Introducing BigRedSky's New Look

Legal

Privacy Policy

Have a question please contact us.

Talk to our teamDownload Privacy Policy
Other Policies
Terms & Conditions
Data Security Addendum
need Help?
Info@bigredsky.com
Scope of Policy
Who is this Policy issued by? This Policy is issued by BigRedSky. It applies to us and our subsidiaries, unless another express policy has been issued.
What is this Policy? We recognise and respect your privacy and data protection rights. We seek to manage your Personal Information in a fair, open and transparent way.

We are committed to the objectives of the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act).

The Policy has been prepared primarily to meet privacy and data protection standards under Australian law.
What is the scope of this Policy? This Policy describes our practices in connection with Personal Information including how and why we collect, use, store, secure, destroy, de-identify and disclose your Personal Information. Specifically, this Policy explains:

  • the kinds of personal information we collect and hold;
  • how we collect and hold personal information and obtain your consent;
  • the primary and secondary purposes for which we collect, hold, use and disclose personal information;
  • when we may disclose personal information, including to overseas recipients and the countries in which such recipients are likely to be located;
  • how you may access your personal information and correct it; and
  • how you may complain about our handling of your personal information.
The Policy is provided free of charge. You may request our Policy in a specific format. We will take reasonable steps to give you a copy in that format.

By providing your Personal Information to us, you agree to this Policy (and any updates) and you consent to our management of your Personal Information in accordance with this Policy and any other arrangements that apply between us.
What is Personal Information? Personal Information under the Privacy Act means information or an opinion about an identified individual (e.g. a natural person), or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.
The meaning is focused on information relating to natural persons, not bodies corporate or business entities.
Does this Policy apply to general confidential information? This Policy only applies to Personal Information. It does not apply to general confidential or commercially sensitive (e.g. contract terms, transactional information, customer information etc.), unless that information is Personal Information.

If information is both Personal Information and general confidential or commercially sensitive information, we will deal with that information in accordance with the requirements of this Policy and any other confidentiality obligations to which we are bound.
Our Business Activities
What does BigRedSky do? At the date of this Policy, our business involves providing to organisations cloud-based applicant tracking and employee onboarding and induction modules deployed under a software-as-a-service model comprising the "cvMail" and "BigRedSky" product offerings.
Collection of Personal Information
How is Personal Information collected? We seek to ensure that we only collect Personal Information by lawful and fair means.

We collect your Personal Information in several ways, including but not limited to our websites, telephone, email, letter or facsimile, in person, publicly available information sources, cookies, apps and online tracking.
Is Personal Information collected from third parties? We may collect Personal Information from third parties, including government agencies and business associates.

We will only collect Personal Information from third parties if:

  • we are required or authorised by or under an applicable law, or a court/tribunal order, to collect the information from someone other than the individual concerned;
  • it is unreasonable or impracticable to collect the information directly from the individual concerned; or
  • it is provided to us in the course of us providing at least one of our functions and activities.
Personal Information Collected
What types of Personal Information are collected? The types of Personal Information that we collect will depend on the nature of your dealings with us.

Some examples include:

  • name;
  • gender;
  • mailing or street address;
  • email address;
  • telephone number and facsimile number;
  • age and/or date of birth;
  • languages spoken;
  • occupation;
  • academic record, levels of education and/or resume;
  • driver's licence details;
  • previous employment and training information;
  • financial details (e.g. credit card, tax details, superannuation information); and/or
  • third party contact information (e.g. carer, employer).
In the course of carrying out recruitment activities (both internal and for organisations that engage BRS for provision of the Services), we may collect information regarding an applicant's educational qualifications, career history, interests, hobbies and job interests and such other information as may be routinely included within a curriculum vitae.

From time to time, we collect Sensitive Information about individuals in order to provide our services. However, we only collect sensitive information if:

  • the collection is reasonably necessary for one or more of our activities or functions; and
  • we have the individual's consent to the collection.
This list above is not exhaustive. We may collect any other Personal Information that may be required in order to facilitate your dealings with us, or which may be reasonably necessary to pursue our functions and activities.
Purpose of Collection
Why is Personal Information collected? We collect and hold Personal Information if it is reasonably necessary to pursue at least one of our functions or activities or its collection and storage is required or authorised by or under an Australian law or a court/tribunal order.
When is Sensitive Information collected? Sensitive Information will only be collected and stored:

