1. Home
  2. Data Privacy Notice

Privacy Notice

(Updated Tuesday 1 April 2025)

Civica Pty Limited (ACN 003 691 718) and all subsidiaries thereof, that are registered in Australia (Civica) take data privacy seriously and we are committed to protecting and respecting the rights of all individuals. We are dedicated to ensuring the confidentiality and privacy of information entrusted to us and aspire to be transparent when we collect and use personal data.

This policy sets out how Civica will handle personal information in line with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and the associated Australian Privacy Principles (APPs).

The purpose of our Privacy Policy is to provide information about:

  • what personal information we collect and hold; 
  • how we handle that information, including how we use and store it; 
  • how we keep it secure; 
  • how, and to whom, we share your personal information, including overseas, and why; 
  • your right to access and correct it; and 
  • how you may contact us if you wish to make a complaint or enquire about privacy matters.

Our Contact Details

Civica has its Australia headquarters located at:
Civica
Ground Floor
277 William Street
Melbourne
VIC 3000

If you have any questions regarding the contents of this notice, we invite you to direct your correspondence either to the above postal address (marking the envelope 'FAO – Compliance and Improvement Team', or to DPO@civica.com.

How Civica collects personal information

Personal information is any information that can be used to personally identify you. If the information that we collect personally identifies you, or you are reasonably identifiable from it, then we will treat that information as personal information.

When collecting personal information directly from you, we may collect it in various ways, including:

  1. through your access to and use of our website, 
  2. during conversations between you and our representatives, including through call recordings with our support team
  3. when you give us your business card, 
  4. when you submit a job application, 
  5. when you visit our offices or attend events, conferences and meetings, including through CCTV located at some Civica offices which may be operated by Civica or a third party, 
  6. when you subscribe to our newsletters and user groups, 
  7. when you communicate with us via email, post or fax, 
  8. through your interaction with us on social networking platforms 
  9. during the course of providing of our services to our customers.

We may also collect personal information about you from third parties where it is unreasonable or impracticable for us to collect the personal information directly from you, such as:

  1. your employer,
  2. your authorised representatives (e.g., recruiters who provide us with your CV), 
  3. data brokers that share business contact information with us or your other professional advisors, 
  4. colleagues who provide us with your contact information as their next of kin, for use in an emergency situation,
  5. companies providing security background checks, or
  6. publicly available sources such as LinkedIn, or freely available news articles,
  7. Reports that are raised through our whistleblowing process.

Civica provides services to other organisations and businesses. As a result, certain personal information about you which we collect and use, will come from other organisations to whom we provide services and products as described on our website from time to time. These organisations are required to inform you of the purposes for their collection and use of your personal information. We will use reasonable efforts to notify you that we are handling your personal information except where it is unreasonable or impracticable to do so.

The types of personal information we collect and why

We collect and hold personal information necessary to run our business and to enable us to provide services to our customers.

We will only solicit and collect personal information that is reasonably necessary for, or directly related to, one or more of our functions as a business.

Where possible, we will use anonymised or pseudonymised data.

The purposes for which we collect, hold, use, and disclose your personal information relate to one or more of our functions of our business, which include (but are not limited to) the following:

  1. providing our services; 
  2. managing our business; 
  3. auditing and managing the usage of our website and our services; and 
  4. to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or other governmental authority.

The types of personal information we collect will depend on the purpose for collection and may include (but are not limited to):

  1. your name; 
  2. contact details including mailing or street address, email address, and telephone number(s); 
  3. gender; 
  4. age; 
  5. financial details; 
  6. government identifiers (including driving license, social security numbers, passport numbers or birth/death certificates); 
  7. income; 
  8. drug test results; 
  9. details about your health or ethnicity, 
  10. details about your education, employment and skills, or 
  11. details of any fines, penalties or offences.

For Website Users

When you visit our website, we use your IP address and location data to determine which regional site and region-specific content should be displayed.

Our legal basis for this processing is our legitimate interest in providing you with the information specific to your region to promote our services and improve our business.

We also enable cookies. Further details about what cookies we use, how we use them, and how you can manage them can be found in our Cookie Policy.

For Mobile App Users

Some Civica products have associated mobile apps. Depending on the functionality of specific apps the data collected may include location data. Privacy information related to these apps is available on either the Google Play Store or Apple App Store.

Cookies

We use cookies and similar technologies on our websites. Cookies are data files that are placed on your device and often include an anonymous unique identifier. These technologies assist us to improve your experience on our websites. If you elect to disable cookies, this could affect your experience of our websites. Please refer to the Cookie Policy on our website for more information.

Sensitive Information

In some instances, we may ask for sensitive information, for example:

  • when you are applying for jobs with us, we may ask whether you have a disability in order to provide assistance to you with the application process; or 
  • we may ask you whether you are from a culturally or linguistically diverse background for statistical purposes, to ensure equal opportunities, and to make reasonable adjustments to our products and services.

