Candidate privacy policy

Purpose and Scope

Probe recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This information includes existing and prospective customers of our clients and potential and existing employees and contractors that Probe collects personal information from or is provided with such information from our clients. This policy identifies how Probe collect and manage personal information. Probe is committed to handling personal information in an open and transparent manner consistent with the objectives of the Australian Privacy Principles.

Probe respects and are bound to all rights to privacy under the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, the Data Protection Act 2018 (DPA), the EU and United Kingdom General Data Protection Regulation (GDPR), New Zealand Privacy Act 2020 and the South Africa Protection of Personal Information Act 2013 as applicable (the Act). Probe complies with all of the statutory requirements in respect of the collection, use, management, disclosure, quality, security, access to and correction of personal information. This policy explains how and why Probe collect, use, hold and disclose your personal information. We may refer to these applicable acts and regulations as “Data Protection Legislation” in this privacy policy.

Application

This policy applies to all employees of Probe and all Probe related entities including Probe Operations Pty Ltd, Probe Group International Pty Ltd, GM Legal Pty Ltd, Convai Pty Limited, Convai (NZ) Limited, Probe Contact Solutions Australia Pty Ltd, Australian Support Services Pty Ltd, Probe Contact Solutions New Zealand and Probe Asia Pacific Pty Ltd and Probe North America Inc. Where the word ‘Probe’, ‘we’, ‘us’ and ‘our’ is used, it applies equally to Probe related entities. Where the word ‘employee(s)’ is used it applies equally to agency workers, contractors or subcontractors.

What is personal information?

When used in this policy, the term ‘personal information’ means any information or opinion about an identifiable individual or an individual who is reasonably identifiable from the information or opinion. Information or an opinion may be personal information regardless of whether it is true. This may include an individual’s name, address, telephone number, email address, credit card details, account number, and profession or occupation. If the information Probe collects personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information. This policy explains how Probe processes ‘personal data’ in the European Union (EU) as required under the GDPR

What types of personal information do Probe collect and hold?

Probe may collect the following types of personal information:

• name
• signature;
• mailing or street address;
• email address and telephone and fax number;
• age or birth date;
• system access passwords;
• profession, occupation or job title;
• where you are our employee, your personnel records including your employment agreement, pay records, leave records, tax status, criminal record checks, superannuation records, educational qualifications, training records, and performance and disciplinary records;
• where you are our customer, details of the products and services you have purchased from us or our customers (on whose behalf we may provide products or services) or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
• Where you are a customer of our client and we are verifying your identity, your name, residential address and date of birth;
• where you are a customer of our client and we are discussing overdue debts, details of your employment and bank account details;
• credit card details;
• details of your creditworthiness and credit history;
• any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise; and
• information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.

Probe may collect the following information deemed to be sensitive:

• Health information relating to an individual;
• Racial or ethnic origin; and
• Criminal record checks.

The way Probe hold information will depend on why such information is being collected and for which client. Much of the personal information we collect and hold is done so by us when we are acting as the ‘agent’ or service provider of our customer. For example, we provide digital customer experience solutions and operate customer contact centres on behalf of many companies globally, from retailers to banks and other institutions. When you contact one of our operators at a contact centre, you may not necessarily be aware that the call centre is operated by Probe on behalf of our customer. Probehave set out in the Annexure to this policy some more detail around the information we may collect and hold in respect of each of our key businesses. Please read this carefully.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous data or aggregated information about how users use our websites. Probe do not re-identify this information to turn it into personal information.

We may, in further dealings with you, extend this personal information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions etc.

• Where we are acting as a Data Controller, we will process your personal information based on your consent and our legitimate interest.
• Where we are acting as a Data Processor, acting on behalf of companies that employ our services, the legal basis for processing your data is based on the performance of a contract. Therefore, we will not store, process or transfer your data unless we have an appropriate lawful reason to do so. Please contact the company about further information about how they process your personal information.

How do Probe collect and hold your personal information?

Personal information is only collected by lawful and fair means in accordance with the Act. We collect personal information directly from an individual unless it is unreasonable or impracticable to do so. When collecting personal information from an individual, we may collect in the following ways:

• through your access and use of our website;
• through your use of telephone and mobile communication (including but not limited to fixed line IVR services);
• through your use of electronic devices including tablets, supplied by us to you, or otherwise connecting to our systems in order to facilitate and enable you to perform your duties or to provide services to us;
• during conversations between you and our representatives;
• during correspondence between you and our representatives, including electronic correspondence;
• when you engage with us via social media; or
• when you complete an application, contract or purchase order.

