Privacy Policy

Privacy Policy

Privacy notice

  1. Scope
    • Sanctuary Recruitment (ABN 51 604 184 670), located at Level 5, 50 Carrington Street, Sydney, NSW 2000, is part of the Acacium Group and trades as Pulse (“we”, “us” or “our”). A full list of our group companies and their trading names can be found on our website: https://acaciumgroup.com/who-we-are/our-businesses/.
    • This Policy explains how and why we collect, use, hold and disclose your personal information.
    • We are committed to protecting your privacy. We are bound by the Privacy Act 1988 (as amended from time to time) (the “Privacy Act”) and the Australian Privacy Principles (“APPs”) (together “Privacy Laws”).

 

  1. What is personal information
    • Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true. For the purpose of this Policy, ‘personal information’ and ‘personal data’ are used interchangeably and are synonymous.
    • Sensitive information may be required to be collected in some circumstances. Sensitive information is information or an opinion about an individual’s race or ethnic origin, political opinions, members of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences, criminal records, or health information. We will only collect sensitive information if it is necessary for business purposes and for the inherent requirements of the position. Sensitive health information will only be collected with your consent.
    • In some circumstances, we are legally required to collect, use, or disclose your personal and sensitive information. These obligations arise under a range of Commonwealth and state legislation related to taxation, immigration, employment agency regulations, national security, professional registration, and the protection of vulnerable groups. These include, but are not limited to, the laws and regulations set out in the Privacy Collection Notice e.g. the Migration Act 1958 (Cth), Criminal Records Act 1991 (NSW), Work Health and Safety (WHS) Act 2011, Health Practitioner Regulation National Law, National Safety and Quality Health Service (NSQHS) Standards, Private Employment Agents (Code of Conduct) Regulation 2015.

 

  1. Collection, purpose, and use of personal information
    • We may collect personal information:
      • directly from you, for example, where you provide information by applying for a role either through our website or online portal.
      • From third parties with your consent. For example, we may seek information and your:
      • prior employment history through employment checks;
      • eligibility to work in Australia through a visa status check;
      • educational qualifications by requesting confirmation of qualifications or results from an academic institution;
      • ability to perform the inherent requirements of the position, through medical and other allied health professionals, or criminal history check and/ or working with children check; and
      • from speaking to your employer over the phone; and through publicly available social networking sites such as LinkedIn.
    • We will endeavour to maintain an accurate record of your personal information. To assist us in doing so, you should ensure all personal information provided is accurate and up to date. Where changes are appropriate, you should inform us as soon as possible.
    • The table below sets out the personal data that we collect and use about you:

 

Processing Activities Personal Data Purpose

Visiting the website to register as a job seeker, be contacted by, or recommend a friend to us

 
  • Full name
  • Telephone number
  • Mobile number
  • Email address
  • Location
  • To maintain communication with you regarding employment matters or for marketing purposes, where you have agreed to this.
Accessing resources such as reports, guides, or publications and participating in events, webinars, or other hosted events
  • Full name
  • Email address
  • To communicate requested materials, updates, and follow-up information, and manage event logistics.
Applying for a vacancy
  • Full name
  • Age
  • Gender
  • CV
  • Contract details
  • Information regarding occupation history and remuneration
  • Assess your suitability for employment and work placements.
Identity checks
  • Passport
  • Identity documents
  • Visa documentation
  • To verify your right to work and visa conditions.
Personal and professional background checks
  • Age
  • Gender
  • Employment history
  • Qualifications
  • References
  • Other personal legal documentation or information necessary to recruitment processes
  • Assess your suitability for employment and work placements.
  • Verify qualifications, experience and references, including through third-party verifications.
Criminal history checks
  • Criminal record
  • To complete national police checks or state-based screening requirements.
Medical information
  • Health and medical history
  • Injuries
  • To manage insurance claims, complaints, investigations and workplace occupational health.
  • Procure and coordinate non-mandatory medical tests (such as drug tests) where required for assignment.
HR and compliance-related information
  • Records of incidents, complaints and grievances
  • Diversity and inclusion disclosures
  • Qualifications
  • To investigate and complete records.
  • Facilitate training and professional development for mandatory compliance learning.
  • Management of investigation, resolution and defence of complaints of legal claims and compliance with court orders and associated legal obligations.
Financial information
  • Superannuation details
  • Tax file number
  • Bank account information
  • Insurance details
  • To manage and process payroll, superannuation contributions, taxation matters and other administrative purposes.
Statistical reporting and analysis
  • Demographic data
  • Application details
  • Recruitment outcomes
  • To identify trends, assess recruitment effectiveness and support workforce planning.
Interacting with us in the context of a business relationship, including as a client, partner, or supplier
  • Company details
  • Contractual and transactional data
  • To manage and fulfil contractual obligations and maintain business relationships.
  1. Consequences of not providing information
    • If you do not provide us with personal information requested, we will be unable to assess and/or progress your application. In the context of supplier relationships, failure to provide required personal information may result in our inability to establish or continue a business relationship.

