white telephone iconSupport white telephone iconContact Us white telephone icon0800 622 6376

Personal Data Protection Notice

simPRO legal information

  1. Introduction

    In order to conduct our business, The simPRO Group Pty Ltd, a company established in Australia with company number 131 893 573 and its related bodies corporate which includes its offices in Australia, New Zealand, United Kingdom, Republic of Ireland, the United States of America, Canada, Singapore and The Netherlands (collectively referred to in this Notice as “simPRO”, “we”, “our” or “us”) need to process Personal Data of individuals that interact with us.

    We process Personal Data when we perform (whether or not by automated means) any operation or set of operations on it. For example, we process Personal Data when we collect, record, organise, structure, store, alter, retrieve, consult, use, disclose, disseminate, restrict, erase or destruct such Personal data.

    We consider the protection of your Personal Data a paramount corporate responsibility and we will always process Personal Data lawfully, fairly and in a transparent manner. This Personal Data Protection Notice (“Notice”) sets out the Personal Data we collect from you, why we collect it, how it is used and shared and your choices and rights regarding the use of Personal Data we collect. It is important that you read and retain this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you.

  2. Scope of this Notice

    This Notice describes how we process Personal Data of:

    • Our job applicants (including prospective employees, workers or contractors) whose Personal Data is processed as part of the recruitment process; and
    • Our current and former employees, workers and contractors;

    This Notice describes how we process Personal Data of:

  3. What is Personal Data?

    Personal Data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  4. How do we collect your Personal Data?

    We will primarily collect Personal Data from you either directly or indirectly from your interactions with us either during the recruitment process and/or, if you are ultimately engaged/appointed by us, we will collect additional personal information in the course of job, project or task-related etc activities throughout the period of your engagement/appointment as applicable. In some cases, we may also collect Personal Data about you from the following third parties:

    • Recruitment agencies who provide introduction or other services to us;
    • Background check providers who provide us with information on criminal convictions, credit reference and any other background checks that may be applicable to your engagement/appointment;
    • Your named referees who provide information used to help us determine your suitability for the role;
    • Publicly accessible sources such as social media; and
    • The trustees or managers of pension, health insurance or other benefits arrangements operated by us – although this does not apply to job applicants.

  5. What Type of Personal Data do we Collect?

    The type of Personal Data we collect depends upon who you are and the purpose for which the Personal Data is required. We have set out the categories of data that are applicable for job applicants and those applicable to our current and former employees, workers and contractors below.

    Applicable to Job Applicants

    We will process the following categories of personal information about you:

    • All personal information that is included in your Resume/curriculum vitae (CV), any covering letter and/or on our application form and/or from your named referees, which may include but is not limited to:
      • Personal contact information such as name, title, address, telephone number, personal email address;
      • date of birth;
      • gender
      • employment history
      • qualifications
      • certifications
      • competencies
      • memberships
      • interests (including types of roles you are interested in and interests outside of work)
    • Copies of right to work documentation (including any VISA required), references and other information.
    • Any information you provide to us during an interview, including those recorded in the form of interview notes.
    • Results of any psychometric tests which you have been asked to undertake or provide.

    Applicable to Current and Former Employees, Workers and Contractors

    In addition to the categories of data listed above that is collected and otherwise processed as part of the recruitment process, we may also process the following categories of personal information about you:

    • Marital status and dependents.
    • Next of kin and emergency contact information.
    • National Insurance number.
    • Date of birth.
    • Bank account details, payroll records, tax status and student loan information.
    • Salary, annual leave, pension and benefits information.
    • Start date and, if different, the date of your continuous employment.
    • Leaving date and your reason for leaving.
    • Location of employment or workplace.
    • Copy of driving licence.
    • Copy of car insurance and car registration (including MOT in the UK) certificates (for those using their own car for work purposes).
    • Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).
    • Compensation history.
    • Taxation information.
    • Performance information.
    • Disciplinary and grievance information.
    • Personal, pension and benefits information of other named beneficiaries you nominate under your policies.
    • CCTV footage and other information obtained through electronic means such as swipe card records.
    • Information about your use of our information and communications systems.
    • Photographs, including of home office setup.
    • Clothing size.
    • Veteran and military reservist information.
    • Results of HMRC employment status check (UK only).
    • Details of your interest in and connection with the intermediary through which your services are supplied.
    • Details of dealings with tax authorities.