Some of the personal information Probe holds or deals with is not actually collected by Probe. Because Probe is a leading provider of business process outsourcing, much of the data and personnel information it deals with is provided to it by its clients, and has not actually been directly collected by Probe from the individual concerned.

It is impracticable for us to collect information directly from you when we are acting as the ‘agent’ or service provider of our client, as our client has already collected the relevant information from you (or another third party), and our client has provided it to us for our use in providing services to or on behalf of our client. For example, we act on behalf of many customers in sending email communications. To enable us to do so we may use our customer’s database of personal information which our customer has supplied to us. It is impracticable for us to ‘recollect’ this information from individuals directly before we use it as requested by our client.

In respect of personal information which is provided to us by our clients, we do seek client assurances that all such personal information has been collected lawfully and in compliance with privacy laws and regulations we are subject to and that all required consents have been obtained for, and disclosure statements made in respect of, the intended use of that personal information. Probe however will not be responsible for, and accepts no liability in respect of, any failure by a client to do so.

We may also collect personal information from third parties who are not our clients including, for example, from third party companies such as data providers and brokers, credit reporting bodies, law enforcement agencies and other government entities.

If you apply for a job or contract with us, we will collect personal information about you from your referees. With your consent we may also use a third party service to ensure your employment, educational and identity records are valid. We may also check some details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases.

We collect limited information about users of our websites, for diagnostic and analytic purposes. We use cookies and gather IP addresses to do so, but we do not trace these back to individual users.

Providing Personal Information through Probe websites

Where an individual is required to provide personal information directly via a Probe website you acknowledge and accept that:

1. Probe may transfer your personal information to its related organisations overseas that includes the Philippines, New Zealand, South Africa and the United States of America.
2. Probe website also provides links to third party websites. Where you provide your personal information directly to these third party organisations the use of your personal information by them is not within Probe’s control and therefore we cannot accept responsibility regarding the use of your personal information by these organisations. It is recommended that you review the privacy policies of these organisations prior to providing your personal information.

What happens if Probe are unable to collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

• we may not be able to provide the requested products or services to you, either to the same standard or at all, or we may not be able to supply services to our clients which will enable our clients to do the same; or
• we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions, or we may not be able to supply services to our clients which will enable our clients to do the same; or
• we may be unable to tailor the content of our websites to your preferences, or we may not be able to supply services to our clients which will enable our clients to do the same; or
• if you are a client of ours, we may not be able to provide you with the products and services you require; or
• if you are a prospective employee, we may not be able to hire you; or
• if you are our employee, it may be a breach of your employment conditions to not provide us with the information; or
• if you are a contractor to us, you may not be able to provide your services to us.

For what purposes do Probe collect, hold, use and disclose your personal information?

We collect, hold and use your personal information so that we can:

• provide you with products and services, and manage our relationship with you;
• contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
• comply with our legal obligations and assist government and law enforcement agencies or regulators; or
• identify and tell you about other products or services that we think may be of interest to you.

If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.

Probe collects personal information so we can perform our business activities and functions and enables us to provide the best possible quality of customer service, products and services to our clients.

Probe primarily collects personal information from its clients and their customers when a product or service is used or requested (in the form of an email, telephone conversation, call recording, in writing, chatlog, or in person).

Details on how this personal information is managed will be in accordance with the client privacy management requirements that will be in addition to this policy.

A client’s privacy policies should also be referenced separately regarding personal information management for these client services and should in most circumstances be available publicly on a client’s website, or from their privacy officer directly.

Probe may collect personal information directly for its own business purposes i.e. if you are providing goods or services directly to Probe or, if you apply for employment. Note, if all necessary personal information is not provided, Probe may be unable to process a request or provide the services you require.

We collect, hold, use and disclose your personal information for the following purposes, in each case, either on our own behalf or when acting on behalf of a client:

• to provide products and services to you and our clients and to send communications requested by you and/ or our clients;
• to answer enquiries and provide information or advice about existing and new products or services;
• to conduct business processing functions including providing personal information to our related bodies corporate, clients, contractors, field officers, service providers or other third parties;
• to assess the provision of, and provide credit, to you;
• to undertake debt collection services on behalf of our clients;
• for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of PROBE Group, its related bodies corporate, clients, contractors or service providers;
• to provide your updated personal information to our related bodies corporate, clients, contractors or service providers;
• to update our records and keep your contact details up to date;
• to process and respond to any complaint made by you;
• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in cooperation with any governmental authority of any country (or political subdivision of a country);
• to process queries on our website and facilitate website access; or
• for other purposes with your consent, unless you withdraw your consent.

