Omni Privacy Policy
1. Introduction
1.1 About this Privacy Policy
The Privacy Act 1988 (Privacy Act) requires entities bound by the Australian Privacy Principles to have a Privacy Policy. This Privacy Policy outlines the personal information handling practices of Omni.
This policy is written in simple language. The specific legal obligations that apply to Omni when collecting and handling your personal information are outlined in the Privacy Act and in particular in the Australian Privacy Principles (APPs) found in that Act.
We will update this Privacy Policy when our information handling practices change. Updates will be publicised on our website.
1.2 Privacy Act
The Privacy Act regulates how personal information about an individual is collected and handled.
‘Personal information’ is information or an opinion about an identified individual or an individual who is reasonably identifiable:
- whether the information or opinion is true or not, or
- whether the information or opinion is recorded in a material form or not.
Personal information includes information such as:
- your name or address,
- bank account details and credit card information,
- photos,
- your racial or ethnic origin,
- your political opinions,
- your religious or philosophical beliefs,
- your membership of a trade union or professional organisations,
- your genetic data,
- your biometric data,
- your physical or mental health or condition,
- sex life or sexual orientation, or
- other information about your opinions.
The thirteen APPs in Schedule 1 of the Privacy Act regulate how agencies (including Omni) can:
- collect,
- use,
- disclose,
- store, or
- access,
your personal information.
1.3 Who should read this Privacy Policy
This Privacy Policy is particularly relevant to you if you are:
- an individual whose personal information may be given to or held by Omni,
- a contractor, consultant, supplier or vendor of goods or services to Omni, or
- a person seeking employment or who is employed with Omni.
1.4 Omni and anonymity
Where possible, we will allow you to interact with us anonymously or using a pseudonym. However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your matter.
2. Personal Information Holding Practices
2.1 Collection of personal information
Personal information about you may be collected by Omni from you, your agent or from a third party. Omni uses forms, online portals, electronic and paper correspondence as well as telephone to collect this information.
Any personal information collected from employees, contractors, clearance subjects or others will be used in accordance with the Privacy Act 1988.
Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.
2.2 Types of personal information Omni collects and holds
Personal information we collect, and hold may include:
- name, address and contact details (e.g. phone and email),
- date of birth,
- gender,
- curriculum vitae,
- qualifications and referee reports,
- signature,
- driver’s licence and passport information,
- travel booking details,
- bank account details and other financial information, or
- next of kin.
2.3 Types of sensitive personal information Omni collects and holds
We may also collect or hold a range of sensitive personal information about you, including your:
- racial or ethnic origin,
- political opinions,
- criminal record,
- financial situation,
- health (including information about your medical history and ongoing medical information) where relevant to assessing an application, making reasonable adjustments in a recruitment process or the management of your health and safety or the health and safety of all employees, or
- information relevant to a work health and safety assessment, incident or investigation.
If you or another person provides Omni with sensitive personal information, Omni will only retain the information if:
- you have consented to the collection of the information, and it is reasonably necessary for, or directly related to, one of Omni’s functions or activities;
- collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or
- collection of the information is authorised for other purposes permitted under the Privacy Act – this includes where Omni:
- suspects that unlawful activity, or serious misconduct, relating to Omni’s functions and activities has been, is being or may be engaged in, or
- reasonably believes that the collection is necessary to lessen or prevent a serious threat to the health or safety of any individual, or to public health or safety.
If the sensitive personal information does not fall within one of these categories, Omni will not keep a record of the information and instead we will arrange for its return or secure destruction if it is lawful and reasonable to do so.
2.4 Collection of personal information relating to employees
Broadly grouped, the personal information we collect, and hold may include:
- documents or information relating to employment with Omni, (e.g. personnel records, name, date of birth, postal or email addresses, telephone numbers, drivers licence details, photographs, and next of kin or emergency contact information, health information, commencement date, leave entitlements and status, type and location of employment, and information on work related travel or other expenses);
- recruitment information including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process;
- employment records including job titles, work history, working hours, holidays, training records and professional memberships;
- performance records such performance details, and disciplinary and grievance information;
- financial details such as compensation and salary information, tax file number, bank details, salary allocations, superannuation details, lease requirements and payments required by law;
- browsing and access history from Omni owned devices, as well as other such information about your use of Omni’s information and communications systems;
- transactional information relating to Omni Corporate Credit Cards;
- other information that is necessary for work related purposes information relating to persons who have applied for act of grace payments, waiver of debt, compensation and other claims;
- information relating to work health and safety assessments, incidents and investigations;
- 24-hour CCTV surveillance footage (including photographs and/or video recordings); or
- financial and other information about tenderers, contractors and customers.
