Effective Date: 1st January 2021

MyPass® Privacy Policy

At MyPass Global, Data Governance and Information Security are paramount to us and our customers.

That is why we (MyPass Global, MyPass Inc, MyPass Australia Pty Ltd and all of our corporate affiliates) have put together this Privacy Policy.

MyPass Global exists to empower safe, agile, and connected communities. We work hard to deliver an easy to use service that protects your data and puts you in control of your information.

This Privacy Policy tells you how we take the utmost care to collect, store, use and disclose your personal information. We obtain this from you through our website, any social media page we maintain, and when you reach out to us directly such as by email. We encourage you to read this Privacy Policy carefully so that you understand our information handling practices. This Privacy Policy does not limit or exclude any rights that you have or may have under the Privacy Act 1988 (Cth) (Australia Privacy Act), the Privacy Act 2020 (New Zealand Privacy Act), and Privacy Act 2020 (California Consumer Privacy Act) or under any other applicable law. Capitalised terms in this Privacy Policy have the meaning given to them in the Terms of Use.

Be assured that we never take your privacy for granted, and because we are guided by privacy laws, you can be sure we take your rights seriously.

We believe that by using our service you can improve the security of your information as the alternative is sharing your information with multiple organisations by hand, through email, or through other websites where you are unable to track, edit, and have any control over it. Using MyPass empowers you to control your information by allowing you to view exactly what you have shared with us and edit this (including deleting it) from our system. Using our service gives you peace of mind that your information is stored with one service that utilises high-quality security systems. This includes maintaining ISO 270001 certification.

Purpose of Collection and Holding Personal Information

We collect personal information through the Service so we can:

- Provide the Service to you and others

- Match your profile and skills to jobs and provide your details to your employer, business partner or the end users whose locations you may work at

- Identify our customers, potential customers, and their representatives

- Inform you of any initiatives we think may be of interest to you

- Inform you or others about our products and services and the benefits of using our products and services

- Provide you or others with information about offers or other benefits that may become available

- Seek your opinion or comments about our products and services.

- Carry out billing and/or debt recovery activities

- Carry out our management, administrative quality assurance and complaint handling activities in a professional and efficient manner

- Develop and implement initiatives to improve our products and services


How We Collect Personal Information

Generally, we collect an individual’s personal information from that individual. For example, we gather contact information, job classifications and other work-related information during the worker registration.
We may also collect personal information from someone other than the individual, for example from the company with whom you work, from End Users (such as asset owners or facility operators) on whose site or facility you have been engaged, medical facilities, training institutions, industry associations or background check providers.

How We Hold Personal Information

We take reasonable steps to keep secure any personal information that we hold about you and to protect your personal information from loss, misuse, or unauthorised alteration. Any personal information you provide to us is stored on servers with high-security measures. Access to personal information is limited to those who specifically need it to carry out their business responsibilities. For Personnel, this may be our personnel, your current employers, your future employers or End Users on whose site or facility you have been engaged, or others you share it with through the Service. For Employers, this may be our personnel, End Users to whom you provide services, or others you share it with through the Service.

We also maintain physical security procedures to manage and protect the use and storage of records containing personal information. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and our reasonable security measures may not be sufficient in all cases.

To help us protect your privacy, you should maintain the secrecy of the access credentials (i.e. user name and password) you use to access and use our website.

Use and Disclosure of Personal Information

We use and disclose the personal information we collect for the primary purpose for which it is collected as set out above, for reasonably expected secondary purposes which are directly related to the primary purpose (and in the case of sensitive personal information, directly related to the primary purpose), and in any other circumstances authorised by applicable law, including the Australia Privacy Act, the New Zealand Privacy Act, and the California Consumer Privacy Act (as applicable).

We usually disclose the personal information we collect to our related entities, vendors and service providers (such as IT service vendors, website hosting facilities, and email distribution services) and Business Partners (End Users, Institutions, background check providers, medical facilities, industry associations, integration partners) who help us supply our products and services.

Please note that Employers will not be able to use the Service to search for individuals. Employers will only be able to see information about you in the Service if you accept an invitation to connect with them.

