This Privacy Policy describes how F2F Solutions Australasia Pty LTD (us/we) collects, uses, stores, and protects the personal information of its users and customers in accordance with the Data Protection Act 2018, GDPR 2018, Privacy and Electronic Communications Regulations 2003, and the Australian Privacy Principles.
Users of F2Fsolutions services are encouraged to read this in conjunction with our client’s privacy and data security policies.
Personal data is defined by the DPA 2018 and the GDPR 2018 as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’.
In simpler terms, personal data is any information about you that enables you to be identified (either on its own or when combined with other data we may hold on you). Personal data covers obvious information such as your name and contact details, but it also covers information such as identification numbers, electronic location data, and other online identifiers.
Types of Information: We collect personal information such as names, contact details, email addresses, and employment information when users voluntarily provide this information through our, services and interactions on behalf of our clients.
We also collect documentation supplied voluntarily by you which includes verification documents such as copies of qualifications and information pertaining to employment requirements asked of you to provide on behalf of our end-user clients.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your identity, contact, profile, and credentials by filling in fields on our forms and online tools when you register as a user. You provide our company with most of the data we collect.
We collect data when you voluntarily consent to complete the questionnaire of our clients for the purpose of employment and easy data population of forms used to verify credentials and compliance to employment requirements. If you do not wish to use our SaaS platform you have a right to refuse. In such cases ask your agency/employer (our client) to provide you with other options and ways to engage with them.
Automated technologies or interactions. As you interact with our platform and website we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this Personal data by using cookies, server logs, and other similar technologies.
Third parties or publicly available sources. We will receive only minimal personal data about you from various third parties and public sources.
We may collect, hold, use and disclose your personal data for the following purposes and legal bases:
to enable you to access and use our SaaS Solution and our Services generally (pursuant to our contractual terms and conditions of service);
to enable us to fulfill our contracts with customers which will be your employer or recruitment agency of all kinds;
To operate, protect, improve and optimise our services, business and users’ experience, such as to perform analytics, conduct research and for advertising and marketing (our legitimate interests);
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you (our legitimate interests);
to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.
Personal information is used to fulfill user requests, improve our services, personalise user experiences, and communicate updates, promotions, or important information related to our services.
We may also use information for analytics, research, and to comply with legal obligations.
We do not sell or rent personal information to third parties. However, we may share information with trusted service providers for the purpose of operating our business and providing services.
Supply of data in connection with Third Party Applications
Our Service includes integration with applications operated by third parties (TPAs). Our terms of use explain the basis on which we integrate TPAs into our Service. Please refer to section 6 of our terms for important conditions relating to such integration.
We will disclose your Personal data to the suppliers of Integrated TPAs as reasonably necessary in connection with the integration of that third party service with our Service. Such information may include Personal data as referred to in “What Personal data do we collect?“, which needs to be supplied in order to integrate with the Service.
F2F Solutions is selective when choosing its Integrated TPAs and takes care to assess the suitability of the third party suppliers, with the goal that all integrations enhance the Services and offer benefits to you. Please note the Integrated TPAs are not owned or controlled by F2FSolutions and we are not responsible for their privacy practices.
An example of third party suppliers are
CRM platforms used by our clients such as and not limited to Bullhorn, Salesforce, Vincere and Eclipse.
Information may also be shared in compliance with legal requirements or to protect our rights or safety and that of our users.
Data is stored in Australia in a secure environment. Personal data is pulled out of our clients’ CRM application and pushed back there when the applicant completes and submits the missing fields and credentials relevant to a particular job.
We do acknowledge that many of our external third parties are based outside of Australia in places such as the USA and the UK so there may be on occasions a need to move personal data or make it accessible from one place to another. This may involve a transfer of personal data outside Australia to the UK, or from the UK Australia.
Data is encrypted on servers and inflight.
Our website uses cookies and similar tracking technologies to enhance user experience, track website usage, and gather information about user preferences. Users can manage cookie preferences through their browser settings.
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required by law.
Users have the right to access, update, correct, or delete their personal information. You can exercise these rights by contacting your agency/employer and by deleting the information that you provided from your portal of which you have control.
If you come to us directly, we may not be able to provide you with access to all of your personal data but if this is the case, we will tell you why. We may also need to verify your identity when you request your personal data.
If you think that any personal data we hold about you is inaccurate, you can correct it via your portal login and by contacting your agency/employer who will take reasonable steps to ensure that those records are corrected.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We have implemented appropriate technical and organisational controls to protect your personal data against misuse, loss, or unauthorised access. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing Privacy@F2Fsolutions.io
Data Security is of the utmost importance to F2F Solutions and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
Limiting access to our buildings to those that we believe are entitled to be there by use of passes;
Implementing access controls to our information technology;
We use appropriate procedures and technical security measures (including strict encryption and deletion techniques) to safeguard your information across all our SaaS platform
First Stage – If you think we have breached the Privacy Act or the GDPR, or you wish to make a complaint about the way we have handled your Personal data, please contact us first using the contact details below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Second Stage – Should you be dissatisfied with the service we provide in the UK you have the right to file a formal complaint to the Information Commissioner’s Office at www.ico.org.uk, or to the relevant data protection supervisory authority in your country of residence.
