The Nova Group of companies (see below) (Nova, Nova Group, we, our or us) acknowledges its commitment to the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) therein, and/or any other applicable privacy code, in relation to the collection, storage, management and disclosure of personal information in the course of conducting its business. Where the Nova Group operates in the European Union or the United Kingdom, or handles personal data about data subject in those jurisdictions, it may also be subject to the obligations of the General Data Protection Regulation (GDPR).
If you are a customer of two10degrees, please refer to the supplementary Privacy Notice linked below, which applies in addition to this Privacy Statement.
Who are we?
Nova Group consists of Nova Aerospace Proprietary Limited ACN 090 818 214, Nova Professional Services Pty Ltd ACN 163 525 077, Nova Systems Consulting Pty Ltd ACN 100 230 457, Nova Defence Pty Ltd ACN 163 511 304, Two10degrees Pty Ltd ACN 008 576 645, GVH Aerospace Pty Ltd ACN 135 996 253, Nova Aerospace Ltd (UK), Nova Systems (International) Ltd, Nova Aerospace AS (Norway), Nova Systems Australia Pty Ltd ACN 613 308 008, Geoplex Pty Ltd ACN 146 227 965, Geoplex Products Pty Ltd ACN 158 702 473, IGS Network Pty Ltd ACN 631 940 120, Nova Systems NZ Limited, Nova Systems & Engineering Pte Ltd, Nova Group Europe Limited, Two10degrees Limited, Nova Systems & Engineering Ltd and Nova Systems Design Pty Ltd ACN 646 136 816.
What is personal information?
Personal information is any information or opinion (whether true or not) about an identified individual, or an individual who is reasonably identifiable. It is analogous to the concept of 'personal data' under the GDPR. Personal information includes sensitive information, which is discussed further below.
We collect personal information provided by you, personal information about people we work with or have worked with in the past and information about people who have registered an interest in any of our business activities including recruitment. It may range from the very sensitive (e.g. medical history or condition) to the everyday (e.g. address and phone number). It might include the opinions of others about work performance (whether true or not), work experience and qualifications, aptitude test results, peer review, appraisal and other information obtained by us directly or in working with people.
Personal information we may collect may also include automatically collected information, billing information, cookies and other tracking technologies, third-party analytics data and mobile app-based data.
What is sensitive information?
Sensitive information is a special category of personal information. It is information or opinion in relation to:
racial or ethnic origin;
political opinion;
membership of a political association;
religious or philosophical beliefs or affiliations;
membership of a professional or trade association or membership of a trade union;
sexual preferences or practices;
criminal record;
health or disability (at any time);
expressed wishes about the future provision of health services.
It includes personal information collected to provide a health service.
Sensitive information is subject to higher standards of protection under the APPs and GDPR (in the latter instance, as 'special categories of personal data').
We collect sensitive information in certain circumstances, such as health information about our staff in order to provide a safe working environment, or information about matters such as race, religion, criminal records and political affiliations in order to conduct security screening procedures. Where we do collect sensitive information, we do so in accordance with the requirements of applicable laws, including obtaining your consent where necessary.
How does Nova collect personal information?
Nova may collect personal information (which may include sensitive information and health information) you provide directly to us over the phone or in person, or by way of forms and other documents or information provided by you to us in person, during an interview, by post, fax, electronically (including via email, social media, website hosting and Software as a Service products, communication tools, mobile applications and other platforms), in response to advertising or online via one of our websites (collectively, the “Service”).
We may also collect personal information about you from third parties. For example, we may collect personal information about you from past employers or references, or from results of competency or psychometric tests in which you have participated, from clients when we receive feedback on your performance, and from companies we hire to assist us or provide services to you on our behalf, including but not limited to third parties handling information management, customer support enquiries, marketing or recruitment.
If we are required by law to collect your personal information, or you are required by law or contract to provide us with your personal information, we will let you know where this is the case.
Storage and security of personal information
We will take reasonable steps to ensure security of personal information. Our internal policies and procedures include measures to protect the security of personal information and other data whether held digitally or in physical records.
We also have policies for determining the retention period for personal information, taking into account the specific circumstances involved and factors including our contractual obligations and rights in relation to the personal information, legal obligations, and guidelines issued by relevant Data Protection Authority. As this is done on a case by case basis, we cannot state any precise time periods here, but we can confirm that personal information will destroyed or de-identified once it is no longer needed for a valid purpose or required to be kept by law.
As further discussed below, in some circumstances we will disclose personal information to data processors such as third parties agents, contractors or service providers who provide operational services to us or who help provide our services to you, such as online cloud storage and processing, fraud detection and monitoring, marketing optimisation, information technology, telecommunications, market research, customer analysis or tracking, security or other relevant services. Where we do so, we seek to ensure they maintain appropriate controls for personal information. These will typically include contractual obligations on the data processor.
How does Nova use and disclose your personal information?
We do not sell or trade personal information or allow third parties to use personal information for their own purposes.
We will use personal information (except sensitive information, see below) for the following purposes unless otherwise required or permitted by law or by your express consent:
• to enable us to conduct our business generally and to facilitate the provision of employment, recruitment, training, human resource management and other services to you;
• for providing products and services, identification and authentication, Service operation, analytics and improvements, support, contact (e.g., sending notifications related to use of the Service), research, and anonymous reporting.
