Unily Australia Pty Ltd (“Unily”) is committed to the privacy of personal information in accordance with Australian privacy laws. This privacy notice applies to all current, former, and prospective employees, workers, and contractors of Unily.
It outlines how we collect and use your personal information before, during, and after your employment or engagement with us, and how we comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) as amended from time to time (‘Privacy Act’).
It is essential to read this notice along with any other privacy notice we provide on specific occasions when we collect or process your personal information so that you are aware of how and why we use it.
Our privacy notice is regularly reviewed to maintain transparency and accuracy. We encourage you to check it frequently for updates, and we will notify all staff of any significant changes.
Please note that this notice does not form part of any employment or service contract.
We are committed to complying with the Australian Privacy Principles and as part of this commitment, we ensure that your personal information is:
Personal information means any information or an opinion about an identified individual, or an individual who is reasonably identifiable. It does not include data where a person’s identity has been removed (“anonymous data”).
The Privacy Act recognises that certain categories of personal information are more sensitive and require a higher level of privacy protection. This is referred to as “sensitive information”.
We may collect, store, and use the following categories of personal information:
We may also collect, store and use the following types of sensitive personal information:
Certain categories above may not apply to you if you are an agency worker, independent contractor, freelancer, volunteer, intern, or a member of the Executive Leadership Team.
We typically collect personal information about employees, workers and contractors through the application, recruitment and on-boarding process, either directly from candidates or sometimes from an employment agency. We will also collect additional information from third parties including former employers and background check agencies.
We will collect additional personal information in the course of job-related activities throughout the period of you working for us. This will include your information from your line manager (for example, in respect of performance reviews) or, from time to time, from other managers or colleagues (for instance, in the course of conducting an investigation).
We may also receive personal information from other third parties, for example clients, tax authorities, benefit providers, brokers and regulatory bodies to the extent permitted by applicable laws.
We use CCTV in and around our buildings to maintain the security of property, premises, and staff, and for the prevention and detection of crime. For these reasons, personal information may be collected through the means of CCTV, including visual images, and information revealing personal appearance or behaviours.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
We may also use your personal information in the following situations, which are likely to be rare:
We need all the categories of personal information in the list above (see The kind of information we hold about you) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. We also use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The situations in which we will process your personal information are listed below. As demonstrated, some of the below grounds for processing overlap and there may be several grounds which justify our use of your personal information.
|
Purpose |
Justification |
|---|---|
|
Recruitment and selection, including but not limited to processing of the personal information included in CVs, references, interview sheets, pre-employment forms, and results from assessment tests. |
The processing is necessary for the purpose of the legitimate interests pursued by Unily, in ensuring that only suitable and appropriate candidates are assessed, shortlisted and selected. |
|
Appropriate vetting and background checks for recruitment and team allocation including, right to work verification, relevant employment or engagement history, academic/education checks and professional qualifications and bringing you on-board and creating an employment record. |
The processing is necessary for the compliance with legal obligations to which Unily is subject. The processing is also necessary to take steps at the applicant's request to enter a contract of employment. |
|
Providing and administering remuneration, bonus and pension schemes, benefits and incentive schemes and reimbursement of business costs and expenses and making appropriate pension, tax and social security deductions and contributions; |
The processing is necessary to perform the contract between you and Unily and necessary for compliance with legal obligations. |
|
General employee management, including:
|
The processing is necessary to perform the contract between you and Unily and, where necessary, for compliance with legal obligations. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in managing its workforce and ensuring that each employee undertakes appropriate duties, are properly trained and undertake their roles correctly and in accordance with appropriate procedures. |
|
Identifying and communicating effectively with employees, including managing internal directories to facilitate contact and effective working and communication; |
The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in undertaking normal business operations and maintaining a dialogue with employees to ensure effective management and job satisfaction. |
|
Managing and operating appraisal, conduct, performance, capability, behavioural, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR and legal compliance processes and making related management decisions; |
The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in addressing employee related concerns and issues and resolving the same and complying with applicable laws and regulations. |
