This Policy applies to any customer, organisation, user, or other person (You, or Your) who:

1. accesses any WorldStack website or application (Platform);
2. accesses, utilises, engages WorldStack for any WorldStack product, service, feature, user-generated and other WorldStack generated content or resources including Providence, HoneyTrace and CheckSocial (collectively, the Services) in relation to a Candidate (Corporate User) or themselves personally (Personal User); and
3. is a Candidate of WorldStack’s Services.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not (Personal Information).

By:

• Providing WorldStack with Personal Information;
• Your use of WorldStack’s Platform;
• Engaging WorldStack to provide its Services, including as a Corporate User or a Personal User; or
• Consenting to be Candidate of WorldStack’s Services;

You agree with the terms of this Policy. By agreeing to the terms of this Policy, You consent to the collection, handling, use, analysis, disclosure and storage of Your Personal Information (and where relevant, Sensitive Information under the Privacy Act) by WorldStack in accordance with this Policy, the Privacy Act (including the APPs), any other applicable data protection legislation including the GDPR and any other contractual relationship that You have with WorldStack.

If You do not agree with the terms of this Policy, one or more of the following may apply:

• You are not permitted to use the Platform;
• WorldStack cannot provide its Services to You;
• You cannot engage WorldStack to provide the Services, either as a Corporate User or a Personal User; or
• You cannot be the Candidate of WorldStack’s Services.

WorldStack generally processes and stores Personal Information on servers in Australia. In some cases, WorldStack may also rely on data processors, service providers, data hosting and servers located overseas. Consequently, You should be aware that Your Personal Information may be disclosed to overseas recipients. In addition, WorldStack may process Your Personal Information to provide its own Services, and/or Services as engaged by an organisation which You have consented to, which may also include disclosure to overseas recipients.

WorldStack collects Personal Information that is reasonably necessary for it to perform its functions and / or provide the Services. This may include:

1. information You give WorldStack when You use the Platform;
2. information You give WorldStack when You request Services from WorldStack;
3. information that is considered Sensitive Information under the Privacy Act; and
4. communication between You and other entities or organisations that You have authorised WorldStack to communicate with.

In addition, where You are the Candidate of WorldStack’s Services or a Personal User, the Personal Information that is reasonably necessary for WorldStack to perform its functions may also include:

1. information created or related to You on social media;
2. information on Your personal views, including as displayed on social media; and
3. information on Your browsing activity and personal preferences.

The amount and nature of Personal Information that WorldStack will collect about You will depend on the relevant situation, including whether You are only accessing the Platform or whether You are the Candidate of WorldStack’s Services. By way of example, the types of Personal Information WorldStack may collect may include Your name, address, telephone numbers, e-mail address, location information, information on Your browsing activity among other things.

WorldStack will collect the Personal Information directly from You, including at the time You ask WorldStack to provide You with the Services or at the time You access the Platform. Where You are the Candidate of WorldStack’s Services or a Personal User, WorldStack may also collect Your Personal Information from social media platforms and other sources of information which are publicly available.

If You browse WorldStack’s Platform, WorldStack’s internet service provider logs the following information:

1. Your server (IP) address and top level domain name;
2. the date and time of Your Platform visit;
3. the country that Your server is located;
4. the pages that You looked at;
5. the type of browser You used;
6. the previous website You visited; and
7. the website You visit next.

Some of this information (such as browser type and version, operating system, sites visited) will not be Personal Information because it will not reveal Your identity. This information allows WorldStack to analyse Your behaviour in an anonymous form, and is typically used to improve the quality of Services, quality of the Platform, to prevent fraud, maintain the integrity of WorldStack’s IT systems, and to enhance the security of WorldStack’s network and IT systems.

Parts of the Platform and WorldStack’s Services may feature or include various location-based components. Location information includes, but is not limited to, any information WorldStack derives in order to identify Your geographic position. This information may be collected directly from You, or from Your wireless carrier, internet service provider or from certain third party service providers.

WorldStack will not use information obtained from Your browsing activities to send You any unsolicited information such as advertising.

Except where You are the Candidate of WorldStack’s Services or a Personal User, the only Personal Information which WorldStack collects about You when You use the Platform is what You tell WorldStack about yourself: for example, by completing an online form such as an application form, or by asking for a disclosure document for WorldStack’s Services, or by sending WorldStack an email. As set out above, the Personal Information that WorldStack collects about You will vary where You are the Candidate of WorldStack’s Services or a Personal User.

Whenever WorldStack collects ‘Sensitive Information’ under the Privacy Act (such as certain financial information) from You, then such information will be treated in accordance with the relevant rules and requirements of the Privacy Act.

WorldStack will take reasonable steps to ensure that the Personal Information WorldStack collects, uses or discloses is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure.

WorldStack will only retain Your Personal Information for as long as it is reasonably necessary to fulfil the purpose/s for which it was collected or as required for a reporting, legal or accounting purpose, and in any case including when dealing with Personal Information collected for the purpose of providing its Services, not more than 6 months after either the collection of Your Personal Information or WorldStack’s provision of its Services has finished, whichever is later or applicable.

