Team Builder

Privacy Policy

  1. Introduction

Staffstream Australia Pty Ltd ABN 91 675 492 476 (“Staffstream”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you:

  • Use our website (staffstream.com.au)
  • Engage our recruitment and outsourcing services as a client
  • Apply for positions or register as a candidate
  • Communicate with us in any other capacity

By using our services or providing us with your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

Important: This Privacy Policy should be read in conjunction with our Website Terms of Use. If you do not agree with this Privacy Policy, please do not use our services or provide us with your personal information.

  1. What Personal Information We Collect

The types of personal information we collect depend on how you interact with us. We only collect personal information that is reasonably necessary for our functions and activities as a recruitment and outsourcing services provider.

From Clients and Business Contacts

We may collect:

  • Name and contact details (email, phone number, business address)
  • Company name, ABN, and business information
  • Position title and role details
  • Billing and payment information
  • Records of communications and interactions with us
  • Technical information when using our website (IP address, browser type, device information)
  • Preferences and requirements for recruitment services

From Candidates and Job Applicants

We may collect:

  • Personal details (name, contact information, date of birth, nationality)
  • Employment history and work experience
  • Educational qualifications and professional certifications
  • Skills, competencies, and language proficiency
  • Resume/CV and cover letter
  • References and referee contact details
  • Right to work documentation and visa status
  • Interview notes and assessment results
  • Salary expectations and employment preferences
  • Professional registration or licence information
  • Video interview recordings (where applicable)
  • Assessment and testing results
  • Police checks and background verification results (where required and with consent)
  • Any other information you choose to provide during the application process

From Referees

With your consent, we may collect:

  • Name and contact details
  • Professional relationship to you
  • Opinions regarding your character, work performance, and suitability
  • Facts or evidence supporting those opinions

Sensitive Information

We only collect sensitive information (such as health information, criminal records, or diversity information) where:

  • You consent to the collection
  • It is required or authorised by law
  • It is necessary for the specific role or service
  • It is reasonably necessary for our functions

Examples of sensitive information we may collect include:

  • Health information (only where required for occupational health and safety purposes or workplace adjustments)
  • Criminal record checks (only where required for specific roles and with your consent)
  • Diversity information (optional, for reporting purposes only)

We will always seek your explicit consent before collecting sensitive information and will handle it with strict confidentiality and enhanced security measures.

Information We Will Not Collect Without Good Reason

We will not collect photographs, scan photo identification, or capture and retain video image data of you where simply sighting documents would be sufficient, unless:

  • You secure a position through us and we require it for verification and compliance purposes
  • It is required by law or for legitimate business purposes
  1. How We Collect Personal Information

We collect personal information through various methods:

Directly From You

  • Website enquiry forms and contact forms
  • Email correspondence and phone conversations (which may be recorded for quality control and training purposes, in accordance with applicable laws)
  • Job applications submitted through our platform, email, or third-party job boards
  • Registration for our services
  • Face-to-face meetings and video interviews
  • Surveys and feedback forms
  • Social media interactions

From Third Parties

  • Referees and previous employers (only with your consent)
  • Our clients (when they refer candidates to us)
  • Publicly available sources (such as LinkedIn and professional networking sites)
  • Background check providers (only where authorised and with your consent)
  • Assessment providers and testing services
  • Recruitment agencies and business partners

We will only collect information from publicly available sources where it is reasonably necessary for our recruitment functions and we will manage it in accordance with the APPs.

Automatically Through Our Website

  • Cookies and similar tracking technologies
  • Server logs and web analytics tools
  • Website usage data and browsing behaviour
  • Device and browser information

For more information about cookies, see Section 9 of this Privacy Policy.