• if you are a job-applicant or a potential contractor (with us or our clients) to assess your suitability, to conduct performance appraisals, tests, assessments, workplace rehabilitation, or to identify your training needs, and to assist with administering your employment or contract on an ongoing basis, as necessary;
• to provide you with marketing materials in relation to offers, specials, products and services we or other companies have available from time to time which might better service your requirements or other opportunities in which you may be interested;
• for our internal management or insurance purposes, to manage our relationship with you, to manage any complaint or investigation in which you are involved and to manage the payment and recovery of amounts payable to us or our related companies by you; and
• for other purposes which are reasonably necessary in connection with any of the above uses.
We will only use sensitive information for the purposes for which it was provided or for a purpose directly related to such purpose, unless you agree otherwise or the use of such sensitive information is required or authorised by law.
If we are unable to collect personal information relating to you, we may be unable to provide you with the services you require, proceed with your application for work placement, or continue our relationship with you.
We may disclose personal information about you to the following types of entities if required in connection with the purposes listed above:
• other entities within the Nova Group;
• our clients, potential clients, contractors, consultants, advisers and associates and those of our associated companies;
• if you have provided us with referees or references to assist with a job application, recruitment process or the assessment of a potential contract between you and us or you and one of our clients, those referees or references you have provided;
• any industry body, tribunal, court or otherwise in connection with any complaint made by you about us;
• our insurers;
• any entity included in a transfer of all or part of our assets or businesses; and
• other entities with your consent or as permitted or required by law.
Where our use or disclosure of personal information is governed by the GDPR, then we typically act as the data controller, and such processing will only be undertaken by us or at our direction where we have a legal basis do so under Article 6 of the GDPR. Such basis may be:
• where you have provided your express consent to that processing taking place (for example, when you sign up to our mailing list);
• where the processing is necessary for the performance of a contract to which you are a party (for example, if you are employed by us, we may process personal information relating to your employment pursuant to your employment contract with us);
• where the processing is necessary in order to take steps at your request prior to entering into a contract (for example, if you apply to be employed with us, we may process your personal information pursuant to that request prior to entering into an employment contract with you);
• where necessary for us to comply with a legal obligation (for example, security clearance procedures); or
• where processing is necessary for one of our legitimate interests, where such processing would not override your interests or fundamental rights and freedoms (for example, monitoring our systems to prevent fraud and abuse).
We may also provide you with more detailed information about the legal basis for processing specific personal data at the time that personal data is collected.
Where we rely on your consent as the basis for using or disclosing your personal information, you can withdraw such consent by contacting us using the details outlined below, or by using any other mechanism that we provide for doing so.
The processing we undertake may, in some instances, involve using your personal information as part of automated decision-making. Where we do so, we will provide you with further details about the logic used and the significance and envisaged consequences of such processing for you.
We may disclose the kinds of personal information mentioned above to recipients located outside of your jurisdiction, such as associated companies or contractors who provide us with services. These may be located in countries such as Australia, the United Kingdom, New Zealand, Norway or Singapore. We take reasonable steps to ensure that, where personal information is transferred internationally, it is appropriately protected.
Where personal information relating to individuals from the UK or EU is transferred out of those regions, we will comply with the relevant requirements of the GDPR, including considering whether the recipient is in a country with privacy laws which have been deemed to be adequate by the European Commission, or otherwise implementing appropriate safeguards, such as contracts incorporating standard data protection clauses. We have agreements of this nature in place between entities in the Nova Group, to enable personal information in relation to people from the EU and UK to be stored in our shared business systems located outside of those jurisdictions.
Where we act as a data processor for a data controller under the GDPR, we may use personal information collected solely on the basis of instructions from such data controller. As a data processor, we do not have a direct relationship with the person whose personal information we collect and process at the direction of the service provider (i.e. the data controller). If you are a customer of one of these service providers and no longer want to be contacted by them or want to access and change the personal information we collect and process as a data processor, please contact the service provider you interacted with directly.
How can I access and correct my personal information?
If at any stage you wish to obtain access to, or seek correction of, personal information we hold about you, please contact us as specified below.
On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us, but will not charge you for making the initial request.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
What other rights do I have?
If you are located in the European Union or United Kingdom, you may have additional rights under the GDPR, including the right to:
• be informed about the collection and use of your personal data, and be provided with clear, transparent, and easily understandable information about such use, in accordance with Articles 13 and 14 of the GDPR;
• seek erasure of your personal data, in the circumstances outlined in Article 17 of the GDPR;
• restrict the processing of your personal data, in the circumstances outlined in Article 18 of the GDPR;
• a copy of your data in a structured, commonly used and machine-readable format, in the circumstances outlined in Article 20 of the GDPR; and
• object to the processing of your personal data, in the circumstances outlined in Article 21 of the GDPR.
If you are a data subject under the GDPR, and would like to exercise any of these rights, please contact us using the details below. In some instances, we may also provide other mechanisms to exercise these rights - for example, if you wish to object to the processing of your personal data for the purpose of direct marketing, you can do so by using the unsubscribe links contained in our marketing emails.
Queries and complaints
For two10degrees customers, please refer to section 11 (Contact Us) of the supplementary Privacy Notice for queries or complaints.
Please direct all other queries or complaints in relation to your privacy to the below address outlining in the subject heading, your full name and reason for enquiry. The body should include the reason for your enquiry. We will respond to your enquiry in due course.
by post: Group Privacy Officer, Level 3, 169 Pirie Street, Adelaide SA 5000
by email: privacy.officer@novagroup.com.au
If for any reason you are not satisfied with the handling of a complaint, you may contact the Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001 (telephone: 1300 363 992, email address: enquiries@oaic.gov.au), or the Data Protection Authority in your jurisdiction.