In most cases, we may collect sensitive information either directly from you and with your consent or from third parties and government bodies that you have authorised to collect and disclose such sensitive information to us.

If you do not agree to the disclosure of your personal information to Civica in any other circumstances, this may affect our ability to conduct our business. For example, we may be unable to provide you with assistance, information or services you have requested from us or from our customers.

Secondary use of personal information and disclosures

We will only hold, use or disclose personal information for the particular purpose for which it was collected, unless one of the following applies:

  1. we obtain your consent to use personal information for a different purpose (secondary use); 
  2. you would reasonably expect us to use or disclose your personal information for a different purpose, and that purpose is related to the primary purpose; 
  3. the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order; 
  4. we reasonably believe that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or 
  5. another exception in APP 6 applies.

We may disclose your personal information to a third party such as:

  1. Civica-group businesses, contractors or third-party service providers in connection with the provision of Civica's services, including any suppliers of any third party services that are integrated or embedded into our services; 
  2. third parties that we engage on behalf of our customers or which they engage directly in connection with the services we provide, including auditors, accountants, third party experts and other consultants or advisors; 
  3. our insurers and our professional advisors, including our accountants, business advisors and consultants; 
  4. third-party service providers who provide marketing, marketing automation, sales enablement and lead-generation services for us; 
  5. any legal industry regulatory body in any of the States and Territories that we operate in; and 6) any other organisation or individual for any authorised purpose with your consent.
  6. law enforcement and, where applicable, landlords of our premises, to support security incident investigations.

We will never sell your information to third parties. We may, however, share your information with companies with whom we have a direct business arrangement in order to jointly market Civica-related products.

We have contracts in place with our service providers. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation, and they will hold it securely and retain it only for the period we instruct.

Like many organisations, Civica may reorganise its business operations around the world from time to time, whether by buying new businesses or selling or merging existing businesses. This may involve us disclosing personal data to prospective or actual purchasers of parts of our business, or receiving personal data from potential sellers.

Direct Marketing

We may use your personal information for the purposes of sending you direct marketing communications (including via email, post, SMS, MMS, targeted digital advertising, phone calls or any other means) where:

  • you have provided consent for us to do so; or
  • we are otherwise permitted to do so by law.

You can opt-out of receiving direct marketing communications at any time by contacting us using the details above or by using the unsubscribe facilities provided in direct marketing communications.

We may also contact you to conduct customer satisfaction and market research surveys

This processing falls into scope of the UK General Data Protection Regulation (UK-GDPR), which means you may have additional rights over your personal information when it is used for marketing purposes. You can find more details in the Your Rights section of this notice.

Recruitment

If you submit a job application either directly or through a recruiter, we will use your information in connection with the specific job that you have applied for. We will store your information for 15 months in case any legal claim for discrimination is made.

To consider you for other vacancies for which you may be suitable, which may arise during this 15-month period, we will add your information to our talent pool. If you’d rather not be added to the talent pool, or wish to be removed at any time, please let us know.

Sometimes we use publicly available sources of data such as LinkedIn to source candidate information. However, you will always be contacted before we add your information to our recruitment system and provide you with the opportunity to opt-out.

For certain roles there may be a request to share your CV with a specific customer to confirm your suitability. You will be notified during the recruitment process by our Recruitment Team if this applies to the role you have applied for.

For all roles we also request equality and diversity data for monitoring purposes. This information is not mandatory, although we encourage you to provide it. We make every attempt to anonymise this information and ensure it cannot be linked back to an individual.

This processing falls under the UK-GDPR, which means you may have additional rights over your personal information when it is used during the recruitment process. You can find more details in the Your Rights section of this notice.

To provide customer support and access to self-service portals and to provide service delivery

When you become a partner / customer of ours, we collect your data from our portal login pages. We do this in order to provide online and telephone support services to help deliver contracted services to you via web portals, email or over the telephone. We use this information to process online requests, solve problems, answer questions and respond to communications from individuals and organisations.

When your details are registered with our customer support service, Civica Support Cloud, we collect data including your work contact details and company details, in order to provide technical support.

This processing falls into scope of the UK General Data Protection Regulation (UK-GDPR), which means you may have additional rights over your personal information when it is used for providing our services. You can find more details in the Your Rights section of this notice.

For conducting user research on our products

We conduct user research to improve our products, where we collect your personal data including name, contact details, and opinions should you choose to take part.

This processing falls under the UK-GDPR, which means you may have additional rights over your personal information when it is used during improving our business. You can find more details in the Your Rights section of this notice.

For conducting user research on our website

We conduct research into user journeys of our website visitors. In order to do this, a code snippet is used to track only the research participants’ movements around our website, during timed research events. We also collect opinions, voice recordings, and location data.

