Privacy Policy

1. Introduction

We manage personal information in accordance with the Privacy Act 2020. This privacy policy applies to information collected by Sourced Ltd. You can read our full policy and obtain more information by following the links.

We only collect information that is reasonably necessary for the proper performance of our activities or functions.

We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.

By following the links on this page, you will be able to find out how we manage your personal information.

You will also be able to find out about the information flows associated with that information.

If you have any questions please contact us.

1.1.           Information Flow

When we collect your personal information:

• we check that it is reasonably necessary for our functions or activities as an employment agency;
• we check that it is current, complete, relevant, accurate, and not misleading. This will sometimes mean that we have to cross-check the information that we collect from you with third parties;
• we record and hold your information in our Information Record System. Some information may be disclosed to overseas recipients.
• we retrieve your information when we need to use or disclose it for our functions or activities. At that time, we check that it is still current, complete, accurate, relevant, and not misleading. This will sometimes mean that we have to cross-check the information that we collect from you with third parties once again – especially if some time has passed since we last checked.
• subject to some exceptions, we permit you to access your personal information in accordance with the New Zealand Information Privacy Principles.
• we may correct or attach associated statements to your personal information in accordance with Principle 7 of the New Zealand Information Privacy Principles.
• we destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so.

2. Kinds of information that we collect and hold

Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as an employment agency and is likely to differ depending on whether you are:

• a Workseeker;
• a Client;
• a Referee.

2.1.            For Workseekers;

The type of information that we typically collect and hold about Workseekers is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us and includes:

• Your current CV, which may include your name, address, email address, work history, referees, an any other information you may think is relevant to your work search.
• Proof of identity
• Proof of right to legally work in New Zealand

2.2.            For Clients

The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:

• Contact details for primary contact and billing contacts, plus any associated contacts that engage with us to facilitate the engagement
• Website and email/physical addresses

2.3.            For Referees

The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Workseekers for particular jobs or particular types of work and includes:

• Name and contact information in the form of phone numbers or email address.

3. Purposes

The purposes for which we collect, hold, use, and disclose your personal information are likely to differ depending on whether you are:

• a Workseeker;
• a Client;
• a Referee.

The following sections are also relevant to our use and disclosure of your personal information:

• Our Policy on Direct Marketing
• Overseas Disclosures

3.1.            For Workseekers

Information that we collect, hold, use, and disclose about Workseekers is typically used for:

• work placement operations;
• recruitment functions;
• statistical purposes and statutory compliance requirements;

3.2.            For Clients

Personal information that we collect, hold, use, and disclose about Clients is typically used for:

• client and business relationship management;
• recruitment functions;
• marketing services to you;
• statistical purposes and statutory compliance requirements;

3.3.            For Referees

Personal information that we collect, hold, use, and disclose about Referees is typically used for:

• to confirm identity and authority to provide references;
• Work seeker suitability assessment;
• recruitment functions;

3.4.            Our Policy on Direct Marketing

Sourced communicates with its users primarily using e-mail. This includes telling our customers about existing and forthcoming roles. We acknowledge and respect a user’s choice to opt-out of these communications activities. Should you decide you do not wish to receive marketing or promotional materials via e-mail from us please unsubscribe using the link on each email.

4. How your personal information is collected

The means by which we will generally collect your personal information are likely to differ depending on whether you are:

• a Workseeker
• a Client
• a Referee

We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.

Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on Electronic Transactions.

See also the section on Photos & Images.

4.1.            For Workseekers

Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.

Personal information is also collected when:

• Some pages of this web site provide the facility for users to complete an online form for the purpose of subscribing to a special service or to provide us with feedback about our web site. We will ask you to provide only enough personal information to fulfill that purpose. We will record it to facilitate follow-up and for statistical analysis. Only authorised staff will have access to this information.

We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet, and social media sites.

4.2.            For Clients

Personal information about you may be collected:

• when you provide it to us for business or business-related social purposes;

We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet, and social media sites.

4.3.            For Referees

Personal information about you may be collected when you provide it to us:

• in the course of our checking Workseeker references with you and when we are checking information that we obtain from you about Workseekers;

We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites.

4.4.            Photos & Images

We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.

4.5.            Electronic Transactions

Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:

• ask to be on an email list such as a job notification list;
• register as a site user to access facilities on our site such as a job notification board;
• make a written online inquiry or email us through our website;
• submit a resume by email or through our website;

It is important that you understand that there are risks associated with the use of the Internet and you should take all appropriate steps to protect your personal information.

You can contact us by landline telephone or post if you have concerns about making contact via the Internet.

