HUMAN TERRAIN GROUP is committed to treating the personal information we collect in accordance with the APP and the Privacy Act. By providing us with your personal information, you accept the following policies, processes, and procedures. If you do not agree to this policy, you can choose not to use HUMAN TERRAIN GROUP services, our website (www.humanterraingroup.com), or participate in any information gathering or recruitment activities.
We collect, hold, use and disclose personal information to carry out business functions or activities. These functions and activities include:
assessing suitable candidates for career opportunities with HUMAN TERRAIN GROUP
consulting with clients, strategic partners, and other stakeholders
maintaining registers, such as Security Clearance Register
responding to legal and official access to information requests
communicating with the public, stakeholders and the media including through websites and social media
Your personal information
Personal information is any information that can be linked to an individual or entity known to HUMAN TERRAIN GROUP is seen as ‘Personal Information’ (see the Privacy Act for full description and definition). This is the case whether the personal information or opinion is true, or whether it is recorded in a material form or not.
The types of personal information that HUMAN TERRAIN GROUP collects depends on the nature of our business, activity, or engagement with you. At all times we try to only collect the information necessary for the function or activity we are carrying out.
We may collect personal information about you that includes, but not limited to, the following:
Full legal name – birth name, names changes, maiden name
Contact details – email address, home, work, and mobile telephone numbers
Address – work, home, and PO box
Employment details and history
Qualifications and certifications
Member ship and status in professional bodies
Birth details - date of birth, place of birth and country of birth
Citizenship, immigration, permanent residency, and visa/work permit status
Travel history - overseas
Financial details – bank accounts, superannuation, bankruptcy/insolvency
Insurance details – Professional Indemnity (PI), Professional Liability (PL) and Workers Comp (WC)
References - contact details, feedback, and reports
Corporation details – structure
Next of kin details
Copies of identity documents – driver licence, passport, Medicare card
Direct collection of your personal information
The main way we collect personal information about you is directly from you when you:
contact us to request a service, such as to initiate a security clearance or police check
send us your contact details or resume/curriculum vitae via email
apply for a job vacancy with or via HUMAN TERRAIN GROUP
In the course of conducting probity checks as part of employment suitability or security clearance eligibility, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:
your authorised representative if you have one
the National Police Checking Service (NPCS) via the Australian Criminal Intelligence Commission (ACIC) (see supplementary information below).
We also collect personal information from publicly available sources, such as LinkedIn, to enable us to verify and/or confirm supplied information.
Collecting through our websites
There are several ways in which we collect information though our website, including:
Cookies and Web analytics
Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website.
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
Social networking services
We use social networking services such as Facebook and LinkedIn to communicate with the public about our work. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook and LinkedIn on their websites.
HUMAN TERRAIN GROUP uses electronic forms constructed utilising Microsoft Word, Excel or Adobe fillable forms. Electronic forms completed and submitted by you via email are stored on our systems. Our systems have a cyber security policy in place to protect against unauthorised access.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact or correspond with us with general questions we will not ask for your name unless we need it to adequately handle your question.
However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, or application, or to supply our services.
HUMAN TERRAIN GROUP collects personal information so that we can complete our business activities and provide you with the best service possible. It allows us to:
• Provide employment services and support;
• Provide industry relevant consulting and assessment services;
• Perform employment related checks, confirmation, and validation such as reference checks, criminal history checks, psychometric testing, visa checks, nationality checks, medical checks and credit checks;
• Create reports in order to best serve our industry;
• Manage our relationships;
• Maintain the currency of our customer database;
• Monitor our online presence and customer engagement;
• Track usage of our website in order to optimise the customer experience, and;
• Comply with and fulfill legislation, rules and regulations and any other legal obligations relating to the use and storage of personal information.
Common situations in which we disclose information are detailed below.
We may disclose your personal information to:
Our employees and personnel,
Your authorised representatives and referees,
Our strategic partners, agents, contractors, and suppliers that collaborate and assist us in providing services,
Service providers, e.g., visa administrators, medical assessment agencies, payment processors, accountants, electronic and IT systems administrators, couriers, mailing houses, solicitors, industry consultants and data entry service providers,
Other parties, organisations, or individuals, with direct consent from you,
Government or regulatory bodies as required by legislation or in the provision of services,
Nominated superannuation funds,
Our clients and customers.
Disclosure to service providers
HUMAN TERRAIN GROUP uses a number of service providers to whom we disclose personal information. These include providers that host our website servers, manage our IT and manage our human resource recruitment.
To protect the personal information we disclose we:
enter into a contract or MOU which requires the service provider to only use or disclose the information for the purposes of the contract or MOU
include special privacy requirements in the contract or MOU, where necessary.
