CG Recruitment is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This Personal Information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, via our website www.cgrecruitment.com.au, from your website, from media and publications, from other publicly available sources, and from third parties. We don’t guarantee website links or policy of authorised third parties.
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Sensitive Information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
• Third parties where you consent to the use or disclosure; and
• Where required or authorised by law.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
CG Recruitment will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Policy Updates
This Policy may change from time to time and will be updated when required.
Privacy Policy Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy please contact us at:
Address: PO Box 5297, Alexandra Hills QLD 4161
Email: office@cgrecruitment.com.au
Complaints: feedback@cgrecruitment.com.au
Phone: 1300 723 133
Cyber Security Policy
Introduction
CG Recruitment ("the Company") is committed to fostering a culture of openness, trust, and integrity; however, this can only be achieved if external threats to the integrity of the Company’s systems are controlled, and the Company is protected against the damaging actions of others.
Scope and Purpose
- This policy applies to all Company workers, including employees, contractors, consultants, volunteers, and any person who has permanent or temporary access to the Company’s systems and hardware (User).
- This policy aims to set guidelines for generating, implementing, and maintaining practices that protect the Company’s computer equipment, software, operating systems, storage media, electronic data and network accounts from exploitation or misuse.
- As the Company grows and continues to rely on technology to collect, store and manage information, the more vulnerable the Company becomes to severe security breaches. Human errors, hacker attacks, and system malfunctions can cause significant financial damage to the company and jeopardise our reputation. It is for this reason that the Company has implemented a number of security measures as outlined in this policy.
Passwords
- Compromised passwords are the biggest threat to IT systems. Once someone has your password, it is difficult to detect data breaches because the computer systems think they are you. It is, therefore, important that your password is robust. All passwords must comply with
the following requirements:
a) be at least eight characters long and
b) have a combination of uppercase, lowercase, numeric characters (number) and at least one special character (symbol).
- Passwords must not be recycled or divulged by the User.
- All passwords will be deactivated as soon as possible if the User is terminated, suspended, placed on leave, or otherwise leaves their employment/engagement with the Company.
Multi-Factor Authentication
- Multi-factor authentication (MFA) is one of the most important controls that the Company implements to prevent unauthorised access. If a password is compromised, an attacker will be required to access the second authentication factor (phone, email, etc.) to gain access to our systems.
Networking and Hardware Security
- The Company utilises anti-virus and anti-malware software to ensure the Company’s data and systems are protected from malicious software and malware. Users are prohibited from disabling, bypassing, or adjusting the anti-virus and anti-malware protection software to
reduce their effectiveness.
- All devices are automatically locked by the Company after a period of non-use and the User will be required to log back into the system using their password and/or MFA.
- The Company prevents access to public Wi-Fi.
Access Control
- Users shall be assigned clearance to particular levels of access to the Company’s information resources and shall access only those recourses for which they have clearance. Access control shall be exercised through username and password controls.
Keep Emails Safe
- Emails often host scams and malicious software. It is important that all Users:
a) avoid opening attachments and clicking on links when the content is not adequately explained;
b) be suspicious of clickbait titles (e.g. offering prizes, advice, creating urgency, etc);
c) check full email details and names of people they received a message from to ensure the email is legitimate; and
d) look for inconsistencies or giveaways (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks).
- Users should immediately report any suspicious email(s) directly to the Company’s IT department.
Responsibility of the Company
- The Company is responsible for:
a) ensuring all Users are made aware of this policy;
b) ensuring that the Company’s software systems are maintained appropriately;
c) implementing appropriate control measures to mitigate security breaches and
d) provide awareness to Users about the importance of security management.
Responsibility of Users
- All Users have a responsibility to ensure they comply with this policy and take extreme caution when using the Company’s systems and ensure that such systems are used in a manner that protects the Company’s infrastructure and data from breach. In addition, all Users must:
a) ensure all devices are securely stored and not left exposed or unattended;
b) not download unauthorised software from the internet onto their PCs or workstations;
c) not open email attachments received from unknown senders and immediately notify this to the Company’s IT department; and
d) immediately notify the Company’s IT department if they believe their computer systems have been subjected to a security incident or otherwise compromised.
Breach of this Policy
- Any User who is found to have breached this policy may have their access to the Company’s systems disabled and/or be subject to disciplinary action, up to and including termination of employment.
Cyber Security Policy Enquiries
If you have any queries Cyber Security Policy please contact us at:
Postal Address: PO Box 5297, Alexandra Hills QLD 4161
Email: office@cgrecruitment.com.au
Complaints: feedback@cgrecruitment.com.au
Phone: 1300 723 133
