Privacy Policy

PRIVACY POLICY

Derwent Search Pty Ltd, ABN 17 115 355 112, Derwent Interim Solutions Pty Ltd, ABN 27 681 706 892 and all Derwent owned businesses (further called “Derwent” or “we”, “our” or “us”) are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations. 


This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information. It applies to all Derwent businesses in Australia, including visitors to our website.


Our Privacy Policy covers:

  • What types of personal & sensitive information we collect
  • Purpose and use for the information we collect
  • How we protect your personal information
  • Who can access your personal information
  • How you can contact us to find out more about your personal information
  • What to do if you have concerns about your privacy


The Privacy Policy will be reviewed and updated from time to time to take account of new laws and technology, changes to our operations and practices. Any information we hold will be governed by the most current version of our privacy policy.


WHAT INFORMATION WE COLLECT


Personal information

The Privacy Act defines 'personal information' as: 'Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and. whether the information or opinion is recorded in a material form or not.


Personal information we collect includes:

  • Full name and any pseudonym
  • Address and contact details (email address and phone number)
  • Personal details (DOB and gender)
  • Employment & work history 
  • Qualifications
  • Salary information
  • Personality, character, skills, qualifications and experience information
  • Identity documents including passport & driving licence
  • Right to work information including immigration or visa details
  • Referee opinions 
  • Interview opinions
  • A picture of you (from a public source or you have provided to us)
  • Your signature
  • ABN and/or TFN
  • Superannuation details
  • Your Directors ID


Sensitive information

Derwent may need to collect sensitive information about you. Sensitive information is a special category of personal information. It is information or opinion about you, including membership of a professional or trade association or membership of a trade union; criminal record; health information, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, or sexual preferences or practices. 


If we collect your sensitive information, we will do so only with your consent, or as otherwise required or authorised by law, and we take appropriate measures to protect the security of this information.


Sensitive data we may collect, as part of our job application, interview or offer process:

  • Psychometric, behavioural, cognitive or competency tests 
  • Background checks, including but not limited to work rights, credit or criminal record checks


Where we use suppliers to carry out the tests and checks listed above, they may also ask for your consent to collect and store this sensitive information. 

Based on information you provide to us, including data on your resume and information in the public domain, we may also inadvertently hold other information including sensitive information about you. We will assume you have consented to us also collecting this information.


Financial information

Derwent may need to collect financial information about you including bank account, credit card and other payment method details. If we do so this will only be for the purpose of payment of invoices, bills or expenses or to facilitate the payment of wages, superannuation contributions and to ensure appropriate taxation treatment. We take appropriate measures to protect the security of this information.


USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION


Purpose and use of your information

We may collect personal or sensitive information about you when:

  • You apply to one of our jobs or provide any other information in connection with a potential application as a candidate or employee
  • You become an employee or contractor for us
  • You are a client or potential client of ours
  • You are a supplier or potential supplier of ours
  • You are listed as an emergency contact for a candidate, client, team member or supplier of ours
  • You have made your details available on a database such as a job board
  • We carry out research related to you or your business from public domain sources (including newspapers, journals, directories, the internet and social media sites)
  • You interact with us over the phone, in person, online or over email
  • We receive the results of any psychometric, behavioural, competency, medical test or any background checks, including credit and criminal record checks
  • We receive any reference or information about you
  • You are listed or become a referee, or provide information related to a candidate
  • We receive results of inquiries that we might make of your former employers, work colleagues, professional associations or registration body
  • You attend one of our events or webinars (online or in person)
  • You participate in any of our surveys or questionnaires including online and over the phone
  • You provide us with any additional information about you
  • You access or use our website or any digital platform we have


Derwent collects personal information about you so that we can carry out our business functions and provide services to you. This is in relation to the below, where applicable:

