Privacy Policy

1. Introduction

2. Who We Are and What We Do

We collect and use your personal information for a clearly defined set of business functions and regulatory responsibilities.



These include:

• Sourcing and placing candidates into temporary, permanent, and contract roles;
• Conducting job suitability assessments and verifying identity, work rights, and credentials;
• Submitting candidate profiles to clients for consideration and engagement;
• Providing onboarding instructions, collecting employment documentation, and issuing contracts;
• Administering payroll, tax, and superannuation in compliance with ATO obligations
• Meeting client-specific contractual obligations for WHS, site access, induction, and vaccination requirements
• Reporting to government agencies as required (e.g. ATO, Department of Employment, Defence)
• Conducting compliance audits or participating in regulatory reviews
• Communicating with referees, managers, and stakeholders about contractor performance and engagement outcomes.

We will not use or disclose your personal information for any purpose other than those for which it was collected unless you provide consent or the disclosure is required or authorised by law.

In accordance with APP 6, any secondary use or disclosure of your information will always be aligned with a directly related purpose or accompanied by clear communication, access to opt-out, and where required, documented consent.

6. Disclosure of Personal Information

8. Data Security and Storage

10. Access and Correction of Personal Information

You are entitled to request access to the personal information we hold about you and to request correction if that information is inaccurate, outdated, incomplete, irrelevant, or misleading. This is a right granted under APP 12 and APP 13 of the Privacy Act.

All access and correction requests must be submitted in writing to privacyofficer@emanatetechnology.com.au. We aim to respond to all requests within five business days. Where access is refused, for example, where providing access would unreasonably impact the privacy of others or breach legal privilege, we will provide written reasons for our decision.

If a correction is made, we will notify any relevant third parties (such as clients or payroll providers) of the update if it is practical and reasonable to do so. If correction is refused, you may request that we attach a statement noting your correction request to the record.

We do not charge for making a correction or handling an access request unless the retrieval process is particularly complex or resource-intensive, in which case we will provide a written estimate and seek your agreement before proceeding.

In accordance with the OAIC’s guidance, we verify the identity of the requestor prior to releasing personal information or amending records. Access to security-sensitive records (e.g. those linked to AGSVA, government clients, or health disclosures) may require additional authentication steps. Requests involving Employment Hero, Bullhorn, WorkPro or archived payroll records are managed via secured workflow and audit-tracked internal protocols.

11. Deletion and Withdrawal of Consent

You may request that your personal information be deleted or de-identified where it is no longer required for the purpose for which it was collected or if you withdraw your consent for its use. These rights are supported under APP 11 and general principles of data minimisation under the OAIC’s privacy guidance.

Requests for deletion should be submitted to privacyofficer@emanatetechnology.com.au. We will assess whether the information can be deleted in light of our statutory and operational obligations. Where complete deletion is not legally permissible (e.g., due to ATO or Fair Work recordkeeping requirements), we will de-identify the data wherever possible and explain the basis for partial retention.

All requests are actioned within 10 business days and a written outcome is provided. We may also offer to place your record into a suppression or exclusion list to prevent future contact.

We maintain de-identification protocols compliant with the OAIC’s De-identification and the Privacy Act guidance. All withdrawn records are tagged accordingly in Bullhorn and excluded from all search, submission, marketing, and reporting workflows. Where partial retention is required (e.g. payment summaries, superannuation records), access is limited strictly to authorised personnel with a business need.

12. Use of Our Website and Cookies

When individuals interact with our websites or digital portals, we collect limited usage data to improve functionality, optimise performance, and maintain cybersecurity. This includes the use of cookies, analytics trackers, and session logs.

The types of data collected may include:

• IP address, device type, and browser version
• Pages viewed and links clicked
• Session duration and interaction timestamps
• Referral sources such as LinkedIn or job boards

We do not use cookies to track users across third-party sites, nor do we serve personalised advertising. Data collected is aggregated and stored in anonymised formats where possible.

Users can manage their cookie preferences via their browser settings. Blocking cookies may impact functionality on our website, but users will not be prevented from accessing key services or submitting job applications.

