your personal information, which may be sensitive (e.g. health information; official identification documents). However, if you choose not to provide us with the necessary personal information, we will be unable to provide you with some or all of the Services.
Use of Personal Information
We will add the information we collect from you and from relevant Authorities to your account on the relevant Site, and will use the information to provide the Services. We may also use this information for related purpose, such as:
- to manage your account with us, and to invoice you for Services we provide (if applicable);
- to verify your identity when you are dealing with us;
- to answer your queries and requests;
- to comply with our legal and regulatory obligations;
- to monitor use of our products and services;
- to assess, maintain, upgrade and improve our products and services; and
- to manage and resolve any legal or commercial complaints or issues.
For security purposes, we may also choose to redact, obscure or delete some or all of your information (including sensitive information) if we consider it is reasonable to do so.
Certsy and SEEK Partners may also provide you with selected information about the Services in email communications. From time to time Certsy and SEEK Partners may also contact you by telephone. You may 'opt-out' of receiving marketing emails by clicking 'unsubscribe' in the footer of any emails received.
Disclosure of Personal Information
We may share the information that we collect about Users in the following ways:
We will disclose the information you provide to us to the relevant Authority to provide you with the Verification Services. Specific consent to disclose your information to the relevant Authority is obtained from you at the time you submit the online form seeking the relevant Verification Services.
You permit us to disclose your personal information (including sensitive information) to a governmental or regulatory authority if we determine that it is necessary to satisfy the compliance obligations of an Organisation with which you have agreed to share your verified information through Certsy.
We may share verification details and other Verification Service results (but only summary information and not the underlying information provided to Certsy to obtain those results) with SEEK Partners so that they can provide services to you. We will explain what will be shared and ask for your consent before sharing the information.
SEEK Partners who receive such information, will use that information in accordance with their own Privacy Policies, including to:
update and promote your profile on their websites or mobile applications;
present your job application in a way that emphasizes you meet the stated requirements of the role;
tailor your job search and recommendations to show more relevant roles that you have verified you are qualified for;
provide evidence to prospective or current employers that you have the necessary licences and qualifications; and
otherwise improve the services they offer to you.
While we will always require your consent before sharing your personal information with SEEK Partners, it is important to remind you that the information you share may be considered sensitive (e.g. your COVID-19 vaccination status, which is your health information). If you agree to share information with SEEK Partners, the relevant summary information is likely to be accessible by many people (e.g. all hirers on the SEEK website). While SEEK Partners expressly require that people accessing their websites comply with all applicable laws (including privacy laws and laws governing health information), SEEK Partners is unable to control how such people use your information.
If Certsy provides you with the option of sharing summary information associated with the Verification Services you have obtained (including health information) with one or more Organisations, and should you choose to share that summary information, Certsy will share this with those Organisations. Certsy will explain what will be shared when seeking your consent. It will not share any underlying information or documents provided to Certsy to obtain the results unless you provide your express consent. If you are unsure as to why an Organisation requires your information or how the Organisation intends on using your information, please contact them directly before consenting to share your information through Certsy. If you change your mind after providing consent for Certsy to share your information with an Organisation, you will need to discuss this with the Organisation directly rather than Certsy. The Organisation may not be able to delete your information for compliance reasons. While we expressly require that Organisations comply with all applicable laws (including privacy laws and laws governing health information), we are unable to control how Organisations use your information.
Certsy may also disclose the information it collects to Certsy's service providers and contractors for the purpose of assisting us to deliver the Services and otherwise run our business (including improving our services).
Transfer of information
By using the Verification Services and sharing information with SEEK Partners or Organisations, you consent to your personal information (including health information) being transferred between all Australian states and territories, as required. Sometimes, we transfer or disclose information to third parties including to persons and businesses outside Australia. These transfers are made in order to assist us to provide you with our products and services, and/or to improve the products and services we offer. Where we transfer information to persons outside Australia we take reasonable steps to ensure that the recipients of such information do not breach the Australian Privacy Principles and other applicable laws in relation to that information by entering into binding contractual arrangements with such third parties.
Related Bodies Corporate
Certsy may also disclose your Personal Information to Certsy’s related bodies corporate from time to time but only for the purpose of assisting Certsy and its related bodies corporate to provide and improve the products and services offered to job search candidates, hirers, employers and other users of each of their websites, services and products including (but not limited to):
- data enhancement and parsing to facilitate product functionality and service quality;
- product development to respond to market changes and customer needs and requests;
- development and improvement of algorithms servicing product functionality (e.g. Search recommendations);
- IT security measures for the benefit of protecting customer data;
- data aggregation to support customer experiences, support services, and data analytics; and
- ensuring the proper and more efficient working of the IT systems and services.
Storage & Security of Personal Information
Protecting your information is a key priority for Certsy and we take all reasonable steps to ensure the security of our Sites and to protect your information from misuse, interference and loss as well as unauthorised access, modification or disclosure.
We do this via administrative, physical and technical safeguards. Certsy encrypts your information securely, both “at rest” (when it is stored on our systems) and “in transit” (when it is transferred over networks via Hyper Text Transfer Protocol Secure or HTTPS). We also implement a range of other security measures, including penetration testing, automated infrastructure checks, restricted network access, and multi-factor authentication for staff. In addition, our employees and the contractors who provide services related to our information systems are contractually obliged to respect the confidentiality and privacy of any personal information held by Certsy.
You can also play an important role in keeping your personal information secure, by maintaining the confidentiality of any accounts used on the Sites. We recommend you enable multi factor authentication (MFA) when logging into your account on our Sites, where available. In some circumstances we may mandate MFA.
Please notify us immediately if there is any unauthorised use of your account by any other Internet user, or any other breach of security relating to your account.
We will retain certain information associated with your account for the time period required to comply with any applicable laws or to assist us or Organisations in complying with legal or policy obligations (Retention Obligations). For example, in the case of police checks we are obliged to retain information used to submit your request for at least 12 months, and to delete the check result itself within 12 months. Otherwise, we will keep the information until such time as you delete your account, or we reasonably consider there to be no Retention Obligations. We must receive an instruction from the Organisation to delete the information we have retained about you (to help ensure that there are no Retention Obligations). Please note that the deletion of a User account will not delete User information that has been previously shared with an Organisation. Please contact the Organisation directly to make your deletion request, noting that they may not be able to action this due to Retention Obligations.
We will indefinitely retain copies of any information in relation to a submission that we believe to be fraudulent (including documents or images) for compliance and training purposes. Documentation or information that is suspected to be fraudulent may be shared with the appropriate authorities.
Access to Your Information
Unless you become a User or an Organisation User, Certsy does not collect information that identifies you personally. If you become a User or Organisation User, you are able to change, update or clear your account at any time by contacting us (see the Contact Us section below). In addition, any User or Organisation User is able to at any time request access to, or deletion of, any personal information held by us by using one of the contact methods set out below. We will need to consider our Retention Obligations before determining whether the information can be deleted.
Feedback and Complaints about privacy and a Site
Certsy welcomes ideas and feedback about all aspects of the Sites. Certsy may store feedback that Visitors send to us. This feedback may be used to administer and refine the Services we provide and may be shared with the SEEK Partners and, either in aggregate form or with specific identifying characteristics removed, with Certsy’s contractors and service providers.
If you have any complaints about our dealings with your personal information including any breaches by us of any Australian Privacy Principles or any other legislation (such as legislation relating to health information) or any questions regarding this Privacy Statement, you are able to submit that complaint or query by using the methods detailed in the “Contact Us” paragraph below.
Any complaints received by us will be referred to our compliance and / or legal team for prompt investigation and a written response will be provided to you as soon as possible. Should you not be satisfied with the resolution of any complaints made you are able to seek further redress through the Office of the Australian Information Commissioner (see http://www.oaic.gov.au/ for further information) or relevant regulator under any other legislation.
Privacy & Site Changes
From time to time, Certsy may review and update its Privacy Statement. Revised versions will be made available on the relevant Site.
If you have any feedback or questions about this Privacy Statement, the practices of our Sites, or your dealings with Certsy, you can contact our Privacy Officer in the following ways:
Post: Certsy c/o SEEK Limited, 60 Cremorne St, Cremorne VIC 3121
Provision of Copy of Privacy Statement
If you require a hard copy of this Privacy Statement or a copy in some other format to suit your particular needs please contact us using any of the methods detailed in the “Contact Us” paragraph above, and we will arrange for a suitable copy to be provided to you.