  1. Why We Collect and Use Your Personal Information

We collect and use personal information only for purposes that are directly related to our functions and activities. These purposes include:

For Clients

  • To provide recruitment and outsourcing services
  • To understand your business needs and requirements
  • To match you with suitable candidates
  • To process payments and maintain financial records
  • To communicate with you about our services
  • To provide ongoing support and lifetime concierge services
  • To comply with legal and contractual obligations
  • To improve our services and customer experience
  • To manage our client relationship

For Candidates

  • To assess your suitability for employment opportunities
  • To match you with appropriate job vacancies
  • To present your profile to potential employers (only with your explicit consent)
  • To conduct interviews, assessments, and testing
  • To verify your qualifications, employment history, and right to work
  • To conduct police checks and background verification (only where required and with your consent)
  • To facilitate the recruitment and onboarding process
  • To provide ongoing support during your employment placement
  • To maintain our candidate database for future opportunities (you may opt out at any time)
  • To comply with employment, immigration, and workplace health and safety laws

General Purposes

  • To respond to enquiries and provide customer service
  • To send service-related communications
  • To send marketing communications (only where you have consented, and you may opt out at any time)
  • To conduct research and analysis to improve our services
  • To detect, prevent, and investigate fraud, security threats, and unlawful activity
  • To comply with legal obligations, including under the Notifiable Data Breaches scheme
  • To enforce our terms of service and protect our legal rights
  • To resolve disputes and investigate complaints

We will not use or disclose your personal information for purposes other than those described in this Privacy Policy without your consent, unless required or authorised by law.

  1. How We Disclose Your Personal Information

We may disclose your personal information in the following circumstances:

To Our Clients

For candidates: We will only share your information with clients (potential employers) after obtaining your explicit consent. Before sharing your details with a specific client, we will:

  • Inform you about the client and the opportunity
  • Obtain your permission to share your information
  • Provide you with details about what information will be shared

For clients: We provide candidate information to you as part of our recruitment services, in accordance with our agreement with you.

To Service Providers

We may disclose information to trusted third-party service providers who assist us in operating our business, including:

  • Payroll and accounting service providers
  • IT infrastructure, cloud hosting, and software providers (including Microsoft)
  • Background check and verification services
  • Assessment and testing providers
  • Marketing and communications platforms
  • Legal, professional, and business advisers
  • Security and fraud prevention services

Important: All service providers are contractually bound to:

  • Protect your information using appropriate security measures
  • Use your information only for the purposes we specify
  • Comply with Australian privacy standards or equivalent protections
  • Not disclose your information to other parties without authorisation

International Transfers

As part of our core business operations, we transfer personal information to our team members and service providers located in:

  • The Philippines (our primary offshore location)
  • Other countries where our service providers’ systems are hosted

When transferring personal information internationally, we:

  • Take reasonable steps to ensure overseas recipients comply with the APPs or are subject to similar privacy protections
  • Use contractual arrangements to protect your information
  • Assess the privacy laws and practices of the destination country
  • Inform you about the countries to which your information may be transferred

Please note: Once we disclose your personal information to an overseas recipient in accordance with APP 8, we remain accountable for any breach of the APPs by that recipient, except where we have taken reasonable steps to ensure compliance or you have consented to the disclosure.

Legal Requirements

We may disclose personal information where:

  • Required or authorised by Australian law or a court/tribunal order
  • Necessary to investigate suspected unlawful activity
  • Requested by law enforcement, government agencies, or regulators
  • Required to protect the health and safety of any person
  • Required to protect our legal rights or defend legal proceedings
  • Required under the Notifiable Data Breaches scheme

Business Transfers

If we are involved in a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred to the acquiring entity. In such cases:

  • We will notify you before your information is transferred
  • The acquiring entity will be bound by this Privacy Policy or an equivalent policy
  • You will have the opportunity to opt out or request deletion of your information

With Your Consent

We may disclose your personal information to other parties where you have provided your consent or would reasonably expect us to do so.

Important: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

  1. How We Store and Protect Your Personal Information

Data Security

We take the security of your personal information seriously and implement comprehensive physical, technical, and administrative security measures to protect your information from unauthorised access, disclosure, alteration, or destruction. Our security measures include:

Technical Security:

  • Secure servers hosted in certified data centres
  • Encryption of data in transit (using TLS/SSL protocols) and at rest
  • Firewalls and intrusion detection systems
  • Regular security patches and system updates
  • Multi-factor authentication for system access
  • Secure backup and disaster recovery procedures

Administrative Security:

  • Access controls and role-based permissions (limited to authorised personnel only)
  • Regular staff training on privacy and data protection
  • Confidentiality obligations in employment contracts
  • Regular privacy compliance audits
  • Incident response and data breach management procedures
  • Vendor security assessments

Physical Security:

  • Restricted access to offices and facilities
  • Secure storage of physical records
  • Secure destruction procedures for obsolete information

