Privacy Policy & Disclaimer

​Privacy and Data Protection Policy

Effective Date: 21 July 2025

1. Scope & Definitions

1.1 Scope

This policy explains how Mining Alliance Pty Ltd (“Mining Alliance”, “we”, “us”, “our”) collects, uses, stores, and protects personal information in connection with:
 

• Recruitment and 482 visa sponsorship

• Our automated reference‑checking platform

• Visitors to our digital platforms, forms, and services

It applies to all candidates, referees, job applicants, and website users.

1.2 Key Definitions
 

• Personal Information: Information or opinion about an identifiable individual (APP 1).

• Sensitive Information: A subset of personal information requiring higher protection (e.g. health, criminal history, ethnicity) (APP 3).

• Reasonable Steps: Measures we take to comply with the APPs, scaled to data sensitivity, risk of harm, our resources, and what is practicable.

  • Examples: encrypting backups; enforcing unique credentials per system; annual vulnerability scans; periodic staff training on data handling.

2. Collection of Personal Information

2.1 Active Collection

We collect only what’s necessary for our services, including:
 

• Identity: Name, date of birth, contact details, citizenship/residency

• Professional: Employment history, qualifications, licences, referees

• Government IDs: Passport number/expiry, visa details, tax file number

• Sensitive (with consent): Health status, criminal history, referee feedback

2.2 Passive Collection

When you browse without registering, we collect only non‑identifying technical data (IP address, browser/OS, pages visited) to improve performance and resolve issues. We only use essential session cookies required for basic site functionality; we do not employ any analytics, performance or marketing cookies. If you interact with our forms or emails, we may also track opens and link clicks for audit purposes.

​​

2.3 Children’s Privacy

We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected data from someone under 18, we will promptly delete that information.

3. Use & Disclosure
 

We use and disclose personal information solely to:
 

• Assess role suitability (including 482 visa compliance)

• Conduct reference, background, and work‑rights checks

• Provide recruitment, onboarding, payroll, and HR services

• Meet legal, taxation, and reporting obligations

• Communicate about job opportunities

Disclosure occurs only:
 

• With your consent (to employers, clients, recruitment partners)

• To service providers under contracts reflecting the APPs and equivalent safeguards

• To government authorities as required by law

• To comply with lawful requests or protect our legal rights

Cross‑Border Transfers:

Where offshore processing is necessary, we take reasonable steps—via contractual terms and provider selection—to ensure privacy protections at least as stringent as the Privacy Act. We regularly review providers’ certifications (e.g. ISO 27001, SOC 2).

4. Data Retention & De‑identification
 

We retain personal information only as long as required to fulfil its collection purpose or to comply with legal obligations (for example, seven years for tax records). Thereafter, we take reasonable steps to permanently de‑identify or securely delete the information.

5. Automated Reference‑Checking Platform
 

We operate a purpose‑built, fully automated reference‑checking system in a secure, externally hosted environment. We control all application‑level code and security policies; our host manages underlying infrastructure and patching.

Key Controls:
 

• Encryption of data in transit and at rest

• Role‑based access controls and input validation

• Automated logging and monitoring with audit trails and alerts

• Regular vulnerability assessments and patch management

• Incident response processes with defined timelines for containment and notification

All referee data is collected with explicit consent and treated as confidential.

6. Security of Personal Information
 

We take reasonable, proportionate steps to protect against misuse, interference, loss, and unauthorized access, modification, or disclosure. Our measures include:
 

• Cryptography: TLS 1.2+ for data in transit; AES‑256 for data at rest

• Access & Monitoring: Role‑based permissions; audit logging of system activity

• Vulnerability Management: Regular scans and prompt remediation

• Incident Response:

  • Containment within 7 days of detection

  • Notification to affected individuals within 30 days if serious harm is likely

  • Notification to the OAIC under the Notifiable Data Breaches scheme

7. Access, Correction & Deletion

You may request to access, correct, or delete your personal information (subject to any legal retention requirements). We take reasonable steps to verify your identity and will respond within 30 days.

8. Your Choices & Consent
 

• You may decline to provide certain information; this may limit our ability to offer some services (e.g. visa processing).

• You can withdraw consent to communications at any time.

Candidates should ensure referees have provided informed consent before sharing their details.

9. Third‑Party Management

9.1 General Third‑Party Providers

We take reasonable steps to ensure that all third‑party providers:
 

• Are bound by contracts aligning with the APPs and applicable laws

• Undergo at least annual security and privacy audits (e.g. ISO 27001, SOC 2)

9.2 Web Development Partner Access

We engage third‑party web development partners who require access to Mining Alliance systems or data solely to:
 

• Conduct performance reviews of our digital platforms

• Implement software updates and process upgrades

Access is granted on a strict need‑to‑know basis, under confidentiality and data‑protection agreements that:
 

• Limit partner access to the minimum data and systems necessary

• Restrict use of that access exclusively to the specified purposes

• Require partners to adhere to our security controls (encryption, role‑based access)

• Oblige partners to securely return or delete all data upon completion of their engagement

All such agreements are reviewed and renewed annually (or upon material change in scope), and partners are audited to ensure ongoing compliance.

10. Policy Review & Accessibility
 

This policy is reviewed at least annually and after any material change in law, technology, or our practices. The latest version is available on our website or upon request, in accessible formats free of charge.

11. Contact & Complaints
 

Privacy Officer - Matt Simpson
Mining Alliance Pty Ltd
Email: matt@miningallianceptyltd.com
 

If you remain dissatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).