We are committed to complying with all applicable privacy laws which govern how Bright collects, uses, discloses and stores your personal information.
2. Helpful Definitions (These are relevant to National Police Checks)
Australian Criminal Intelligence Commission (ACIC) (Contact details available here ACIC Website or call 02 62687000) Australian Government agency responsible for facilitating access to nationally coordinated criminal history checks which was brought into existence through Australian Crime Commission Act 2002 (Cwlth) (ACC Act)
Accredited Body – An organisation accredited with the ACIC and responsible for submitting your nationally coordinated criminal history check. In this document it refers to Cited.
Informed Consent – Our informed consent means you understand how your personal information and any police information relevant to you will be handled and disclosed , that you provide your permission for Cited to request a NCCHC on your behalf and you provide your permission for CITED to disclose your information to any organisation described in this document. Your informed consent is needed before CITED can request a NCCHC for you.
Nationally Co-ordinated Criminal History Check (NCCHC) – The checking process undertaken by the ACIC and police, and the result received by the accredited body. Commonly known as a ‘police check’.
National Police Checking Service (NPCS) – The ACIC works with Australian police agencies to deliver the National Police Checking Service. This service is what CITED interfaces with to provide your police check. Their contact details are email@example.com.
Bright owns and manages the Cited website, Cited software and databases, and related documentation, and provides the ability to independently verify identity, qualifications, certificates, and competencies (Services) within Cited.
Cited can be used by Users to have their identity, qualifications, certificates, and competencies independently verified. These verifications can then be shared by the user with other parties who require evidence of 3rd party verification of identity, qualifications, certificates, and competencies.
If you request any of the Services, we may ask for a range of personal information in order to provide the Services.
If you are requesting an NCCHC we will request information from you for the purpose of processing the check request through the NPCS. Depending on the reason for your check you will be asked for information relevant to that check.
4. What personal information do we collect?
The personal information we may request includes (but is not limited to) name, address, date of birth, birth place details, contact details, copies of identification documents, and verification specific information.
Where you are requesting a National Police Check we will collect sensitive information, biometric information, demographic information, information relating to your check purpose, and information relating to the applicant’s current or previous application process. This information is collected as part of our legal obligations under our contract with the ACIC (Referred to as our agreement for controlled access by Duly Accredited bodies to Nationally Coordinated Criminal History Checks) and is used to satisfy the requirements of submitting an NCCHC.
The ACIC and Australian police agencies use the information provided by you, including your identity documents, when you submit a NCCHC through Cited, in order to disclose police information relating to you to Cited and to update records held about you for law enforcement, including purposes set out in the Australian Crime Commission Act 2002 (Cth).
5. Collecting and storing personal information
We will collect your personal information directly from you through your use of Cited. We gather this information through you signing up as a User, accessing Cited, requesting certain information through the use of the Services, entering or uploading information to Cited and corresponding or providing feedback to us.
Depending on the Services utilised by you within Cited, we may also collect personal information from third parties – for instance, information to provide you with a Nationally Coordinated Criminal History Check will be sourced from third parties. These third parties are the NPCS and the ACIC.
Bright regularly reviews developments in security and encryption technologies. Unfortunately, no data transmission over the Internet can be guaranteed as totally secure. Accordingly, although we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us or from our on-line systems or services and Users do so at their own risk. Once we receive a transmission from a User, we take reasonable steps to preserve the security of the information in our own systems.
We conduct internal audits, operate quality control systems and constantly update our internal and external facing systems to ensure that the business delivers the best outcome for our customers, ensure a robust and acceptable level of security is enforced and at all times ensure we are compliant with our obligations under our contract with the ACIC and the APPs.
Bright’s services are hosted in Australia in secure, accredited facilities. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis.
Bright ensures protection of personal Information and police Information through the maintenance of an information security policy which enforces physical, technical and administrative controls on the information we hold. Specifically, technical access and technical infrastructure are secured, digital certificates and password policies are managed and maintained securely. Staff are trained on privacy obligations and processes and we maintain a complete incident management register.
The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.
The induction process for new employees of Bright includes training on the privacy obligation of both the employee and Bright. We train our employees to maintain the confidentiality, privacy and security of your information.
All employees of Bright are required to enter into Confidentiality Agreements. Access to your Personal Information is restricted to employees who need it to provide services to you.
We retain your personal information for as long as necessary to provide the Services and fulfil the transactions you have requested. In relation to NCCHC’s information is retained for a period of 12 months, but no more than 15 months, following collection, as specified in our agreement with the ACIC.
6. If you do not provide personal information
It is the User’s choice whether to provide your personal information requested by Bright for the provision of the Services. However, if the information requested is not provided, we may be unable to fulfil your request for specific Services or may not be able to identify you.
7. Remaining anonymous
If you wish to remain anonymous or to use a pseudonym when dealing with us, we may be able to provide you with limited information, such as general details about our Services.
In nearly all cases, however, it will be impracticable for us to assist you if you wish to remain anonymous or use a pseudonym. Because of this, if you choose not to identify yourself or wish to use a pseudonym, we will be unable to provide you with the Services.
8. Disclosing personal information
We will only disclose your personal information, with your consent, to the extent required to provide the Services as requested or authorised. For example, in order to conduct a Nationally Coordinated Criminal History Check, it will be necessary to disclose some of your personal information to the entity that will verify the accuracy of your information. . The entity may be the ACIC , National Police Checking Service (NPCS, a government agency), Australian Federal Government Document Verification Service or entities that have issued documents you may have used for identity purposes.
In certain circumstances, personal information may be available to approved third party suppliers engaged by Bright. Such parties are engaged for the purposes of providing software development and maintenance services, hardware and network security and support. Other than authorised use by Bright staff, Users, and approved third parties as described above, information held on Cited is kept strictly confidential.
In certain circumstances we may be compelled by law to disclose your personal information to various authorities.
Some of the entities we share personal information with may be located in, or have operations in, other countries. In these circumstances, subject to any obligations implied by law and which cannot be excluded, Bright shall not be liable for any non-compliance of any applicable Australian privacy laws by overseas entities.
Please also note that personal information collected by one part of Bright may be shared with other companies in the Bright group of companies for reasonable business purposes.
9. Access to information
You have the right to access the personal information that you provide to us.
Users can, subject to the Australian Privacy Principles, request a copy of, update or correct, the personal information provided to us by contacting us at firstname.lastname@example.org.
It is important to us, and essential in providing the Services, that the personal information you provide is accurate, complete and up to date.
For privacy and security purposes, we may request specific information to verify the requestor’s identity.
If you have a complaint in relation to the collection, use or disclosure of your personal information, or privacy matters generally, contact are as follows:
+61 8 9226 0484
PO Box 1010, West Perth WA 6872
If the matter is not resolved to your satisfaction you can then refer your complaint to the Office of the Australian Information Commissioner at oaic.gov.au
If you have requested a NCCHC and you do not agree with the results of your NCCHC , contact Cited, using the contact details on the Cited website and tell them you want to dispute the result. Cited accepts and escalates all disputes to the ACIC.
10. Further information
Further information about an individual’s rights under the Privacy Act can be obtained from the Office of the Australian Information Commissioner Enquiry Line on 1300 363 992.
+61 8 9226 0484
PO Box 1010, West Perth WA 6872