  • Assist you in finding work
  • Fulfilling our responsibilities to you as an employer and contractor 
  • Determining if you are suitable for a current or future role
  • Submitting your details to clients for potential or future role
  • Carry out tests, reference checks, assessments and any other research required in order to place you in a role
  • Undertaking criminal checks and other background checks otherwise as permitted by law
  • Informing you of possible opportunities, relevant candidates, or other events 
  • Assist in your career guidance and advancement
  • Administering payments to you
  • Marketing our services to you 
  • Conducting surveys to assess and improve the quality our services


General information collected from visitors to our website

We gather information about all our website users collectively, such as what areas users visit more frequently and what services users access the most. We only use such data anonymously and in the aggregate. This information helps us determine what is most beneficial for our users, and how we can continually create a better overall website experience for you. 


Information collected automatically from visitors to our website

When you interact with our website, we may automatically collect information about your browser, device, and use of our website, including, but not limited to IP address, approximate location, information about your website activity (such as page views and features you use), device type, browser type, operating system and version, the web page you were visiting before you came to the site, searches you carry out on the site, locale preferences, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, website alias, responsive website or mobile website URL, and website URL. Some of this data is collected using cookies and similar technologies. 


When you interact with our website, we (and third parties acting on our behalf) automatically collect certain information about your browser, device, and use of the website through cookies, pixel tags, web beacons, local storage, and other similar technologies. Cookies are small text files stored on your browser or device, which allow us to provide certain features of the website, personalise your user experience, and advertise our products and service to you. You can find more information about cookies at https://allaboutcookies.org/


Your web browser may allow you to manage cookies and local storage. Each browser is different, so please, follow the directions provided in your browser’s “help” section to manage cookies. Please note that if you delete or disable cookies from our website, some parts or functions of the site may not work properly for you.


Disclosure of your information

We may disclose your information (including to third parties, including our business suppliers) for the purposes for which it is primarily held or for a related secondary purpose and in some cases we may only disclose information with your consent. Your personal and sensitive information may be disclosed to:

  • Derwent team members located in Australia 
  • Potential and actual clients of Derwent who may be based outside of Australia
  • Candidates of Derwent for the purpose of organising meetings and interviews
  • Referees or businesses that you nominate for us to gain reference checks on you
  • Suppliers we use for the provision of services, such as psychometric testing, behavioural testing, background checking and software solutions
  • Suppliers we use for marketing, events and surveys. 
  • Please contact our Privacy Offer if you want to unsubscribe from these communications
  • Suppliers we use to provide services to Derwent, including but not limited to, professional advisors, IT consultants and cloud based technology providers
  • Regulatory or legal authorities if they require us to do so


We do not disclose information about your individual visits to the Derwent website.


AI training and usage policy

Derwent will not directly use personal or sensitive information collected from you including through our website to train third party AI models, feed personal information into third party generative AI systems, or use AI to infer information about individuals without express written consent. 


We have an internal AI policy for our team on the use of Generative AI and carry out regular training on the responsible use of AI.


We carry out an annual audit on use of AI in all our suppliers and cloud based technology providers. Where possible we turn off Generative AI that could expose personal information to third party models. Whilst Derwent takes all responsible steps to ensure personal data we collect, use and store if not exposed to third party AI, due to the rapid pace of AI development we will not be responsible for AI privacy breaches via our suppliers.


International & Cross border disclosures

Derwent operates from offices in Australia. We use cloud-based solutions and products where their IT servers may be located outside of Australia. We take reasonable steps to ensure that any overseas recipients of your personal information have a commitment to protecting your personal information.


By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business. In the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able seek redress under the Act.


MANAGEMENT OF PERSONAL INFORMATION

At Derwent, we train our team to respect the confidentiality of customer information and the privacy of individuals. Derwent takes any breaches of your privacy very seriously and as such we have appointed a Privacy Officer to ensure that our management of personal information is in accordance with this policy and the relevant Australian Privacy Principles.


How do we store and protect personal information?

