Serco Group Pty Limited (Serco) and its related companies (including Serco New Zealand Limited) (we, our, us) comply with the Australian Privacy Principles contained in the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 amending the Privacy Act 1988 (Cth) and the Information Privacy Principles contained in the New Zealand Privacy Act 1993 (to the extent these apply to each Serco entity).


As we are a contracted service provider to a range of Australian Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an agency under different privacy arrangements. This is not a stand-alone document and is supported by our risk management and compliance frameworks, including operational policies, procedures and processes.


This Privacy Policy outlines the type of personal information we may hold, the purposes for which it is held, and how that information is collected, held, used and disclosed.
Our site may provide links to third party websites. Serco is not responsible for the conduct of non-Serco companies linked to this site. You should refer to the privacy notices of any third party sites.

How different types of personal information are collected?

 

The personal information that we collect could include your name, age, gender, the organisation you work for and ABN, your physical address, postal address, telephone and fax numbers and your email address. In some circumstances, a failure to provide such information could result in us being unable to assist you or provide its services to you.

 
We primarily collect information about you when you use or request a product or service, complete a survey, questionnaire or when you communicate with us by email, telephone, in writing or in person. We also collect information about you if you are providing goods or services to us or, if you apply for employment, contractor or volunteer work with us. Please read our Recruitment Collection Statement before submitting your personal details via the online job application, by mail or any other methods.


We will only collect information about an individual for purposes which are relevant to our business. For example, we may collect an individual's name, contact information and other details relevant to our business relationship with that person. In some cases, we may also be required by law to collect personal information, for example, occupational health and safety laws. This information may be required to respect an individual's request or provide our services.


In some instances if all necessary personal information is not provided, Serco may be unable to assess or process your information or provide you with the services you require.

 
We may also collect anonymous information regarding visitors to our Serco website. This may include Internet Protocol (IP) address, previous sites visited, internet provider location and date and time of the visit.


Some of the personal information we hold or deal with is not actually collected by us. Because we are an outsourced service provider, much of the data and personnel information we deal with is provided to us by our clients, and has not actually been directly collected by us from the individual concerned. It is impracticable for us to collect information directly from you when we are acting as the service provider of our client, as our client has already collected the relevant information from you (or another third party), and our client has provided it to us for our use in providing services to or on behalf of our client.


In respect of personal information which is provided to us by our clients, we seek assurances that all such personal information has been collected lawfully and in compliance with applicable privacy laws  and that all required consents have been obtained for, and disclosure statements made in respect of, the intended use of that personal information. We will not be responsible for, and accepts no liability in respect of, any failure by a client to do so. We may also collect personal information from third parties who are not our clients including for example, from third party companies such as law enforcement agencies and other government entities.

Sensitive information

 

We may collect sensitive information, such as health information and information about personal attributes such as nationality when it relates to the provision of a service or its evaluation. Serco will only collect this information with your consent or otherwise in accordance with the Australian Privacy Principles and the New Zealand Privacy Act 1993 (to the extent either are applicable).


For what purposes do we collect, hold, use and disclose your personal information?

 

Serco uses personal information to assist it in providing services in justice, immigration, health, citizen services, defence, passenger transport, consultancy, business process outsourcing, infrastructure and other markets, and for associated business development.

We collect, hold, use and disclose your personal information for the following purposes, in each case, either on our own behalf or when acting on behalf of a client:

    • to provide services to you and our clients and to send communications requested by you and/ or our clients;
    • to answer enquiries and provide information or advice about services;
    • to update our records and keep your contact details up to date;
    • to process and respond to any complaint made by you; and 
    • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub-division of a country).

Where you are our employee, we may collect, hold, use and disclose your personal information for all purposes connected with our employment relationship. This includes hiring you, training you, administering your personnel records (including pay and leave records), and managing your performance. We may also use your personal information for other purposes related to those described above, and/or for a purpose for which you would reasonably expect it to be used, as permitted by the applicable act.


Serco sometimes handles personal information relying on exemptions under the applicable Act. Under the Australian Privacy Act 1988 (Cth), these include exemptions in relation to (i) employee records; (ii) related bodies corporate; (iii) provision of services to State or Territory authorities; and (iv) overseas operations relating to personal information of non-Australians. Any permitted handling of personal information und under such exemptions will take priority over this Privacy Policy to the extent of any inconsistency.


How is personal information disclosed?

