CrimCheck recognises your rights under thePrivacy Act 1988(Cth) andInformation Privacy Act 2000(Vic) and will protect your personal information in accordance with the Australian Privacy Principles (Commonwealth) (“APPs”) and Information Privacy Principles (Victoria) (“IPPs”). These principles govern how we can collect, use, hold and disclose your personal information, and ensure the quality and security of your personal information.
What is your personal information?
The personal information we collect about you will depend on whether you have consented to have CrimCheck conduct a Nationally Coordinated Police History Check (“police check”) on yourself. The personal information may include sensitive information, such as criminal records.
What personal information do we collect and hold?
When you request us – directly or through an organisation – to conduct a police check on you, we will ask for identification information. This will include your:
The personal information collected by us will also include your consent to undertake a police check and the police check results.
We also collect some other personal information that is not your identification information. This includes information that we ask for in the police check application form, such as the organisation that requests the search on your behalf, and content of the consent form that you complete.
We may also collect personal information that you provide to us during conversations between you and our representatives.
The purpose for which we collect, hold, use and disclose personal information
The main reason we collect, use, hold and disclose personal information is to provide you with services related to the police check. This includes assisting you where there are queries regarding the police check. We may also use your personal information in compliance with legislative or regulatory requirements.
If you do not provide us with your personal information, we will not be able to conduct the police check.
How do we collect your personal information?
We collect personal information directly from you, when you apply or give informed consent for a police check to be made. We collect personal information from you in a number of ways including:
We may also collect personal information from third parties including from law enforcement agencies and other government entities. The results of your police check are provided to us by the Australian Criminal Intelligence Commision (ACIC) , the Australian Government agency that provides the National Police Checking Service
Storing personal information
Much of the personal information we hold about you will be stored electronically in secure databases located within Australia. Some personal information we hold about you, for example information contained in paper application forms, will be stored in paper files.
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. The security controls and measures we have in place include:
Personal information is destroyed or de-identified when no longer needed.
Disclosure of personal information
We may disclose your personal information to:
Access to and correction of personal information
You have the right to request access to personal information we hold about you, including the police check results. You can also ask us for corrections to be made, and there is no fee for simply making the request or for making corrections to your personal information before results are received from the National Police Checking Service. We cannot correct the results of a Nationally Coordinated Police History Check once results have been released unless a Results dispute is lodged and amended results are released by ACIC.
There are circumstances in which we cannot grant you access to your personal information. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If we refuse access your personal information we will give you a notice explaining the refusal. In addition, we will provide you with information on how you can complain about the refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you have the right to request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
Your personal information is destroyed or de-identified when no longer needed. We are required to keep your consent form for 12 months.
Your rights to resolving your privacy concerns and complaints
Under the APPs and/or the IPPs, you have certain rights to resolving privacy concerns and complaints. As a first step, please contact us about them so that we can investigate.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer using the contact details below. We will attempt to confirm with you, as appropriate and necessary, your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will acknowledge your complaint as soon as we can after we receive it. We will resolve complaints as quickly as possible, generally within 10 working days. However, some complaints may take longer to resolve. In those cases, we will inform you and give you an estimate of when an outcome can be expected.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner or seek advice from the Office of the Victorian Privacy Commissioner.
The Office of the Australian Information Commissioner can be contacted at:
GPO Box 2999
Canberra ACT 2601
Telephone:1300 363 992
The Office of the Victorian Privacy Commissioner can be contacted at:
GPO Box 5057
Melbourne Victoria 3001
Telephone: 1300 666 444
Email: firstname.lastname@example.orgDo we disclose your personal information to anyone outside Australia?
We do not disclose your personal information to entities located outside of Australia.
Notifiable Data Breaches
When CrimCheck becomes aware of any potential data breach it will carry out the following actions:
Step 1: Contain the data breach to prevent any further compromise of personal information.
Step 2: Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals or organisations and, where possible, taking action to remediate any risk of harm.
Step 3: Notify individuals affected and the Office of the Australian Information Commissioner (OAIC) if required. If the breach is an ‘eligible data breach’ under the NDB scheme, CrimCheck will notify the OAIC immediately.
Step 4: Review the incident and consider what actions can be taken to prevent future breaches.
You can contact us by:
calling:(03) 9955 0300;
writing:PO Box 252, Blackburn VIC 3130; or
Updates to this policy