    Sensitive Personal Data

    We may need to process certain ‘Special Category Data’ and/or ‘Criminal Offence Data’ (both as defined in The General Data Protection Regulation 2016/679 (“EU GDPR”) or EU GDPR as retained in the Data Protection Act 2018 or other applicable national legislation of the United Kingdom (“UK GDPR”)) and other data which is treated differently by law due to its sensitive nature.

    Applicable to Job Applicants.

    We may process the following categories of data:

    • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
    • Information about your health, including any medical condition, health and sickness records; and
    • Information about criminal convictions and offences.

    Applicable to Current and Former Employees, Workers and Contractors

    In addition to the categories of data listed above, we may process the following categories of personal information about you:

    • union membership;
    • whether and to what extent a collective or enterprise agreement applies;
    • where you leave employment and under any incentive plan operated by us or a a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision;
    • details of any absences (other than holidays) from work including time on parental leave (e.g. maternity or adoption certificates), sick leave and jury duty;
    • any lifestyle information required under a health insurance scheme operated by us;
    • any health information in relation to a claim made under a health insurance scheme operated by us;
    • where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and health insurance purposes; and
    • Genetic information and biometric data.

  6. How we Process your Personal Data – Lawful Basis and Purpose

    We will only process your personal information when the law allows us to. Unless otherwise stated in this Notice, we process Personal Data in order to perform a contract we have entered into with you, in order to comply with our legal obligations or, in some cases, our processing is undertaken for our Legitimate Interests. For example, during the recruitment process, it is in our legitimate interests to determine whether you are a suitable candidate for the role and to keep you updated with regards to the recruitment process. More specific examples of how and why we use your Personal Data are listed below. We may also collect and process your Personal Data for any other purposes for which you have provided your consent or if there is another lawful basis for doing so and the new purpose is compatible with the original purpose.

    Job Applicants

    We will process your personal information for the purposes of:

    • Making a decision about your recruitment or appointment. In order to do this we may process information provided on your Resume/CV, cover letter and/or application form and information obtained during the interview. We may also request references and carry out other background checks (for example criminal records checks;
    • Communicating with you about the recruitment process. We may contact you to arrange interview or give you feedback;
    • Keeping records related to our hiring processes; and
    • Complying with legal or regulatory requirements (for example laws relating to anti-discrimination and equal opportunities).

    Current and Former Employees, Workers and Contractors

    In addition to keeping records relating to the recruitment process and so as to manage your ongoing engagement/appointment, we will process your personal information where necessary for the purposes of:

    • Determining the terms on which you work for us;
    • Determining whether your engagement is deemed employment;
    • Checking you are legally entitled to work in the relevant jurisdiction;
    • Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax, statutory and voluntary contributions;
    • Providing any benefits which are due to you under your contract of employment or engagement;
    • Inviting you to participate in, granting awards under and administering any incentive plans operated by us or any related body corporate;
    • Enrolling you in pension, health insurance and other benefit arrangements;
    • Liaising with the trustees or managers of a pension, health insurance or other benefit arrangement operated by us;
    • Liaising with the trustees or managers of a pension, health insurance or other benefit arrangement nominated by you;
    • Administering the contract we have entered into with you;
    • Business management and planning, including accounting and auditing;
    • Conducting performance reviews, managing performance and determining performance requirements;
    • Making decisions about salary reviews and compensation;
    • Assessing qualifications for a particular job or task, including decisions about promotions;
    • Gathering evidence for possible grievance or disciplinary meetings or proceedings;
    • Making decisions about your continued employment or engagement;
    • Making arrangements for the termination of our working relationship;
    • Education, training and development requirements;
    • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
    • Ascertaining your fitness to work;
    • Managing sickness absence;
    • Complying with health and safety obligations;
    • To prevent fraud;
    • To monitor your use of our information and communication systems to ensure compliance with our IT policies;
    • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
    • To conduct data analytics studies to review and better understand employee retention and attrition rates;
    • Equal opportunities monitoring – see further information on processing for this purpose below;

    As may be applicable depending upon the nature (type and duration) of your engagement/appointment.

    Sensitive Personal Data

    We do not need your consent to process Special Category Data in order to carry out our legal obligations or exercise specific rights in the field of employment law or where the purpose of the processing is to protect you or another person from harm or to protect your well-being and if we reasonably believe that you need care and support, are at risk of harm and are unable to protect yourself. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so (for example equal opportunities monitoring or in relation to our occupational pension scheme).