|
Training, development, promotion, career and succession planning and business contingency planning; |
The processing is necessary to perform the contract between you and Unily. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in effective employee management to support its long-term business goals and outcomes to ensure it continues to retain as well as attract high calibre employees. |
|
Processing information about absence or medical information regarding physical or mental health or condition in order to:
|
The processing is necessary for the compliance with legal obligations to which Unily is subject. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in ensuring that employee undertakes appropriate duties, are properly trained, supported by management and undertake their roles correctly and in accordance with appropriate procedures. |
|
Complying with reference requests where Unily is named by the individual as a referee; |
This processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it is in the legitimate interests of a new employer to receive confirmation of employment or engagement details from Unily for the purposes of confirming the former employee's employment or engagement history. |
|
Operating email, IT, internet, social media, HR related and other company policies and procedures. To the extent permitted by applicable laws, Unily carries out monitoring of Unily’s IT systems to protect and maintain the integrity of Unily’s IT systems and infrastructure; to ensure compliance with Unily’s IT policies and to locate information through searches where needed for a legitimate business purpose; |
The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in managing its workforce and operating its business through IT systems. The HR IT function is essential to ensuring that this can be carried out in the most effective way. |
|
Protecting the private, confidential and proprietary information of Unily, its employees, clients and third parties and protecting the security of our sites, systems, employees and visitors e.g. through the use of CCTV; |
The processing is necessary for the compliance with legal obligations to which Unily is subject. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in ensuring that its business, clients, employees and systems are protected. This includes protecting our assets and the integrity of our systems; and detecting and preventing loss of our confidential information and proprietary information. |
|
Complying with applicable laws and regulations (for example, maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations); |
The processing is necessary for the compliance with legal obligations to which Unily is subject. |
|
Planning, due diligence and implementation in relation to a commercial transaction or service transfer involving Unily that impacts on your relationship with Unily for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules; |
The processing is necessary for the compliance with legal obligations to which Unily is subject. This processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily needs to make decisions relating to the future of its business in order to preserve its business operations or grow its business. |
|
Where relevant, for publishing (including via social media in appropriate circumstances) internal or external communications or publicity material; |
The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest to support its long-term business goals and outcomes and Unily wishes to maintain its reputation. Note: employees’ will be provided with the opportunity to opt out. |
|
To support HR administration and management and maintaining and processing general records necessary to manage the employment, employees or other relationship and operate the contract of employment or engagement; |
The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject. The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in effective employee management to support its long-term business goals and outcomes. |
|
To enforce our legal rights and obligations, and for any purposes in connection with any legal claims, reports of violations or allegations made by, against or otherwise involving you. |
The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in protecting its organisation from breaches of legal obligations owed to it and defending itself against litigation. This is needed to ensure that Unily’s legal rights and interests are protected appropriately, to protect Unily’s reputation and to protect Unily from other damage or loss. The processing is also necessary for the compliance with legal obligations to which Unily is subject. |
|
To monitor the existence or absence of equality of opportunity or treatment for Unily’s employees regardless of sex, ethnic or racial origin, religious or philosophical beliefs, sexuality or disability, with a view to enabling such equality to be promoted or maintained. |
The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in monitoring and promoting equal opportunities in the recruitment process and workplace. This also helps Unily to ensure compliance with its legal obligations in this regard. |
|
The use of employee photographs for internal business purposes, to generate employee engagement within the workplace. |
The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in generating employee engagement within the workplace as part its efforts to maintain employee motivation, satisfaction, and retention levels. Note: employees’ will be provided with the opportunity to opt out. |
Please note that this not an exhaustive list and we may process your data for other purposes that are consistent with the purposes for which your personal information is primarily held or for a related secondary purpose. Further, additional information regarding specific processing of personal information may be notified to you locally or as set out in applicable policies.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers). Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated.