The ‘lawful processing’ grounds on which we will use personal information about you under Article 6.1 of the GDPR, where the GDPR applies to you, is where:

• You have given consent to the processing of your personal data for the specific purpose of acquiring goods and services (including to our client);
• Processing is necessary for the performance of a contract to which you are a party or in order to action a request you have made prior to entering into a contract (this includes a contract with a Probeclient); or
• Processing is necessary for compliance with a legal obligation to which either Probe or our client are subject to.
• Processing is in the Probe’s legitimate interest, where such interest are not overridden by your interests or fundamental rights and freedoms.

Where you are our employee, we may collect, hold, use and disclose your personal information for all purposes connected with our employment relationship. This includes hiring you, training you, administering your personnel records (including pay and leave records), and managing your performance.

We may also use your personal information for other purposes related to those described above, and/or for a purpose for which you would reasonably expect it to be used, as permitted by the applicable Data Protection Legislation.

Except as provided below, your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy. We do not disclose personal information we obtain when acting on behalf of one client, to any other client, unless directed by the client.

Probe sometimes handles personal information relying on exemptions under the applicable Data Protection Legislation. Under the Australian Privacy Act 1988 (Cth), these include exemptions in relation to

1. employee records;
2. related bodies corporate;
3. provision of services to State or Territory authorities; and
4. overseas operations relating to personal information of non-Australians. Any permitted handling of personal information under such exemptions will take priority over this Privacy Policy to the extent of any inconsistency.

To whom may we disclose your information?

We may disclose your personal information to:

• our employees, related bodies corporate, clients, contractors or service providers for the purposes of operation of our websites or our businesses, fulfilling requests by you, and to otherwise providing products and services to you and our clients including, without limitation, IT systems administrators, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
• suppliers, field officers, clients and other third parties with whom we have commercial relationships, for business, collection, marketing, credit reporting and related purposes; and
• any organisation for any authorised purpose with your express consent.

We may combine or share any information that we collect from you with information collected by any of our related bodies corporate. Our clients may do likewise.

For prospective Probe employees, personal information collected may be transferred to our related organisation in the Philippines for the purposes of processing the application and stored on servers located in Australia and the Philippines. Prospective employees agree by submitting an application that their personal information may be transferred and stored offshore for processing.

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we, or our clients, consider may be of interest to you. These communications may be sent in various forms, including email, in accordance with applicable marketing laws, such as the Australian Spam Act 2003 (Cth), the Privacy Electronic Communications (EC Directive) Regulations 2003 and the Unsolicited Electronic Messages Act 2007 (NZ).

At any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list (or where are using a mailing list provided by our client, we will pass your request on to our client).

We do not provide your personal information to other organisations for the purposes of direct marketing (see also our use of cookies). However, where we are engaged by our clients to act on their behalf in collecting personal information then we will pass that personal information on to our client.

How can you access and request correction of your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in making the information available to you and, if so, the fees will be $30 per hour of time spent. We will not charge for simply making the request and will not charge for making any corrections to your personal information.

Where you are an EU or UK resident, we will not typically charge you for exercising your data subject rights. However, we many charge a reasonable fee for the administrative costs of complying with a request if it is manifestly unfounded or excessive.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would unreasonably interfere with the privacy of others or would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to correct it. We will consider if the information requires correction. If we do not agree that there are grounds for correction then as required by the applicable Act we will, where requested by you, take reasonable steps to attach to or associate with the information a statement of the correction sought but not made, or a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading

Rights under the GDPR

Under the GDPR, as a data subject you have the right to:

• access your data;
• have your data deleted or corrected where it is inaccurate;
• object to your data being processed and to restrict processing;
• withdraw consent to having your data processed;
• have your data provided in a standard format so that it can be transferred elsewhere; and
• not be subject to a decision based solely on automated processing.

We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request OR have a specific need for assistance with a Data Subject Rights request.

How to complain about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.