Despite these measures, no data transmission over the internet or electronic storage system can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you suspect any unauthorised access to your information, please contact us immediately.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Periods:

For candidates:

  • Active applications: Duration of recruitment process plus 7 years
  • Candidate database: 7 years from last interaction (unless you request earlier deletion)
  • Successful placements: Duration of employment plus 7 years
  • Assessment results: 7 years from assessment date
  • Interview recordings: 2 years from interview date (or earlier if requested)

For clients:

  • Active engagements: Duration of business relationship plus 7 years
  • Financial records: 7 years (as required by taxation laws)
  • Contracts and agreements: 7 years from expiry
  • Communications: 7 years from last communication

These retention periods may vary depending on:

  • Legal and regulatory requirements (e.g., taxation, employment, workplace health and safety laws)
  • Contractual obligations
  • Legitimate business needs (e.g., defending legal claims)
  • Your specific requests

When personal information is no longer required, we will take reasonable steps to securely destroy or permanently de-identify it.

Overseas Storage

Some of your personal information may be stored on servers located overseas, including:

  • The Philippines (our primary offshore location)
  • United States (where some of our cloud service providers operate)
  • Other jurisdictions where our technology service providers operate

We ensure these providers maintain appropriate security standards through:

  • Written agreements requiring compliance with Australian privacy standards
  • Regular security audits and assessments
  • Encryption and access controls
  • Incident notification procedures
  1. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights:

Right to Access Your Information

You have the right to request access to the personal information we hold about you. To request access:

  1. Submit a written request to our Privacy Officer using the contact details in Section 13
  2. Provide proof of identity (to protect your information from unauthorised access)
  3. Specify what information you would like to access

We will respond to your request within 30 days and provide access within a reasonable timeframe. We may charge a reasonable fee to cover the costs of providing access (e.g., photocopying, postage), but we will inform you of any fees before processing your request.

Exceptions: We may deny or limit access where:

  • Providing access would pose a serious threat to the life, health, or safety of any person
  • Providing access would have an unreasonable impact on the privacy of others
  • The request is frivolous or vexatious
  • The information relates to existing or anticipated legal proceedings
  • Providing access would reveal our commercially sensitive information
  • Providing access is unlawful or would prejudice law enforcement activities
  • Denying access is required or authorised by law

If we deny your request, we will provide you with written reasons and inform you of your right to complain to the Office of the Australian Information Commissioner (OAIC).

Right to Correction of Information

If you believe any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. To request correction:

  1. Contact us using the details in Section 13
  2. Specify what information you believe is incorrect
  3. Provide evidence supporting the correction (if available)

We will:

  • Respond to your request within 30 days
  • Take reasonable steps to correct the information if we agree it is inaccurate
  • Notify any third parties to whom we have disclosed the information of the correction (where reasonable)
  • If we disagree, allow you to request that we associate a statement with your information indicating that you believe it is inaccurate

There is no fee for requesting a correction.

Right to Deletion of Information

You may request that we delete your personal information in certain circumstances, such as:

  • The information is no longer necessary for the purpose for which it was collected
  • You withdraw your consent (where consent was the legal basis for collection)
  • You object to the processing and there are no overriding legitimate grounds
  • The information was unlawfully collected or held

Exceptions: We may need to retain certain information to:

  • Comply with legal obligations (e.g., taxation, employment, and workplace safety records)
  • Establish, exercise, or defend legal claims
  • Fulfil contractual obligations
  • Protect vital interests

If we cannot delete your information, we will explain why and may be able to de-identify it instead.

Right to Opt Out of Marketing

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the “unsubscribe” link in our marketing emails
  • Contacting us using the details in Section 13
  • Updating your communication preferences in your account (if applicable)

We will process your opt-out request within 5 business days. Please note that even if you opt out of marketing communications, we may still send you service-related messages (e.g., updates about your application or placement, changes to our policies, or responses to your enquiries).