The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by telephone on 0303 123 1113 or 01625 545 745.
In Australia https://www.oaic.gov.au/privacy/privacy-complaints
For further information about our Privacy Policy or practices, or to access or correct your Personal data, or make a complaint, please contact us at Privacy@F2Fsolutions.io
For any inquiries regarding this Privacy Policy or to exercise your rights concerning your personal information, please contact us at
Privacy@F2Fsolutions.io
We reserve the right to update or modify this Privacy Policy. Any changes will be posted on our website with a revised effective date.
F2FSolutions Australasia Pty Ltd is committed to ensuring the security, confidentiality, and integrity of all data collected, processed, and stored in accordance with the Data Protection Act 2018, General Data Protection Regulation (GDPR), and Privacy and Electronic Communications regulations. This policy outlines the measures implemented to safeguard data within our SaaS platform.
User Access: Access to data is granted based on the principle of least privilege. Users are provided access only to the data necessary for their role.
Authentication: Strong authentication mechanisms, such as user ID and passwords, are employed to ensure secure access.
Access Monitoring: Access to sensitive data is logged and monitored to detect unauthorised access attempts.
Data in Transit: All data transmitted between users and our SaaS platform is encrypted using industry-standard encryption protocols (e.g., TLS).
Data at Rest: Data stored within our systems is encrypted using robust encryption methods to prevent unauthorised access.
Data Classification: Data is classified based on its sensitivity, and appropriate storage mechanisms are employed accordingly.
Retention Policies: We maintain clear retention policies to ensure data is not stored longer than necessary for the purposes outlined in our Privacy Policy.
Risk Assessments: Periodic risk assessments are performed to evaluate and mitigate potential security risks to our systems and data.
Penetration testing: Periodic penetration tests are conducted to proactively seek out ongoing improvements to our system
Training: All employees receive training on data security best practices, including handling sensitive information, preventing data breaches, and understanding their responsibilities.
Awareness Programs: Ongoing awareness programs are conducted to keep employees informed about evolving security threats and measures to mitigate them.
Incident Reporting: Employees are required to report any suspected security incidents or breaches immediately to the designated authorities within the organisation.
Response Protocol: A documented response plan is in place to promptly address and mitigate the impact of data breaches. This includes containment, notification of affected parties, and cooperation with relevant authorities.
Regulatory Compliance: Our data security practices adhere to the requirements outlined in the Data Protection Act 2018, GDPR, and Privacy and Electronic Communications regulations.
Regular Review: This policy is subject to periodic review to ensure alignment with evolving security standards, technological advancements, and regulatory changes.
For inquiries related to this Data Security Policy or to report any security concerns, please contact privacy@f2fsolutions.io
This Data Security Breach Response Plan outlines the steps to be taken in the event of a data breach at F2F Solutions Australasia Pty ltd. The plan aims to mitigate the impact of a breach on affected individuals and comply with relevant laws.
Detection: Immediate identification of a potential breach through monitoring systems, user reports, or any other means.
Initial Assessment: Designate a response team to assess the breach's scope, affected data, and potential impact on individuals and the business.
Isolation: Take immediate steps to contain the breach to prevent further unauthorised access or damage.
Mitigation Measures: Implement actions to minimise the impact, such as disabling affected systems, changing access credentials, or isolating compromised data.
Internal Reporting: Notify the appropriate internal stakeholders, including management, IT personnel, legal advisors, and relevant departments.
Regulatory Reporting: Comply with Australia's mandatory breach notification requirements by promptly reporting the breach to the Office of the Australian Information Commissioner (OAIC) if deemed necessary.
Affected Parties: without undue delay, prepare communication materials to notify affected individuals about the breach, providing clear information about the nature of the breach, potential risks, and actions they can take.
Customer Support: Establish and notify support channels to address inquiries and concerns from affected customers or users.
Post-Incident Analysis: Conduct a thorough investigation of the breach, identify vulnerabilities or gaps in security, and assess the effectiveness of the response.
Enhanced Measures: Implement necessary changes to strengthen security measures and update the breach response plan based on lessons learned.
Legal Counsel: Engage legal advisors to ensure compliance with GDPR and Australian privacy laws and regulations throughout the breach response process.
Documentation: Maintain comprehensive records of the breach, response actions taken, communications, and any regulatory notifications.
Employee Training: Provide regular training and awareness programs to educate employees about data security best practices and their roles in preventing and responding to breaches.
For immediate assistance or inquiries related to this Data Security Breach Response Plan, contact:
Privacy@F2Fsolutions.io