This processing falls under the UK-GDPR, which means you may have additional rights over your personal information when it is used during improving our business. You can find more details in the Your Rights section of this notice.

For purposes of financial management

We gather and retain business contact details for financial management purposes. Personal information such as names and contact information will be needed to ensure purchase orders, requisitions, invoices and debts are handled appropriately. Retention period for this type of information is up to 7 years in line with legal and tax regulations.

This processing falls into scope of the UK General Data Protection Regulation (UK-GDPR), which means you may have additional rights over your personal information when it is used for processing financial information. You can find more details in the Your Rights section of this notice.

For the purposes of sales enablement

This processing falls into scope of the UK General Data Protection Regulation (UK-GDPR), which means you may have additional rights over your personal information when it is used for selling our products and services. You can find more details in the Your Rights section of this notice.

International transfers of data

Civica operates and provides services from its locations across the globe. As such we may transfer personal information to Civica group locations and third-party service providers outside of Australia in order to provide our products and services. It is not practical for us to list every country where such overseas recipients may be located, however such countries are likely to include the UK and India. Except where an exemption applies, we only transfer information where the overseas recipient is bound by a law or binding scheme that is no less robust that the requirements of the APPs.

Where the recipient country does not provide a level of protection that is substantially similar to the APPs, we will ensure that commercially reasonable steps are taken to ensure the protection of the information in accordance with Australian law.

Security

We take reasonable steps to ensure your personal information is protected from misuse and loss, and from unauthorised access, modification or disclosure. As the internet is inherently insecure, Civica does not guarantee the security of any personal information you provide to us over the internet. You provide personal information to us over the internet at your own risk.

To the maximum extent permitted by applicable laws, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, modification of, disclosure of, misuse of or loss or corruption of any personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law, including the Competition and Consumer Act 2010 (Cth), or any liability which cannot be excluded due to the operation of an applicable law. We may hold your information in either electronic or hard copy form. We have in place reasonable policies and information protection procedures relating to data security, including:

  1. physical secure file storage; 
  2. password protection of electronic databases; 
  3. the provision of secure rooms where appropriate; 
  4. electronic information ‘firewalls’ between sites; ; 
  5. the provision of information to staff on a ‘need to know’ basis; 
  6. Civica will use reasonable endeavours to ensure that all staff and internal and external consultants are subject to contractual obligations of confidentiality; and 
  7. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later).

Your rights

You have a right to access personal information that we hold about you. We hold personal information if we control the manner in which such personal information is processed. In most cases, we only process personal information for and on behalf of a customer to provide our services, and our right to process such personal information is limited by our contractual obligations to that customer. Where possible we implement processes to ensure the ongoing accuracy of data we process.

If you believe that any of your personal information that we hold is inaccurate, out of date, incomplete, irrelevant or misleading, you also have a right to request corrections to any personal information that we hold about you. In cases where we are processing your personal information for and on behalf of a customer, you will need to contact that customer directly in order to request access to, or correction of, your personal information.

Before we provide you with access to your personal information, we may require verification of proof of identity. This helps us to ensure that personal information is not disclosed to any person who has no right to receive it.

We can decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act. Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.

If you would like to remove the data that you've submitted to us in the course of the recruitment process, please contact our Recruitment Team at PeopleTeam@civica.com. There may be occasions where we are unable to immediately fulfil this request.

Depending on the circumstances, we may be unable to fulfil your request based on other lawful grounds.

If you have any questions about your rights or would like to exercise them, please contact DPO@civica.com

UK General Data Protection Regulation (UK-GDPR) Rights

Where your data processing takes place under the UK-GDPR, you may have the following additional rights:

Your right of access –You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing – You have the right to object to processing if we are using legitimate interests as our lawful basis for processing.

Your right to data portability – This only applies to information that we have collected directly from you. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or as part of a contract, or in talks about entering into a contract and the processing is automated.

Your right to withdraw consent – Where the lawful basis of processing is consent, you can withdraw your consent that you have previously given to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

If you have any questions about your rights or would like to exercise them, please contact DPO@civica.com

How to make a complaint

If you would like to complain about a breach of the APPs, you may contact our Data Protection Officer. We ask that you to put your complaint in writing and to provide relevant details to DPO@civica.com or in a letter to the Compliance and Improvement team at the Civica address listed in the ‘About Civica’ section.

We will respond to your complaint in a reasonable period of time (usually within 30 days). If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted at:

GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
enquiries@oaic.gov.au 

Changes to this Privacy Notice

By using our website, liaising with us, and/or providing information to us, you accept and agree to the collection, use, holding and disclosure of your personal information for the purposes described in this notice. We review our privacy notices and policies regularly and occasionally may need to change or update them. Any updated versions of this privacy notice will be posted on our website and will be effective from the date of posting.