Privacy Policy

Servcorp Privacy Policy

- Updated March 2026 - 

We recognise the importance of the privacy of individuals who have dealings with us, such as customers and suppliers. We are bound by the Australian Privacy Principles, to the extent required by the Privacy Act 1988, and where we operate internationally local privacy legislation. This policy outlines how we and our Group Companies collect, use and manage personal information.

A. This Policy

Summary - This Policy

This Policy explains how we Process Personal Data. This Policy may be amended or updated from time to time, so please check it regularly for updates.

 

This Policy is issued by Servcorp Limited (ABN 97089222506) on behalf of itself, its subsidiaries and its affiliates (together, “Servcorp” “we”, “us” and “our”) and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our sites, other users of our products or services, job applicants, and visitors to our premises (together, “you”). Defined terms used in this Policy are explained in Section B below.

Details of the relevant managers and controllers under this Privacy Policy are provided in Section X  below. Any country-specific provisions are set out in Appendix 1.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to how we collect and use Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

B. Definitions

• “Adequate Jurisdiction”means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
• “AI-Enabled Services” means products or services provided by Servcorp that incorporate Artificial Intelligence technologies, including digital assistants, AI avatars, automated transcription tools, analytics systems, or similar technologies.
• “App” means any mobile application, software application, or mobile-enabled platform made available by Servcorp for use on smartphones, tablets, or other mobile devices, including any updates, enhancements, or related services.
• “Artificial Intelligence” or “AI” means computational systems, machine learning models, natural language processing systems, or other automated analytical technologies that can perform tasks which would typically require human intelligence, including generating content, analysing data, recognising patterns, or making predictions.
• “Automated Decision-Making” means a decision made solely by automated means, without meaningful human involvement, that produces legal effects or similarly significant effects for an individual.
• “Client Data” means Personal Data Processed by Servcorp on behalf of a client in the capacity of Processor pursuant to a contract or data processing agreement.
• “Cookie”means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
• “Controller”means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable Data Protection Laws.
• “Data Protection Authority”means an independent public authority that is legally tasked with overseeing compliance with applicable Data Protection Laws.
• “EEA”means the European Economic Area.
• “GDPR” means the General Data Protection Regulation for the European Union and the EEA.
• “Personal Data”means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• “Process”, “Processing” or “Processed”means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Processor”means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
• “Profiling”means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• “Relevant Personal Data”means Personal Data in respect of which we are the Controller.
• “Sensitive Personal Data”means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information deemed to be sensitive under applicable law.
• “Site”means any website operated, or maintained, by us or on our behalf.

C. Collection of Personal Data

Summary – Collection of Personal Data

We collect or obtain Personal Data: when the data is provided to us (e.g., where you contact us); in the course of our relationship with you (e.g., if you become a customer); when you make Personal Data public (e.g., if you make a public post about us on social media); when you visit our Sites; when you register to use any of our Sites,  products, or services; or when you interact with any third party content or advertising on a Site. We may also receive Personal Data about you from third parties (e.g., law enforcement authorities).

 

Collection of Personal Data: We collect or obtain Personal Data about you from the following sources:

• Data provided to us:We obtain Personal Data when this data is provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application, or when you fill out a contact form).
• Relationship data:We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we quote on or provide a service to you, or to your employer, or we receive information about payment).
• Data you make public:We may collect or obtain Personal Data that you choose to make public, including via social media (e.g., we may collect information from your social media profile(s)).
• Site data:We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site (technical connection data, e.g. the specific web page accessed, your IP address, the date and time of access, the end device used, browser configuration data).
• Registration details:We collect or obtain Personal Data when you use, or register to use, any of our Sites, or services.
• Content and advertising information:If you choose to interact with any third-party content or advertising on a Site, we receive Personal Data about you from the relevant third party.
• Third party information:We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities, social media providers; etc.).
• Tracking data:We may collect or obtain Personal Data through web page tracking and newsletter tracking.

If you provide Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Personal Data.

D. Creation of Personal Data

Summary – Collection of Personal Data

We create Personal Data about you (e.g., records of your interactions with us).

 

We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your history.

