Privacy First Approach Always
Empathix Ltd (“we”, “our” and “us”) respects individual privacy and the rights of individuals to control their personal information. We prioritise a privacy-first approach to protecting personal information, in line with global data protection standards. “Personal Information” means personal information as defined in and protected by the Privacy Act 2020. We are committed to protecting your personal information.
This Privacy Policy sets out our policies and practices regarding the collection, use and disclosure of personal information that you provide to us and which we collect from you. Our core security measures are set out in our Cybersecurity Information Pack, if our customers would like to see our cybersecurity info pack please request access from support@empathix.xyz.
By accessing or otherwise using the website at www.empathix.xyz (the “Website”), contacting us by email or telephone, or using Empathix, our recruitment platform, from time to time (together, the “Service”), or engaging with us in any other way, you agree to the terms and conditions set out in this Privacy Policy and consent to the processing of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us.
1. TYPES OF PERSONAL INFORMATION WE COLLECT AND HOLD
1.1 The types of personal information that we may collect includes:
- name, address, email address, telephone number and other contact details;
- age and gender;
- current employment status, your occupation and length of employment, level of education, your employment history and CV details;
- records of our interactions with you;
- your computer and connection information, statistics on page views, traffic to and from and other standard web log information;
- any other personal information that may be required in order to facilitate your dealings with us;
- any other personal information you may volunteer.
1.2 We may collect personal information about:
- individuals;
- contractors and suppliers;
- third parties seeking or using our Services;
- other people who come into contact with us in the ordinary course of business; and
- applicants applying for a job or position with us: we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision whether or not to make you an offer of employment or engage you under a contract.
1.3 In general, we do not collect your personal information, unless you provide it to us voluntarily and knowingly during your dealings with us, including by way of:
- when you voluntarily use our Services;
- personal contact with us at a face-to-face meeting or situation;
- correspondence, chats, social applications or services, mail, email or telephone;
- when you invest in our business or enquire about a potential acquisition of our business.
1.4 In some cases, we collect personal information from third parties including public sources and our service providers. We also collect personal information about candidates for job openings from users of our Empathix platform when they use the platform. For the purposes of matching candidates with job opportunities on the Empathix platform, information may be obtained via third-party sources such as job boards and Applicant Tracking Systems (ATS).
1.5 We may hold your personal information in hard copy files and/or electronic files.
2. SECURITY
2.1 In relation to the Empathix platform, we protect your personal information in line with global data protection standards. Our core security measures are set out in our Cybersecurity Information Pack, if our customers would like to see our cybersecurity info pack please request access from support@empathix.xyz.
2.2 In relation to all other aspects of our business, we take reasonable technical and organisational precautions to prevent the loss, misuse or unauthorised alteration of your personal information. Due to the nature of email and the internet, we cannot guarantee the privacy or confidentiality of your personal information. We may store your information in cloud or other types of networked or electronic storage.
2.3 When you provide us with personal information, that information may be collected, stored and processed on servers located outside of New Zealand – in particular, in the USA and in Sydney, Australia via AWS. In such cases, the information is stored in compliance with local regulations. This includes leveraging secure, high-standard facilities to guarantee data integrity and availability.
3. WHY WE COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION
3.1 We will use and disclose your personal information only for the purpose (the “primary purpose”) for which you provide it to us, which may include:
- to provide you with any services that you may request including enabling you to access and use the Services from time to time;
- in relation to the Empathix platform, to allow us to efficiently match candidates with suitable job opportunities and to provide employers who use Empathix with valuable insights to support fair and unbiased hiring decisions;
- to respond to any query or complaint that you may make or otherwise provide customer support;
- for internal administration and operational purposes such as preventing fraud and abuse of our systems and to troubleshoot bugs;
- to assist in providing better products and services to you by tailoring the Services to meet your needs;
- to consider your employment or contractual engagement application;
- to provide you with further information about us or other products or services offered by us or which we consider may be of interest to you;
- to carry out marketing, promotional and publicity activities (including direct marketing), market research and surveys;
- to keep our Website relevant and of interest to users;
- to show you advertising and information that is most relevant to you and your interests;
- to allow us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing, keeping our records up to date, being efficient about how we fulfil our legal and contractual duties);
- to comply with legal and regulatory requirements;
- to detect any fraud or crime, or money laundering and counter financing of terrorism in connection with any laws, rules or regulations in New Zealand or overseas for analysis in aggregate form (with identifiable characteristics removed so that you will remain anonymous); and
- for any other purpose which is stated to you at the time of collection or that you otherwise authorise.