All analytics systems used (e.g. Google Analytics, Webflow tracking) are configured to minimise data retention periods and IP capture. Website forms are secured with SSL encryption and protected with CAPTCHAs to prevent bot scraping or malicious use. Login attempts are monitored, and any anomalies are escalated for IT security review under our internal risk procedures.

13. Direct Marketing

Emanate Technology may use your personal contact details to send marketing communications related to:

• Current or future job opportunities
• Industry updates and hiring trends
• Invitations to events or networking functions
• Changes to employment policy, compliance, or process

We do not purchase contact lists or use third-party advertising platforms to target individuals. All marketing communications include a clear opt-out mechanism, and you may unsubscribe at any time by following the link in the message or contacting privacyofficer@emanatetechnology.com.au.

We do not use or share sensitive information for marketing purposes under any circumstances. Our direct marketing practices comply with the Spam Act 2003 (Cth) and guidance from the OAIC.

We maintain a centralised opt-out register, cross-referenced against outbound distribution systems. Once opted out, your data is excluded from all future email, SMS, or CRM-integrated campaigns. Consent for marketing is not tied to job applications, and unsubscribing does not affect your candidacy or employment eligibility.

14. Notifiable Data Breaches

Under the Notifiable Data Breaches (NDB) Scheme set out in Part IIIC of the Privacy Act, Emanate Technology is required to notify individuals and the OAIC if a data breach is likely to result in serious harm to any person whose personal information is involved.

A data breach may involve unauthorised access to, disclosure of, or loss of personal information that Emanate Technology holds. Examples include unauthorised access to a candidate file, loss of a device with unencrypted personal data, or a malicious cyberattack targeting our recruitment platforms.

Our response procedure include:

• Identifying and containing the breach
• Assessing the breach and the risk of serious harm
• Notifying affected individuals and the OAIC where required
• Reviewing and updating controls to prevent recurrence

All incidents are managed under our formal Data Breach Response Plan, which is reviewed annually as part of our information security governance framework.

We follow the OAIC’s four-step process to assess and report breaches: (1) contain, (2) assess, (3) notify, (4) review. Notification includes contact methods appropriate to the context (email, phone, letter) and is coordinated via the Privacy Officer. All breaches are recorded in our internal log with full investigation findings and remediation outcomes.

15. Updates to This Policy

Emanate Technology reviews and updates this Privacy Policy at least annually, or sooner where required by changes to legislation, business processes, or the introduction of new systems that impact the way we collect or manage personal information.

The most recent version of this Privacy Policy is always available on our website at www.emanatetechnology.com.au. We will notify relevant individuals (including candidates, contractors, and staff) if material changes are made that may impact their rights or how their information is handled.

We maintain historical versions of our policy for audit and compliance purposes. You may request a previous version by contacting privacyofficer@emanatetechnology.com.au.

Our review cycle includes a formal privacy impact assessment (PIA) where major platform changes, process updates, or legislative reforms have occurred. Updates are approved by Emanate’s executive leadership, with consultation from external privacy advisors where appropriate. Each update is logged and version-controlled for traceability in line with ISO/IEC 27001 and OAIC best practice recommendations.

16. Information Record System

Emanate Technology maintains an internal Information Record System (IRS) to support the secure collection, access, use, and retention of personal and sensitive information in accordance with Australian privacy legislation and ISO/IEC 27001 practices.

All personal data is recorded within secure cloud-based platforms, primarily Bullhorn, Employment Hero, WorkPro and Microsoft 365.

These systems track:

• Dates and times of information collection or updates
• Names of authorised users accessing or modifying records
• Document version histories and contract status (e.g. signed, pending, archived)
• Communication history between the individual and Emanate Technology, including correspondence regarding privacy, employment, and onboarding

Access to the IRS is strictly role-based, with permissions granted based on staff responsibilities. All activity is logged and monitored through audit trails, and regular reviews are undertaken by system administrators to ensure that no unauthorised access has occurred. The IRS is a core part of our internal compliance and audit controls and supports accountability under APP 1.2, 6, and 11.

We implement activity-based retention tagging in the IRS, which auto-triggers alerts when retention periods are due to expire. Archived records are transitioned into de-identified format or securely destroyed in line with our internal Archiving and Disposal Policy. Our IRS supports transparency reporting and breach response monitoring.