 

  1. How do we store and hold information
    • We store most information about you in computer or cloud-based systems and databases operated by either us or our external service providers.
    • We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
    • These processes and systems include the following:
      • The use of access management tools to control access to systems on which information is processed and stored.
      • All employees are to comply with internal information security policies and keep information secure.
      • All employees are to complete training about information security annually.
    • We monitor and regularly review our practise against our own policies and against industry best practice.

 

  1. Who we share information with
    • We will disclose your personal information only for the purposes for which the information was collected unless we obtain your consent, or we are specifically permitted to make other uses or disclosures under Privacy Laws.
    • In the course of providing recruitment and placement services, we may share your personal data with third parties where it is necessary for progressing your application, securing employment, or meeting legal obligations. These include:
      • Clients and Prospective Employers: We may share your CV, professional history, and relevant details with organisations that are seeking to fill positions that match your profile.
      • Recruitment Platforms and Job Boards: Where appropriate and with your consent, we may upload anonymised or reformatted versions of your CV to recruitment platforms or job boards to increase your visibility and access to opportunities.
      • Technology Partners: Providers of applicant tracking systems (“ATS”), CV parsing tools, and AI-based job matching services that support our recruitment operations.
      • Employment Screening Providers: Third parties who assist with background checks, reference checks, right-to-work verification, or credential validation.
      • Payroll and Umbrella Companies: Where applicable, your information may be shared with trusted partners for payroll administration or contractor engagement purposes.
      • Legal, Regulatory and Compliance Bodies: Such as the Australian Taxation Office (“ATO”), or other authorities when required by law, or in response to legal processes, safeguarding investigations, etc.
    • We may also share personal data between entities within our corporate group for several reasons, including:
      • Service Delivery & Operational Efficiency: Ensuring smooth operations by sharing data for administrative, HR, IT, finance or customer service purposes.
      • Regulatory Compliance & Risk Management: Meeting legal obligations, conducting internal audits, and managing risks across the organisation.
      • Security & Fraud Prevention: Protecting against security threats, cyber risks, and fraud by implementing centralised monitoring and threat detection.
      • Research & Analytics: Using aggregated or pseudonymised data to improve products, services, and customer experiences.
    • To ensure that intra-group data sharing is lawful, transparent, and secure, we have established an intra-group data sharing agreement between group entities that define purpose, scope, and legal basis for data sharing.

 

  1. Overseas Data Transfers
    • Acacium Group operates in several countries. Your personal information (including sensitive information) may be transferred to, stored, or processed in locations outside Australia (including in the United Kingdom, India, South Africa, and the Philippines).
    • To ensure that your personal information is protected, we require all overseas third parties with whom we share data to implement and maintain appropriate safeguards. These safeguards are designed to ensure your information is handled in compliance with applicable data protection laws and in a way that respects your privacy.
    • However, you acknowledge that where we transfer this personal information overseas, there is an increased level of risk to the security of your personal information. Where such recipients are located overseas, you may have rights to enforce such parties’ compliance with applicable data protection laws, but you may not have recourse against those parties under the Privacy Laws in relation to how those parties treat your personal information.

 

  1. Marketing
    • We may send you marketing information and promotional communications via email, telephone, SMS, direct mail, or social media. These may include:
      •  
      • Questionnaires/Surveys: To gather feedback on services received; opinions may be collected and analysed to improve the quality of services we offer.
      • Competitions, incentives, and promotions.
      • Referral schemes.
      • Exclusive events and training.
      • Charities that we support; or
      • Relevant job opportunities from our group companies.
    • You may opt out of marketing communications at any time by:
      • clicking the unsubscribe link at the bottom of any marketing emails we send you; or
      • emailing us at dpo@acaciumgroup.com.
    • We endeavour to process unsubscribe requests as soon as possible and within five working days of receipt as defined under the Spam Act 2003. Other requests to opt out of marketing communications may take up to thirty calendar days to be fully actioned. During this period, you may still receive marketing communications.
    • Please note that essential job-related communications will continue.

 

  1. Cookies and similar technologies
    • We use cookies and similar technologies to collect information about your interaction with our website. Cookies are small files that are sent to your device when you visit a website or app. They stay on your device and are sent back to the website or app they came from when you visit it again. For more information about cookies please visit www.allaboutcookies.org. You can control and delete cookies through your browser settings for more information on how to do this please visit allaboutcookies.org/manage-cookies.
    • Cookies can collect personal and anonymised information including your IP address, browser and device type, language and operation system and similar data from website visits.
    • We use tracking technologies such as pixels in our email communications to enhance your experience and improve our services. Tracking pixels are tiny, invisible images embedded in our emails that allow us to collect certain information when you interact with our emails.
    • The table below explains categories and types of cookies:

 