Except where indicated above, we will not use or disclose personal information unless:

- The individual concerned has consented to the use and disclosure

- The third party is an Employer, your Employer’s client, End User or Business Partner, in which case we will require them to use and disclose the personal information only for the purpose for which it was provided to them

- The third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business

- The disclosure is to a related body corporate or affiliate

- The disclosure is permitted, required or authorised by or under law

- The disclosure is required or appropriate to protect your, our, or other’s rights, property, or safety

- We are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, and your information may be disclosed in connection with the negotiation of such transaction, and/or transferred as part of such a transaction as permitted by law and/or contract

Information We Collect

To provide you and our other customers with our products and services and operate our business, we may collect and use personal information about you and others. If we are not provided with all the personal information we request, we may not be able to supply our products and services. The types of information we collect through our Service include personal identifiers (such as names, physical addresses, email addresses, phone numbers, government identification numbers, unique student identifiers, and driver’s licences), sensory information (such as photo ID cards, passports, and profile photos), personal characteristics (such as date of birth), professional, employment, and education information (such as job classifications, resumes, evidence of rights to work (such as a temporary visa with entitlement to work, passport, certificate of citizenship or birth certificate), other work licences, training documentation and qualifications, referee details, and contact information of others (such as emergency contacts, and other contact details).

As part of your use of the Service, we may also give you the option of sharing with us information about your ethnic origin (currently this option is whether or not you identify as being an Aboriginal, Torres Strait Islander or Maori), gender or health (e.g. immunisation records and pre-employment medicals). However, where we are required to and it is practicable to do so, we will seek your consent before collecting this information and inform you of the purpose at the same time. This information may be ‘sensitive information’ and/or ‘protected class information’ under Australia’s Privacy Act 1988 and other applicable laws.

Automatic Data Collection:

We do not sell your personal information. When you visit our website or open our emails, we and our third-party partners, such as advertising networks, social media widgets, and analytics providers, collect certain information by automated means, such as cookies, web beacons and web server logs. We currently use Google Analytics to collect and process certain website usage data. To learn more about Google Analytics and how to opt-out, please visit https://policies.google.com/technologies/partner-sites. You may be able to change browser settings to block and delete cookies when you access our website through a web browser. However, if you do that, our website may not work properly. For more information, please see the ‘Cookies & Advertising Partners’ section of this Privacy Policy. Our website does not respond to browser do-not-track signals.

We may use this information, for example, to determine how many users have visited certain pages or opened messages or newsletters, and to prevent fraud. We may link this data to your profile. Our partners also may collect and combine information collected on our website and emails with other information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners. The information collected by automated means (such as cookies, web beacons and web server logs) includes online identifiers (such as IP address and device IDs), website activity information (such as website clicks, content and page views, the website each visitor visited prior to our website, domain type, browser version, and internet service provider), and inferences about your browsing behaviour and interests created from the information listed above.

Our Social Media Pages:

If you post information on our social media pages, we may collect personal identifiers and characteristics (such as your social media username). Note that the third-party operators of social media websites also receive such information, and their use of your personal information is governed by their own privacy policies.

Cookies & Advertising Partners

We use third-party advertising services (such as Google Adwords) to serve advertisements on our behalf. When you visit our website and other websites the third-party analytics services help us understand and improve the usage of our website and the effectiveness of our marketing efforts. In some situations, we allow access to your information to enable the delivery of online advertising to you and others on our website and on other websites and online services from us and our third-party advertising partners, or to send you information we think may be useful or relevant to you.

You may be able to opt-out of receiving personalized advertisements on this browser or device from advertisers, or other advertising networks who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioural Advertising by visiting the opt-out options of each of those organizations. Links to those websites are here:
Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/

You may be able to change browser settings to block and delete cookies when you access our website through a web browser. When you opt-out of personalised advertising, you may continue to see online advertising on our website and/or our ads on other websites and online services.

Marketing

We may use personal information to advise the individual concerned about new products and marketing initiatives that we think may be of interest to them. This may include product and service offerings, newsletters, and general information about us.
Those who prefer not to receive information about our products and services can ask to be removed from the relevant circulation list by contacting us at enquiries@mypassglobal.com

Your Privacy Rights

Certain jurisdictions have specific legal requirements and grant privacy rights with respect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law. For example, you may have the right to review, correct, and delete personal information we have about you, or to consent or withdraw consent to certain uses or sharing of personal information. You may be able to use the Service to access and update the information that you have provided to us through your use of the Service or otherwise.
When you make a request, we may require that you provide information and follow procedures so that we can verify a request you make and your jurisdiction before responding to it. The verification steps we take may differ depending on your jurisdiction and the request. We will match the information that you provide in your request to information we already have on file to verify your identity. If we can verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request.

Privacy Rights under the Australia Privacy Act and the New Zealand Privacy Act

This section applies to personal information of individuals in Australia and New Zealand.

