0 %

Page

privacy policy

privacy policy

Remote Shifts – Privacy Policy

1. Who we are

This Privacy Policy explains how Remote Shifts Pty Ltd (ABN: 84672892787) (Remote Shifts, we, us, our) collects, uses, discloses and protects personal information in connection with:

  • Our website and online platforms
  • Our remote staffing and managed services
  • Our dealings with clients, suppliers, job applicants and employees.

We are based in Sydney, New South Wales, Australia, and we primarily work with clients in Australia, New Zealand, the United Kingdom, the European Union, Canada, the United States and other regions.

We are committed to handling personal information in accordance with:

  • The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) OAIC+1
  • The Notifiable Data Breaches (NDB) scheme under the Privacy Act where it applies to us OAIC+2OAIC+2
  • Other applicable privacy and data protection laws, including (where relevant) the EU General Data Protection Regulation (GDPR) and UK GDPR. European Commission+2GDPR+2

Regardless of whether we meet the mandatory APP entity turnover thresholds, we choose to align our practices with the APPs as a minimum standard.

2. How this policy applies

This Privacy Policy applies to:

  • Visitors to our website
  • Prospective, current and former clients
  • Prospective, current and former employees, contractors and job applicants
  • Individuals whose personal information we process on behalf of our clients (for example, our clients’ customers, staff or suppliers).

When we handle personal information on behalf of a client as part of our remote staffing or managed service offerings, we usually act as a data processor / service provider under GDPR-style concepts, and our client remains the data controller (they decide why and how the data is processed). European Commission+2Homepage | Data Protection Commission+2

3. Types of personal information we collect

The types of personal information we collect will depend on your relationship with us, but may include:

3.1 Clients and business contacts

  • Name, job title and role
  • Business contact details (email, phone, address)
  • Billing and payment information
  • Communications and meeting records
  • System access details we need for providing services (for example, role-based access to CRMs, helpdesk systems, MS 365, Google Workspace, etc.).

3.2 Remote staff, employees and job applicants

  • Identity details (name, date of birth, contact details)
  • CV, work history, skills, qualifications and references
  • Right-to-work and screening information where permitted by law
  • Performance data, training records, attendance logs and productivity reports
  • Limited health or other sensitive information where you voluntarily provide it and where lawful and necessary (for example, for workplace health and safety).

3.3 Individuals whose information we process for our clients

As part of our remote services, we may access or handle personal information held in our clients’ systems, such as:

  • Customer names and contact details
  • Customer accounts, orders, service history and tickets
  • Business contact information of suppliers, partners or staff
  • Other records stored in CRMs, ERPs, helpdesk or collaboration platforms.

In these cases, we process the information only in accordance with the client’s documented instructions and applicable law.

3.4 Website users

  • Technical information such as IP address, browser type, device identifiers
  • Usage data such as pages visited, time spent, referring URLs
  • Information submitted via forms (contact forms, newsletter signup, consultation requests).

4. How we collect personal information

We may collect personal information:

  • Directly from you (for example, when you contact us, sign a contract, apply for a role, or use our services)
  • Indirectly from our clients when they provision access for our remote staff to their systems
  • Automatically through cookies and similar technologies when you use our website or online tools
  • From publicly available sources (e.g. LinkedIn, business websites)
  • From third parties where permitted (e.g. recruiters, referees, background check providers).

Where practicable, we will collect your personal information directly from you, and we will take reasonable steps to notify you of collection as required under the APPs. OAIC+1

5. Why we collect, use and disclose personal information

We collect, use and disclose personal information for purposes including:

  • Service delivery:
    • Providing remote staff and managed services to our clients
    • Administering user access and roles within systems like Perfex CRM, MS 365, Google Workspace and other platforms
    • Monitoring service quality, productivity and performance.
  • Business operations:
    • Managing our internal teams and resources
    • Training and developing staff using real processes and tools
    • Maintaining security, audit logs and access control.
  • Client relationship management:
    • Communicating with clients and prospects
    • Handling enquiries, proposals and project discussions
    • Managing contracts, billing and accounts.
  • Legal and compliance:
    • Complying with the Privacy Act 1988 (Cth), the APPs and other applicable privacy laws OAIC+2Attorney-General's Department+2
    • Meeting tax, accounting and record-keeping obligations
    • Responding to lawful requests from regulators or law enforcement.
  • Marketing (limited and respectful):
    • Sending service updates, insights or invitations where permitted
    • Providing information about new offerings that may be relevant to your business (you can opt-out at any time).

If we need to use personal information for a materially different purpose, we will normally seek your consent or ensure that the new purpose is compatible with the original purpose and permitted by law.

For individuals in the EU/UK where GDPR applies, our primary legal bases include performance of a contract, compliance with legal obligations, and our legitimate interests in providing and improving our services, except where overridden by your rights and interests. GDPR

6. Our role as service provider / processor

For many of our services (especially remote staffing, CRM/ERP implementation, helpdesk operations, IT support and marketing execution), we act as a service provider / data processor on behalf of our clients.