  • with the consent of the individual concerned and when the information is reasonably necessary for us to carry out at least one of our functions or activities; or
  • in the same circumstances permitted under the APPs.
For what purpose is Personal Information collected? We may collect, hold, use, secure, destroy, de-identify and disclose your Personal Information for the following purposes:

  • operating and managing our business as described above;
  • communicating important information with you regarding changes to our terms, conditions, and policies and/or other administrative information;
  • analysing the efficiency of our operations;
  • investigating and responding to your inquiries, complaints and providing assistance;
  • managing our relationships with suppliers, contractors and third parties;
  • transactions, business dealings or regulatory relationships with governments or regulators;
  • for personnel management, employment and recruitment;
  • occupational health and safety activities and compliance;
  • to protect our legal rights, pursue available remedies and limit our damages;
  • to negotiate, agree and facilitate a transaction for the sale of our business, our assets or our shares, or to prepare for the same;
  • to enforce contracts; and
  • complying with our legal, insurance and regulatory obligations in various jurisdictions in which we operate.
Certain of these activities may involve the use of machine learning and artificial intelligence.

Generally, we will only use or disclose Personal Information for the purpose for which it was collected (Primary Purpose), including the purposes set out above.

In certain circumstances, we may be required or permitted by law or a court or tribunal to collect and retain certain Personal Information about you.
Can Personal Information be collected for a secondary purpose? We may use or disclose Personal Information for secondary purposes if we receive your consent to do so, or without your consent, if:

  • you would reasonably expect us to use your information for the secondary purpose; or
  • it is otherwise in the same circumstances as permitted by the APPs.
For example, the APPs permit the use and disclose Personal Information for a secondary purpose without an individual's consent if:

  • the individual would reasonably expect the collector to use or disclose the information for a certain secondary purpose; and
  • the secondary purpose is:
    • if the information is Sensitive Information – directly related to the Primary Purpose; or
    • if the information is not Sensitive Information – related to the Primary Purpose; or
  • the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order, such as where disclosure of Personal Information:
    • will reduce or prevent a serious threat to life, health or safety; or
    • is in response to any unlawful activity.
Consent
How does this Policy apply to me? By providing your Personal Information to us, for example, through:

  • your current, prospective and future employment with us; or
  • setting up an account with us for the provision of the Services;
you consent to us dealing with your Personal Information in accordance with this Policy.
Can I opt out? You have the right to opt out of our collection and use of your Personal Information. Please contact us directly if you wish to withdraw your consent.
Will my consent be required for my Sensitive Information? We will seek express consent from you before collecting and dealing with your Sensitive Information.
Disclosure and Transfer of Personal Information
Can my Personal Information be disclosed? We may disclose Personal Information for the purposes described in this Policy to:

  • our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support services, email delivery services and other similar services to enable those third parties to provide services to us;
  • to an affiliate or other third-party in the event of any corporate re-structure, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock – we will notify you via a notice on our website of any significant change in ownership and you retain the ability to opt out;
  • to our officers, employees and other staff;
  • to subsidiaries or affiliates (including their officers, employees and other staff) without our corporate group, to conduct business activities;
  • professional advisers, consultants, dealers and agents;
  • payment system operators;
  • our existing or potential agents, business partners or partners;
  • anyone to whom our assets or divisions (or any part of them) are transferred;
  • any securities exchange in any location on which we may become listed;
  • specific third parties authorised by you to receive information held by us;
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law; and/or
  • as necessary and appropriate to comply with all applicable laws, regulations and legal processes.
Will my Personal Information be disclosed to persons overseas? From time to time, circumstances may arise where there may be a need for us to disclose or transfer Personal Information to an overseas recipient or receive Personal Information from an overseas recipient. This may occur in a range of circumstances. For example:

  • where data is being stored and accessed by way of cloud computing or where we correspond with professional advisors in various countries; or
  • if and when our employees or contractors are travelling overseas.
Laws in these countries may differ from the country in which you live in.

We seek to carefully consider and where possible limit our overseas transfers of Personal Information and disclosures to jurisdictions with substantially similar privacy protections. However, you should be aware of the inherent risks of international transfers of Personal Information, particularly to jurisdictions which may have markedly different privacy protections to Australia. By using our website and/or through your employment with us, you consent to all overseas disclosures of Personal Information.
To which countries may my Personal Information be disclosed? The countries in which your Personal Information is likely to be held or transferred include, but are not limited to Australia, India and the United Kingdom.
Will overseas recipients need to comply with the Australian Privacy Principles? Before disclosing Personal Information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also adopts privacy procedures which materially comply with the APPs in relation to that information, unless the APPs would not require us to do so.