Omni may also collect and store the following more sensitive types of personal information about employees and contractors:
- information about your health, including any medical condition and sickness records, including details of any absences (other than holidays) from work and where you leave employment and the reason for leaving is related to your health; and
- information about your race or ethnicity, religious beliefs, sexual orientation, and political opinions for equal opportunities monitoring purposes.
2.5 Collection of personal information as a Vetting Assessment Provider
Due to Omni’s role as a Vetting Assessment Provider (VAP), it will collect personal information and sensitive personal information during the course of providing an assessment and recommendation to an Authorised Vetting Agency on whether an applicant is suitable to hold or retain an Australian Government security clearance.
Broadly grouped, the personal information collected will include:
- personal particulars,
- background assessment,
- referee checks,
- digital footprint,
- national police check / criminal history check, and
- financial history assessment.
Dependent on clearance level, additional checks may also be required, including:
- financial statement,
- financial probity assessment,
- comprehensive financial assessment,
- Australian Security Intelligence Organisation suitability assessment,
- security interview information,
- psychological assessment, and
- overseas travel details.
We need all the types of information in the lists above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.
2.6 Unsolicited personal information
From time to time, we receive personal information that is additional to information that we have solicited or information that we have not taken active steps to collect. This is known as ‘unsolicited personal information’ and includes:
- misdirected mail received by us;
- correspondence to us from members of the community, or other unsolicited correspondence;
- employment, internship, work experience or volunteering applications sent to us on an individual’s own initiative and not in response to an advertised vacancy;
- a promotional flyer or email containing personal information, sent to us by an individual promoting the individual’s business or services; or
- court documents for proceedings to which we are a party or may have an interest.
If we receive unsolicited personal information and we decide that we are not permitted to collect it in accordance with the APPs, we will take reasonable steps to destroy or de‑identify the information as soon as practicable, unless it is unlawful or unreasonable to do so.
2.7 How do we use your personal information?
Personal information will not be used for any purpose other than the reason it was collected. Omni will only use your personal information when we are required to, and in accordance with the relevant documents and references.
Omni will only use the personal information of employees, contractors or clearance subjects if:
- it is authorised or required by law,
- they have provided their consent for the use, and
- the use meets one of the other purposes outlined in the documents and references listed in this policy.
We may also use your personal information in the following situations, which are likely to be rare:
- where we need to protect your interests (or someone else’s interests), or
- where it is needed in the public interest.
In some cases, we may use your personal information to pursue legitimate interests (for example our duties as a VAP), provided your interests and fundamental rights do not override those interests.
Omni may share your personal information with companies within the Omni group, or third-party service providers. This may be necessary where required by law, to administer the working relationship with you or where we have another legitimate interest in doing so.
All our third-party service providers and other companies in the Omni group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will collect and handle your personal information in order to:
- make a decision about your recruitment or appointment, determine the terms on which you work for us, and/or administer a contract we have with a client;
- check you are legally entitled to work;
- pay you, provide you with any benefits, enrol you in any relevant pensions, and, if you are an employee, deduct tax and any insurance contributions;
- conduct performance reviews, manage performance, determine performance requirements, and make decisions about salary reviews and compensation;
- assess qualifications for a particular job or task, including decisions about promotions;
- gather evidence for possible grievance or disciplinary hearings, or to make decisions about your continued employment or engagement;
- make arrangements for the termination of our working relationship;
- assess and provide education, training and development;
- deal with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
- ascertain your fitness to work and manage sickness absence;
- to monitor your use of our information and communication systems and ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
- conduct data analytics studies to review and better understand employee retention and attrition rates; and
- fulfil our legal obligations such as complying with health and safety obligations, undertake equal opportunities monitoring, and prevent fraud.
On rare occasions, there may be other reasons for processing personal information, such as it is in the public interest to do so.
Omni will use information about your physical or mental health, or disability status, to:
- ensure your health and safety in the workplace,
- assess your fitness to work,
- provide appropriate workplace adjustments,
- monitor and manage sickness absence, and
- administer benefits including statutory maternity pay, statutory sick pay.
Omni needs to process this information to exercise rights and perform obligations in connection with your employment.
In general, Omni will not process particularly sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment, or Omni’s role as a VAP.
As a VAP, Omni is required to share relevant information about security clearance subjects’ ongoing eligibility and suitability for employment or to hold an Australian Government security clearance. Sharing relevant information, even when it is sensitive personal information, does not breach an individual’s privacy provided that informed consent is received, and the information is used for the purpose for which consent was given.
As a VAP, Omni is required to provide relevant information of concern obtained during the security vetting process to the Sponsoring Entity. Information of concern includes:
- information of security concern (such as issues that raise concern over the protection of security classified information, resources or activities from compromise, espionage, sabotage, foreign interference, etc.); and
- information of non-security concern (such as integrity or allegiance to Australia or the Australian Government’s interest).
