Try Kinatico Compliance for free with our Starter Plan

Privacy Policy

OUR POLICY ON YOUR PRIVACY

At Kinatico Ltd (‘Kinatico’) we are highly committed to respecting the privacy of our customers, suppliers, visitors, applicants or anyone who engages with Kinatico and protecting their personal information.

It’s important that you feel secure whenever you deal with us, so you’ll be happy to know that Kinatico puts information security and privacy at the forefront of everything it does. All Kinatico products are built using privacy by design and privacy by default. For information about your privacy when using any of our products, please see the specific privacy policies for each product.

Kinatico complies with the relevant privacy legislation and principles in Australia and New Zealand which set out requirements for the gathering, handling, use, disclosure, storage, destruction or de-identification of personal information.

This Privacy Policy relates to personal information that we collect and handle about you as a customer, supplier, visitor to our site, a job applicant or as someone who engages with us through social media, other digital services, correspondence or in person as a member of the public.

Our present and former staff should contact our legal team for details about how we maintain the privacy of their personal information.

WHAT PERSONAL INFORMATION DO WE COLLECT?
Personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable.

In all cases, the personal information that we collect will depend on the nature of your interaction with us and we will only collect information necessary so that we can provide our services to you or for completing our interaction with you. Information will only be collected lawfully, fairly and not in an intrusive way.

If you are a customer or an employee or candidate of our customer, the personal information we may collect about you might include, for example, your name, contact details and date of birth, as well as copies of your identity documents. Personal information may also include information such as current or previous addresses, your career information, professional or trade qualifications, work history, references, financial information and previous legal claims, or information within checks ordered through Kinatico both before and after any information has been verified by Kinatico.

Where it is reasonable and practicable to do so, we collect your personal information directly from you when you enter into arrangements with us, correspond with us or provide feedback to us. We will record, collect and hold information in relation to your transactions with us.

We may also collect other information, some of which may be personal information, including information about your order history with Kinatico, which areas of our website you visited (see the section “cookies”, below) and records of your communications and interactions with us. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution and training purposes.

Depending on the products or services being provided or the reason for your interaction with Kinatico, we may also collect information about you from others. Such as:

  • Third party suppliers including but not limited to providers of criminal checks, law enforcement agencies, regulatory and licensing bodies, credit agencies, education providers, professional organisations or psychometric assessment providers.
  • Information regarding shareholders may be collected from our share registry.
  • Information from recruitment agencies, as well as prospective or previous employers.

Due to the nature of the products and services Kinatico provides, some of your personal information that we collect will be ‘sensitive’ information. This information will only be obtained with your permission – except where otherwise allowed by law.
We collect, use and exchange your information if we have a valid lawful reason to do so, and so that we can:

  • Confirm your identity
  • Assess your application for our products or services
  • Manage our relationship with you, including being able to provide our products and services
  • Contact and communicate with you
  • Improve our service to you and your experience with us
  • Minimise risks and protect against fraud, misuse or loss of data
  • Comply with laws, obligations or provide assistance to regulatory, government and law enforcement authorities
  • Manage our business.

Additionally, we may use your personal information for the following reasons:

  • Contract: We need to process your information in order to fulfil a contract you have with us, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligations: We need to process your information for us to comply with the law (including contractual obligations).
  • Consent: You have given clear consent for us to process your personal information for a specific purpose.
  • Legitimate interests: We need to process your information for our legitimate interests or the legitimate interests of a third party. An example of this last reason might be to demonstrate our usual processes to an assessor who is assessing our suitability for accreditation to a voluntary industry standard such as ISO27001. This legitimate interest can be overridden where there is a good reason to protect your personal information.

If you choose to not provide personal information

It is your choice as to whether to provide your personal information that has been requested by Kinatico for the provision of our Services. However, if the information requested is not provided, Kinatico may be unable to fulfil your request for specific services or may not be able to identify you.