4. WHO WE DISCLOSE YOUR PERSONAL INFORMATION TO
4.1 We may disclose your personal information to:
- third partycontractors engaged to perform functions or provide services relating to thepurposes for which we collect personal information. If this is the case, wewill take reasonable steps to ensure that they comply with this Privacy Policy;
- third partyservice providers or affiliates within or outside of New Zealand who work onbehalf of or with us to provide some of our administrative and other services,such as processing payments (such as credit card payments). We require suchservice providers to agree not to use such information except as necessary toprovide the services to us. We ensure that all third-party service providers weengage with maintain either ISO 27001 or SOC 2 compliance, or leverage servicesfrom providers that adhere to these stringent standards. This guarantees thatour technology stack adheres to the highest levels of security and dataprotection;
- professionaladvisers, dealers and agents;
- any party to whomour assets or business may be transferred or with whom we are merged; and
- we operate our business in New Zealand. Wemay need to share some of the personal information we collect about you withorganisations both inside and outside of New Zealand. Sometimes we may need toask you before this happens. We may also disclose your personal information ifwe determine in good faith that disclosure is reasonably necessary to protectour rights and pursue available remedies, enforce our terms and conditions,investigate fraud, or protect our operations or users.
4.2 At your request, we will share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, attorneys, accountants, executors, administrators, trustees or auditors).
5. COOKIES
While we do not use browsing information to identify you personally, we may use cookies, web beacons, and other tracking technologies to collect certain information about your use of the Website such as the pages you visit, the date and time of your visit, your IP address and your interaction with the Website. A cookie is a small file containing a string of characters that is sent to your computer or mobile device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
6. OTHER PURPOSES
6.1 If our intended collection, use or disclosure of your personal information is outside the scope of collection, use or disclosure set out in this Privacy Policy, we will give you the option to opt out and not receive certain products or services or participate in certain interactive areas, or opt in.
6.2 You can also withdraw your consent where provided or object to the further data processing of your personal information under certain circumstances. If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision. The withdrawal of your consent will not affect processing of your information that you had consented to.
7. MANAGING YOUR PERSONAL INFORMATION
7.1 We will take reasonable steps to ensure that any personal information we collect is up-to-date, complete and accurate, and any personal information that we use or disclose is up-to-date, complete, accurate and relevant.
7.2 You may contact us at suport@empathix.xyz to seek any of the following:
- Access: You can ask to be provided full information about your personal information that we hold.
- Change or correct information: You can also ask us to correct any incorrect information we hold about you.
- Delete your personal information: You can ask us to delete or destroy your personal information. Please note that certain conditions may apply to the exercise of this right.
- Object to, or limit or restrict, use of personal information: You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal information is inaccurate or unlawfully held).
7.3 In some circumstances, and subject always to legal obligations to the contrary, we may not be in a position to grant access to your personal information or otherwise meet your requests with respect to your personal information.
7.4 If we do not agree to provide you with access to, or to amend or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.
8. COMPLAINTS ABOUT A PRIVACY BREACH
8.1 You can also contact us if you have any questions or complaints about, or if you wish to restrict or object to how we collect, use, disclose, manage or store your personal information. We will respond to your request, where required by law, within one (1) calendar month from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted by applicable law. We may charge a fee to cover the costs of meeting your request if your request is unfounded or excessive.
9. USERS OUTSIDE NEW ZEALAND
Where you are located outside of New Zealand, the information we collect may be processed in and transferred between your location and New Zealand. New Zealand may not have equivalent data protection laws to those in force in your location.
10. CHANGES TO OUR PRIVACY POLICY
Any changes to this Privacy Policy will be posted onto the Website. Unless stated otherwise, changes will be effective immediately upon being placed onto the Website. Your continued use of the Website means you agree to be bound by the amended Privacy Policy.
Current as at June 2024