Application of this Statement
ADP is committed to complying with the requirements of the Privacy Act 1988 as amended from time to time (‘Act’). The core requirements of the Act are set out in the Australian Privacy Principles (APPs). The APPs set out how an organisation such as ADP should collect, hold, use, and disclose personal information. The APPs also give individuals a right to know what information an organisation holds about him or her, and a right to correct it if it is wrong.
From time to time, as ADP updates and improves its service ADP may change this Privacy Statement. ADP will publish these changes on its website at adppayroll.com.au/privacy
Please note this version does not substantively change the way ADP treats personal information compared to the previous version of the privacy statement available at adppayroll.com.au/privacy/archive.
What personal information does ADP collect and hold?
Personal information is defined in the Act as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not”.
ADP collects and holds personal information that is reasonably necessary to provide its services. ADP may collect information from or about individuals including:
• Employees of ADP Clients: ADP generally collects personal information such as the individual’s name, address, e-mail address, user ID, banking details, date of birth, payroll details, and employment-related information such as salary details, superannuation contributions, Tax File Number, relevant awards and PAYG withholding tax.
• Individuals who are payment recipients: on behalf of employers ADP makes payments to certain individuals such as recipients of child support payments and garnishee orders. ADP collects the individual’s name and banking details. Depending on the type of payment ADP may collect other reference information relating to the individual such as the recipient’s address and date of birth; and for child support payments the child support reference ID.
• Client contacts: ADP collects contact information from or about clients or prospective clients, including individuals working for clients or prospective clients, and records details of interactions with clients and prospective clients. This could include:
o Contact information – information that allows ADP to communicate with the client, such as their name, username, mailing address, telephone numbers, email address or other addresses that allow ADP to send messages.
o Relationship information – information that helps ADP do business with the client, such as the types of products and services that may interest the client, information on the organisation’s size, geographic locations, creditworthiness and demographics.
o Transaction information – information about how the client interacts with ADP, including purchases, inquiries, customer account information, and information about how the client uses the ADP websites and applications.
• Employees of ADP: ADP collects personal information from its employees as described in its Privacy Notice to Associates.
• Applicants for jobs at ADP: ADP collects contact details, employment history and other background information as required and as permitted by law.
Some personal information collected by ADP may be sensitive information as defined in the Act; for instance, membership of a trade union (where ADP pays trade union membership fees on behalf of an employee), or biometric identification (via clocks used for ADP’s ezLaborManager and RosterLive services). Any biometric information collected is immediately converted to an encrypted format so that the biometric information originally collected is not stored by ADP.
How does ADP collect and hold personal information?
In most cases, ADP collects personal information about employees and payment recipients directly from the ADP client that employs the relevant employee.
As ADP does not normally deal directly with clients’ employees, it asks its clients to obtain the consent of the individual for the collection, use, and disclosure of the individual’s personal information to and by ADP. It also asks its clients to have regard to the information in this privacy statement in making its own disclosures to employees under the Privacy Act.
ADP will ask for personal information (including contact information and relationship information) when a client or prospective client interacts with ADP, such as registering on an ADP website, signing up to receive a newsletter, or making a purchase. ADP may collect additional relationship information from third party data suppliers who enhance ADP’s files and help ADP better understand its customers. When products or services are purchased from ADP, ADP collects transaction information. ADP collects transaction information when visiting ADP’s website, using ADP applications or contacting ADP, such as for customer service purposes.
ADP offers “tell-a-friend” functionality on some of its websites. If this function is chosen, ADP will collect contact information for the friend. ADP will automatically send the friend a one-time email with the information specified or inviting him or her to visit the site. ADP uses this information for the sole purpose of sending this one-time email and does not retain the information.
ADP collects information from a job applicant directly from the applicant or publicly available information. With the consent of the applicant ADP may conduct reference, background and criminal record checks.
Why does ADP collect, hold, use and disclose personal information?
ADP deals with personal information for a number of purposes, such as:
• Providing payroll services
• Billing and account management
• Internal business operations such as planning, product development, research, and reporting to ADP related bodies corporate
• Fulfilling requests for products or services and for related activities, such as product and service delivery, customer service, account management, support and training and to provide other services related to the relationship with ADP;
• Providing marketing communications and offers for products and services from ADP and, in some cases, ADP partners, including offers targeted based on interests, business characteristics and location;
• Administering surveys and other promotional events;
• Determining eligibility for certain products, services or offers;
• Providing additional information that may be of interest, such as ADP news and announcements and technical service bulletins; and
• Managing ADP’s everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, forum management, fulfilment, analytics, security and fraud prevention, corporate governance, reporting and legal compliance, and business continuity.
ADP understands that individuals do not want ADP to provide their personal information to third parties for their own marketing purposes. ADP limits its sharing of an individual’s personal information as follows:
In using personal information, ADP may need to disclose personal information to various third parties, such as the Australian Taxation Office, other governmental agencies as required by law, banks/financial institutions, superannuation funds, health funds, contracted service providers, business partners, and related bodies corporate of ADP.
ADP may share personal information with ADP related bodies corporate, which may only use the personal information for the purposes listed above.
ADP may share personal information with its service providers, who are bound by law or contract to protect the personal information and only use the personal information in accordance with ADP’s instructions.
ADP may share personal information with business partners, but only to the extent a product or service has been purchased from such partner, interacted with such partner, or otherwise authorised the sharing. For example, if a person is referred to ADP from a business partner website, ADP may provide that partner with the person’s contact information and certain transactional information to validate the referral. ADP may also provide the person’s contact information to companies that offer complementary products and services if the person requests information about these solutions.
ADP may disclose personal information where needed to effect the sale or transfer of business assets, to enforce ADP’s rights, protect ADP property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. ADP may also disclose personal information when required or authorised to do so by law.
Please note that ADP may also use and disclose information about individuals that is not personally identifiable. For example, ADP may publish reports that contain aggregated and statistical data about ADP’s clients. These reports do not contain any information that would enable the recipient to contact, locate or identify an individual. These reports also do not contain any identifiable company information.
Where an individual has applied for employment with ADP, the personal information submitted with their job application will be added to ADP’s job opportunities database and may be used for recruitment and other customary human resources purposes. For example, ADP may send the applicant information about new job opportunities within ADP as well as other career development resources.
The collection, use and disclosure of personal information may be required or authorised under various Commonwealth and State laws, including:
• The Income Tax Assessment Acts
• Superannuation Guarantee (Administration) Act 1992 (Cth)
• Fair Work Act 2009 (Cth)
• Payroll Tax Acts
• Long Service Leave Acts
• Occupational Health & Safety Acts
• Workers Compensation Acts
• Tax Agent Services Act 2009 and Tax Agent Services Regulations 2009
• Privacy Act 1988 (Cth)
• Corporations Act 2001 (Cth)
• Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
• Any secondary legislation pursuant to primary legislation referred to above.
How can individuals access, correct or update their information?
ADP respects the right of an individual to access and correct their personal information. Where an individual has access to an online account they can log into their account at any time to access and update the information they have provided to ADP.
ADP will give individuals access to their personal information on request, subject to the Act. ADP may impose a charge for giving access to personal information.
If any information is incorrect, ADP will correct it on request. If the individual has a direct relationship with ADP, the person or department at ADP the individual normally deals with should be contacted initially. The request may also be made to ADP’s Privacy Officer (using the details below).
An individual who is an employee or other payment recipient of an ADP client is encouraged in the first instance to contact ADP’s client so that they can ask ADP to correct its records.
ADP may require substantiation of any request to correct personal information.
Individuals may request not to receive marketing communications from ADP. ADP aims to ensure such requests are complied with within five business days.
What can an individual do if they have a complaint?
Any complaint regarding a possible breach of ADP’s privacy obligations may be directed to:
• the person or department at ADP the individual normally deals with, if the individual has a direct relationship with ADP; and/or
• ADP’s Privacy Officer (using the details below).
The Privacy Officer will investigate any complaint and notify the individual within a reasonable timeframe of the outcome of the investigation.
Does ADP disclose personal information to overseas recipients?
As a global business, ADP may store personal information overseas, and personal information may be accessed by staff of ADP related bodies corporate overseas, in the United States, India, France, Spain and the Philippines.
ADP’s related bodies corporate in the European Union comply with the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data.
ADP also uses information technology facilities including customer relationship management and cloud-based database and storage systems operated by third parties located overseas. These providers are required to enter into agreements containing appropriate confidentiality and privacy obligations, and are not provided with access to the personal information of ADP clients or their employees.
In order to provide clients with a high quality and competitive service, ADP may change its service arrangements from time to time, as a result of which personnel located in other countries may be able to access personal information. Where ADP does so it will update this Privacy Statement. Individuals and clients of ADP are encouraged to check this Privacy Statement from time.
How does ADP protect the security of personal information?
ADP exercises great care to protect personal information that it holds. This includes, among other things, using industry standard techniques such as firewalls, encryption, intrusion detection, and site monitoring.
Internally, ADP restricts access to personal information to employees or parties who need access to the information in order to do their jobs. These employees or parties are limited in number, and are committed to maintaining confidentiality.
ADP reviews its security arrangements from time to time, as it deems appropriate.
Cookies and Other Data Collection Technologies
When ADP’s website is visited or our mobile applications are used, ADP collects certain transaction information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.
For example, when ADP’s website is visited, ADP places cookies on the individual’s computer. Cookies are small text files that websites send to computers or other Internet-connected devices to uniquely identify the browser or to store information or settings in the browser. Cookies allow ADP to recognise the computer when it is used to return. They also help ADP provide a customised experience and enable ADP to detect certain kinds of fraud. In many cases, cookie preferences can be managed and the individual can opt out of having cookies and other data collection technologies used by adjusting the settings on their browser. All browsers are different, so the “help” section of the browser should be consulted to learn about cookie preferences and other privacy settings that may be available.
ADP also uses Flash Cookies (also known as Local Stored Objects) and similar technologies to personalise and enhance the online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. ADP uses Flash cookies for security purposes and to help remember settings and preferences similar to browser cookies, but these are managed through a different interface than the one provided by the web browser. To manage Flash cookies, please see Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit www.adobe.com. ADP does not use Flash cookies or similar technologies for behavioral or interest-based advertising purposes.
Pixel tags and web beacons are tiny graphic images placed on website pages or in emails that allow ADP to determine whether the recipient has performed a specific action. When the recipient accesses these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow ADP to measure response to our communications and improve its web pages and promotions.
ADP collects many different types of information from cookies and other technologies. For example, ADP may collect information from the device used to access ADP’s website, the operating system type, browser type, domain, and other system settings, as well as the language the system uses and the country and time zone where the device is located. ADP’s server logs also record the IP address assigned to the device used to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. ADP may also collect information about the website visited before the individual came to ADP and the website visited after they leave ADP’s site.
In many cases, the information ADP collects using cookies and other tools is only used in a non-identifiable way, without any reference to personal information. For example, ADP uses information it collects about all website users to optimize ADP’s websites and to understand website traffic patterns.
In some cases, ADP does associate the information it collects using cookies and other technology with personal information. This privacy statement applies to the information when we associate it with the personal information.
ADP may have relationships with third party advertising companies to place advertisements on ADP’s website and other websites, and to perform tracking and reporting functions for ADP’s website and other websites. These third party advertising companies may place cookies on the individual’s computer when they visit ADP’s website or other websites so they can display targeted advertisements. These third party advertising companies do not collect personal information in this process, and ADP does not give any personal information to them as part of this process. However, this Privacy Statement does not cover the collection methods or use of the information collected by these vendors. For more information about third party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org. You can opt out of being targeted by many third party advertising companies by visiting www.networkadvertising.org/consumer/opt_out.asp or http://preferences.truste.com/truste/.
One of ADP’s third party advertising vendors is Adobe. For more information on how to be removed from the tracking and reporting functions performed for ADP’s website by Adobe Marketing Cloud, please visit their Opt-out page at http://www.adobe.com/privacy/opt-out.html#4 and follow the relevant instructions.
Privacy Officer contact details
Automatic Data Processing Limited
6 Nexus Court
Tel: +61 3 9566 5100
Automatic Data Processing Limited
ABN: 70 003 924 945
Dated: 1 March 2014