We hold personal & sensitive information with our cloud based software providers and in paper-based files. We take such steps as are reasonable in the circumstances to protect the personal information we hold from misuse, interference and loss, unauthorised access, modification or disclosure.


Our security measures, where possible and applicable, for storage of personal information include the below. However, whilst all best endeavours are in place, no transmission or storage of data can ever be guaranteed to be fully secure.


  • Access controls: Role based access controls are implemented to ensure reduced team member access to certain assets and information. 
  • Multifactor authentication (MFA) and Single Sign On (SSO) is applied to applications where supported by the third party provider that are used by our team.
  • Office Access: There are protocols in each of our physical offices to protect us from deliberate or unauthorised access. 
  • Personal Access: Our internal policies and procedures govern the use of company email and work-related data on personal devices, whether used in the office or elsewhere. These policies cover the appropriate handling of your information and ensure the security and confidentiality of all data accessed on personal devices.
  • Regular security audits: Cybersecurity, data, information management and privacy protocols are regularly reviewed as part of our internal protocols and in conjunction with our IT service provider. 
  • Team training: Mandatory security awareness and phishing simulation training occurs on an ongoing basis for our team through a specialist third party provider. 
  • Best practice privacy training occurs for the team on an ongoing basis and any time major revisions are made to our Privacy Policy.


How do we keep personal information accurate and up to date?
Derwent takes such steps as are reasonable in the circumstances to ensure that the personal information it holds and discloses is accurate, up to date, complete, relevant and not misleading. We recognise that information changes frequently with changes of address and other personal circumstances. Please advise us when your personal details change.


Under the Australian Privacy Principles: Right to Correction (APP 13), you may request that we correct the personal information that we hold about you if you deem it to be inaccurate, incomplete, out-of-date, irrelevant or misleading. We will take reasonable steps under the circumstances to correct the information.


If we refuse to correct your personal information, we will notify you in writing of the reasons detailing our refusal to correct the information and the process for escalation regarding this refusal. Should we refuse you may ask us to place with the information a statement that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading and we will take such reasonable steps under the circumstances to associate the statement with your information. If you wish to exercise your rights of correction you should contact our Privacy Officer.


REQUESTING ACCESS TO THE PERSONAL INFORMATION WE HOLD

Under the Australian Privacy Principles: Right to Access (APP 12) and subject to the outlined exceptions in the Privacy Act, you can gain access to the personal information that we hold about you.


To make a request to access your personal information, you will need to contact our Privacy Offer and specify what information you require. Please be aware we will need to verify your identity before we are able to share any information with you. 


We will respond to your request within a reasonable period after the request is made and provide access to the information in the manner requested, if it is reasonable and practicable to do so. If we refuse to provide you with access to your personal information, we will notify you in writing of the reasons for the refusal and the process for escalation regarding this refusal.


DATA RENTENTION AND DELETION

We may need to maintain records for a significant period of time. However, when we consider information is no longer needed, we will remove any details that will identify you or we will destroy the records we hold.


While retaining personal and sensitive information, we will take reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure.


To make a request to have us delete your personal information, you will need to contact our Privacy Offer. Please be aware we will need to verify your identity before we can begin the process to remove or de-identify the information as appropriate, unless retention is required by law.


CONTACTING DERWENT

You can make email enquiries, requests to access/delete or correct your information, or complain about alleged breaches of the Australian Privacy Principles (APPs) to our Privacy Officer.


Email:privacy@derwentsearch.com.au

Derwent Search Pty Ltd 

Level 21,123 Pitt Street

Sydney, NSW, 2000

+61 (0)2 9223 1855


Handling of complaints

We aim to acknowledge receipt of all complaints within 10 working days, and aim to resolve all complaints within 30 working days. This may not be possible in all circumstances depending on the contents of the complaint. In this situation, we will respond to your complaint in a reasonable time. If you are not satisfied with our response to your complaint, in Australia you can contact the Australian Information Commissioner (OAIC).


This Policy was last reviewed and updated: February 2025