Information about the privacy aspects of your electronic transactions and our IT systems:

• Cloud Computing Services – Sourced uses Cloud storage. If you have concerns about who and/or where your information is held, please contact Sourced directly for information.
• Emails – All Sourced systems are available for access by our consultants and require 2FA.
• Call and message logs – Sourced does not store information related to calls, however, all message alerts are stored electronically – these in no way identify an individual.
• Teleconferences and Video conferences – 
• Database – All Sourced systems are available for access by our consultants and require 2FA.
• Mobile Access – All Sourced systems are available for access by our consultants and require 2FA.
• Paperless Office – Sourced operates a paperless office, there are no hard copies of any information kept on site. In a situation where information has been printed for use internally, all copies are destroyed as soon as they have been finished with (a printed CV for an in-person interview, for example).

5. How your personal information is held

Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.

We take a range of measures to protect your personal information from:

• misuse, interference and loss; and
• unauthorised access, modification, or disclosure.

5.1.            Our Information Record System

• Information is primarily recorded in our management software and will, in most cases, also pass through our email provider. Sourced otherwise operates a paperless office.
• All information is stored in a Cloud solution. If you have concerns about who and/or where your information is held, please contact Sourced directly for information.
• In some instances, we can provide you direct access to the information we hold in our Information Record System. Contact Sourced directly for more information.

5.2.            Information Security

A basic outline of our Information Security policy:

• Staff training occurs on an as needed basis.
• Our paperless office allows a realistic “Clean desk” environment.
• Sourced mitigates exposure to different levels of information through a ‘need-to-know’ authorisation policy.
• Sourced operates active policies on laptop, mobile phone and password acccess.
• Our on site document destruction ensures any hard copies of personal information are not available beyond their initial intended use.
• Data breach response and notification procedures are carefully outlined in this document.

6. Disclosures

We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.

We may disclose your personal information where we are under a legal duty to do so.

Disclosure will usually be:

• internally and to our related entities
• to our Clients
• to Referees for suitability and screening purposes.

6.1.            Related Purpose Disclosures

We outsource a number of services to contracted service suppliers (CSPs) from time to time.  Our CSPs may see some of your personal information.  Typically our CSPs would include:

• Software solutions providers;
• I.T. contractors and database designers and Internet service suppliers;
• Legal and other professional advisors;
• Insurance brokers, loss assessors and underwriters;
• Background checking and screening agents;

We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

6.2.            Cross-Border Disclosures

Some of your personal information may need to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to the disclosure.

While this situation is not currently applicable to Sourced, it may in the future. IF this arises you will be directly notified and consent sought prior to any information being sent.

Table

7. Access & Correction

Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.

Important exceptions include:

• evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases, evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.

For more information about access to your information see our Access Policy.

For more information about applying to correct your information see our Correction Policy.

7.1.            Access Policy

If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator.  You will need to be in a position to verify your identity.

• Access requests will usually be completed on the day you make the request. Where this is not practical, we will endeavour to action as soon as possible and advise you once completed.
• Should you make an access request that we are not able action (no reasonable request that is within our control will be refused), you may wich to make a formal complaint – the procedure for which can be found below.

7.2.            Correction Policy

If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you can ask us to correct it by contacting us.

We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant, or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

You can also find out information about our Data Breach Response and Notification Procedures.

• Correction requests will usually be completed on the day you make the request. Where this is not practical, we will endeavour to action as soon as possible and advise you once completed.
• Should you make a request that we are not able action (no reasonable request that is within our control will be refused), you may wich to make a formal complaint – the procedure for which can be found below.

Complaints

You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.

For more information see our Complaints Procedure.

7.3.            Complaints procedure

If you are making a complaint about our handling of your personal information, it should first be made to us in writing.

You can make complaints about our handling of your personal information to our Privacy Co-ordinator, who can be contacted by calling the office directly.

You can also make complaints to New Zealand’s Privacy Commissioner, Te Mana Matapano Matatapu

Additionally, you might also need to consider whether the circumstance that gives rise to your privacy complaint might be better handled as a personal grievance under the Employment Relations Act 2000.

Complaints may also be made to RCSA, the industry association of which we are a member.

RCSA administers a Code of Conduct for the professional and ethical conduct of its members.

The RCSA Code is supported by rules for the resolution of disputes involving members.

NOTE: The Association Code and Dispute Resolution Rules are primarily designed to regulate the good conduct of the Association’s members.

When we receive your complaint:

• We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
• Upon confirmation, we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
• We may ask for clarification of certain aspects of the complaint and for further detail;
• We will consider the complaint and may make inquiries of people who can assist us to establish what has happened and why;
• We will require a reasonable time (usually 30 days) to respond;
• If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
• If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response.