Our commitment to your privacy
Crime Check Australia Pty LTD, trading as “Crime Check” (“Crime Check”, “Crime Check Australia”, “crimecheckaustralia.com.au”, “we”, “us”) takes its obligations under the Privacy Act 1988 (Cth) including the Australian Privacy Principles (APP´S) seriously and will strictly comply with them to protect the privacy of the personal information that we hold. This policy sets out how we manage personal information including in relation to the conduct of Nationally Coordinated Criminal History Checks (NCCHC) with the Australian Criminal Intelligence Commission (ACIC). The Policy applies to persons who submit their details to us for the purpose of background checking.
As an Australian Privacy Principles (‘APP’) bound entity, we adopt and are bound to carry out our functions or activities under the Australian Privacy Principles (APPs), as detailed in schedule 1 of the Privacy Act 1988 (Privacy Act) and the Australian Crime Commission Act 2002.
We are committed to ensuring your security and privacy in all your dealings with us. It is also important that you understand how we protect your privacy as well as how, when and where we may use your details.
Legislation Relevant to our organisation regarding Privacy and Information Protection:
The APP’s outline how most Australian and Norfolk Island Government agencies, large private sector and not-for-profit organisations, private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.
These APP’s cover:
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
- how personal information can be used and disclosed (including overseas)
- maintaining the quality of personal information
- keeping personal information secure
- right for individuals to access and correct their personal information
Additional to these requirements and guidelines, we maintain an active involvement and engagement with the Office of the Australian Information Commissioner (OAIC), whose function is in managing privacy advice, facilitating investigations, complaints and administration with regards to the application of the Privacy Act.
What types of personal information do we collect?
Personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable.
If you are our customer for the purpose of undertaking a Nationally Coordinated Criminal History Check, the personal information we may collect about you includes:
- Your Name
- Your contact details
- Addresses, present and past
- Employer or employment details
- Copy of your identity documents
- Credit card and other payment details
In addition, we will collect demographic information such as:
- Your gender
- Your age
- Your marital status
- Your Date of Birth
We will also collect biometric information such as:
- Your signature (to collect consent to submit your application to the ACIC)
- An electronic copy of your face (to verify your identity)
We will also collect other information, some of which may be personal information, including information about your order history with Crime Check, which areas of the site you visit (see the section “cookies”, below) and records of your communications and interactions with us.
In all cases, the personal information that we collect will depend on the nature of your interaction with us and will only be information necessary for one of our functions and activities.
What types of sensitive information do we collect?
In order to submit your application for a Nationally Coordinated Criminal History Check to the ACIC, we will need to collect the following Personal Information, which is classified as sensitive information under the Privacy Act 1988 and the Australian Crime Commission Act 2002.
- Your criminal record
- An electronic copy of your face (to verify your identity)
Information regarding your Nationally Coordinated Criminal History check purpose.
In order to process your application, we will collect the purpose of your request for a Nationally Coordinated Criminal History Check. This includes:
Where you are applying for employment or a contracting role with an organization:
- The position/role you are requesting the Nationally Coordinate Criminal History check for
- The name of the employer you are requesting the Nationally Coordinated Criminal History check for
- The location of your employment
- Whereas you will be having contact with people classified as vulnerable such as:
- a Child or Children; or
- an individual aged 18 years and above who is or may be unable to take care of themselves or is unable to protect themselves against harm or exploitation by reason of age, illness, trauma or disability, or any other
Information regarding your current or previous application process:
We may collect information and/or opinion related to your current or prior NCCHC processes.
How do we collect and store your personal and/or sensitive information?
We collect your personal information electronically, through our secure web form accessible on our website.
We do not collect information using paper forms or accept any applications by regular mail.
Where it is reasonable and practicable to do so, we collect your personal information directly from you when you complete and submit your application for a Nationally Coordinated Criminal History Check, enter into arrangements with us, correspond with us or provide feedback to us. We will record, collect and hold information in relation to your transactions with us. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution and training purposes.
We store personal information electronically, in a secured, controlled and classified manner, using a secured environment provided by third-party data storage providers, approved by ACIC. All information and data are stored in Australia. We implement a wide range of measures to protect the security of that personal information including, but not limited to:
- Secure Sockets Layer (SSL) to establish an encrypted connection between our web server and your browser
- STARTTLS- encryption for all outgoing communication
- Multi-level authentication
- Secured, password-protected servers with additional 2fa and brute force protection
- Secured hardware at our premises, protected by 256 bits AES encryption
- Role-based access control, restriction on user privileges for our staff on a strict “need to know”
We also take reasonable steps in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. We implement a wide range of measures to protect the security of that personal information. We also take measures in respect of destroying or de- identifying personal information that is no longer needed for any lawful purpose.