We will not be required to take such steps if:

  • we reasonably believe that the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and there are mechanisms that could be taken to enforce the law or binding scheme;
  • both of the following apply: we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take such steps; and after being so informed, the individual consents to the disclosure;
  • the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
  • the APPs otherwise allow us to refrain from taking such steps, if they applied.
Do any third-party service providers collect my Personal Information? Your Personal Information may be collected by third parties service providers who perform certain business-related functions for us. We do not control the collection and management of this Personal Information.

To the extent permitted by law, we do not take any responsibility or liability for how such third parties which we do not control collect and deal with your Personal Information.
Security and Data Breach
Is my Personal Information secured? The security of your Personal Information is important to us. We take reasonable steps to protect your Personal Information from misuse, interference, hacking and loss, as well as unauthorised access, modification or disclosure.

However, security measures are not an absolute protection and there is an inherent risk of unauthorised access. To the extent permitted by law, we exclude legal liability for any harm or damage eventuating from security related incidents.
What steps are taken to secure Personal Information? We use several physical, administrative, personnel and technical measures to protect your Personal Information.

Our third-party providers use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Information. They also provide various security strategies to effectively ensure data security of user and device. With regards to:

  • device access – proprietary algorithms are employed to ensure data security, access authentication and applying for authorisation.
  • data communication – communication using security algorithms and transmission encryption protocols are supported, including optional multi-factor authentication.
  • data processing – strict data filtering and validation and complete data audit are applied.
  • data storage – all confidential information of users will be safely encrypted for storage.
Will I be notified if there is a data breach? Depending on the circumstances, we may notify you, any affected individuals and, if required by applicable law, the relevant regulator, as soon as practicable after we become aware that there are reasonable grounds to believe that there has been a data breach that is an 'eligible data breach' under the Privacy Act.

If it is impracticable to notify all affected individuals, and depending on the circumstances of the breach, we may publish a statement on our website and publicise the content of that statement.

We may not provide notice where it would be inconsistent with secrecy provisions or prejudice law enforcement actions. If we have taken sufficient remedial action in response to the data breach, or if the regulator determines that notification is not required (if applicable), then we may not notify you of the breach.
Retention and Destruction
How long will my Personal Information be retained? We will hold your Personal Information for so long as we consider reasonably necessary for the purposes set out in this Policy.
Is my Personal Information deleted/destroyed? If we hold Personal Information about an individual which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified, unless prohibited by law or the APPs otherwise require us to avoid taking such steps.

If we are unable to destroy your Personal Information due to technical reasons, we will ensure that appropriate measures are put in place to prevent further use or identification of your Personal Information.
Quality and Access to Personal Information
How will my Personal Information be maintained? We will endeavour to take reasonable steps to ensure that the Personal Information that we collect is accurate, up-to-date and complete.

The reasonable steps described above that we may undertake include:

  • ensuring that updated and new Personal Information is promptly added to relevant existing records;
  • reminding individuals to update their Personal Information when we engage with them; and/or
  • with respect to Personal Information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion: checking that the opinion is a reliable source; providing the opinion to individuals before we use or disclose it; and clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.
What do I do if my Personal Information is out-of-date? If you think that the Personal Information that we hold about you might be out of date and needs to be corrected, please contact us using the details located at the end of this Policy.
Can I access my Personal Information? You may request access to any of the Personal Information we hold about you. In most cases, a summary of your personal information will be freely available to you by contacting us. We may need to confirm your identity prior to taking further action, for security purposes.

Requests for access to your Personal Information will be handled within a reasonable period and we will endeavor to give you access to the information in the format and manner requested, if it is reasonable and practicable to do so.

We will endeavour to take reasonable steps to give access in a way that meets the needs of BigRedSky and yourself, noting that access may be given using a mutually agreed intermediary.
Are there any exceptions to my right of access? The APPs provide a list of situations in which access to an individual's Personal Information may be denied. We may deny an individual access to their Personal Information in these circumstances.

Such situations include, but are not limited to where:

  • giving access would threaten life, health or safety of any individual or threaten public health or safety;
  • granting access would have an unreasonable impact on the privacy of others;
  • the information relates to existing or anticipated legal proceedings between the individual about who the information relates and us, and would not be accessible by the process of discovery in those proceedings;
  • access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • where giving access would reveal evaluative information generated in connection with a commercially sensitive decision-making process;
  • granting access would be unlawful or where denying access is required or authorised by law;
  • the request is frivolous or vexatious; and
  • denying access would be likely to prejudice the taking of appropriate action in relation to the matter.
If we refuse to give access to the Personal Information in the circumstances required by the APPs, or if we refuse to give access in the manner requested, we will take such steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the individual.

