Privacy Policy & Disclaimer

Effective Date: 20 January 2026

Scope & Definitions
 

This policy explains how Mining Alliance Pty Ltd (“Mining Alliance”, “we”, “us”, “our”) collects, uses, stores, and protects personal information in connection with:

• Recruitment and 482 visa sponsorship

• Our automated reference‑checking platform

• Visitors to our digital platforms, forms, and services

It applies to all candidates, referees, job applicants, and website users.

“Personal Information” means information or an opinion about an identifiable individual, and “Sensitive Information” is a subset requiring higher protection (such as health, criminal history, or ethnicity), consistent with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). “Reasonable steps” are measures we take to comply with the APPs, scaled to data sensitivity, risk of harm, our resources, and what is practicable (for example, encrypting backups, enforcing unique credentials per system, periodic vulnerability scans, and staff training).

Collection of Personal Information
 

We collect only what is reasonably necessary to provide our services, including:

• Identity details (such as name, date of birth, contact details, citizenship or residency)

• Professional information (such as employment history, qualifications, licences, referees)

• Government identifiers relevant to recruitment or 482 visa processes (such as passport number and expiry, visa details, or tax file number)

Sensitive information (such as health information, criminal history, or referee feedback about work performance) is collected only with consent where required or permitted by law, and only where reasonably necessary for our functions or activities.

When you browse our website without registering, we collect only non‑identifying technical data (such as IP address, browser and operating system, and pages visited) to improve performance and resolve issues, and we use only essential session cookies required for basic site functionality (no analytics, performance, or marketing cookies). If you interact with our forms or automated emails, we may track opens and link clicks for audit and system performance purposes.

We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected such data, we will promptly delete it.
 

Use & Disclosure of Personal Information

We use and disclose personal information solely to:

• Assess role suitability (including 482 visa compliance)

• Conduct reference, background and work‑rights checks

• Provide recruitment, onboarding, payroll and HR services

• Meet legal, taxation and reporting obligations

• Communicate with you about job opportunities and related services

Disclosure occurs only:

• With your consent (for example, to prospective or current employers, clients and recruitment partners)

• To service providers under contracts that reflect the APPs and equivalent safeguards

• To government authorities where required or authorised by law

• Where necessary to comply with lawful requests or protect our legal rights (including fraud prevention and the investigation of workplace incidents)
   

Cross‑Border Transfers, Retention & De‑identification
 

Some personal information may be stored or processed using reputable third‑party service providers located outside Australia (for example, cloud hosting and email delivery platforms). We take reasonable steps—through provider selection and contractual terms—to ensure privacy protections that are at least as stringent as those required by the Privacy Act. These steps include requiring appropriate technical and organisational security measures, restricting access to authorised personnel, and ensuring data can be returned or deleted at the end of the engagement.

We retain personal information only for as long as it is needed for the purposes for which it was collected or as required to meet legal obligations (for example, seven years for tax and payroll records). After that, we take reasonable steps to permanently de‑identify or securely destroy it, consistent with APP 11.

Automated Reference‑Checking Platform

Our automated reference‑checking platform operates in a secure, externally hosted environment where Mining Alliance controls application‑level code, access rules and security configurations, while the hosting provider manages underlying infrastructure and patching.

Key controls include:

• Encryption of data in transit and at rest

• Role‑based access controls

• Strong input validation

• Secure logging and monitoring with audit trails and alerts

• Regular vulnerability assessments and patch management

All referee and candidate data collected via this platform is obtained with explicit consent, is used only for recruitment and compliance purposes, and is treated as confidential. Incident‑response processes define clear escalation, containment and notification timeframes where a security incident is suspected or confirmed, aligned with the Notifiable Data Breaches scheme.
 

Security of Personal Information

We take reasonable and proportionate steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure, in line with APP 11 and relevant regulatory guidance. Measures include:

• TLS 1.2+ for data in transit

• AES‑256 encryption for data at rest

• Role‑based permissions and secure credential management

• Audit logging of system activity

We conduct regular vulnerability scans and apply security patches in a timely manner. Where a data breach occurs that is likely to result in serious harm, we will promptly assess the incident (taking all reasonable steps to complete that assessment within 30 days), notify affected individuals as required, and report to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme as soon as practicable.

Access, Correction & Deletion

You may:

• Request access to the personal information we hold about you

• Ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading

• Request deletion of your personal information (subject to any legal retention requirements)

We will take reasonable steps to verify your identity and will respond to such requests within 30 days.

If we refuse a request (for example, where providing access would unreasonably impact others’ privacy or conflict with legal obligations), we will explain the reasons for refusal and outline available complaint options, including how to escalate to the OAIC.

Your Choices & Consent

You can choose whether to provide personal information to Mining Alliance, but if you decline to provide certain details (for example, work‑rights or identity information) we may be unable to offer some services such as visa sponsorship or placement in particular roles.

You can withdraw consent to non‑essential communications at any time by using the links in our emails or by contacting us directly.

If you submit referee details as a candidate, you confirm that your referees have provided informed consent for their contact details and feedback to be supplied to Mining Alliance for recruitment and reference‑checking purposes.
 

Third‑Party Management & Web Development Partners

We engage third‑party service providers (such as hosting, email delivery, security and payroll vendors) under written contracts that require them to handle personal information in accordance with the APPs and applicable privacy laws, including appropriate security safeguards and restrictions on use and disclosure. These providers are periodically reviewed, and where appropriate, we consider certifications such as ISO 27001 or SOC 2 and require secure deletion or return of data at the end of the relationship.

We may grant limited access to Mining Alliance systems or data to trusted web development partners solely to:

• Conduct performance reviews of our digital platforms

• Implement software updates

• Deliver agreed process improvements

Such access is subject to strict confidentiality and data‑protection obligations that:
 

• Limit access to the minimum data and systems necessary

• Restrict use to agreed purposes

• Require adherence to our security controls

• Oblige secure deletion or return of all data once work is completed

These agreements are reviewed at least annually or on any material change in scope.

Policy Review & Accessibility

This policy is reviewed at least annually and whenever there is a material change in law, technology or our practices affecting personal information handling. The latest version is published on our website and can be provided free of charge in accessible formats upon request.

Contact & Complaints
 

If you have questions about this policy, wish to exercise your privacy rights, or wish to make a complaint, please contact:
 

Privacy Officer – Matt Simpson
Mining Alliance Pty Ltd
Email: matt@miningallianceptyltd.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) via www.oaic.gov.au