We will reasonably ensure that personal information we collect, use or disclose is accurate, complete and up to date.
Why do we collect, hold, use and disclose your personal and/or sensitive information?
We collect, hold, use and disclose personal information about you for the following purposes:
- to be able to lodge an application for and receive the results of a Nationally Coordinated Criminal History check through the National Police Checking Service (NPCS);
- to provide you with the results of your Nationally Coordinated Criminal History Check, including the delivery of your Nationally Coordinated Criminal History Check Certificate to your email address
- to provide the results of a Nationally Coordinated Criminal History check to any person you authorise us to;
- for proof of identity purposes;
- to process payments for our services;
- to allow third parties who you have agreed to allow access to the results of these searches for the purposes of verifying the contents of a Nationally Coordinated Criminal History check;
- to provide you with the best possible service in supplying you with our goods and services;
- to comply with our obligations under any agreement we have with the Australian Criminal Intelligence Commission regarding the National Police Checking Service;
- to check and verify that the information you have provided, and the personal information located from other sources is correct;
- to place your personal, Nationally Coordinated Criminal History Check career information on Crime Check systems so that prospective and employment agencies and other relevant persons authorised by you may view the information through our secure website;
- to communicate with you, our customer;
- to understand the needs of our customers and continuously develop and improve our products and services;
- to protect against fraud or other misuse or loss of data; and
- to ensure your security when visiting our website and to learn which areas of the site are of most interest to you (see the section ‘cookies’ below).
- for any purpose which you have consented to;
- for any purpose that is reasonably necessary or directly related to these purposes, and that would reasonably be expected by you:
- to improve our internal processes
- to improve our systems
Your data and personal information may also be used as part of our internal processes such as audits and quality controls.
If you do not provide any or all of the categories of personal information requested by us, we may be unable to conduct a police check or provide you with all of our services.
The Australian Criminal Intelligence Commission (ACIC) needs to collect your personal information to conduct a Nationally Coordinated Criminal History Check (NCCHC) on you. It does this through a contractual arrangement with the Accredited Organisation Crime Check Australia Pty Ltd.
ACIC has contractual arrangements with its Accredited Organisations to collect personal information on its behalf to support processes assessing the suitability of people applying for employment, Australian citizenship, appointment to positions of trust,
volunteer service or for various licensing or registration schemes. Accredited Organisations and their customers (such as employers) use the personal information collected on this website and the resulting Nationally Coordinated Criminal History Check as part of their assessment process to determine your application. Some Accredited Organisations have a legislative basis for the collection, use and disclosure of your personal information. ACIC recommends that you seek further information about any relevant/applicable legislative framework from the Accredited Organisation. In some circumstances, Accredited Organisations may have arrangements with overseas entities for administrative or other purposes. ACIC recommends that you seek further information from the Accredited Organisation in circumstances where your information is likely to be disclosed to overseas recipients. Unless statutory obligations require otherwise, the information provided on this website will not be used without your prior consent for any purpose other than in relation to the assessment of your suitability; or to maintain the records of ACIC and police agencies; or for law enforcement purposes.
Nationally Coordinated Criminal History Check (NCCHC), police agencies
Information on provided to us by you will be used by ACIC and police agencies to conduct Nationally Coordinated Criminal History Checks; it will also be used to update records held about you by ACIC and police agencies.
ACIC and police agencies will access their records to obtain and disclose Criminal History Information (CHI) that relates to you to:
- the Accredited Organisation named above; and
- where applicable, the employer/Organisation named in the form. The NCCHC may include outstanding charges, warrant information and criminal convictions/endings/pleas of guilt recorded against
The NCCHC is disclosed in accordance with applicable laws of the relevant jurisdiction and, in accordance with the relevant jurisdiction’s information release policies. Applicable laws include but are not limited to spent convictions legislation.
Do we disclose criminal history information to other organisations?
Crime Check does not disclose, share, sell or rent the results of your police checks to third parties and/or organisations unless we are required by law or law enforcement agencies (Australian Federal Police) to do so otherwise. We only disclose information directly to you, the applicant, as an individual user. We do not disclose information to any other entity or individual unless you specifically request and authorise us to do so.
As part of our services, any person or organisation to whom you have provided a copy of your Nationally Coordinated Criminal History Check Results will be able to verify its authenticity on our website using a secret, unique code and link printed on each Nationally Coordinated Criminal History Check certificate issued by us.
If the secret code is entered properly on our verification link, we will display information about you that is already in the certificate you provided to the person/individual, including your name, date of birth, entitlement and Nationally Coordinate Criminal History check results (DCO, no DCO).