E. Categories of Personal Data we Process

Summary – Categories of Personal Data we collect, use and Process

We Process: your personal details (e.g., your name); demographic data (e.g., your age); your contact details (e.g., your address); records of your consents; payment details (e.g., your billing address); information about our Site (e.g., the type of device you are using); details of your employer (where relevant); information about your interactions with our content or advertising; and any views or opinions you provide to us.

 

We may Process the following categories of Personal Data about you provided we have an applicable legal basis:

• Personal details:given name(s); preferred name; and photograph.
• Demographic information:gender; date of birth / age; nationality; salutation; title; and language preferences.
• Contact details:correspondence address; shipping address; telephone number; fax number, email address; details of Personal Assistants, where applicable; messenger app details; online messaging details; and social media details.
• Consent records:records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
• Purchase details:records of purchases and prices; and consignee name, address, contact telephone number and email address.
• Payment details:invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
• Data relating to our Site:device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a Site; location data, and other technical communications information (some of which may constitute Personal Data); username; password; security login details; usage data; aggregate statistical information.
• Employer details:where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
• Content and advertising data:records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
• Views and opinions:any views and opinions that you choose to send to us, or publicly post about us on social media platforms.

F. Sensitive Personal Data

Summary – Sensitive Personal Data

We do not seek to collect or otherwise Process Sensitive Personal Data. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.

 

We do not seek to collect or otherwise Process Sensitive Personal Data. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.

We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases:

• Compliance with applicable law:We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
• Establishment, exercise or defence of legal rights:We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal rights;
• Consent:We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way); or
• Manifestly made public:We may Process your Sensitive Personal Data where the Processing of such Personal Data relates to data which are manifestly made public by you as data subject, e.g. on our Servcorp Pages in social media.

If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.

G. Purposes of Processing and legal bases for Processing

Summary – Ways in which we can use your personal information

We Process Personal Data for the following purposes: providing our Sites, products, and services to you; operating our business; communicating with you; enabling connectivity of our products and services; maintaining social media platforms; managing our IT systems; health and safety; financial management; conducting surveys; ensuring the security of our premises and systems; conducting investigations where necessary; compliance with applicable law; improving our Sites, products, and services; fraud prevention; and recruitment and job applications.

 

The purposes for which we Process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:

Processing activity

Provision of Sites, products, and services: providing our Sites, products, or services; providing promotional items upon request; and communicating with you in relation to those Sites, products, or services.

Operating our business: operating and managing our Sites, our products, and our services; providing content to you; displaying advertising and other information to you; communicating and interacting with you via our Sites, our products, or our services; and notifying you of changes to any of our Sites, our products, or our services.

Communications and marketing: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.

Maintaining company representation pages (“Servcorp Pages”) on social media and other third party platforms.

Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.

Health and safety: health and safety assessments and record keeping; providing a safe and secure environment at our premises; and compliance with related legal obligations.

Financial management: sales; finance; corporate audit; and management.

Surveys: engaging with you for the purposes of obtaining your views on our Sites, our products, or our services.

Security: physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including login records and access details).

Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.

Legal proceedings: establishing, exercising and defending legal rights.

The usage of a whistleblowing system to prevent, report and counteract misconduct by employees or other third parties. If you report a suspected wrongdoing or appear in a report as an alleged wrongdoer or as a witness or involved party, your personal data may be processed within our whistleblowing system. (Note: country specific exceptions, for example, Sweden, may restrict the reporting to include only Servcorp’s key personnel).

Legal compliance: compliance with our legal and regulatory obligations under applicable law.

Improving our Sites, Apps, products, and services: identifying issues with our Sites, our Apps, our products, or our services; planning improvements to our Sites, our Apps, our products, or our services; and creating new Sites, Apps, products, or services.

Fraud prevention: Detecting, preventing and investigating fraud.

Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.

 

H. Disclosure of Personal Data to Third Parties

Summary – Disclosure of Personal Data to Third Parties

We disclose Personal Data to: legal and regulatory authorities; our external advisors; our privacy managers and Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third-party providers of advertising, plugins or content used on our Sites.