If you wish to remain anonymous or to use a pseudonym when dealing with us, we may be able to provide you with limited information, such as general details about our Services. In nearly all cases, however, if you choose not to identify yourself or wish to use a pseudonym, we will be unable to provide you with our Services.

Bringing you new products and services

We may also use your information to tell you about products and services we think you might be interested in. To do this, we may contact you by email, phone, SMS, social media, mail or advertising.

Using data to give you better customer service and marketing

We’re always working to improve our products and services and give you the best customer experience. New technologies let us collate information we have about you and our other customers, for example transaction information. We analyse this data to learn more about you and other customers, and how to improve our products and services. We may also use data analysis to determine what products or services may be of interest to you and for general or direct marketing purposes.

If at any time you don’t want to receive direct marketing messages you can unsubscribe. Alternatively, if you want to change your contact preference you can do this by emailing:

  • If you are a corporate client: CustomerService@kinatico.com
  • If you are an individual: info@kinatico.com

HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?

We aim to keep your information for only as long as we need it. Factors that may influence how long we may keep your data include:

  • Fulfilling our legal or regulatory obligations
  • Internal research and analytics
  • Responding to a question or complaint or
  • Being unable to delete the data for technical reasons.

If you wish to request deletion of your personal data from our service, please send your request via email to DeleteMyData@kinatico.com.

WITH WHOM DO WE SHARE YOUR INFORMATION?

Kinatico will disclose your information only in accordance with the professional services we provide and/or your interaction with Kinatico.

During the process of providing our services, and depending on the products or services being provided or the reason for your interaction with Kinatico, we may share information about you with third parties, some of whom will be overseas. Such as:

  • Partner organisations
  • Businesses and contractors who do some of our work for us – including direct marketing, IT support and verification of your identity
  • Third party suppliers relevant to verification activities, including but not limited to providers of criminal checks, law enforcement agencies, regulatory and licensing bodies, credit agencies, education providers, professional organisations or current or previous employers
  • Government and law enforcement agencies or regulators
  • Auditors, insurers and re-insurers.

When Kinatico chooses to partner with organisations or engage third-party suppliers /businesses, we take all steps we reasonably can to ensure that those organisations have robust processes and procedures in place for the handling of personal information that are at least equivalent to Kinatico’s practices.

As you will appreciate, in certain circumstances we may be compelled by law to disclose your personal information to various authorities.

SENDING YOUR INFORMATION OVERSEAS

Kinatico is an Australian company, and our products (and data we hold) are hosted in Australia. If you are outside of Australia, providing data to Kinatico will involve the international transfer of that data (from your location into Australia). If you do not consent to that transfer, you should not proceed to use the Kinatico product.

In the rest of this section, ‘overseas’ means outside of Australia.

To complete a verification activity, it will be necessary to disclose some personal information to the entity (or entities) that will verify the accuracy of that information. For an activity relating to another country, that entity (or entities) will be in that other country and so your information must be disclosed overseas. Kinatico may use an agent as an intermediary, who may be based overseas, to complete some international verifications. If we are verifying your information (for example, with a referee or a previous employer) and you have been engaged overseas, it will be necessary to share your personal information (that is, your name and possibly your role) with someone internationally and therefore this information will be disclosed overseas. If you request an international verification of your information, your consent must be given prior to the disclosure of your information overseas.

As noted above, Kinatico may use some businesses and contractors who are based overseas to complete some of the work necessary to provide our Services. This may require an international transfer of information whilst that work is undertaken. We take reasonable steps to ensure that partner organisations and third-party suppliers have robust processes and procedures in place for the handling of personal information that are at least equivalent to Kinatico’s practices.

We hold personal information electronically and may hold some information in hard copy form, both at our own premises and with the assistance of our service providers. Our main database, where all verified records are held, is held securely in Australian data centres.

Our trained operators provide customer support and manage and process verification activities from operations centres in Australia, New Zealand or the Philippines. Unless you are responding to an invitation from a customer organisation with which we have agreed to restrict access to staff in your country, it is possible that, to provide a timely and efficient service, you may be assisted by one of our other operations centres. In that case, your personal information may be viewed by operators who are overseas. Any of our operators who view your information will be using a secure VPN connection to view the data that is stored on Australian servers.