 

Personal information held by Serco is disclosed by Serco in accordance with the Australian Privacy Principles and the Information Privacy Principles contained in the New Zealand Privacy Act 1993 (to the extent either are applicable). Serco will only disclose personal information to a third party where Serco has your consent, or where the disclosure is permitted or required by law. For example, Serco may disclose information as follows.

  • Serco's related companies.
  • Clients where required for specific business purposes.
  • External providers, such as suppliers, consultants and agents, including
    organisations that provide information technology and infrastructure support services
    that provide information technology and infrastructure support services.
  • Tax, financial, audit and legal advisers.
  • Government, regulatory and law enforcement bodies.

Personal information collected from Serco prospective employees, contractors and suppliers may be transmitted to and stored on databases and/or servers located in Australia, New Zealand or the United Kingdom and operated and processed by Serco, Serco Group plc, Serco related entities or their external service providers. In some cases, restrictive access controls are in place for  IT platforms used by Serco and supported by external contractors in India.


Personal information of some prospective employees is transmitted to and stored in data centres located in The Netherlands and Germany as notified to candidates in the collections statement at the time of collection.


Personal information collected from Serco suppliers is accessed by Serco staff located in offices in India supporting the Serco Asia Pacific finance function.


Personal information collected from Serco’s existing and prospective customers is stored using third party cloud based customer relationship management systems with data centres located in the United States and Singapore.


Where we do transfer your personal information to our affiliates or our contracted services providers based outside of Australia or New Zealand (as the case may be) we seek to ensure, by means such as contracts, that your personal data is protected.


If your personal information is collected using a collection notice that refers to this Privacy Policy, you are taken to consent to the disclosure, transfer, storing or processing of your personal information outside of Australia.
 

Security of your personal information

 

Serco takes precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect electronic data using a variety of security measures including password access, data back-up and firewalls.


Keeping personal information up-to-date

 

Serco seeks to ensure that the personal information it holds is accurate, up-to-date and complete. If Serco is informed that the information it holds is inaccurate, out-of-date or incomplete, Serco will correct the information or ensure that the amendments or errors are noted.


What do we do with personal information when it is no longer needed?

 

We destroy personal information if it is no longer needed for the purposes for which it was collected, or if the law no longer requires us to retain it. We use secure methods to destroy or de-identify the information. We dispose of all hard copy documents and delete electronic information from our systems.


Access and correction

 

At any time you can advise Serco of changes to your personal information. You have the right to ask for the personal information held about you and to advise of any inaccuracy. If you make an access request, Serco will ask you to verify your identity and specify what information you require. Your request to the Privacy Officer must be in writing. Our contact details are provided in the Further Information section at the end of this document.

Serco may ask the reason for your request so we can assist you most effectively. However, you are under no obligation to provide a reason if you do not wish to. Serco reserves the right to charge a fee for any significant costs incurred by us in providing access to personal information.


Complaints

 

If you believe your personal information is not properly protected, or that there has been a breach or potential breach of this Privacy Policy or the privacy legislation, please contact Serco immediately and ask for your complaint or concern to be directed to the Privacy Officer.

Serco takes breaches seriously and has procedures to help identify and resolve a breach, potential breach or complaint as quickly as possible. This includes appropriate escalation processes to the Head of Legal and/or General Counsel and notification processes in the event of a breach.

Every complaint is forwarded by the staff member who receives it to the Privacy Officer. You will be notified of the process for dealing with the breach or potential breach. Your complaint will be thoroughly investigated and a suitable resolution negotiated with you.

If you are not satisfied with the resolution of your complaint by Serco, in Australia you may contact the Office of the Australian Information Commissioner (OAIC) (http://www.privacy.gov.au/complaints) who may investigate your complaint. In New Zealand, you may contact the Privacy Commissioner (http://www.privacy.org.nz) who can offer further guidance and investigate your complaint if necessary.


Further information

Our aim is to respond to all enquiries promptly.

For enquiries or feedback about this policy or for complaints about Serco’s handling of personal information, please email the Privacy Officer at privacy@serco-ap.com.au or otherwise you can:

mail to:

Privacy Officer
Serco Group Pty Ltd
Level 23, 60 Margaret Street 
Sydney NSW 2000

or

Telephone: +61 (0)2 9964 9733

Where your information is collected and held by Serco New Zealand Limited the address of Serco New Zealand Limited is Suite 202, 100 Parnell Road, Parnell, Auckland 1052, New Zealand.

This document was last updated on 22 June 2015.