Our procedure for investigating and dealing with privacy breaches is to ascertain all relevant facts and correspond with those involved (including where relevant our clients), reach a view as to the existence, scope and cause of the issue, and where relevant and appropriate, implement corrective or rectification measures.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

A request for access to the personal information held by Probe concerning an individual can be made by that individual to Probe's Privacy Officer on the numbers or address mentioned below or, in cases where Probe is acting on behalf of a client, to Probe’s client. A fee may apply, the amount of which will be advised at the time of application

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au for guidance on alternative courses of action which may be available. If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. If you are a UK resident, you may lodge a compliant with the Information Commissioner’s Office (the ICO).

Do we disclose your personal information to anyone overseas?

We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. Some of our employees are located overseas

Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities located overseas, including the following:

• our related bodies corporate located in Australia, New Zealand, Philippines and the United States of America;
• our data hosting and other IT service providers, located in Australia, New Zealand and Philippines and the United States of America;
• our clients and their related entities located in foreign countries, to the extent that we are acting on their behalf or at their direction in using, storing, or collecting your personal information. Applicable foreign countries include Australia, New Zealand, Philippines and the United States of America.

Security

PROBE Group takes reasonable precautions to protect personal information held from misuse, loss, theft, as well as against unauthorised access, modification or disclosure, alteration and destruction. In addition to electronic data protection through password access, data back-up and firewalls) these measures include:

• administrative processes;
• technical safeguards;
• physical infrastructure and site security;
• requiring all employees to comply with internal information security policies and keep information secure; and
• requiring all employees to complete training about privacy and information security.

Probe has comprehensive security policies and procedures in place to ensure the protection of personal information held by both Probe and our clients.

As part of Probe’s commitment to continuous process improvement process regular audits will be undertaken to ensure that these security practices are adhered to and remain current.

We may hold your information in either electronic or hard copy form. We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

Personal information is destroyed or de-identified when no longer required for any of the purposes for which it may be lawfully used or disclosed.

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

How long we keep your personal information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary.

Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

Credit Reporting Privacy Policy – Australia only

This Credit Reporting Privacy Policy describes our practices in connection with information we collect and hold about individuals when providing commercial credit, in particular:

• information we collect and hold about individuals who are directors of a company, when providing commercial credit to that company;
• information we collect and hold about individuals who provide a personal guarantee to us in relation to commercial credit we provide to a company; and
• information we collect and hold about individuals who are obtaining that credit for their own business purposes as sole traders or partners in a partnership.

In this Credit Reporting Privacy Policy, "credit-related personal information" means one or more of "credit information", "credit eligibility information", "credit reporting information" or "regulated information", as those terms are defined in the Australian Privacy Act 1988 (Cth).

When you apply for or obtain or guarantee credit from us, the credit-related personal information that we collect from you includes information that identifies you, such as your name, postal address, email address and date of birth and your driver’s license number.

We may exchange credit-related personal information about you with credit reporting bodies (CRBs) for the purposes of assessing commercial credit applications from you or companies of which you are a director, and also to assess whether to accept a guarantee from you.

We may use the information we collect from and about you for account management and administrative purposes directly related to the provision or management of the commercial credit we provide to you or to companies of which you are a director.

We may also report defaults in payment terms or guarantee commitments in relation to commercial credit to CRBs. We may also disclose your credit-related personal information to any guarantor of your obligations to us.

We may also use the information we collect from and about you to:

• collect overdue payments;
• assign debts; and
• create assessments and ratings of your creditworthiness.

We may disclose your credit-related personal information to our related bodies corporate and third party suppliers and service providers located outside Australia, for the purposes set out in this Credit Reporting Privacy Policy.

Further details about such overseas disclosures are set out in the section “Do we disclose your personal information to anyone overseas?” of this Privacy Policy.

For information about the following topics in relation to our handling of credit-related personal information please refer to the applicable section of our Privacy Policy (of which this Credit Reporting Privacy Policy comprises a part):

• Access and Correction - see section "How can you access and request correction of your personal information?";
• Complaints - see section "What is the process for complaining about a breach of privacy?";
• Disclosure outside Australia - see section "Do we disclose your personal information to anyone overseas"; and
• Security - see section "Security".

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact the applicable Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

Please contact our Australia-based Privacy Officer at:

Att: Privacy Officer
The PROBE Group
Level 7 South Tower, 485 La Trobe Street
Melbourne VIC 3000 Australia
Phone (within Australia): (03) 9508 4666
E-mail: enquiries@theprobegroup.com.au

Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on
our website.

This privacy policy was last updated on 11 May 2022.