Disclosure to regulators or external dispute resolution schemes
We may disclose information that relates to complaints to other Australian or international regulators, or to external dispute resolution (EDR) schemes. We will generally only disclose your personal information to other regulators or EDR schemes if you agree and where the information will assist HUMAN TERRAIN GROUP or the other regulator or EDR scheme investigate a matter.
Disclosure of personal information overseas
Generally, we do not disclose personal information overseas, unless required by legislation. We may disclose personal information to customers and third-party service providers and suppliers located overseas. These overseas entities may be located in New Zealand, Papua New Guinea, Europe, USA, Ireland, England and Singapore.
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or LinkedIn, the social network provider and its partners may collect and hold your personal information overseas.
Storage and security of personal information
We take reasonable steps to protect the security of the personal information we hold from unauthorised access and use, from both internal and external threats by:
regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
For further information on the way we manage security risks in relation to personal information we hold see our supplementary material on information technology security practices, below.
We destroy personal information in a secure manner when we no longer need it.
As our site and electronic data system is connected to the internet and the internet is characteristically insecure, we cannot provide any assurances regarding the security of information transmitted online. Accordingly, any information transmitted to us online is done so at your own risk.
HUMAN TERRAIN GROUP information technology security practices
Microsoft 365 provides information technology services to HUMAN TERRAIN GROUP. MS is responsible for the safe keeping and maintenance of HUMAN TERRAIN GROUP material it holds. All of this material is stored in Australia.
HUMAN TERRAIN GROUP follows Commonwealth and industry best practice in ICT Security Management, including:
ISO/AS/NZS 31000: 2018 – Risk Management – Principles and Guidelines
ISO/IEC 27001:2013 – Information Technology – Security Techniques – Information Security Management Systems – Requirements
ISO/IEC 27040:2015 — Information Technology – Security Techniques – Storage security
For the list of mandatory requirements that cover governance, personnel, information and physical security, please visit the Protective Security Policy Framework website.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date, and complete we:
record information in a consistent format
where necessary, confirm the accuracy of information we collect from a third party or a public source
promptly add updated or new personal information to existing records
regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
If you wish to complain to us regarding the use or handling of your personal information, please contact our Privacy Officer and submit a complaint in writing. If you need help lodging a complaint, you can contact us. We will review and investigate your complaint as quickly as possible and respond within a reasonable time from the date of receipt of the written complaint.
If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior staff than the staff whose actions you are complaining about.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are not satisfied with our response or find it unacceptable, you may ask for a review by a more senior executive within HUMAN TERRAIN GROUP (if that has not already happened) or you can complain to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).
How to contact us
You can contact us by phone, email or post via the following:
The Privacy Officer, Nicolas Shaw
1300 089 060
Supplementary information regarding Nationally Coordinated Criminal History Checks
HUMAN TERRAIN GROUP, as an “Accredited Body” with the Australian Criminal Intelligence Commission (ACIC) to access nationally coordinated criminal history checks and use the National Police Checking Service (“Service”), has signed an Agreement for controlled access by duly Accredited Bodies to Nationally Coordinated Criminal History Checks with the ACIC (“Agreement”). Clause 7 of the Agreement deals with the protection of police information and other personal information. Specifically, sub-clause 7.2 lists the Obligations of Accredited Body and its Personnel in relation to Personal Information, as follows:
The Accredited Body acknowledges that its use of the Service involves:
the collection, storage, use and disclosure by the Accredited Body of Personal Information that is required to complete and submit an application to use the Service and obtain a nationally coordinated criminal history check; and
the collection, storage, use and possible disclosure by the Accredited Body of Police Information.
Irrespective of whether or not the Accredited Body would otherwise be bound, by entering into this Agreement, the Accredited Body agrees to be bound by the Privacy Act as if it were an Agency.
The Accredited Body must in its use of the Service and in accessing nationally coordinated criminal history checks:
collect, store, use or disclose Personal Information and Police Information only for the nationally coordinated criminal history check category and related administration;
not collect, transfer, store or otherwise use Personal Information or Police Information outside Australia, or allow parties outside Australia to have access to Personal Information or Police Information, unless a Permitted Offshore Transfer circumstance applies;
not disclose Personal Information or Police Information other than for the purpose for which the Applicant gave Informed Consent unless otherwise authorised or required by Law;
not commit any act, omission or engage in any practice which is contrary to the Privacy Act;
not do any act or engage in any practice that would be a breach of an APP or a Registered APP Code (where applied to the Accredited Body) unless that act or practice is explicitly required under this Agreement;
implement Safeguards to keep Personal Information and Police Information secure;
comply with any directions or guidelines in relation to the treatment of Personal Information and Police Information, notified to the Accredited Body by the ACIC; and
ensure that all Personnel who are required to deal with Personal Information and Police Information are made aware of the obligations of the Accredited Body set out in this clause 7.