If we refuse to give access to Personal Information, we will provide a written notice setting out:

  • the reasons for denying access to Personal Information (except where it would be unreasonable to provide the reasons);
  • the mechanisms available to complain about the refusal; and
  • any other matters prescribed by Australian privacy regulations.
Will I be charged to access my Personal Information? We will not charge fees for requests by you to access your Personal Information.
Correction of Personal Information
Can I correct my Personal Information? If, with regard to the purpose for which it is held, we are satisfied that Personal Information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if the individual about whom the Personal Information relates makes a request, we will take reasonable steps to correct the information.

However, as a matter of practice, when we receive Personal Information, we will hold the information for a period before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).

If we correct Personal Information at the individual requests, we will take reasonable steps to notify any third party to whom we previously disclosed the Personal Information, if it is not unlawful or impracticable for us to do so.

Further, you may request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading (Correction Statement). Where such a request is made, we will take reasonable steps to associate the correction statement with the Personal Information, so that it is apparent to the users of the Personal Information.

We will aim to respond to a request to correct information or associate a Correction Statement with the Personal Information within a reasonable period of the request being made.
Are there exceptions to my right to request a correction? If we refuse to correct Personal Information in circumstances permitted by the APPs, we will provide a written notice setting out:

  • the reasons for the refusal (except where it would be unreasonable to provide the reasons);
  • the mechanisms available to complain about the refusal; and
  • any other matter prescribed by the regulations.
Will I be charged for a correction? We will not charge fees for requests for the correction of Personal Information or for associating a Correction Statement with the Personal Information.
How do I request to amend my Personal Information? Requests for correction of Personal Information should be made in writing and sent to us using the enquiries contact details set out below.
Miscellaneous
What happens if you receive unsolicited Personal Information? If we receive Personal Information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information in circumstances permitted by the APPs.

If we determine that we have received Personal Information that we are not permitted to collect under the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.

If we determine that collection of the Personal Information is permitted under the APPs, we will ensure that the information is dealt with in a manner that complies with this Policy.
Can the Policy be changed? We may change, update, revoke or replace the Policy from time to time by publishing changes to it on our website.

We may notify you via email. We encourage you to periodically review the privacy policy on the website for the latest information about our privacy practices.
How do I make a complaint? If you wish to make a complaint about the way we have handled your Personal Information, you can contact us using the details set out below.

Please include your name, email address and/or telephone number and clearly describe your complaint. We will respond to you regarding your complaint within a reasonable period.
Who should I contact for enquiries? For further information about the Policy or our practices, or to access or correct your Personal Information, or make a complaint, please contact us at helpdesk@bigredsky.com.
Interpretation
External definitions Words and phrases which are defined under the Australian Privacy Act (including interpretive guidance published by the regulatory bodies under the same) have the same meanings when used in this Policy, unless inconsistent with the context.
Glossary The following definitions apply in this Policy, unless the context requires otherwise:
Affiliate in relation to a company or body corporate, means: the holding company of that company or body corporate; a subsidiary of that company or body corporate; a subsidiary of the holding company of that company or body corporate; or a 'related body corporate' of that company or body corporate for the purposes of the Corporations Act 2001 (Cth) of Australia.
Australian Privacy Principles or APPs means the Australian Privacy Principles in Schedule 1 of the Privacy Act.
Personal Information has the meaning given to that term in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not; as the context requires. By way of example, this may include an individual's: name; address; phone number; or photograph or video recording.
Policy means this Privacy Policy, as amended, updated or supplemented from time to time.
Privacy Act means the Privacy Act 1988 (Cth) of Australia.
Sensitive Information has the meaning given to that term in the Privacy Act, or as the context requires. By way of example, this may include an individual's: racial or ethnic origin; political opinions or membership of a political association; religious beliefs; philosophical beliefs; membership of a trade union; health; criminal record; and sexual orientation or practices.
Services means a service provided by or on behalf of BigRedSky.
BigRedSky, we, us or our means BigRedSky Limited (ACN 692 733 716) and, where the context requires, includes its Affiliates.
you or your means an individual whose Personal Information we manage.
Effective Date:
Monday 1st March, 2026
last modified date:
Monday 1st March, 2026
Other Policies
Privacy Policy
Terms & Conditions
need Help?
Info@bigredsky.com