 

We disclose Personal Data to other entities within Servcorp, for legitimate business purposes and the operation of our Sites, products, or services, in accordance with applicable law. In addition, we disclose your Personal Data to:

• You and, where appropriate, your appointed representatives;
• Legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
• Accountants, auditors, lawyers and other outside professional advisors to Servcorp, subject to binding contractual obligations of confidentiality;
• Third party Processors (such as payment services providers) located anywhere in the world, subject to the requirements noted below in this Section H;
• Any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
• Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
• Any relevant third-party provider for the purposes of verification and fraud prevention
• Any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
• Any relevant third-party provider, where our Sites use third party advertising, plugins or services with third party products or services. If you choose to interact with any such advertising, plugins, content or connect to such products/services, your Personal Data may be shared with the relevant third-party provider. We recommend that you review that third party’s privacy notice before interacting with its advertising.

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.

I. Cookies and Similar Technologies

Summary – Cookies and Similar Technologies

We Process Personal Data by using Cookies and similar technologies.

 

When you visit a Site or use an App we will typically place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. This helps us make our site better and easier to use.

J. Mobile Applications

Summary – Mobile Applications

We Process Personal Data by using Cookies and similar technologies.

 

When you use a Servcorp mobile application (“App”), we may collect and Process Personal Data specific to mobile device functionality, including location data, device identifiers, push notification tokens, analytics data, and authentication information. This section explains how Personal Data is handled within our Apps.

Servcorp may make available mobile applications for use by authorised clients. Access to certain features of the App requires authentication using login credentials associated with your account. In connection with your use of the App, we may Process account identifiers, login activity, session information, device type, and operating system details for authentication, security monitoring, and service delivery purposes.

Where you enable location services on your device, the App may collect and Process location data to support functionality such as displaying nearby Servcorp locations, enabling location-based features, and enhancing user experience. Location access is controlled through your device operating system settings. You may disable location permissions at any time; however, certain App features may not function as intended if location services are disabled. Servcorp does not collect precise background location data unless expressly required for a specific feature and enabled by you.

The App may use push notification functionality to deliver service-related communications, operational updates, or feature notifications. Push notifications are managed through your device settings and may be disabled at any time. Disabling notifications may limit certain App functionality.

We may use analytics and performance monitoring tools within the App to monitor stability, identify technical issues, understand usage patterns, and improve functionality. Analytics data may include device information, interaction data, crash logs, and aggregated usage metrics. Where third-party analytics providers are engaged, they act as service providers subject to contractual confidentiality and data protection obligations. Where appropriate, analytics data is processed in aggregated or pseudonymised form.

Where supported by your device, the App may offer biometric authentication methods (such as fingerprint or facial recognition) to facilitate secure login. Biometric authentication is controlled entirely by your device manufacturer and operating system provider and is processed locally on your device through your device operating system. Servcorp does not collect, access, store, or Process biometric templates. We receive only confirmation of successful authentication from your device. Biometric authentication may be disabled at any time through your device settings.

The App may include an AI-powered concierge feature designed to assist users with enquiries and navigation of services. Personal Data you choose to provide when interacting with the AI concierge may be Processed to generate responses and improve service quality. AI processing within the App is subject to the safeguards set out in Section L of this Policy. The AI concierge does not carry out solely automated decisions producing legal or similarly significant effects.

We implement appropriate technical and organisational measures to protect Personal Data collected through the App, including secure transmission protocols and access controls as defined in Section N. You are responsible for maintaining the confidentiality of your login credentials and for securing your device against unauthorised access.

K. Profiling

Summary – Profiling

We do not engage in Profiling that produces legal or similarly significant effects on individuals.

 

We may Process Personal Data to better understand usage patterns, improve our Sites, Apps, products, and services, and enhance customer experience. This may involve the use of analytics tools or evaluation of interaction data.

However, Servcorp does not engage in Profiling that produces legal effects or similarly significant effects on individuals, nor do we carry out solely automated decision-making that materially affects individuals without appropriate safeguards.

Any use of analytics or behavioural insights is conducted for service improvement, security, fraud prevention, or operational purposes and is not used to make decisions that significantly affect individuals’ rights or opportunities.

L. Artificial Intelligence and Automated Technologies

Summary – Artificial Intelligence and Automated Technologies

We may use Artificial Intelligence (“AI”), machine learning systems, natural language processing technologies, and other automated analytical tools while providing our Sites, products, and services and operating our business. These technologies may be used to enhance customer experience, improve operational efficiency, strengthen cybersecurity, optimise network performance, support fraud detection, assist with communications, and provide AI-enabled services to clients.

 

Where Artificial Intelligence (“AI”) or automated technologies Process Personal Data, Servcorp ensures that:

• A valid legal basis applies in accordance with applicable data protection laws;
• Processing is limited to what is necessary and proportionate for the intended purpose;
• Human oversight is maintained where appropriate, particularly in relation to decisions that may materially affect individuals;
• Data minimisation and purpose limitation principles are applied;
• Appropriate transparency measures are implemented, including disclosure of AI use where required by law;
• Security safeguards are applied consistent with Section N (Data Security) of this Policy; and
• Servcorp does not carry out solely automated decisions producing legal or similarly significant effects unless appropriate safeguards, including human review where required by law, are implemented.
• AI systems are subject to internal governance controls and periodic review to ensure compliance with applicable law and Servcorp’s data protection obligations.

Where Servcorp provides AI-enabled services (including digital assistants, AI avatars, analytics tools, transcription services, automated communications tools, or similar technologies) on behalf of clients:

• Servcorp acts as a Processor, and the client remains the Controller of the relevant Personal Data;
• Processing is conducted strictly in accordance with documented client instructions and applicable data processing agreements;
• Client Personal Data is not used for Servcorp’s independent commercial purposes unless expressly authorised by the client or required by law;
• Where third-party AI providers are engaged, Servcorp implements appropriate contractual, security and confidentiality safeguards;
• Cross-border processing is subject to the international transfer safeguards set out in this Policy;
• Access to client data is restricted to authorised personnel on a need-to-know basis; and
• Technical and organisational measures are implemented to protect Personal Data against unauthorised access, disclosure, alteration or loss.

Clients are responsible for ensuring that they have appropriate lawful bases, transparency notices and regulatory approvals (where required) in relation to their use of AI services provided by Servcorp.

M. International Transfer of Personal Data

Summary – International transfer of Personal Data

Personal Data may be transferred to Servcorp entities and trusted third parties located in other countries. Where required by applicable law, including the GDPR and UK GDPR, we implement appropriate safeguards such as EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA), and other binding contractual protections. We take reasonable steps to ensure that overseas recipients handle Personal Data in accordance with applicable data protection laws, including the Australian Privacy Principles where relevant.

 

Because of the international nature of our business, we transfer Personal Data within Servcorp and to third parties as noted in Section H above in connection with the purposes set out in this Policy. As a result, Personal Data may be transferred to, stored in, or accessed from countries that may have data protection laws that differ from those in the country in which you are located.

Where required under applicable law, including the GDPR and UK GDPR, we implement appropriate safeguards for international transfers. These safeguards may include the use of EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA), or other legally recognised transfer mechanisms and binding contractual protections. Where appropriate, we conduct transfer risk assessments to evaluate and ensure an adequate level of protection for Personal Data.

Where we transfer Personal Data from Australia to recipients located outside Australia, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that Personal Data, unless an exception under the Privacy Act 1988 (Cth) applies.

Please note that where you voluntarily transfer Personal Data directly to a Servcorp entity established outside your country of residence, that transfer may occur independently of Servcorp. However, from the point at which we receive such Personal Data, we will Process it in accordance with this Policy and applicable law.

N. Data Security

Summary – Data Security

We implement appropriate technical and organisational security measures to protect Personal Data. In the event of an eligible data breach, we will comply with our notification obligations under applicable law.

 

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.

These measures may include, where appropriate:

• Encryption of Personal Data in transit;
• Access controls and authentication safeguards;
• Role-based access restrictions;
• Monitoring and logging of systems;
• Secure hosting environments;
• Vendor due diligence and contractual security obligations; and
• Regular review of security practices.

We take reasonable steps to ensure that Personal Data is protected throughout its lifecycle, including during storage, transmission and disposal.

Because the internet is an open system, the transmission of information via the internet is not completely secure. While we implement reasonable safeguards to protect Personal Data, we cannot guarantee the absolute security of data transmitted electronically. You should take reasonable precautions to protect your own information when using online services.

Notifiable Data Breaches (Australia)

In accordance with the Privacy Act 1988 (Cth), if we experience an eligible data breach that is likely to result in serious harm to individuals, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable. We will also provide information about the nature of the breach and recommended steps individuals may take to mitigate potential harm.