    The situations in which we may process this type of your Personal Data are set out below:

    Applicable to Job Applicants

    • We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process; and
    • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

    Applicable to Current and Former Employees, Workers and Contractors

    • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer pensions and benefits. We need to process this information to exercise rights and perform obligations in connection with your employment;
    • If you leave employment and under any incentive plan operated by us or any group company the reason for leaving is determined to be ill-health, injury or disability, we will use information about your physical or mental health, or disability status in reaching a decision about your entitlements under the incentive plan;
    • If you apply for an ill-health pension under a pension arrangement operated by us or any group company, we will use information about your physical or mental health in reaching a decision about your entitlement;
    • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting; and
    • We will use union membership information to pay union premiums, register the status of a protected employee and to comply with employment law obligations.

    In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

    Criminal Offence Data

    We may process Criminal Offence Data where processing information about criminal convictions is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of any engagement with us where your application is successful.

    Any and all processing of Special Category and Criminal Offence data will be undertaken in accordance with our written Data Protection Policy and the safeguards we have in place for the processing of such data.

  7. Why our processing of your Personal Data is necessary

    We only process Personal Data when this is necessary (including where this is for our Legitimate Interests as detailed above). In particular, our ability to perform such functions, including our ability to make appropriate business decisions regarding your suitability for any role/job and our ability to perform any contract we may have entered into with you may be adversely affected if we do not process your Personal Data. It may also prevent us from complying with our legal obligations (such as to ensure the health and safety of our workers).

  8. Consent

    Except to the extent set out in this Notice or unless you are advised to the contrary, we do not use Consent as the lawful basis upon which we process your Personal Data.

  9. Automated decision-making

    Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We will only subject your Personal Data to automated decision making where:

    • we have notified you of the decision and given you 21 days to request a reconsideration.
    • it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
    • you give your explicit written consent to such automated decision making and where appropriate measures are in place to safeguard your rights.

  10. With whom do we disclose your Personal Data?

    We may disclose your Personal Data (which may sometimes include Special Category, Criminal Offence, or other sensitive Personal Data) to related bodies corporate as well as with third parties involved in the running of our business where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing. We might also be required to disclose your Personal Data to a third party:

    • to respond to a legal process such as a court order or subpoena or to comply with the requirements of applicable law
    • to protect the safety of any person; or
    • to address fraud, security or technical issues.

    In particular, we may disclose your Personal Data to the following parties:

    Related Bodies Corporate

    Where necessary for the internal and/or external operations of the simPRO group of companies, we may disclose your Personal Data between our related bodies corporate and/or offices across the world. See a list of our current locations here. This may result in your Personal Data being transferred to countries other than your country of residence including countries which may be subject to reduced privacy laws. We can confirm that simPRO entities are subject to the same corporate policies and procedures (including this Notice) and we will only transfer data in accordance with the provisions of section 11 of this Notice.

    Third Parties

    We may need to disclose your Personal Data to third parties who provide services we use to run our business (such as external service providers that assist simPRO to perform HR, information technology and security services functions).

    We may also need to disclose your Personal Data to:

    Applicable to Job Applicants

    • people you have authorised to interact with us on your behalf (such as recruitment agencies);
    • third parties who provide us services relating to any background checks required as part of the recruitment process; and
    • government authorities or other persons were obliged to do so by an applicable law.

    Applicable to Current and Former Employees, Workers and Contractors

    • third party administrators, nominees, registrars and trustees of any share plans you participate in;
    • the trustees or managers of any pension, health insurance or other benefits arrangements operated by us that you participate in;
    • prospective purchasers of all or part of our business or of any shares in simPRO;
    • our professional advisors (such as our lawyers and accountants); and
    • government authorities or other persons were obliged to do so by an applicable law.

    We do not allow our third-parties service providers to use your Personal data for their own purposes unless this was specifically notified to you. We only permit them to process your Personal data for specified purposes and in accordance with our instructions.

  11. Transfer of Personal Data

    Where disclosure to one of the parties mentioned above results in data being transferred to another country, we will only make such disclosure where we have a lawful basis for doing so and we shall ensure that the disclosure complies with all applicable laws. This may include entering into a legally binding contract with the recipient under which they are obliged to handle your information in accordance with applicable laws of that jurisdiction or a higher standard if required (for example to meet compliance with the requirements relating to international data transfer under EU GDPR and UK GDPR).

    You can request a copy of the safeguards that we have put in place relating to the international transfer of Personal Data under this section by using the contact details at section 16.

    For the purposes of this Notice, “disclose and disclosure” means to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your Personal Data to another person or entity.

  12. How do we keep Personal Data safe?

    We have an obligation to ensure that your Personal Data is protected from unauthorised processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your Personal Data is protected appropriately. These measures have been implemented and are reviewed regularly to protect your Personal Data from scenarios which may result in the accidental or unauthorised disclosure of your Personal Data as mentioned above. Further details on how we keep your Personal Data safe can be obtained by contacting us in accordance with the details set out in section 16.

    In the unlikely event there is a data breach, we will notify the relevant data protection authority as required by applicable law.

  13. For how long do we keep your Personal Data?

    We will only keep your Personal Data for as long as necessary to fulfil the purposes for which we are processing your Personal Data, unless the law requires us to retain it for longer. Further details on our retention policy can be obtained by contacting us in accordance with the details set out in section 16.

    If you are a Job Applicant, and your application is unsuccessful, we may retain your Personal Data for up to 12 months for the purposes of considering you for other roles within simPRO or to enable us to show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. However, we are under no obligation to retain your Personal Data for this purpose and may elect to delete your Personal Data at any time following an unsuccessful application.

    In accordance with our retention policy, we will ensure that all Personal Data is destroyed securely.

  14. What are your rights in relation to the Personal Data we collect?

    You have certain rights in relation to your Personal Data that we hold about you, though the details of these may vary depending on the country where you are based.

    In general, it is within your rights to:

    • request access to and obtain copies of any Personal Data we have collected from you;
    • request that your Personal Data be provided to you in a format that can be easily read; and
    • modify or rectify your Personal Data if it is no longer accurate.

    If you wish to exercise any of the above rights, please send your request to our Data Protection Officer using the contact details set out below.

  15. EU GDPR/UK GDPR Specific

    If you are a Data Subject of the UK or the EU, for the purposes of this Notice, simPRO is the “Controller” (as defined in EU GDPR and UK GDPR) in relation to your Personal Data and the terms “personal data”, “data subject”, “processing”, “special category data”, “criminal offence data” and “legitimate interests” used in this Notice, (whether capitalised or not), shall have the meanings given to them in EU GDPR and UK GDPR as applicable.

    In addition to the rights described in section 14 (What are your rights in relation to the Personal Data we collect), you have the right, in certain circumstances to:

    • request the erasure of your Personal Data (more commonly referred to as the “Right to be Forgotten”) if you believe it is no longer necessary for the purposes of which it was originally collected;
    • request the restriction of processing;
    • withdraw consent (where processing is being undertaken on the basis of consent) previously given at any time;
    • object to the processing of the Personal Data where processing is being undertaken on the basis of our (or a third party’s) Legitimate Interests; and
    • request the transfer of your Personal Data from simPRO to a third party.

  16. Contact Us

    If you:

    • have any questions or complaints in relation to this Notice or our use of your Personal Data
    • wish to inform us of a change or correction to your Personal Data or exercise any of the other rights available to you as a data subject; or
    • would like a copy of the information we collect on you in relation to this Notice or our use of your Personal Data

    please contact our Data Protection Officer using the following details:

    Name: Data Protection Officer
    Email: privacy@simpro.co
    Post: Attention: Data Protection Officer
    simPRO Software Limited
    Building 17, Garden City Office Park
    2404 Logan Road
    Eight Mile Plains QLD 4113
    Australia

    If you are not satisfied with simPRO’s response the regulatory body that governs privacy in your jurisdiction may be able to help you. Please contact our Data Protection Officer for details of the regulatory body that applies to you.

    We will ensure that your question, concern or complaint is dealt with as soon as practicable. We reserve the right to verify your identity before complying with the request.

  17. Changes to this Personal Data Protection Notice

    We will update this Notice from time to time where necessary to reflect changes in applicable laws or in our privacy compliance practices. The latest version of this Notice will always be available online through the simPRO website.

This Notice was last updated on 12 May 2022.

Top