We take privacy seriously and respect your right to anominity. Transparent information handling practices are paramount due to the sensitivity nature of the information we are given and asked to process in regards to both Australian privacy laws, GDPR and basic respect for the giving of consent and the storage of and processing of personal data.
As Registered Australian Migration Agents, we have certain professional standards and obligations regarding your privacy. We will not disclose any details or personal identifiers to any other third parties unless without expressed authorisation and written consent from the client. As our clients details are managed and processed in a cloud based system known as Migration Manager, which is a part of the Leap group of companies, we have implemented a data portal system which is GDPR compliant, where you (‘the client’) controls the information being given to us in regards to your immigration matter.
Australian Privacy Laws from the Australian Privacy Act 1998 apply as does our Code of Conduct which affirms the human right to privacy and protection of personal data. Please note below the occasions where your data may be shared with your full consent, as such with an outside agency directly related to your matter. As a client or prospect, we have certain obligations to comply with our Code of Conduct with OMARA, and also compliance with EU clients and businesses in the processing and retention of personal data. To make a complaint and find information, you can find the link to the Australian Privacy Principles by connecting with the office of the Australian Information Commission (OAIC) here.
As we handle information that is personal and considered extremely sensitive, you can be assured that any information that is disclosed will be held in the strictest confidence with data storage held within an encrypted Australian based cloud system which we are the data holders cannot access. As Australian holding personal data, we also are subject to breach notifications with OAIC, and some of the principles and regulations with the GDPR such as right to access, data portability and the administering of a data protection officer.
- We adhere to the underlying values contained in the Australian Privacy Principles contained in the Privacy Act 1988, as a matter of internal policy and in compliance with the Code.
- We will maintain the confidentiality of all information divulged under the agreement, except as required by law or as modified by the agreement.
- Your documents and information may be stored physically and/or electronically by us. In some cases, documents and information may be stored on third party servers that are located outside Australia. We will take all reasonable steps to ensure that your information is protected from unauthorised release or disclosure.
- The information that you provide to us is collected, used and disclosed to other entities in the furtherance of your application, where there is a reasonable expectation that it will be used and disclosed by us. Other entities to which your information may be disclosed include (but are not limited to):
- The DOHA;
- Skills assessing authorities;
- a) Your sponsor, or the person whom you are sponsoring or nominating for a visa (for family sponsorship or employer sponsorship/nomination purposes). In particular, you expressly agree that any Information that may adversely affect the outcome of the application (for example, health, character or business-related issues) may be disclosed to your sponsor (or the person whom you are sponsoring or nominating);
- Dependent family members included in your application;
- Regional Certifying Bodies (for subclass 187 applications);
- Educational institutions (for Student visa applications)
- State or Territory Governments (for State or Territory sponsorship/nomination purposes);
- The Australian Federal Police and/or foreign police services (where you request that we apply for police clearances on your behalf);
- Any entity to which you have authorised disclosure of your information.
- We may use the information that you provide to conduct market research, determine website usage and for direct marketing purposes related to our business (for example, our regular newsletter service).
- We may search for your current visa entitlements using Visa Entitlement Verification Online (‘VEVO’) at any time during the term of this agreement, as we deem necessary to determine your status in Australia and your eligibility to lodge the application.
- You acknowledge that the DOHA monitors VEVO searches. We are not responsible for any actions taken by the DOHA towards you as a result of VEVO searches conducted within the scope of this agreement.
- We disclaim and waive any liability or responsibility whatsoever for interception or unintentional disclosure of emails transmitted by or to us in connection with our performance of services under the agreement.
- You agree that we bear no liability for any loss or damage to any person or entity resulting from the use of email transmissions or our website services, including any consequential, incidental, direct, indirect or special damages, such as loss of revenues or anticipated profits, or disclosure or communication of confidential or proprietary information.
Relevant Law and Jurisdiction
These conditions and all aspects of our performance of services under the agreement are governed by, and both parties agree to be bound by, the law of the state of QLD, and the Code. Both parties irrevocably submit to the exclusive jurisdiction of the courts of the state of QLD and/or the Migration Agents Registration Authority.
Disclosure of Interests
- To assist our clients, we have strategic alliances with a number of related service firms and organisations, including: Schools and education institutions.
- We disclose that these bodies may pay a commission or referral fee in some instances. In addition, in some instances (by prior arrangement) we may pay a referral fee to agents that introduce clients to our practice.
- As the amount of any such benefits, if applicable, are not known at this stage, we will advise you of any amounts received or paid either if and when this occurs, or at your request.
- You accept that we are not providing expert advice in relation to the subject matter of any contracts or arrangements that are the subject of this clause, and that we bear no liability for any loss or damage to any person or entity resulting from the provision of non-migration advice.
GDPR – General Data Protection Regulations – Extra Territorial applicability
As a third country subject to data flows to an no EU member state, “confirmed in 2015 by the Court of Justice in the Schrems ruling, the adequacy standard does not require a point-to-point replication of EU rules. 28 Rather, the test lies in whether, through the substance of privacy rights and their effective implementation, enforceability and supervision, the foreign system concerned as a whole delivers the required high level of protection”.
As the privacy standards of the Australian Privacy Act 1988 and the Code of Conduct for agents covers the adequate protection of data and data flows to a third country, “Under EU law, an adequacy finding requires the existence of data protection rules comparable to the ones in the EU”. 34 . As being bound by a code of confidentiality related to our Code of Conduct, we must have consent from you to share information to any third parties who could be given your data for a matter.
Data subject rights
Who is our information “processor” and “controller”?
The Migration Manager companies or any affiliates, or us do not have access to your user end of the system. The information we receive and that you have provided has been considered that you have given explicit and general consent from you, the user.
How do you give consent?
When you sign our Client Agreement for Fees and services and/or the client questionnaire, as we have a lawful basis to hold and process data, you are giving us consent to the processing and controlling of your information that you have disclosed to us. You can ask to be forgotten within reason, especially over time when the reason for the storage of that personal data diminishes. Due record keeping requirements, this must also be within the context of Australian laws and the OMARA Code of Conduct.
With the system that we use, namely Migration manager, there is function for data portability and we can provide all your data to you upon written request from you, the person.
Data control officer
In this instance, we have a data control officer who assists in compliance with data protection practices and is the notification officer of any breaches.
Breach Notification Process
Once a data breach has been found (or we have been informed by our third party controllers), we must notify the relevant authorities, organisations and persons and relevant parties of the actual breach event, the type of breach, the type of information that was given, the location of the breach (if known), and notify the correct persons within 72 hours.
Right to be forgotten
As we are subject to the Schedule 2 Migration Agents Regulations 1994 – Code of conduct, and the Australian privacy act 1988, although we cannot disclose information without your expressed consent, as we are processing and controlling data that if you are resident or a citizen of an EU member state, you must consider that we are also subject to Australian laws for the purpose of this service.
Privacy by design
As the levels of consent increase as you participate with us as active users of our systems, consent is controlled by the user themselves, whether explicit or general in nature.
Reviews our systems will be conducted on a bi-annual basis to ensure the best protection of a clients data.
You can find the actual legal European Council text for the GDPR European General Data Protection Regulations here.
You can find the Australian privacy principles here.
If you have any questions regarding our privacy protocols, please contact us at firstname.lastname@example.org for more information.