Privacy Policy

Ilexus Pty Ltd is committed to providing quality services and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.

What is Personal Information and Why do we Collect it?

Personal Information is information or an opinion that identifies an individual. It may be very sensitive (‘Sensitive Information’) or it may comprise everyday information (such as names and phone numbers). Examples of Personal Information we collect include: names, addresses, email addresses, phone numbers and employment details.

This Personal Information is obtained in many ways including by email, telephone, job applications via our website www.ilexus.com.au, interviews, from publicly available sources (such as LinkedIn), written correspondence and from third parties in the course of conducting business.

We collect your Personal Information for the primary purposes of:

conducting our business generally and to facilitate the provision of employment, recruitment, training, human resource management and other services to you;
if you are a job-applicant, to assess your suitability, to conduct performance appraisals, tests, assessments, workplace rehabilitation, or to identify your training needs, and to assist with administering your employment on an ongoing basis, as necessary;
to provide you with marketing materials in relation to offers, specials, products and services we have available from time to time which might better service your requirements or other opportunities in which you may be interested;
for our internal management or insurance purposes, to manage our relationship with you, to manage any complaint or investigation in which you are involved and to manage the payment and recovery of amounts payable to or from you; and
for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

We do not sell or trade your Personal Information for benefit or advantage.

We will only use Sensitive Information for the purposes for which it was provided or for a purpose directly related to such purpose, unless you agree otherwise, or the use of such Sensitive Information is required or authorised by law.

If we are unable to collect Personal Information relating to you, we may be unable to provide you with the services you require, proceed with your application for work placement, or continue our relationship with you.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is a subset of Personal Information and is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

For the primary purpose for which it was obtained
For a secondary purpose that is directly related to the primary purpose
With your consent; or where required or authorised by law.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in connection with the purposes listed above to the following types of entities if required:

our clients, potential clients, contractors, consultants, advisers and associates;
if you have provided us with referees or references to assist with a job application, recruitment process or the assessment of a potential contract between you and us or you and one of our clients, those referees or references you have provided;
any industry body, tribunal, court or otherwise in connection with any complaint made by you about us;
our insurers;
any entity included in a transfer of all or part of our assets or business; and
third parties with your consent or as permitted or required by law.

Storage and Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. Here are some measures that Ilexus takes to protect your Personal Information:

Regular updates and patching of software: Ilexus regularly updates and patches its software applications in accordance with its Security Plan (IL04) to ensure that emergent security vulnerabilities are promptly addressed.
Multi-factor authentication: Ilexus only stores Personal Information on third party software that requires multi-factor authentication for access. This can include a combination of passwords, security tokens, or biometric authentication.
Limited access: Ilexus limits access to Personal Information to authorised personnel who need it to perform their duties. Access is restricted on a need-to-know basis.
Encryption: Ilexus relies on encryption of all Personal Information stored in our business software. Our cloud storage provider, Microsoft, uses the Advanced Encryption Standard (AES)-256 and holds multiple ISO security accreditations . Our accounting software provider, Xero, also holds ISO 27001 security accreditation. As a matter of policy, any emails originating from Ilexus containing Personal Information are encrypted. This will help to ensure that any intercepted data is unreadable to unauthorised individuals.
Data retention: Ilexus only retains Personal Information for as long as it is needed.
Regular training: Ilexus ensures its employees undertake regular security training which includes methods to handle Personal and Confidential Information securely. This includes training on phishing and other common attack methods.
Regular security assessments: Ilexus regularly conducts security assessments to identify potential vulnerabilities and address them before they can be exploited.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Right to Opt-Out

If you prefer that we do not use your Personal Information for any purposes, you may opt-out at any time by contacting us at privacy@ilexus.com.au. Your request will be actioned in due course. Please note that if you opt-out, we may be unable to continue providing our services to you.

Accessing and Correcting your Personal Information

Under the Privacy Act (APPs 12 and 13) you have the right to ask for access to Personal Information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us via email at privacy@ilexus.com.au and we must respond within 30 days. If you ask, we must give you access to your Personal Information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your Personal Information, we must notify you in writing setting out the reasons.

The steps appropriate to verify an individual’s identity will depend on the circumstances. We will seek the minimum amount of Personal Information needed to establish an individual’s identity. For example, during a telephone contact it may be adequate for us to request information that can be checked against our records.

If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.

If we refuse to correct your Personal Information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.

Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at privacy@ilexus.com.au. We will respond to you in due course.