The Personal Information collected by WorldStack will enable WorldStack to provide its Services and Your access to the Platform. In particular, the Personal Information You provide WorldStack may be collected, used and disclosed for a number of purposes connected with WorldStack’s business operations, which may include:

1. verifying Your identity or transactions which You may enter into with WorldStack
   (including as required pursuant to applicable anti-money laundering and anti-terrorism financing legislation);
2. administering and managing the provision of WorldStack’s Services;
3. providing You with information, products and/or Services requested;
4. responding to queries or complaints;
5. complying with WorldStack’s risk management policies and procedures;
6. training WorldStack’s staff;
7. telling You about other products or Services that may be of interest to You;
8. billing You and/or administering or otherwise managing Your account;
9. dealing with requests, enquiries or complaints and other customer service activities;
10. carrying out market and product analysis and marketing WorldStack’s Services;
11. assisting in arrangements with other organisations in relation to the promotion or provision of WorldStack’s Services;
12. purposes relating to any third party acquisition or potential acquisition of an interest in WorldStack or its assets; and
13. carrying out any activity in connection with a legal, governmental or regulatory requirement that WorldStack has to comply with or in connection with legal proceedings, crime or fraud prevention, detection or prosecution, including investigating any fraud, unlawful activity or misconduct.

WorldStack may also use Your Personal Information for purposes related to those described above which would be reasonably expected by You. For example, WorldStack may use Your Personal Information to conduct analysis in order to provide better customer service. As noted above, if You provide information that may be deemed Sensitive Information under the Privacy Act, WorldStack will manage and treat that information in accordance with the Privacy Act and the APPs.

WorldStack may use cookies and other tracking software to provide You with an enhanced and a more personalised experience of the Platform. Cookies may also be used to analyse trends, diagnose problems, track Your engagement with the Platform, gather data on search patterns, administer its website, and gather broad information more broadly. The information WorldStack collects through cookies may be Personal Information. Where it is not by itself Personal Information, it may become Personal Information if it is linked to Personal Information about an individual. If the information collected is Personal Information, WorldStack will use and manage that Personal Information in accordance with this Policy, the Privacy Act and other relevant legislation.

You can choose not to accept cookies or You can set Your browser to block cookies when using WorldStack’s Platform. If You do so, Your experience of WorldStack’s Platform may be impaired. You can also clear stored cookies from Your browser.

Due to the nature of some of WorldStack’s business activities, WorldStack’s use of some Personal Information may be exempt from the operation of the Privacy Act. These exemptions may include:

1. dealing with Personal Information contained in Your employment record in certain circumstances where WorldStack has a current or former employment relationship with You; and
2. dealing with Your Personal Information in the course of journalism (Media Exemption). Where the Media Exemption applies, WorldStack will comply with the Australian Press Council Privacy Standards. If You require more information on the collection and use of Personal Information in the course of journalism, please visit the Australian Press Council Privacy Standards at www.presscouncil.org.au/privacy-principles.

WorldStack may disclose or receive Personal Information or documents about You to/from:

1. WorldStack’s employees and related bodies corporate, in the course of their role as employees and as related bodies corporate, respectively;
2. Where You are the Candidate of WorldStack’s Services, the Corporate User;
3. Where You are the Personal User, Yourself;
4. any entity or organisation that is in an arrangement with WorldStack to jointly offer products and or has an alliance with WorldStack to share information;
5. parties involved in any third-party acquisition or potential acquisition of an interest in WorldStack or its assets;
6. Service providers or agents (some of whom may be overseas) who assist WorldStack in providing its Services, including organisations that assist WorldStack with archival, research, mail and delivery, auditing, consulting, financial and legal advisory, banking, security, storage or technology Services;
7. regulatory bodies, government agencies, law enforcement agencies and courts and any organisation that assist WorldStack to identify, prevent or investigate fraud, unlawful activity or misconduct;
8. Your authorised agents, executor, administrator or trustee in bankruptcy, Your legal representative, attorney or anyone acting for You;
9. overseas recipients, in certain circumstances; and
10. any other party as otherwise permitted by law (including the Privacy Act).

Where information is disclosed to overseas recipients, WorldStack will take reasonable steps to ensure that any overseas recipient does not breach the APPs. You should be aware, however, that Your rights to make a claim against WorldStack in relation to any misuse of Your Personal Information by an overseas recipient will be limited.

WorldStack may combine the Personal Information and/or the location information that You submit to WorldStack with information from other Services or third parties in order to undertake its Services or provide You with an enhanced experience of its Platform.

The GDPR is a comprehensive European data protection law that provides greater data rights for individuals and increases compliance responsibilities for organizations. The GDPR grants EU residents greater control over their Personal Data (as defined in Article 4 GDPR and in general terms meaning data which, in isolation or in combination with other information, enables You to be identified directly or indirectly) and gives national regulators new powers to impose significant fines on organizations that breach this law.