O. Data Accuracy

Summary – Data Accuracy

We take every reasonable step to ensure that your Personal Data is kept accurate and up-to-date and is erased or rectified if we become aware of inaccuracies.

 

We take every reasonable step to ensure that:

• Your Personal Data that we Process is accurate and, where necessary, kept up to date; and
• Any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.

From time to time, we may ask you to confirm the accuracy of your Personal Data.

P. Data Minimisation

Summary – Data Minimisation

We take every reasonable step to limit the volume of your Personal Data that we Process to what is necessary.

 

We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

Q. Data Retention

Summary – Data Minimisation

We take every reasonable step to ensure that your Personal Data is only retained for as long as it is needed in connection with a lawful purpose.

We take every reasonable step to ensure that your Personal Data is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:

1. We will retain Personal Data in a form that permits identification only for as long as:

a. We maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or

b. Your Personal Data is necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your personal data is included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data; or until you withdraw your consent and no other legal basis exists; or as long as there are statutory retention obligations),

Plus:

2. The duration of:

a. Applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and

b. An additional twelve (12) month period following the end of such applicable limitation period, to the extent we are required or permitted to do so (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that is relevant to that claim),

And:

3. In addition: if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim; we may also continue to process Personal Data if deleting the data would conflict with the requirement to protect the interest of the persons concerned; or if the processing is otherwise necessary for the establishment, exercise or defence of legal claims.

During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, the data, except to the extent that the data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:

• Permanently delete or destroy the relevant Personal Data; or
• Anonymise the relevant Personal Data.

R. Your Legal Rights

Summary – Your Legal Rights

Subject to applicable law, you may have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. In some cases, it will be necessary to provide evidence of your identity before we can give effect to these rights.

 

Subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data:

• The right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Sites, products, or services, if you do not provide us with your Personal Data – e.g., we might not be able to process your requests without the necessary details);
• The right to request access to, or copies of, your Relevant Personal Data, together with information regarding the nature, Processing and disclosure of those Relevant Personal Data;
• The right to request rectification of any inaccuracies in your Relevant Personal Data;
• The right to request, on legitimate grounds:
  • Erasure of your Relevant Personal Data; or
  • Restriction of Processing of your Relevant Personal Data;
• The right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
• Where we Process your Relevant Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
• The right to lodge complaints regarding the Processing of your Relevant Personal Data with a Data Protection Authority (in particular, the Data Protection Authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).
• If you are located in Australia and are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by telephone on 1300 363 992.

Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:

The right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf; and

The right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please visit https://www.servcorp.com.au/en/privacy/   or use the contact details provided in Section X below. Please note that:

• In some cases, it will be necessary to provide evidence of your identity before we can give effect to these rights; and
• Where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.

S. Terms and Conditions

Summary – Terms and Conditions

Our Terms and Conditions govern all use of our Sites.

All use of our Sites, products, or services is subject to our Terms and Conditions. We recommend that you review our Terms and Conditions regularly, which can be located on our website or via the hyperlink https://www.servcorp.com.au/en/terms-and-conditions/, in order to review any changes we might make from time to time.

T. Direct Marketing

Summary – Direct Marketing

We Process Personal Data to contact you with information regarding Sites, products, or services that may be of interest to you. You may withdraw consent to receive marketing communications at any time, free of charge.

We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, products, or services that may be of interest to you. If we provide Sites, products, or services to you, or if you have requested to receive our newsletter, we may send information to you regarding our Sites, products, or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.Our newsletters contain tracking pixels. A tracking pixel is an invisible graphic in HTML emails; its purpose is to generate a log file when the email is opened and to log which links are activated from the newsletter and subsequently analyse this data. This allows us, by means of statistical evaluations, to determine the success of our newsletter campaigns and to optimise our newsletters, e.g. so that you receive information and offers that are more appropriate to your interests.You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances, we will continue to contact you to the extent necessary for the purposes of any Sites, products, or services you have requested.

U. Online Application Process

Summary – Online Application Process

We Process Personal Data in the context of our online application process.