USE OF DVS THROUGH KINATICO

This section explains how we may collect, use, disclose and store your personal information to verify your identity document(s) using the Attorney-General’s Department’s Document Verification Service (DVS). This will only occur with your express consent.

We are bound by the provisions of the Privacy Act 1988 (C’th) (Privacy Act), including the Australian Privacy Principles (APPs), as well as the Identity Verification Services Act 2023 (C’th) (IVS Act). Your personal information will be handled in accordance with our obligations under this legislation.

How will we handle your personal information?

We collect your personal information through one of our products and/or Kinatico ID™.

The information you provide will be sent to the DVS Hub, administered by the Attorney-General’s Department, and matched against official records held by the government agency responsible for issuing the identity document (document issuer).

The DVS Hub will advise us of whether the information you provide matches official records.

We store copies of your identity documents after the DVS check is complete. This information will be retained for as long as required under our legal obligations. For example, identity documents provided when ordering a nationally coordinated criminal history check must be kept for 12 months and deleted within 15 months.
How will the Attorney-General’s Department handle your personal information?

The DVS Hub facilitates information transfer between us and the document issuer. The DVS Hub itself does not retain any personal information and the Attorney-General’s Department cannot view or edit any of the personal information transmitted through the DVS Hub.

The Attorney-General’s Department engages a third-party provider as a managed service provider for the DVS, who is required to adhere to the APP requirements and security standards to ensure the use and disclosure of personal information is limited to explicitly defined purposes including:

(a) for the purposes of the contract with the department; and
(b) to comply with any request under section 95C of the Privacy Act.
The Attorney-General’s Department is authorised to operate the DVS Hub for the purpose of verifying individual’s identities under the IVS Act.

For more information on how the Attorney-General’s Department may handle your personal information, see the Attorney-General’s Department’s ‘Privacy Statement.

How will the document issuer handle your personal information?

Your personal information will be shared by the Attorney General’s Department via the DVS Hub with the government agency that issued your identity document to verify it against their official records. These agencies already hold your personal information as part of their official records, in line with their own privacy policies and legal obligations.

What happens if you don’t provide your personal information?

You do not have to agree to verify your identity documents through the DVS.
However, if you do not provide the personal information we require to verify your identity, we may not be able to provide you with certain products, services or offerings through CVCheck.

Other disclosures

Where necessary, we may disclose your personal information to third parties, including:

(a) our customer if that customer has engaged Cited™ as a Gateway Service Provider to access the DVS to verify your identity documents;

(b) our digital identity partner, Scantek Solutions Pty Ltd (ABN 26 158 339 514), who may receive your identification information to make or receive an information match request; and/or

(c) law enforcement agencies in certain circumstances.

The Attorney-General’s Department’s verification assistance service

There may be circumstances in which we will require assistance to verify your identity. If we request assistance from the Attorney-General’s Department to verify your identity through the DVS, the Attorney-General’s Department will collect your personal information for the purposes of verifying your identity document(s) through the DVS.

The Attorney-General’s Department may also disclose your personal information to the relevant document issuer to assist them with verifying your identity documents. This collection is authorised under APP 5.2(c) and section 27 of the IVS Act which permits the collection of your personal information from someone other than yourself when it is authorised under an Australian law.

The Attorney-General’s Department will handle your personal information in accordance with their obligations under the Privacy Act.

Where the identity document(s) you require to be verified include information regarding other individuals (such as a Medicare card covering multiple individuals), it will be assumed that you have advised those individuals and obtained their consent to the disclosure. This information will only be used for the purposes of verifying your identity document(s) through the DVS. Any personal information of other individuals will otherwise be managed in the same way as your personal information.

There may be overseas disclosure of your personal information to recipients located in New Zealand where New Zealand government agencies or private organisations request for verification assistance of your identity document(s).

