top of page

Privacy Policy

Important Considerations for Recruitment Practices

✔ Obtain candidate consent before sharing their details with employers.
✔ Securely store and protect candidate information from unauthorized access.
✔ Disclose personal information only for recruitment-related purposes.
✔ Provide candidates access to their own data upon request.
✔ Ensure compliance with both federal and NSW privacy laws.

1. The Privacy Act 1988 (Cth) – Australian Privacy Principles (APPs)

The Privacy Act 1988 (Cth) applies to businesses with an annual turnover of $3 million or more, as well as those handling sensitive personal information (e.g., health data, criminal records). The Australian Privacy Principles (APPs) outline your responsibilities when collecting, using, and disclosing personal information.

Under the APPs, as a recruiter, you must:

  • Only collect personal information necessary for recruitment purposes (APP 3).

  • Inform individuals about how their data will be used and disclosed (APP 5).

  • Keep personal information secure and prevent unauthorized access (APP 11).

  • Not disclose personal information to third parties (including clients) without consent (APP 6), unless legally required.

  • Allow candidates to access and correct their personal data upon request (APP 12 & 13).

2. Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)

If you are recruiting for NSW government agencies or working with public sector clients, you must comply with the Privacy and Personal Information Protection Act 1998 (NSW), which regulates how state agencies and contractors handle personal information.

This Act ensures:

  • Personal information must only be used for the purpose for which it was collected.

  • Candidates must be informed about how their personal data will be used.

  • Disclosure without consent is prohibited unless required by law.

3. Non-Disclosure of Candidate Information

As a recruiter, you cannot share a candidate’s personal details (such as name, contact information, CV, or references) with clients or third parties without explicit written consent from the candidate. To comply:

  • Include a Privacy Policy on your website outlining data collection and disclosure practices.

  • Obtain signed consent from candidates before forwarding their details to employers.

  • Use de-identified resumes if presenting candidates before obtaining their consent.

4. Exemptions for Employee Records

If a candidate is hired, their records may fall under the employee records exemption in the Privacy Act, meaning some privacy obligations may not apply to ongoing employment records. However, this does not apply during recruitment.

bottom of page