17. Photos and Visual Records

Emanate Technology may collect and use photographic images, audio, or visual recordings of individuals in specific circumstances where this supports business activities.

These include:

• Use of professional headshots for internal HR records, candidate profiles, or client submissions (with consent)
• Team photos taken for corporate events, marketing materials, or internal staff directories
• Visual recordings from virtual interviews or onboarding sessions (recordings are only captured with explicit notice and approval)

Where imagery or recordings are used for public marketing purposes (e.g. website, LinkedIn, case studies), we obtain informed, written consent before publishing. Images are stored in secure company drives with restricted access and are not shared outside of Australia without express permission.

If at any time an individual withdraws consent for image use, we will take all reasonable steps to remove or de-identify the material. This aligns with APP 6 and 10 and supports your right to revoke media consent.

Media files are stored in segmented internal folders with role-based access control. Consent logs are maintained in Bullhorn and cross-referenced against published materials. All usage of imagery is reviewed for appropriateness, purpose limitation, and whether individuals remain actively associated with Emanate Technology at the time of publication.

18. Electronic Transactions and Consent

We deliver many of our services through electronic platforms and digital transactions.

These include:

• Electronic onboarding forms completed in Employment Hero
• E-signature processes used for employment contracts and contractor agreements
• Policy acknowledgment and safety declarations submitted via digital workflow
• Online time entry, leave requests, and invoicing via integrated systems

By submitting forms, uploading documentation, or providing e-signatures through our platforms, you consent to transact electronically with Emanate Technology. This practice is compliant with the Electronic Transactions Act 1999 (Cth) and relevant privacy requirements.

All digital documents are stored with version control and timestamp metadata. Where legislation requires a hard copy record (e.g. signed declaration under specific WHS legislation), the digital equivalent is preserved in a format suitable for legal reproduction.

If you prefer to complete forms or submit documentation in a non-digital format, this option can be arranged on request.

We use e-signature platforms that meet industry standards for legal enforceability, including audit trail metadata, encryption during transmission, and integrity checks. All user actions (viewed, signed, declined) are recorded and retrievable as evidence of consent or authorisation.

19. Automated Processing and Candidate Profiling

Emanate Technology may use automated systems to support administrative tasks related to job matching, resume parsing, and candidate database management. These systems are designed to improve efficiency and ensure fast, relevant submissions to our clients.

Examples include:

• Automatic keyword tagging of resumes in Bullhorn
• Suggested candidate matches based on skills and experience fields
• Ranking shortlists by availability or pre-set filters defined by clients

All final hiring or submission decisions are made by experienced consultants — not solely by automated systems. Emanate does not use automated decision-making for role suitability, rejection, or interview progression without human review and oversight.

You have the right to request that your data not be subject to automated decision-making or profiling where this affects legal or similarly significant outcomes. This is consistent with emerging OAIC guidance and APP 1.4(f) regarding privacy transparency.

Automated systems are routinely audited for bias, accuracy, and data minimisation. We disclose to candidates that profiling is used for operational efficiency but never as the sole basis of evaluation. Filtering logic is regularly reviewed to ensure fairness, compliance, and relevance to advertised roles.

20. Complaints

If you believe that your privacy has been breached or mishandled by Emanate Technology, you have the right to lodge a formal complaint. Complaints should be directed in writing to our Privacy Officer at privacyofficer@emanatetechnology.com.au.

Upon receipt, we will:

• Acknowledge your complaint within 5 business days
• Investigate the issue, including engaging any relevant internal stakeholders
• Provide a written response within 30 calendar days outlining the findings and any remedial actions
• Maintain a record of the complaint for auditing and process improvement purposes

If you are unsatisfied with our response, you may escalate the matter to:

Office of the Australian Information Commissioner (OAIC)

www.oaic.gov.au | enquiries@oaic.gov.au | 1300 363 992

We treat all complaints seriously and use feedback to improve our practices, training, and privacy risk assessments.

Our complaints process is designed to meet the OAIC’s reasonable steps test. All submitted complaints are triaged based on risk, logged in our Complaints Register, and tracked through to resolution with defined response deadlines. Where necessary, remedial actions may include policy changes, staff training, or system enhancements.