We will only use your personal information for the primary purposes for which we collected it, unless we reasonably consider that we need to use it for another secondary purpose and that reason is compatible with the primary purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal justification which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We recognise that sensitive personal information requires a higher level of protection. As such, we will only process this type of personal information where it is strictly necessary for us to collect, store, and use it.
For example, we may process sensitive personal information in the following circumstances:
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
We will use sensitive personal information in the following ways:
In certain circumstances, will be required to approach you for your written consent to allow us to process your sensitive personal information, where required under the Privacy Act. Where we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our legal obligations in connection with employment law.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where it is necessary for preventing or detecting unlawful acts.
Our appropriate policy document provides further information about this processing.
We will share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your personal information and to treat it in accordance with the law.
Information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in Australia. If we do, we will take steps to ensure that your personal information is adequately protected.
We may share your personal information with third parties for the purposes for which it is primarily held or for a related secondary purpose, including: (i) where required by law, regulation or legal process (such as a court order or subpoena); (ii) where it is necessary to administer the working relationship with you; (iii) in response to lawful requests by government agencies; or (iii) where we have another legitimate interest in doing so. In some cases, we may only disclose information with your consent.
The following are examples of third-parties with whom personal information about you may to be shared with:
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our Data Protection Policy. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
We will share your personal information with other entities in our group, including Unily Inc (USA) and Unily Group Limited (UK) where required to, for example, run global processes, carry out group wide reporting, and assist with workforce planning.
The global nature of our business means that your personal information will routinely be shared with other entities in our group outside of Australia, namely in the USA and UK. Unily has an intra-group data transfer agreement in place which regulates cross-border transfers of your personal information within the group.
Certain suppliers and service providers may also have personnel or systems located outside of Australia. As a result, your personal information may be transferred to countries outside of the country in which you work to countries that may not offer a level of protection of personal information equivalent to that offered within Australia. Where third parties process your personal information outside of Australia, we will take steps to ensure that your data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes.
We have put in place measures to protect the security of your personal information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have implemented appropriate security measures to prevent unauthorised access, alteration, disclosure, or accidental loss of your personal information. Only authorised employees, agents, contractors, and third parties with a business need to know will have access to your personal information, and they are subject to a duty of confidentiality.
We have an Incident Management Policy that outlines the process for investigating, managing, and resolving incidents, which are monitored by the Information Security Manager and the Data Protection Officer. In the event of a personal information breach occurring that impacts you, we will notify you and any relevant regulatory authorities where legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Retention periods can vary depending on why we need your data, as set out below:
|
Record Type |
Retention Period |
|
Payroll wage/salary records (including overtime, bonuses, expenses) |
7 years post-employment. |
|
Income tax and NI returns, income tax records and correspondence with HMRC |
7 years post-employment |
|
Employee file data |
7 years post-employment* *data may be retained beyond its retention period in limited circumstances such as to raise, defend, continue litigation or other dispute resolution process or for insurance reasons. |
|
Recruitment data – successful candidates |
7 years post-employment |
|
Recruitment data – unsuccessful candidates |
7 years post-campaign |
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our retention schedule.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under the Privacy Act, you are entitled to:
If you wish to request access to or the erasure of your personal information, please contact the Data Protection Officer using the contact details provided below.
We will not charge you for processing a request to correct your personal information. Equally, you will not generally have to pay a fee to access your personal information. However, in certain circumstances, such as if your access request is particularly complex or voluminous, a small administrative fee may be payable to cover our expenses in dealing with the request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access or correct the information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it or amended by an unauthorised person.
We have appointed a Data Protection Officer to oversee Unily’s privacy compliance. If you have any questions or concerns about this privacy notice or our privacy practices, the Data Protection Officer and wider Data Protection Team can be contacted at privacy@unily.com.
If you have a complaint, we will investigate the issue and ensure it is handled in an appropriate and reasonable manner. Where necessary, we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you.
If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Classification: Public