Where the GDPR applies with regard to any Personal Data WorldStack collects, then this section applies to that Personal Data. For the purpose of GDPR, WorldStack is the
‘controller’.

If You are a resident in the European Economic Area (EEA), You have these rights with respect to Your Personal Data:

• Access Your Personal Data
• Correct errors in Your Personal Data
• Erase Your Personal Data
• Object to the processing of Your Personal Data
• Export Your Personal Data

You can request to exercise any of these rights in relation to Your Personal Data by sending the request to the Privacy Officer at the contact details provided at the end of this Policy.

If You have a complaint with respect to Your Personal Data and You are based in the EEA, or the issue You would like to complain about took place in the EEA, please refer to Your local data protection authority.

WorldStack takes appropriate measures to protect unauthorised access to, or unauthorised alteration, disclosure or destruction of, the Personal Information and location information transmitted or disclosed to and collected by WorldStack. These include internal reviews of WorldStack’s data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where Your data is collected, stored, and/or maintained.

WorldStack requires that where You use the Platform, a secure connection between Your computer/device and WorldStack’s server be established. WorldStack cannot warrant or ensure the security of any Personal Information and location information that it receives or any other information that You transmit, share or disclose to WorldStack. For improved security, WorldStack recommends that You use the https:// prefix when using its Platform. WorldStack may also use technology such as Secure Socket Layer (SSL) encryption technology to increase the encryption of connections between WorldStack and You. Despite the possibility that WorldStack is using technology such as SSL encryption to safeguard the confidentiality of Personal Information as far as possible, You should be aware that no internet or e-mail transmission is ever fully secure or error free.

WorldStack cannot guarantee that Your Personal Information will not be accessed, shared, disclosed, altered, or destroyed by a breach of any of WorldStack’s physical, technical, or other safeguards. WorldStack recommends that You take special care in deciding what information is shared, transmitted or disclosed to WorldStack in the process of accessing WorldStack’s Platform.

WorldStack processes Your Personal Information only for the purposes for which it was collected and in accordance with this Policy or any applicable terms that You agree to. WorldStack reviews data collection, storage, and processing practices to ensure that WorldStack only collects, stores and processes the Personal Information needed to provide or improve the Platform and its Services. WorldStack will take reasonable steps to ensure that the Personal Information WorldStack processes is accurate, complete, and current, but WorldStack depends on You to update or correct Your Personal Information wherever necessary.

From time to time it may be necessary for WorldStack to review and amend this Policy. WorldStack reserves the right to amend this Policy at any time. You should check WorldStack’s Platform from time to time for WorldStack’s latest Policy. Your continued use of the Platform constitutes Your agreement to this Policy and any future revisions. Where You are the Candidate of WorldStack’s Services, WorldStack will endeavour to make available a copy of the amended Policy.

Once WorldStack has collected Your Personal Information, You are entitled under APP 12 to request the details of the information WorldStack is holding about You. In order to request such information, You need to contact WorldStack by letter, email or telephone and outline the nature of Your enquiry. WorldStack will take reasonable steps to let You know, generally, what sort of Personal Information WorldStack holds, for what purposes and how WorldStack collects, uses and discloses that Personal Information.

Upon Your request and verification of Your identity, WorldStack will provide access to Your Personal Information WorldStack holds, except in certain circumstances, including emergency situations, specified business imperatives, law enforcement, public interests reasons, where it would interfere with the privacy of others or where it would result in a breach of confidentiality.

WorldStack will endeavour to keep and maintain the data held by WorldStack as accurate, complete, relevant and up to date as possible. It is important that the information that WorldStack hold about You is up to date. You must let WorldStack know if information that You have provided to WorldStack has changed.

The APPs also give You a right to request correction of Your Personal Information. If You establish that Personal Information held by WorldStack is not accurate, complete, relevant, up-to-date or is misleading, WorldStack will take reasonable steps in accordance with its obligations under the Privacy Act and APPs to correct the information so that it is accurate, complete, relevant, up-to-date and not misleading.

If You would like to access or correct Your Personal Information, please contact:

The Privacy Officer
Email: info@worldstack.net

If You have a question, concern or complaint regarding the way in which WorldStack handles Your Personal Information please contact WorldStack on the details listed below. You are entitled to lodge a complaint if You believe that WorldStack has breached the APPs. If You wish to lodge a complaint with WorldStack, You need to write to WorldStack setting out the details of Your complaint as addressed to:

The Privacy Officer
Email: info@worldstack.net

WorldStack will issue You with a response to any complaint within a reasonable time such that, if appropriate, will outline the measures that WorldStack will take to resolve the complaint.

If You feel that WorldStack has not satisfactorily addressed Your complaint, You may also make a complaint to the Office of the Australian Information Commissioner (OAIC) by visiting www.oaic.gov.au or by writing to GPO Box 5218 Sydney NSW 2001 in accordance to instructions listed on the OAIC website.

If You have any additional questions or concerns about this Policy, please feel free to contact WorldStack at any time by email at info@worldstack.net or phone via the number listed on our website at www.worldstack.net

This Policy was last updated 1 July 2020.