Categories of cookies

Strictly Necessary

 These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.
Accessing resources such as reports, guides, or publications and participating in events, webinars, or other hosted events These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
All information these cookies collect is aggregated and therefore anonymous.
Functional These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting or Marketing These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.
They do not store directly personal information but are based on uniquely identifying your browser and internet device.
Types of cookies
Session Session cookies enable us to keep track of your movement through the website and allow you to use the site quickly and easily without having to re-enter information. Without session cookies, a new page would not recognise your past activities on all prior pages. Session cookies will only be stored on a device’s memory during the current browser session. Once the session has closed, the cookie will be deleted.
Persistent Persistent cookies help us remember your settings for each time you visit. They enable us to authenticate who you are to remember your preferences the next time you visit the site. This gives you faster and more convenient access each time you visit our site. Persistent cookies will be permanently stored on your device to remember information each time you revisit a website.
First-party

We use cookies that are set directly by our website to help it function properly and improve your experience. These first-party cookies allow us to remember your preferences such as language or region settings. They also help us understand how people use our website so we can make improvements and offer a more tailored experience.
Third-party We may use cookies that are set by a partner company to enable us to track user browsing habits, helping us to improve how the site runs and personalise your user experience. Third-party cookies also facilitate campaign delivery through advertisements and email activity, as well as providing analytical reporting for our website.

 

  1. Data Security
    • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. To ensure ongoing compliance and the security of our systems and your data, we conduct regular security audits and assessments of our data protection measures.
    • In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
    • If a data breach occurs that meets the criteria under the Notifiable Data Breaches scheme under the Privacy Act:
      • We will assess the impact and take action to contain the breach.
      • If required, we will report the breach to the Office of the Australian Information Commissioner (“OAIC”) and affected individuals.

 

  1. Automated Decision Making and Artificial Intelligence
    • Artificial Intelligence (“AI”) is a term used for a range of technologies that can replace manual processes and solve complex tasks by carrying out functions that previously required human action.
    • We use AI to support our existing activities. To use AI, we combine information you have provided to us directly, information we derive about you from your use of our services or your interactions with us, and information from other people and organisations. These tools are used to enhance efficiency, fairness, and quality in how we assess applications and present candidate profiles to potential employers.
    • AI tools are evaluated regularly to ensure they operate fairly and are not biased or discriminatory and data processed through these tools is protected by access controls, encryption, and secure infrastructure.
    • We use AI for different purposes such as:
      • Job Description Review Software: To help us construct, manage, and store job descriptions with text analysis and keyword optimisation.
      • CV Reformatting: To enhance CVs for consistency and readability.
      • CV Matching: To align job roles with CV skills.
      • Chatbot Activity: To manage simple queries and provide guidance.
      • Recording: To record data obtained through media or communications for quality, training, and query resolution.
      • Targeted Social Media Searches: To find potential candidates on social media.
      • Qualifying Screening Tools: To screen and rank CVs and personal statements based on criteria set by employers.
    • We may use personal data as part of the development and training phase of an AI solution, for example where it is not possible to use anonymised data.
    • Please note that throughout the recruitment process and while you are a candidate you will not be subject to a solely automated decision making as the final decisions will be taken by humans (albeit based on the outputs produced by AI).

 

  1. Data Retention
    • We retain personal data in accordance with our data retention schedule and other relevant guidelines. Retention periods vary depending on the type of record and legal requirements. Once retention periods expire, data is securely deleted or anonymised.

 

  1. Your Rights in Connection with Personal Information
    • The table below details your rights regarding your personal data. To exercise any of the following rights, please contact dpo@acaciumgroup.com. We will respond to a request within 30 days from the date the request was received.

Your Rights

 Explanation
Your right to access
  • You have the right to ask us for copies of your personal data information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • There are some exemptions which means you may not receive all the information you ask for.
Your right to correction
  • You have the right to ask us to correct the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • We may, however, refuse your request if we consider that the information is accurate having investigated it.
Your right to withdraw consent
  • This right arises at any time we are relying on the consent you have provided to us to process your personal data. Such as when you ask us for further information or sign up to our information services such as newsletters, you have the right to withdraw your consent for processing for this purpose at any time.
  • Once we have received notification that you have withdrawn your consent, we will no longer process your information and, subject to our retention policy, we will dispose of your personal data securely.
  • If you withdraw your consent, we may not be able to provide our services to you. We will advise you if this is the case at the time you withdraw your consent.

 

  1. Complaints
    • If you have any concerns about our use of your personal data, you can make a complaint to us using our contact details below.
    • We will acknowledge your complaint and expect to get back you with a substantive response within approximately 30 working days.
    • If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the Office of the Australian Information Commissioner here.

 

  1. Contact Details
    • We have appointed a data protection officer (DPO) to oversee compliance. If you have any questions, comments, requests, or concerns, please contact us at: dpo@acaciumgroup.com.

 

  1. Changes to this Policy
    • We keep this Policy under regular review. This Policy was last updated on 13/11/25.
    • We reserve the right to update this Privacy Policy at any time. The current version will always be available here. We will provide you with a new Privacy Policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
    • You may obtain a copy of our current Policy from our website or by contacting us at the contact details above.