We provide an online job application process. The data you submit, including any files you upload, are transferred via a secure connection. Your electronic application data will be routed to the relevant personnel department, who will send it only to the relevant department for the job in question and/or to the people who are authorised to process the application. All parties will treat your application documents with the utmost care and keep the content strictly confidential.Following completion of the candidate selection process, we will retain your application documents for six months, after which time we will delete them and/or destroy any copies, unless we have entered into an employment contract with you. If we wish to keep your application documents on file in our applicant pool, we will contact you about this. During this communication, we will give you the opportunity to actively consent to the continued storage of your documents. Regardless of whether or not you currently have an open application, your applicant account and the associated data will continue to be stored unless you deactivate them; this gives you the opportunity to apply for other jobs with us.Please note that applications submitted to us by email are transferred to us in an unencrypted format. We therefore recommend that you use the online application portal where possible.

V. Minors

Summary – Minors

We Process Personal Data in the context of our online application process.

Our Sites are not aimed at minors and we do not knowingly collect Personal Data from minors.

W. Social Media and other Third-Party Platforms

Summary – Social Media and other Third-Party Platforms

We Process personal data in the context of Servcorp Pages on social media and other third-party platforms and for purposes of delivering targeted advertising campaigns.

Social Media Buttons
We may use social media buttons for Facebook, Instagram, Pinterest, YouTube, LinkedIn and Xing (and other similar social media pages) on our Websites. The social media buttons are not integrated as plugins via iFrame but only provide a link to our company representation page (“Servcorp Page”) on the respective social media platform. No Personal Data is transmitted to such social media provider upon clicking on a social media button.

Servcorp Pages on Social Media Platforms
We maintain Servcorp Pages on social media and other third party platforms to market and promote our products and services. When we provide a Servcorp Page on a social media or other third party platform, we are a joint controller with the provider of the platform. We operate Servcorp Pages in joint controllership with Facebook and Instagram, Pinterest, WeChat, WhatsApp, LINE, YouTube, LinkedIn and Xing (incl. Kununu). We recommend that you review each such company’s privacy notice for further information about the processing they carry out and the contact details for such companies.We will Process Personal Data of both registered and non-registered visitors of our Servcorp Pages. 

Registered visitors: We Process data relating to our Sites (such as user identification), Personal details and Contact details (e.g. shared profile data). We also Process Personal Data generated through sharing of content, message exchange and communication. We may also Process special categories of Personal Data, if the user has shared such Personal Data.

Registered and non-registered visitors: We Process pseudonymized data such as statistics and insights on visitors’ interaction with the content on our Servcorp Page (page activities, page views, like information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success of our advertisements, and other analyses. We cannot merge pseudonymized data with the corresponding attribution features (e.g. name details) and hence it is not possible for us to identify individual visitors who remain anonymous.

We are not responsible for the user’s experience within the Servcorp Pages, e.g. with regard to the use of interactive functions such as sharing and rating.

A Servcorp Page or other corporate presence on third party platforms is just one of several options for contacting us or receiving information from us. As an alternative, the information offered via our Servcorp Pages and corporate presences can also be accessed on our websites.

Targeting

As further explained in our Cookie Policies (see Section I above), we may use cookies on our sites to allow if you have a Facebook account, to serve you Servcorp ads that are relevant to your interests. To do so, we direct Facebook, based on the data collected by the Facebook pixel, to create a group of Facebook users that will be the audience of our ad campaigns (so called custom audiences).For the creation of custom audiences, we and Facebook Ireland are acting as joint controllers and have entered into Facebook’s Controller Addendum to determine the parties’ respective responsibilities. We are responsible to provide the information set out herein, and Facebook Ireland is responsible for enabling data subjects’ rights with regard to personal data stored by Facebook Ireland after the joint processing.You can find the relevant contact details and further information on how Facebook Ireland processes personal data, including legal basis and ways to exercise your rights against Facebook Ireland in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy/.Facebook may also use the custom audience data to create lookalike audiences, which are Facebook users with similar interests or profiles as our custom audiences, for the purpose of delivering our ads to these audiences. For any such processing, Facebook is the data controller and its privacy notice will apply to this processing.You can view your Facebook ad settings and update your preferences with Facebook at any time.

X. Details of Controllers

Summary – Details of Controllers

There are several Servcorp entities that act as Controllers for the purposes of this Privacy Notice, which have different contact details. The relevant Controllers and their respective contact details are set out below.