Right to Complain

If you believe we have breached the Australian Privacy Principles or this Privacy Policy, you may lodge a complaint with us. Our complaints process is:

Step 1: Submit Your Complaint

  • Email our Privacy Officer at [email protected]
  • Provide details of your complaint, including when the breach occurred and what information was affected
  • Include your contact details and preferred method of communication

Step 2: Acknowledgement

  • We will acknowledge your complaint within 7 business days

Step 3: Investigation

  • We will investigate your complaint thoroughly and impartially
  • We may contact you for additional information
  • We will complete our investigation within 30 days (or notify you if we need more time)

Step 4: Response

  • We will provide you with a written response explaining:
    • Our findings
    • Whether we uphold your complaint
    • What action we will take to address the issue
    • Your right to escalate the complaint to the OAIC if you are not satisfied

External Complaint Options:

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  1. Notifiable Data Breaches Scheme

We are committed to protecting your personal information and preventing data breaches. However, if a data breach occurs, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

What is a Data Breach?

A data breach occurs when personal information we hold is:

  • Subject to unauthorised access or disclosure, or
  • Lost in circumstances where unauthorised access or disclosure is likely to occur

Eligible Data Breaches

An “eligible data breach” is a data breach that is likely to result in serious harm to affected individuals. Examples include:

  • Loss or theft of devices containing unencrypted personal information
  • Hacking or cyber attacks resulting in unauthorised access to personal information
  • Mistaken disclosure of personal information to the wrong person
  • Unauthorised access by employees or contractors
  • Disclosure of personal information to scammers

Our Response to Data Breaches

If we become aware of a suspected data breach, we will:

  1. Contain the breach (where possible) and take immediate steps to prevent further unauthorised access or disclosure
  2. Assess the breach within 30 days to determine whether it is likely to result in serious harm to affected individuals
  3. Notify affected individuals as soon as practicable if we determine the breach is an eligible data breach. Our notification will include:
    • A description of the data breach
    • The kinds of information involved
    • Recommendations about steps you should take in response
    • Our contact details for further information
  4. Notify the OAIC using the online Notifiable Data Breach form
  5. Take remedial action to prevent future breaches, which may include:
    • Reviewing and updating our security measures
    • Providing additional staff training
    • Engaging external security experts
    • Implementing new policies and procedures

Remedial Action

If we can take remedial action that eliminates the likelihood of serious harm before notifying individuals, we will do so. This may include:

  • Recovering the information before it is accessed
  • Rendering the information unintelligible (e.g., through encryption)
  • Taking action to prevent the misuse of the information

Reporting Data Breaches

If you become aware of a data breach or suspect that your personal information has been compromised, please contact us immediately at [email protected] or using the contact details in Section 13.

  1. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us understand how you use our site, remember your preferences, and improve your browsing experience.

Types of Cookies We Use

Essential Cookies (Always Active)

  • Necessary for the website to function properly
  • Enable basic features like page navigation and access to secure areas
  • Cannot be disabled without affecting site functionality

Performance Cookies (Optional)

  • Collect information about how visitors use our website
  • Help us understand which pages are most popular
  • All information is aggregated and anonymous
  • Examples: Google Analytics

Functionality Cookies (Optional)

  • Remember your preferences and settings
  • Enable personalised features
  • May remember your language preference or region

Marketing Cookies (Optional)

  • Track your browsing activity across websites
  • Used to deliver relevant advertisements
  • May be set by third-party advertising networks
  • Examples: LinkedIn Insight Tag, Facebook Pixel

Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies when you close your browser
  • Set alerts when a website tries to set a cookie

Browser Instructions:

  • Chrome: Settings > Privacy and Security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Privacy, search, and services > Cookies and site permissions

Important: Disabling certain cookies may affect the functionality of our website. Essential cookies cannot be disabled through browser settings.

For more information about cookies and how to manage them, visit:

Web Analytics

We use web analytics services (such as Google Analytics) to collect information about website usage. These services use cookies and collect information such as:

  • IP addresses (anonymised)
  • Browser types and versions
  • Pages visited and time spent on pages
  • Referring websites
  • Device types and screen resolutions

This information helps us understand visitor behaviour and improve our website and services. Analytics data is aggregated and does not personally identify individuals.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available at: tools.google.com/dlpage/gaoptout

Do Not Track Signals

Some browsers have a “Do Not Track” feature that signals websites you visit that you do not want to have your online activity tracked. At this time, our website does not respond to “Do Not Track” signals, but you can manage cookies through your browser settings as described above.

  1. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not operated or controlled by us. Examples include:

  • Social media platforms (LinkedIn, Facebook)
  • Job boards and recruitment platforms
  • Client and partner websites
  • Service provider platforms

Important: We are not responsible for the privacy practices or content of these third-party sites and services. This Privacy Policy applies only to information collected by Staffstream. We encourage you to review the privacy policies of any third-party sites you visit.

