GECO Gaming Pty Ltd and our related entities (we / our / us) are committed to protecting the privacy and security of your personal information in accordance with Australian privacy laws.
WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT
SHARING YOUR INFORMATION
KEEPING YOUR INFORMATION SECURE
CHANGE OF PURPOSE
OUR DATA PROTECTION OFFICER AND HOW TO CONTACT US
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
1. About us
GECO Gaming Pty Ltd (we / our / us) is a company incorporated under the laws of in Australia and our Australian company number (ACN) is 129 169 802, with our registered office located at Suite 1.01, 4 Burbank Place, Norwest NSW 2153. For the purposes of the General Data Protection Regulation (EU) ('GDPR'), we are the data controller. This means that we are responsible for deciding how we hold and use personal information about you.
This policy applies to current and former users of the Portal. This notice does not form part of any contract nor does it constitute or imply any offer of recruitment to you. We may make changes to this policy at any time, which will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any changes to this policy.
2. The kind of information we collect and hold about you
We may collect, store, and use the following categories of personal information about you:
a) personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
b) recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
c) employment records (including job titles, work history, working hours, training records and professional memberships);
d) date of birth;
f) location of current and previous employment or workplace;
g) information about your use of our information and communications systems including this Portal.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process including through the Portal.
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations.
With regard to each of your visits to our site we will automatically collect the following information:
i) information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page load times, geographic location; and
j) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
3. How is your personal information collected?
We typically collect personal information about you through your use of our Portal and this would typically be information which is provided by you. We may sometimes collect additional information from third parties, with your consent, including former employers, credit reference agencies or by other background checks., or otherwise via information that is publicly available.
4. How we will use information about you/our legal basis for use
Purpose of the processing
Legal basis for processing
To allow us to process your data as part of the recruitment process, for example, determining the terms on which you work for us, assessing qualifications for a particular job, education, training and development requirements, making decisions about your prospective employment or engagement.
Legitimate interest to make a decision about your recruitment or appointment, and to prevent fraud.
To check you are legally entitled to work for us.
Comply with our legal obligation to conduct such checks.
To enable us to provide access to the Portal to you.
To conduct data analytics studies.
Legitimate interest to better understand who is applying to us.
To collect technical data.
Legitimate interest to better understand who is applying to us.
To carry out equal opportunities monitoring
To conduct criminal records checks.
Comply with our legal obligation to carry out such checks.
To email you about updates and any new job opportunities we have.
In rare circumstances, may also use your personal information in the following situations:
(a) it is necessary for compliance with a legal obligation to which we are subject to;
(b) it is necessary in order to protect your vital interests or the vital interests of another natural person;
(c) it is necessary for the performance of a task carried out in the public interest.
Where we have a legal basis to use your personal information without consent (as we have described above), this policy fulfils our duty to process personal information fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal information will be used.
Where consent is required for our use of your personal information, by ticking the appropriate consent box or otherwise communicating your consent (for example, by email or providing non-mandatory information), you consent to our use of that personal information for the purposes covered by the specific consent that you have given. For example, we will only process your personal information for marketing purposes if we have your consent to do so.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
5. If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to progress any of your recruitment applications or provide you with access to our Portal.
6. Change of purpose
We will only use your personal information for the primary purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and where required obtain your consent, or otherwise we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. Sharing of your personal information
You acknowledge that we may share your personal information with the following categories of selected third parties in accordance with this policy:
- service providers (for example, IT services);
- other entities in our group in relation to the use of the Portal by you and us, as well as for system maintenance support and hosting of data;
- where required by law, where it is necessary to administer the prospective working relationship with you or where we have another legitimate interest in doing so;
- analytics and search engine providers that assist us in the improvement and optimisation of the Portal;
- in the context of the possible sale or restructuring of the business;
- building managers for example if you interview at our offices; or
- a regulator or to otherwise comply with the law.
We require third parties to respect the security of your data and to treat it in accordance with the law. If we do, you can expect a similar degree of protection in respect of your personal information.
8. Cross border disclosure (Private Act)
Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for or are engaged by us in other countries. For example, we may use a server hosted overseas or a cloud-base accounting/business software to store data, which may include your personal information.
We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).
The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.
If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.
9. Transferring information outside the EU
For the purposes of the GDRP and only where applicable, we may transfer the personal information we collect about you to the USA which is outside the EU in order for the functioning of the Portal and to allow your use of it. There is not an adequacy decision by the European Commission in respect of the USA. This means that the transfers to the USA of your personal information are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection we have put in place the appropriate measures (such as contractual agreements to meet EU-approved data protection obligations or having signed up to the EU-US Privacy Shield) to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. If you would like to find out more about this or obtain a copy of the relevant approved contract, please contact our DPO (whose role we have explained in more detail in paragraph 14) by email at GCO-HR@playtech.com
10. Data Security
We have put in place measures to protect the security of your information. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
You are responsible for keeping your password which enables you to access the Portal confidential. We ask you not to share your password with anyone.
All information you provide to us is stored on secure severs. We will use technical and organisational measures to safeguard your personal information. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information we cannot guarantee the security of your data transmitted to the Portal and you acknowledge that any transmission is at your own risk.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. What do we do if there is a data breach?
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act. Pursuant to our obligations under the Privacy Act, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of eligible data breach.
12. Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Once you are no longer a user of the Portal or, if appropriate, an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
13. Your rights
You have the following rights in regards to your personal information:
- Access. You have the right to access your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Rectification or erasure. You have the right to request that we rectify or delete any of your personal information. Please note, if you request that we erase any personal information that we require in order to provide the Portal to you, you will no longer be able to use the Portal. This right does not extend to non-personal information. Please also note that it is likely necessary for us to retain your personal information for the purposes of assessing and verifying data that is submitted and/or held on the Portal. This means your rights under applicable law to request erasure may be limited accordingly.
- Object to processing. You have a right to request that we stop processing your personal information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes. For example, if you have given your consent to receive updates from us about new job opportunities, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or clicking the relevant link in any communications you receive. Please note, if you submit a request for us to stop processing your personal information in a certain way and this type of processing is required in order to facilitate your use of the Portal, you will no longer be able to use the Portal following your request for us to stop the relevant processing.
- Restriction of processing. You have the right to restrict our use of your personal information if the data is inaccurate, unlawful or we no longer need the data for the purpose for which we hold it.
- Transfer. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit it to another data controller where this is personal information that you have provided to us and if we are processing such data on the basis of your consent or to perform a contract with you (for example, to manage your account with us).
Office of the Australian Information Commissioner
Phone: 1300 363 992.
7. Unsolicited Information. We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
9. Government identifiers. We do not use or adopt government identifiers (e.g. tax file numbers or Medicare number) to identify individuals.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact the DPO in writing at GCO-HR@playtech.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
14. Data protection officer
We have appointed a data protection officer (DPO) to oversee compliance with this policy. If you have any questions about this policy or how we handle your personal information, please contact the DPO by email GCO-HR@playtech.com.
If you have any questions or comments about this policy our how we process your personal information, please contact our DPO by email at GCO-HR@playtech.com.