If you don’t provide your personal information to the Attorney-General’s Department, the Department will be unable to verify your identity document(s).

More information about the verification assistance service is set out in the Attorney-General’s Department’s Identity Verification Services Privacy Statement.

DIRECT MARKETING

We may choose to directly market to, and communicate with, customer organisations and their representatives. We do not send advertising or marketing information unless we have your express or inferred consent in accordance with applicable Australian or New Zealand laws. In order to send direct marketing information to you, we may share your information with our agents and contractors, some of whom may be overseas. If you receive direct marketing messages from us that you do not wish to receive, you may remove your name from the database either by using the unsubscribe facility (if the message is electronic) or by contacting us using the contact details in this Privacy Policy (below). Please allow 30 days for your request to be processed.

Even if you remove your name from the advertising and marketing database, we may send you administrative emails or test messages relating to your user account. These messages may include administrative or transaction confirmations, requests, reminders or information about your account.

Kinatico and our Related Companies (as that term is defined in the Corporations Act) may disclose personal information to, and collect personal information from, each other to understand how you interact with our products and to better understand your preferences and requirements, conduct market research and improve our products and services.

KEEPING YOUR INFORMATION SECURE

We store your hard-copy or electronic records in secure building and systems or using trusted third parties. We also have a layered approach to our security.

Security by Design:

Our systems and processes are engineered to deliver security at all levels.

Management:
Policies and managerial oversight from the executive level down. Our Information Security Committee includes our most senior and experienced staff with a spread of expertise from Information Technology to Legal. The Security Committee sets the security policy framework that defines security measures and responsibilities for Kinatico’s staff and all operational departments.

Staff training:

Kinatico embeds privacy and security in our culture and company values. We train our staff driving awareness and procedural compliance to keep your information safe and secure.

Physical Security:

We control access to sensitive areas, management of physical and electronic documents, and secure document disposal. We use a mix of alarms, cameras, guards and other controls in our buildings to prevent unauthorised access.

Platform security:

Security architecture, designs and implementation of our software and systems.

Audits and Testing:

Security assurance through external and independent audits, review, and regular penetration testing. Kinatico employs independent, industry certified, security experts with the experience and track record to support our security aims. We continue to run an annual program of penetration and security testing of the Kinatico products. This testing regime is supported by ongoing audit and architecture reviews to maximise the security of our products and the servers they run on.

Secure Data Management:

All customer and operational data is held securely in Australian data centres.

Destroying or de-identifying data when no longer required

We aim to keep personal information only for as long as we need it – for example for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.

MINORS AND CHILDREN’S PRIVACY

Minors and children who are too young to provide informed consent are not able to use Kinatico products.

If it is necessary to obtain the consent of a parent or guardian in certain situations, we will seek that consent before proceeding.

ACCESS, UPDATING AND CORRECTING YOUR PERSONAL INFORMATION

You have a right to access your personal information held by Kinatico. There is no charge to put in a request to see your information and we can easily provide you with general information such as your name, address and contact details. If you believe that this information is incorrect or out of date you may of course ask us to correct it.

We can also provide you with access to most check results on you (except for references given in confidence to a potential employer, or psychometric assessments). Please note that in giving a check result we are verifying an accurate record of what information the source has that corresponds to the information given about you. If you believe that the source has inaccurate, incomplete or misleading information, you may need to take that up with the source.

If we believe the information is correct and does not need correcting, we will let you know why. Please send your requests to:

Privacy Officer Kinatico Ltd
PO Box 7394 Cloisters Square
WA 6850 Australia
or send an email to: privacyofficer@kinatico.com

Is there a fee?

Generally, we will not charge a fee for such requests. However, we may need to charge you a small administration fee to cover our costs if you want to access more detailed information and we spend time finding or putting together the information you want or if you want copies of information on your file. If there’s a fee, we’ll let you know how much it is likely to be, so you can choose if you want to go ahead. Generally, the fee is an hourly rate plus any photocopying costs and other expenses. You’ll need to pay us before we start or give us permission to take it out of your account.