Do we disclose personal information to third-party entities in Australia?
We engage third-party organisations (including service providers) to be able to provide our services. Some of said organisations and/or service providers with whom we have contractual agreements are Australian companies and will provide their services from Australia. In order to effectively deliver our services to you, we may need to disclose some or all your personal information to said entities.
For example, we might engage the services of an Australian payment processor for the purpose of collecting the payments for our services. In order to process your payment, we need to disclose some of your personal details like your name, surname, email and ip address to said processor.
We may engage the services of a hosting cloud provider to store your data securely in a data center located in Sydney.
We may disclose your personal information to our DVS (Document Verification Service) providers, on a strict “need to know” basis, in order to verify your identity. We use a DVS (Document Verification Service) provider to match the information you provided to us against several sources such as government databases and document issuers for the purpose of confirming your identity and verifying the authenticity of the documents provided to us.
We may engage the services of an Australian third party DVS provider to determine to determine the authenticity of your identity documents in order to ensure that your proof of identity requirements are met as efficiently as possible.
Do we disclose personal information to third-party entities overseas?
Disclose of personal information to recipients overseas may happen on a strict “need to know” basis in order to be able to properly deliver our services to you.
No personal information gathered for the purpose of the service will be stored outside Australia.
We engage third-party organisations (including service providers) to be able to provide our services. Some of these organisations and/or service providers with whom we have contractual agreements with may provide their services from overseas locations. In order to effectively deliver our services to you, we may need to disclose some or all of your personal information to these providers.
When disclosing information overseas, we will take reasonable steps to ensure that the overseas recipient does not breach the Privacy Act or APPs in its handling of your personal information.
Also, we may engage the services of third parties located overseas who provide us with the tools to communicate with you in an effective manner, including ingoing and outgoing emails and tickets.
We may engage the services of third parties located overseas for the purposes of improving and maintaining our IT infrastructure and website. Such parties may have, on a strict “need to know” basis, access to your personal information.
We may engage the services of third parties located overseas for the purpose of notifying you on the progress of your application via SMS.
Crime Check Australia has implemented mechanisms to ensure that your personal information remains protected at all times even when accessed by a third-party provider overseas, and such accesses to your personal information will be performed on a very strict “need to know” basis.
The NCCHC and Accreditation with the Australian Criminal Intelligence Commission (ACIC):
Crime Check is a duly accredited body, in accordance with its agreement, under the ‘Agreement for controlled access by duly Accredited Bodies to Nationally Coordinated Criminal History Checks’ (‘Agreement’) in order to undertake the fulfilment NCCHC’s for eligible applicants.
This agreement sets out the obligations and requirements necessary for Crime Check to maintain accreditation status and access to the National Police Checking Service.
Disposal of criminal history information
We will only retain criminal history information for as long as required to fulfil the purpose of the NCCHC, or as otherwise contractually obligated. In the case of the NCCHC, the retention period for criminal history information is no less than 12 months, after which point the information is destroyed within the following 3 months (a total maximum of 15 months). If you need to retrieve the results of a Nationally Coordinated Criminal History Check, you might only do so within a 12-month period, after which you will need to request another Nationally Coordinated Criminal History check.
With respect to the disclosure of criminal history information for the Nationally Coordinated Criminal History Check, we will only disclose this information to you or to those organisations and/or third parties that you have expressly consented to, unless we are required by law to do so otherwise.
The details you give us may be used to inform you about any offers or promotions we think will be of interest to you and to update you on new products and services or changes to our website.
We may also send you details of offers or services provided by our business partners and related Crime Check entities.
Should you not wish to receive communications from us, you will have the option to unsubscribe on any email you receive from us or to indicate your communication preferences to us. Alternatively, you can contact our Data Protection Officer, details set out below, to unsubscribe from our communications.
Even though every care is taken, the accuracy of a Nationally Coordinated Criminal History Check depends on a number of factors that might occasionally result in a Nationally Coordinated Criminal History check to be released with incorrect information.
You have a right to dispute the result of your Nationally Coordinated Criminal History Check if you claim that:
- the police information released does not belong to you
- part of the police information does not belong to you
- the police information belongs to you , but the details are inaccurate the police information belongs to you, but should not have been released
To file your dispute, you must follow these steps:
- review your Nationally Coordinated Criminal History Check
- advise your accredited body of any incorrect information in the result
- contact your accredited body to raise a dispute
- provide all required information and supporting evidence to lodge the dispute
- the police review your result
- you receive the outcome of dispute (either successful or unsuccessful)
How can you access to your personal information and correct it if it is wrong?
