Humanforce encourages being data privacy aware.
We at Humanforce (Humanforce Holdings Pty Ltd and its affiliates) respect your privacy and are committed to protecting your personal data. We take our obligations regarding the collection and processing of your personal data seriously. This Privacy Notice is intended to inform you about the conditions in which we collect, use, store, share, transmit, transfer, delete or otherwise process (collectively, “Process”) information relating to you (your “Personal Data”). In this Humanforce Privacy Notice we describe the measures we take to ensure the protection of your Personal Data. Importantly, we inform you about your rights and tell you how you can reach us to ask any questions you may have about this Privacy Notice and your Personal Data.
At Humanforce, we are committed to complying with all applicable legislation relating to Personal Data, including the European Union’s General Data Protection Regulation (“GDPR”), the Australian Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020 and any other applicable local law.
In this Privacy Notice, “you” and “your” means any covered individual. “We”, “us”, “our” and “Humanforce” means the global organisation of Humanforce entities.
What this Privacy Notice covers
This Privacy Notice applies to Humanforce across our global organisation and in all geographies where we operate.
This Notice applies to the collection and Processing by Humanforce, as controller of the Personal Data of: our applicants, employees of our customers or prospective customers, employees of our suppliers/vendors, our contractors/subcontractors and visitors to our websites.
This Privacy Notice does not apply when we provide Humanforce services as processor on behalf of our customers. If you wish to obtain information relating to the use by or on behalf of any of our customers, please contact the customer directly.
The Personal Data we collect from you may include:
We collect such information when:
We also collect information about you from other sources including our business partners, third parties from whom we purchase Personal Data and from publicly available information. The Personal Data we collect from these sources includes your business contact information, including mailing addresses, job titles, email addresses, phone numbers, IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content and event promotion.
We only collect or process Your Personal Data where we have a lawful reason to do so, as follows:
When you have given your consent to the processing of your Personal Data, you can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by mailing firstname.lastname@example.org.
How long we store your Personal Data
We only retain your Personal Data for as long as reasonable and necessary for the purposes we collected it or as long as required to satisfy any legal, accounting or reporting requirements. To determine the appropriate retention period for your Personal Data we take into account the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorised use or disclosure of the Personal Data, whether the purposes of the processing can be achieved in another way and the applicable legal requirements (such as applicable statutes of limitation).
Upon expiry of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
How we secure your Personal Data
Your Personal Data is securely stored on Amazon Web Services (AWS) servers in Australia and Dublin, Ireland. We use appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful alteration or loss and deploy security measures both digitally and physically to deter unauthorised use, disclosure or access.
We work to ensure appropriate and reasonable measures are deployed based on Privacy by Design and Privacy by Default principles, to safeguard and protect the processing of your Personal Data.
How we disclose your Personal Data
We share your Personal Data, in the following circumstances:
How we transfer your Personal Data internationally
Humanforce operates globally and we may transfer, store or process your Personal Data in a country that is not yours, including countries outside the European Economic Area (“EEA”) or United Kingdom. We have taken appropriate safeguards to ensure your Personal Data and your rights are protected in compliance with applicable data protection laws. In particular, if we transfer your Personal Data from the EEA or the UK to a country not recognized to provide adequate protection, such as the United States or, we enter into EU/UK standard contractual clauses with the data importer or implement any alternative mechanism as approved by the European Commission or other applicable regulator.
For further information, please contact us at email@example.com.
Cookies, use and management
What your rights are
Humanforce supports and commits to ensuring the protection of your rights under applicable laws, which may include (depending on the jurisdiction in which you are located):
You can request a copy of the Personal Data we hold about you. You may also request rectification of inaccurate Personal Data, or to have incomplete Personal Data completed.
Your right to be forgotten entitles you to request the erasure of your Personal Data in cases where:
(i) the data is no longer necessary for the purpose for which it was collected;
(ii) you choose to withdraw your consent;
(iii) you object to the processing of your Personal Data;
(iv) your Personal Data has been unlawfully processed;
(v) there is a legal obligation to erase your Personal Data;
(vi) erasure is required to ensure compliance with applicable laws.
You may request that processing of your Personal Data be restricted in the cases where:
(i) you contest the accuracy of your Personal Data;
(ii) Humanforce no longer needs your Personal Data for the purposes of the processing;
(iii) you have objected to processing for legitimate reasons.
You can request, where applicable, the portability of your Personal Data that you have provided to Humanforce. We will do this in a commonly used, and machine-readable format. You have the right to transmit this data to an alternative Controller where:
(i) the processing of your Personal Data is based on consent or on a contract; and
(ii) the processing is carried out by automated means.
You can also request that your Personal Data be transmitted to a third party of your choice (where technically feasible).
You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal Data, particularly in relation to profiling.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal impact for you or significantly affects you. We do not implement automated decision-making methods.
When the processing of your Personal Data is based on consent, you can withdraw it. This does not affect the lawfulness of the processing based on such consent before consent is withdrawn.
In the event you wish to exercise any of the rights listed above, please:
We will aim to respond to your request within the time limits imposed by applicable law. We typically do not charge a fee for you to access your Personal Data but may charge a reasonable fee for providing such access if your request is clearly unfounded, repetitive or excessive for us to respond to. We may also need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to a person who has no right to receive it.
Data collection and privacy of minors
We do not collect and process Personal Data of any child without the consent of the guardian where required. In particular, we do not promote or market our services to children. If you believe that we have mistakenly collected a child’s Personal Data, please notify us using the contact details provided below.
If you are a California Resident
We do not sell Personal Data. We may share the following categories of Personal Data with third party business partners and service providers with whom we have entered into contracts:
For information on how to exercise your rights under the California Consumer Privacy Act, including the right to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of your Personal Data and not to be denied goods or services for exercising these rights, please refer to the above “What Your Rights Are” Section.
Keeping this Privacy Notice up to date
We may update this Privacy Notice as required over time to reflect business changes or changing legal requirements by publishing a new version on our website. If we make any significant changes to this Privacy Notice, we will make reference to the change on our website stating when any changes are made. You are invited to check this page occasionally to ensure you are happy with any updates to it.
Privacy notices of other websites
Our website may contain links to, or may interface with, other websites. Our Privacy Notice applies only to our website. If you click a link to another website, you should refer to the third-party website’s privacy notice or policy.
How to contact us or the appropriate authority
To exercise your rights as described above or if you have any questions regarding this Privacy Notice or our privacy practices, please contact us via any of the following methods:
By mail to our Australian address:
Level 14, 90 Arthur Street
North Sydney, NSW, 2060
Attn: Privacy Officer
By mail to our UK address:
182-194 Union Street
London SE1 0LH
Attn: Privacy Officer
Our EU Data Protection Representative
Humanforce has appointed DataRep as its Data Protection Representative in the European Union for the purposes of the GDPR. You may contact DataRep either by sending an email to firstname.lastname@example.org or by posting your query to DataRep at their address in your country, as listed here.
Our Data Protection Officer
77 Farringdon Road
Under data protection laws you may lodge a complaint with a data protection supervisory authority in the country of your residence, your place of work or the place of the alleged infringement.
Last update: 20 September 2023.