Can we refuse to give you access?

In some cases, we can refuse access or only give you access to certain information. For example, we might not let you see information that is commercially sensitive or if it also contains someone else’s personal information. If we do this, we’ll write to you explaining our decision.

WHAT ARE ‘COOKIES’ AND HOW DO THEY WORK?

A cookie is a small text file that is placed on your computer or mobile device when you visit a website. Cookies collect information about users and their visit to the website, such as their Internet protocol (IP) address, how they arrived at the website (for example, through a search engine or a link from another website) and how they navigate within the website. A cookie cannot read data from your hard disk or read cookie files created by other websites.

A cookie is a string of letters and numbers that uniquely identify the computer you are using and the Username and password you may have used to register at the site.

Two types of cookies are used on the Kinatico site and products.

The first type of cookie tracks the way that visitors use our site. These cookies help us to understand which pages are of the most interest to our users and the way that users move through our site. This type of cookie is anonymised and does not report any information that could personally identify any single user, including you. The result data gives us an aggregated view of the overall behaviour of all visitors but can’t tell us what any single user does.

The second type of cookie exists only for the time you are logged on to our site or product. These cookies are used by our application to create a secure user session when you login to our site using your username and password so that you can navigate around the secure areas of the site – without the need for you to re–enter information.

Some of the cookies are owned by Kinatico; some are owned by the third-party providers of tools (software) that we use in building, running or monitoring our site. Most browsers can be configured to refuse to accept cookies. You can also delete cookies from your hard drive. However, doing so may hinder your access to valuable areas of information within our site.

ACCESS TO OTHER WEBSITES

Third party websites that may be accessible via hyperlinks from the Kinatico website or through an Automated Platform Interface (API) and are owned and operated by third parties are not subject to Kinatico’s Privacy Policy. Kinatico has no control over the content of those websites. Please review the privacy policy of each individual website you access and assess whether the policy is satisfactory to you before you use the other websites.

MAKING A PRIVACY COMPLAINT – HOW CAN YOU MAKE A COMPLAINT?

At Kinatico we value our customers. We will always aim to be fair and responsive. If you have a complaint you have the right to expect that we will handle it in a friendly and professional way. When we receive a complaint, we look on it as valuable feedback that may help us to improve the services we offer and to ensure your needs are met in a satisfactory and appropriate manner.

If you wish to complain at any time about the handling, use or disclosure of your personal information just write to us at the following address:

Privacy Officer – Kinatico Ltd
PO Box 7394 Cloisters Square PO,
WA 6850 Australia
or send an email to: privacyofficer@kinatico.com

We will make all efforts possible to investigate your complaint and advise you of the outcome as soon as possible.

If the matter is not resolved to your satisfaction you can then refer your complaint to the Office of the Australian Information Commissioner who can be contacted through the following website: Privacy complaints | OAIC

HOW DO WE MANAGE A COMPLAINT? WE WILL:

  • Keep a record of your complaint

  • Respond to the complaint within a few days if we can, or tell you if we need more time to look into it

  • Keep you updated on what we’re doing to fix the problem

  • We will make all efforts possible to advise you of the outcome as soon as possible and in any event within 30 days of the complaint. Or if we cannot respond within that timeframe we will let you know why.

WHAT ELSE CAN YOU DO?
If the matter is not resolved to your satisfaction after you have been through our internal complaints process, there are free and independent dispute resolution services available to you.

In Australia:

Office of the Australian Information Commissioner. GPO Box 5218 Sydney NSW 2001. Fax: +61 2 9284 9666
Email: enquiries@oaic.gov.au Note that email that is not encrypted and can be copied or tracked.

In New Zealand:

Office of the Privacy Commissioner. PO Box 10 094 Wellington 6143. Fax: (04) 474 7595
Email: enquiries@privacy.org.nz – Note that email that is not encrypted and can be copied or tracked.