Access. If at any time you want to know what personal information we hold about you, you are welcome to request access to that information by contacting us, using the details listed below. Unless your request is marked as urgent, we will aim to respond to you within 20 working days of your request

We may deny your request for access where:

- The access impacts on the privacy or safety of others

- The request for access is frivolous or vexatious or the information requested is trivial

- There are existing or anticipated legal proceedings

- Such access can be denied under the Australia Privacy Act or the New Zealand Privacy Act (as applicable) or under any other applicable law or by a law enforcement agency

If we deny your request for access, we will let you know why. If the New Zealand Privacy Act applies to your request, you have the right to make a complaint to the Privacy Commissioner of New Zealand in respect of our refusal.

We may also charge a fee to cover the reasonable costs we incur in processing your request.

Quality & Correction. At all times we strive to ensure that the information we hold about you is accurate, complete, up to date and not misleading. If at any time you believe the personal information that we hold about you is incorrect, incomplete, or inaccurate, you should let us know at enquiries@mypassglobal.com. We will use all reasonable efforts to correct the information.

Privacy Rights under the California Consumer Privacy Act

This section applies to the personal information of California consumers as governed by California law including the California Consumer Privacy Act (“CCPA”). Although the CCPA is a California law, it applies to any company that “does business in the State of California”.

We do not sell the personal information about you that we collect when you visit our website. We also do not rent, sell, or share personal information (as defined by California Civil Code § 1793.83) about you that we collect with other people or unaffiliated companies for their direct marketing purposes, unless we have your permission.

Under the CCPA, a California consumer has the following rights: to request additional information about our data collection, use, disclosure, and sales practices in connection with the consumer’s personal information; to request the specific personal information collected about the consumer during the previous 12 months; and to request the deletion of the personal information we have about the consumer. A California consumer may not be discriminated against for exercising the consumer’s California privacy rights.

You may use the Service to exercise many of the rights listed above. You may also make a request by email at enquiries@mypassglobal.com or through the website chat enquiry form. In most cases, you will be required to provide your name and possibly your postal address, email address, telephone number, and date of birth so that we can verify your request. In some cases, additional information may be required. However, the verification steps we take may differ depending on the request. Where possible, we will attempt to match the information that you provide in your request to information we already have on file to verify your identity. If we can verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us do so. We will respond to your request within the 45-day time period required by applicable law. However, we may not always be able to fully comply with your request, and we will notify you in that event.

Under the CCPA, California consumers may use an authorised agent to make privacy rights requests. We require the authorised agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that demonstrates authorisation to submit a request for the California consumer. An authorised agent must follow the process described above to make a request, and we will also (a) require the authorised agent to verify the agent’s own identity and (b) confirm the agent’s authority with the California consumer about whom the request was made.

Changes to our Privacy Policy

As we evolve our business processes and policies will be reviewed and may be revised. We may change our Privacy Policy at any time. If we make any material changes, we will provide notice through the Service or by other methods. By continuing to use our Services, you agree to be bound by the Privacy Policy as amended.

Complaints

We are committed to constantly improving our procedures so that personal information is treated appropriately. If you feel that we have failed to deal with your personal information in accordance with this Privacy Policy or in accordance with the Australian Privacy Principles set out in the Australia Privacy Act or the Information Privacy Principles set out in the New Zealand Privacy Act (as applicable), please contact us at enquiries@mypassglobal.com so we have an opportunity to resolve the issue to your satisfaction.
We will log your complaint and our privacy officer will:

- Listen to your concerns and grievances

- Discuss with you the ways in which we can remedy the situation

- Put in place an action plan to resolve your complaint and improve our information handling procedures if appropriate


Cross-Border Data Transfers

Where necessary and in accordance with privacy laws, we may need to transfer your personal information to another country. These transfers can take place within MyPass but also to MyPass Business Partners and selected third parties (as explained in the ‘Disclosure of information’ section of this Privacy Policy). Such transfers take place to enable us to provide you with our products and services, for marketing purposes and for customer relationship management purposes. We will only make such transfers of your personal information internationally in compliance with the Australia Privacy Act and New Zealand Privacy Act (as applicable) and other applicable laws.

Links to Third-Party Websites

Our website may contain links to third party websites. This Privacy Policy does not apply to the practices of other websites, and we are not responsible for the actions and privacy policies of the third parties that operate or interact with those other websites.

Contact Us

If you require more detailed information about our information handling practices or if you have any concerns about our handling of your personal information, please let us know by contacting us at:

Privacy Officer
MyPass Australia Pty Ltd.
Email: enquiries@mypassglobal.com

We will endeavour to respond to your concerns as quickly as possible.