This Privacy and Data Protection Policy outlines how Genos International (“Genos”, “we” or “us”) collects, uses, discloses, and protects the personal information we collect in the course of performing our business functions and activities. We are committed to safeguarding the protection and privacy of the personal information we collect and do so in accordance with
- Privacy Act U.S.C. 552a (Privacy Act of USA), and any applicable state privacy laws.
- Australian Privacy Principles contained in the Privacy Act 1988.
- General Data Protection Regulation (GDPR), applicable in Europe.
- Privacy Act 2020 of New Zealand.
With consent from the individual and/or company engaged with Genos International we collect personal and company information as necessary to perform the functions and activities of business which may include, but is not limited to:
- Identifying information (name, email, company addresses and phone number
- Demographic information (country of residence, age, gender, industry, levels of education)
- Financial information (only as required for authorized transactions)
By means of this data privacy and protection policy declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
The use of our internet pages may be possible without the collection of personal data; however, in the event that our clients’ customers are susceptible to be considered data subjects, collecting and processing of personal data could become necessary.
Genos International’s primary activities include professional development, recruitment and employer insight, and human resources management.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through our website and surveys platform called Genos Surveys. However, internet-based data transmissions may, in principle, have security gaps occasionally, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you will not receive direct marketing communications and will limit the publication of your information.
In your relationship with us through the website, controller, for the purposes of the aforementioned Privacy Acts including Privacy Act U.S.C. 552a (Privacy Act of USA), including any applicable state laws;
General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Genos International Pty Ltd
Level 29, Chifley Tower, 2 Chifley Square, Sydney NSW 2000; AUSTRALIA
Our data protection declaration should be legible and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We collect different types of information from or through our Services:
- User-provided Information: When you use the Service, as a User or as a Visitor, you may provide, and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile phone number, and credit card or other billing information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. You may also provide us with Personal Data when you register for an Account, use the Service, post Employee Data or send us customer service related requests.
- Information Collected by Clients: Genos International has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Client is responsible for providing notice to its customers, employees and third persons concerning the purpose for which Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data.
- Automatically Collected Information: The Genos International website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be:(1) the browser types and versions used,(2) the operating system used by the accessing system,(3) the website from which an accessing system reaches our website (so-called referrers),(4) the sub-websites,(5) the date and time of access to the Internet site,(6) an Internet protocol address (IP address),(7) the Internet service provider of the accessing system, and(8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, Genos International does not draw any conclusions about the data subject. Rather, this information is needed to:
(1) deliver the content of our website correctly,
(2) optimize the content of our website as well as its advertisement,
(3) ensure the long-term viability of our information technology systems and website technology, and
(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Therefore, Genos International analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is gathered from all Users and Visitors.
In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3. Use and Disclosure
We require you to provide certain personal information about yourself in order for us to provide advice to you and/or our Clients for recruitment, selection and/or professional development. We may also analyze responses to online surveys hosted by us for research and/or commercial purposes and reserve the right to publish aggregated findings. However, we will not rent, sell or exchange personal information about you to third parties (other than related parties, eg. subsidiaries) except to your employers or potential employers, where you consent; where you would reasonably expect the information to be disclosed or where we are legally required to disclose such information.
4. Cookies and Tracking Technologies
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
We use automatically collected information and other information collected during the Services through cookies and similar technologies to: (i) personalise our Service, such as remembering a User’s or Visitor’s information or login details so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits; (ii) provide customised content and information; (iii) monitor and analyze the effectiveness of Service and third-party activities; and (iv) monitor site usage metrics such as the number of visitors and pages viewed.
5. Data Quality
We will take reasonable steps to ensure that personal information we have about you is accurate, complete and up to date when we use it. Generally, we rely on you to assist us in keeping your personal information accurate and up to date.
6. Data Security
We have taken reasonable steps to keep your personal information secure at all times and in accordance with our Information Security Policies. For example, electronic access is limited to authorized personnel, and we have achieved and maintain an ISO/IEC 27001:2013 Certification (information security management system).
We also take steps to reasonably protect your personal information from misuse and loss, unauthorized access, modification or disclosure and maintained in an accurate, complete and up-to-date manner.
We will be honest and open with you about the type of personal information that we collect about you and the actual use of any such information. We will let you know at the time we collect your personal information, or soon after, how we will treat it.
If you require any details of the personal information held by us about you, then please contact us by phone or e-mail.
8. Access, Correction and Deletion
We respect your privacy rights and provide you with reasonable access to the information we have collected about you and obtain a more in depth explanation about how the information is used.
If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained through procuring our Services, you may contact us as set forth below in ‘How to Contact Us’. Unless personal information is required to be retained by us for administrative or legal reasons Genos will meet such requests at the earliest possible opportunity.
If you would like access to detailed personal information and such information is not immediately or easily accessible by us, we may charge an administrative fee for our costs in retrieving and supplying the information to you.
9. Opting out from Communications
If you receive emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the ‘How to Contact Us’ section.
Please be aware that if you opt-out of receiving emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Please note that you may still receive administrative messages from us regarding our Services.
10. Transfer of Data and Third Party Services
11. Data Controller and Data Processor
Genos does not own, control or direct the use of any Client data stored or processed by a Client or User via our Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client data. Because Genos does not determine the use of any personal information contained in the Client data, Genos is not acting in the capacity of data controller in terms of the applicable requirements of the Privacy Act U.S.C. 552a; the European Union’s Directive 95/46/EC on data privacy or the General Data Protection Regulation (GDPR) (EU) 2016/679. The data controller under the Directive for any Client data containing personal information is the Client or the User.
12. Sensitive Information
We do not believe in intrusive collection of your personal details and will not collect information that is considered highly personal or highly sensitive about you without your prior consent.
13. Data Retention and Data Deletion
We only retain the personal information collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law.
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 1-year criteria, after your relationship with us ends.
Notwithstanding the other provisions of this Article, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In this Section we have summarized the rights that you have under data protection laws. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
(a) the right to access.
(b) the right to rectification.
(c) the right to erasure.
(d) the right to restrict processing.
(e) the right to object to processing.
(f) the right to data portability.
(g) the right to complain to a supervisory authority.
(h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: [the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed]. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: [for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims].
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a resident of, or work in the USA, then you may do so in the place of your habitual residence, your place of work or the place of the alleged infringement. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
13. Complaints Resolution
We are committed to providing our clients with a fair and responsive system for handling and resolving complaints concerning the handling of their personal information. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal information. We believe that in receiving your complaint, we are provided with a valuable opportunity to improve the services we deliver to you and maintain your confidence in our services.
If at any time you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by us, you may do so by contacting us directly.
We aim to investigate and advise you of the outcome of the complaint promptly.
If you are not satisfied with our handling of your complaint, you may contact the Privacy Commissioner at:
Office of the Australian Information Commissioner
Privacy Commissioner’s Office
GPO Box 5218
Sydney NSW 2001 Australia
14. How to Contact Us
PO Box 523
Surry Hills NSW 2010 Australia
+61 2 8004 0413
Information Security Incidents: