Privacy Policy

Privacy notice

This is the Privacy Notice of Sanctuary Recruitment (the data controller) part of Acacium Group that is engaged with you (“we”, “us” or “our”) via the link you have clicked on the website. A full list of our group companies and their trading names can be found here.

If you require a printed copy of this privacy notice or our group companies, please contact us using the details below.

This Notice sets out our global approach to data protection and makes you aware of how and why your personal data will be used. We cannot list all applicable data protection legislation globally as it is changing constantly.  The Notice is primarily based on the requirements of the General Data Protection Regulation ‘GDPR’.  If you believe that we are not addressing your privacy rights, then please contact us: dpo@acaciumgroup.com  Further to contacting us, if you are still not satisfied with how we manage your personal data then you should contact your country data protection supervisory authority.  We may change this Privacy Notice from time to time.  You should check this Privacy Notice occasionally to ensure you are aware of how we need to use your information.

This Privacy Notice relates to personal information that identifies “you” in the circumstances set out below.   If you are an organisational customer, partner or a supplier a separate privacy notice or data processing agreement applies to you instead.

Please read this Privacy Notice to understand how we may use your personal data.

This Privacy Notice was completed on 23rd August 2023 and may vary from time to time so please check it regularly.

Summary

  • We keep to a minimum the information we hold about you
  • We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website
  • We delete your data when it is no longer needed for these things
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have lots of privacy rights
  • We take security seriously
  • We are happy to answer your questions about any of this

This Notice relates to your use of our website only.

What personal information we hold and how do we collect it

You can look at our pages, and search for jobs without giving us any personal information about yourself.

Information which is collected and stored during normal use of the site, such as the internet protocol (IP) address used to connect your device to the internet, some other information such as your browser type and its version, and pages you visited if you opt to submit personal information for us to send you further information or email alerts. Furthermore, our website may also download cookies to your device – this is described in our separate [cookie policy].

When applying for a vacancy:

We may hold your name, contact details, details of the roles you are interested and other information regarding your career history and remuneration which you choose to provide to us or which we may request, if you:

  • make an application via a third party website;
  • provide us with your CV or other details directly by email or by phone;
  • make an application or submit your CV or other details via our website;

If you become a candidate for our permanent recruitment services, internal opportunities or agency-based work with us, additional personal information about you will be collected. This is described in our candidate privacy notice, which will be provided to you if applicable.

If you do not provide us with personal information requested, we will be unable to assess your application and/or progress your application.

Some of the personal information which you provide to us is categorised as ‘sensitive personal information’ (for example, health information). Under the Privacy Act  any collection or use of such information will be in accordance with the Privacy Act.

How we will use information about you

We will only use your personal information and sensitive personal information as set out below.

We are only allowed to process your personal data if we have a lawful basis to do so in accordance with data protection laws. We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis (or bases) for each activity. In accordance with the GDPR, we rely on the appropriate legal bases set out below.

Processing Activities          

Legal Basis

  • We analyse browsing activity data to understand how people use the features and functions of our website to identify improvement so that we can provide you with a better website experience
  • We analyse how you interact with website and email content to enable us to provide you with better and more relevant content
  • To fulfil your requests for more information, white papers, articles, alerts, newsletters or other content. Pages that collect this type of information may provide further information as to why your data is needed and how it will be used.
  • For surveys or research questionnaires to help improve our content or our services to you.

We have a legitimate business interest to provide you with our services

  • To contact you for marketing purposes where you have agreed to this.

You have provided us with consent

Data sharing

In connection with any application, request or enquiry you make, your information will be passed directly to the relevant business unit within Acacium Group and nowhere else.

We will not share your personal information with any third party, outside of Acacium Group that intends to use it for direct marketing purposes, unless we have specifically informed you and you have given us specific permission to do this.

We may use third parties, like service providers, agents or contractors to provide support and administration assistance for the internal operations of our websites, event registration systems, and applications.

These third parties may come in to contact with your personal information in the course of providing their services to us. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Acacium Group operates in several international countries. It is possible that your personal information may be transferred, stored, and/or processed outside Australia, including in South Africa. Depending on what you use the website for and in order to provide you with the best service and to carry out the purposes described in this Privacy Notice, your data may be transferred:

  • between and within Acacium Group entities.
  • to third parties (such as advisers or other Suppliers to the Acacium Group).
  • To third party service providers including technology providers

We want to make sure that your data are stored and transferred in a way which is secure. We will therefore only transfer data outside of Australia where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data where you have consented to the data transfer.

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with, and which respects the law on data protection.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only keep your personal data for as long as is necessary for the purposes for which it was collected.

Marketing

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact DPO@acaciumgroup.com writing.

Right to withdraw consent

When you ask us for further information or sign up to our information services such as newsletters, you have the right to withdraw your consent for processing for this purpose at any time. To withdraw your consent, please contact DPO@acaciumgroup.com Once we have received notification that you have withdrawn your consent, we will no longer process your information and, subject to our retention policy, we will dispose of your personal data securely.

Data protection officer

We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information or wish to complain about an alleged breach of the Australian Privacy Principles as set out in the Privacy Act. please contact the DPO on dpo@acaciumgroup.com. We will acknowledge your compliant within 5 working days and expect to get back you with a substantive response within approximately 28 working days.

If you are not satisfied with our response to your compliant, you have the right to make a complaint at any time to the appropriate Data Protection Supervisory Authority in the relevant jurisdiction. In the UK, this will be the Information Commissioners Office (ICO) in Australia this will be the Office of Australian Information Commissioners Office (OAIC) https://www.oaic.gov.au/