When you click on a third-party link, you are subject to the terms and privacy policies of that third party. We do not endorse or make any representations about third-party websites or services.

Social Media

We may use social media platforms to communicate with candidates, clients, and the public. When you interact with us on social media:

  • Your interactions are governed by the privacy policy of that social media platform
  • Information you post publicly can be seen by others
  • We may collect information you provide to us through social media messages

If you do not want us to collect information from your social media profile, please contact us directly using the details in Section 13.

  1. Children’s Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you are under 18, please do not provide us with any personal information.

If we become aware that we have inadvertently collected personal information from a person under 18 without parental consent, we will take steps to delete the information as soon as practicable.

If you believe we have collected information from a child under 18, please contact us immediately using the details in Section 13.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our information handling practices
  • Technology and security measures
  • Legal requirements and regulations
  • Our business operations and services

When we make changes, we will:

  • Update the “Last Updated” date at the top of this Privacy Policy
  • Notify you of significant changes via email (if we have your email address) or through a prominent notice on our website
  • Seek your consent where required by law

What Constitutes a Significant Change:

  • Changes to the types of personal information we collect
  • Changes to how we use or disclose your information
  • Changes to overseas disclosures
  • Changes to your rights

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after we post changes constitutes your acceptance of those changes.

You can access previous versions of this Privacy Policy by contacting us using the details in Section 13.

  1. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us via mail or call.

We aim to respond to all privacy-related enquiries within 30 days. For urgent matters (such as suspected data breaches), please mark your communication as “URGENT” and we will prioritise your enquiry.

Office Hours: Monday to Friday, 9:00am to 5:00pm AEST (excluding public holidays)

  1. Consent and Acknowledgement

By using our services, submitting your personal information to us, or continuing to interact with us after we update this Privacy Policy, you acknowledge that you have:

  • Read and understood this Privacy Policy
  • Had the opportunity to ask questions or seek clarification
  • Agreed to be bound by the terms of this Privacy Policy

For Candidates

By submitting your application or registering with us, you specifically consent to and authorise:

Collection and Use:

  • Us collecting, using, and storing your personal information as described in this Privacy Policy
  • Us conducting background checks, police checks, and verification of your qualifications and employment history (where required and with your specific consent)
  • Us retaining your information in our candidate database for future opportunities

Disclosure:

  • Us contacting your referees and previous employers to verify your information and obtain references
  • Us sharing your information with potential employers (clients) for specific opportunities (we will always confirm with you before sharing your details with a specific client for a specific role)
  • The international transfer of your information to the Philippines and other countries as described in Section 6

Communication:

  • Us contacting you about suitable job opportunities via email, phone, or SMS
  • Us sending you service-related communications about your application or placement

Recording:

  • Video interviews may be recorded for assessment purposes (we will notify you before recording)
  • Phone calls may be recorded for quality control and training purposes (we will notify you at the start of the call)

Duration:

  • Your consent remains valid until you withdraw it by contacting us using the details in Section 13

Withdrawal:

  • You may withdraw your consent at any time, but this may affect our ability to provide services to you
  • Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
  • Some processing may continue where we have another legal basis (e.g., legal obligations)

For Clients

By engaging our services, you consent to and authorise:

  • Us collecting, using, and storing your business and contact information
  • Us disclosing your information to candidates as part of the recruitment process
  • Us using your information to provide our services and improve our business operations
  • The international transfer of information as described in this Privacy Policy

Refusing or Withdrawing Consent

If you do not agree with any aspect of this Privacy Policy or wish to withdraw your consent:

  • You may do so at any time by contacting us using the details in Section 13
  • Please note that refusing or withdrawing consent may affect our ability to provide services to you
  • We may still retain some information where required by law or for legitimate business purposes
  1. Definitions and Interpretation

For the purposes of this Privacy Policy:

“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

“Sensitive Information” means personal information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, or genetic information.

“APPs” means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth).

“APP Entity” means an entity that is subject to the Australian Privacy Principles under the Privacy Act 1988 (Cth).

“OAIC” means the Office of the Australian Information Commissioner.

“You” and “your” refer to the individual or entity whose personal information we collect, use, or disclose.