You may request access to the personal information that we hold about you(as applicable), under Australian Privacy Principles 12 and 13. We will provide this information upon request or otherwise as required by law. You may obtain this information by contacting us using the details set out below.
Under freedom of information (FOI) you have a right, with limited exceptions, to access documents held by Crime Check Australia. A FOI request can take up to 30 days to process.
The Freedom of Information Act 1982 (FOI Act) may give any person the right to:
- access copies of documents (except exempt documents) we hold;
- ask for information we hold about you to be changed or annotated if it is incomplete, out of date, incorrect or misleading; and
- seek a review of our decision not to allow you access to a document or not to amend your personal information.
We may require you to identify and specify what information and documents you require access to.
You can ask to see any document that we hold. We may refuse access to some documents, or parts of documents that are exempt. Exempt documents may include those relating to national security, documents containing material obtained in confidence, or other matters set out in the FOI Act. Other occasions when we may deny access to personal information include where release of the information would have an unreasonable impact on the privacy of others.
While we endeavor to ensure that the personal information collected from you is up to date accurate and complete, we will assume that any personal information provided by you is free from errors and omissions.
If the applicant can establish that the information, we hold about them is not accurate, complete or up to date, and the applicant requests us in writing to correct this information, we will then take reasonable steps to correct the information. You may request that we update or vary personal information that we hold about you, using the contact details listed below.
If you wish to access information, we hold about you please put your request in writing and send it to:
Data Protection Officer
Suite 207B 480, Collins .Str
Melbourne, VIC 3000
Our Data Protection Officer can also be contacted on:
Email: firstname.lastname@example.org Phone: (03) 8400 4453
How safe and secure is the information we hold about you?
We take great care with the information we hold about you. All information stored electronically is either password protected and/or encrypted at rest using 256-bit encryption algorithms.
In order to ensure we maintain a continuous improvement approach to information security; we maintain and regularly update an Information Security Policy. The purpose of this policy is to support the management, and ongoing compliance of our organisation to a set of standards and systems to facilitate protection of personal information.
The Information Security Policy sets out to ensure that any details are securely protected from misuse, loss, and unauthorised access, modification or disclosure by way of maintaining:
- Dedicated privacy, information security, and ICT roles across our team members;
- Physical (hard copy, media and soft copy) security by preventing unauthorised access to our premises;
- Computer network security including password security to prevent unauthorised access;
- Incident prevention and management reporting structures;
- Strong password policies, including use of two-factor authentication and password managers to adopt best practices;
- Communication security;
- Undertaking regular staff training regarding security best practices, and prevention measures;
- Limiting access to authorised staff and contractors of Crime Check and undergoing background clearances for all staff with access to personal details
When the information is no longer needed, we will destroy your personal information.
What are ‘cookies’ and how do they work?
Cookies are small data files that are downloaded from our web servers and stored on your hard drive.
A cookie is a string of letters and numbers that uniquely identify the computer you are using and the Username and password you may have used to register at the site.
Two types of cookies are used on the Crime Check site.
The first tracks a visitor’s journey through our site. This allows us to see at a glance which pages and information is of most interest to visitors. This type of cookie contains no personal information at all; it is simply a record of your journey through the site.
The second type of cookie exists only for the actual time you are logged on. These cookies ensure greater security for you by authenticating and identifying whether you are registered for the secure areas of the site – without the need for you to re–enter information.
Most browsers can be configured to refuse to accept cookies. You can also delete cookies from your hard drive. However, doing so may hinder your access to valuable areas of information within our site.
If you have any concerns about our handling of personal information, this policy or an alleged breach of the Australian Privacy Principles and wish to raise a complaint, you can contact us using the contact details provided below to have the matter investigated.
When we receive a complaint, we look on it as valuable feedback that may help us to improve the services we offer and to ensure your needs are met in a satisfactory and appropriate manner.
Data Protection Officer
480, Collins Str.
Melbourne, VIC 3000
Our Data Protection Officer can also be contacted on: Email: email@example.com
Phone: (03) 8400 4453
We will make all efforts possible to investigate your complaint within 20 days and advise you of the outcome as soon as possible within 40 days of you making the complaint.
If the matter is not resolved to your satisfaction you can then refer your complaint to the Director of Compliance (Investigations) at the Office of the Australian Information Commissioner who can be contacted at:
Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001
to investigate your complaint and advise you of the outcome as soon as possible.
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you may refer the matter to the Office of the Australian Information Commissioner who can be contacted through the following website: OAIC Website.
You can request further information about the way we manage the personal information that we hold by contacting us using the details set out below:
480, Collins Str.
Melbourne, VIC 3000
Phone: (03) 8400 4453