This is particularly important if identified concerns may lead to an adverse recommendation, or where vetting uncovers information likely to impact on the clearance subject’s suitability to hold the role (e.g. current drug use in an entity with a zero drug-use policy).
In these circumstances, Omni (where a security clearance decision is still pending, including circumstances where a response has been invited from the clearance subject in relation to the identified risks) shares only relevant information with the Sponsoring Entity to enable temporary measures until a final outcome is made.
2.8 Information requested by Government Agencies
In Australia, a Fair Work Inspector can also request information about employees to establish that the business is meeting its employment obligations. Under the Fair Work Act, employers are required to provide this information to a Fair Work Inspector.
Government agencies, such as the Australian Tax Office, may have powers to request information concerning Omni employees under certain legislative provisions.
As a VAP, Omni may be required to provide information to a Sponsoring Entity (e.g. the Australian Government Security Vetting Agency).
Personal information received or used during security clearance vetting and ongoing suitability checks must be conducted in accordance with the Australian Privacy Principles (unless these principles do not apply to the entity).
2.9 Access to and correction of personal information
Omni takes steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
Under the Privacy Act you have the right to ask for access to personal information that we hold about and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information and take responsible steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
2.10 Storage and security
Omni prioritises the security of your personal information. We utilise industry-standard security measures to safeguard your data from unauthorised access, loss, or misuse. This includes implementing encryption technologies, secure servers, and access controls. Our security protocols are regularly reviewed and updated to address evolving threats and to ensure the highest level of protection.
Additionally, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Despite these measures, please be aware that no system can guarantee absolute security. We are committed to continuously improving our security practices to protect your personal information.
Due to the nature of its content, personal information will always be classified at least OFFICIAL: Sensitive and must be protected in accordance with the minimum protections and handling requirements for this classification.
Omni will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements, or as stipulated in the requirements.
To determine the appropriate retention period for personal data, Omni consider:
- the amount, nature and sensitivity of the personal data,
- the potential risk of harm from unauthorised use or disclosure of your personal data,
- the purposes for which we process your personal data and whether we can achieve those purposes through other means, and
- the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use that information without further notice to you.
Omni will take all reasonable steps to destroy or de-identify collected personal information once it is no longer needed for any purpose for which it may be used or disclosed under the APPs.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Operations Division in writing via operations@omni.exe.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.3. Complaints
3. Complaints
3.1 Complaints from employees
If an Omni employee, contractor or clearance subject believes that Omni has committed a breach of the Australian Privacy Principles, a complaint should be made in compliance with Omni’s Grievance Handling Policy.
3.2 Complaints from non-employees
For non-employees, if you consider that Omni has interfered with your privacy, you should first make a complaint to Omni by emailing the Operations Division (operations@omni.exe). Please allow an adequate opportunity for the complaint to be dealt with, generally giving 30 days for a response.
Upon receipt of your complaint, Omni will:
- gather the facts relevant to the complaint
- investigate the issues raised and consider how your request regarding outcomes can be met
- communicate our response to you in person and in writing, and invite you to reply to our response
- identify any systemic issues raised and possible responses, and
- record your complaint and outcome.
These steps will be taken in accordance with the Office of the Australian Information Commissioner (OAIC) checklist for addressing privacy complaints.
3.3 Security clearance decisions
As a VAP, Omni must apply procedural fairness to security clearance decisions that may detrimentally impact a clearance subject, without compromising the national interest or betraying the confidentiality of the source of any adverse information.
In such circumstances, the clearance subject will be provided an opportunity to respond before the final recommendation is made.
3.4 How to make a complaint to the Office of the Australian Information Commissioner
If you are not satisfied with Omni’s response to your complaint, you may make a complaint to the OAIC. Where appropriate, the Commissioner can make preliminary enquiries into the matter, investigate and/or attempt to resolve the complaint by conciliation.
In some circumstances, the Commissioner may decline to investigate complaints. If a complaint is not resolved, the Commissioner may make a determination about whether an interference with privacy has occurred.
More information about the Commissioner’s privacy complaint handling process can be found here
Post: Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: http://www.oaic.gov.au/
4. How to Contact Us
Contact Omni if you want to:
- obtain access to your personal information
- request a correction to your personal information
- make a complaint about a breach of your privacy
- query how your personal information is collected, used or disclosed
- make a suggestion or comment in relation to our Privacy Policy, or
- ask questions about our Privacy Policy.
You can contact us via:
Canberra (Head Office)
PO Box 5553 Kingston ACT 2604
Main Reception: (02) 6162 0954
5. Documents and references:
- Privacy Act 1988
- Australian Privacy Principles
- Defence Privacy Policy
- Australian Protective Security Framework
- Office of the Australian Information Commissioner
6. Updates
This policy will be reviewed and updated annually or as required.
Any requests for amendments should be sent to operations@omniexe.com