In that role:

  • The client determines the purposes and means of processing personal data (they are the controller). European Commission+2Homepage | Data Protection Commission+2
  • We process the relevant personal information only in accordance with the client’s documented instructions, applicable law and our contract. GDPR
  • We implement reasonable technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure or loss.
  • We require our staff and sub-processors to comply with confidentiality and data protection obligations.

Where GDPR applies, our contracts with clients reflect the requirements of Article 28 GDPR for processor agreements. GDPR

7. Cross-border access and data sovereignty

A core principle of our model is that client data stays in the client’s country wherever technically and operationally feasible:

  • Our remote staff typically connect via secure remote access tools (for example, ConnectWise, RMM tools, VPN or other approved platforms) to systems and devices located in the client’s jurisdiction.
  • Our policy is to avoid copying or exporting client data to our own infrastructure unless strictly necessary and agreed in writing (for example, for backups, specific processing tasks or logging).

However, because our remote staff and offices may be located in other countries (for example in South Asia or Africa), there may be circumstances where:

  • Staff located overseas access personal information stored in systems in your country; and/or
  • Limited personal information (e.g. user identifiers, logs, contact details) is processed by overseas service providers or cloud platforms.

Where the Australian Privacy Principles apply (particularly APP 8 on cross-border disclosure), we will take reasonable steps to ensure that any overseas recipient does not breach the APPs in relation to your personal information, or that an exception under APP 8 applies. OAIC+1

For clients subject to GDPR or UK GDPR, we will work with you to ensure that any cross-border transfers of personal data are based on an appropriate transfer mechanism (for example, adequacy decisions, standard contractual clauses or equivalent safeguards). GDPR

8. How we protect personal information

We implement a combination of technical, organisational and physical safeguards, which may include:

  • Role-based access control and the “least privilege” principle
  • Strong authentication (password policies, MFA where possible)
  • Encrypted connections for remote access tools and web-based platforms
  • Segregation of workstations and accounts for client projects
  • Security awareness and privacy training for all staff
  • Productivity and activity logging, subject to applicable workplace laws
  • Secure disposal or de-identification of data when no longer required.

While we take reasonable steps to protect personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security of information, but we continually review and improve our safeguards.

9. Data breaches and the Notifiable Data Breaches scheme

A data breach occurs when personal information is lost or subjected to unauthorised access or disclosure. OAIC

If we become aware of a data breach involving personal information we hold, we will:

  1. Take immediate steps to contain and assess the breach.
  2. Investigate what happened and the type of information involved.
  3. Assess whether the breach is likely to result in serious harm to individuals. OAIC+1
  4. Where the Privacy Act and the Notifiable Data Breaches (NDB) scheme apply to us, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. OAIC+2OAIC+2
  5. Where we act as a data processor for a client, promptly notify the client and assist them in meeting their own notification obligations, in line with our contract.

We also use breach findings to strengthen our controls and training.

10. Data retention

We retain personal information only for as long as reasonably necessary to:

  • Provide our services
  • Support our training and quality processes
  • Meet legal and regulatory requirements
  • Resolve disputes and enforce agreements.

When personal information is no longer needed for these purposes, we will take reasonable steps to destroy or de-identify it, unless we are required by law or our contracts to retain it for longer.

11. Your rights

Depending on where you are located and which laws apply, you may have rights including:

  • Access: to request access to personal information we hold about you.
  • Correction: to request correction of inaccurate, out-of-date or incomplete information. OAIC
  • Deletion (GDPR/UK GDPR): in some circumstances, to request deletion of your personal data. GDPR
  • Restriction and objection (GDPR/UK GDPR): to restrict or object to certain processing.
  • Data portability (GDPR/UK GDPR): to receive certain data in a structured, commonly used format.
  • Direct marketing: to opt-out of receiving direct marketing communications at any time.

For APP entities, APP 12 and APP 13 provide for access and correction of personal information held by organisations. OAIC+1

To exercise your rights, please contact us using the details in section 14. We may need to verify your identity and, in some cases, we may lawfully refuse a request and will explain why.

12. Cookies and website analytics

Our website may use:

  • Cookies and similar technologies to remember your preferences and understand how you use our site
  • Analytics tools to monitor site performance and usage trends (for example, page views, browser information, session duration).

You can usually configure your browser to refuse cookies or alert you when cookies are being sent. However, some features of our site may not function properly if cookies are disabled.

13. Direct marketing

We may send you marketing communications (such as newsletters, service updates or invitations) if:

  • You have requested information from us, or
  • You are an existing client and the communication relates to our services, or
  • You have otherwise consented or it is permitted by law.

You can opt-out of marketing communications at any time by using the unsubscribe link in the message or by contacting us directly.

We will not sell your personal information to third parties for their own direct marketing.

14. How to contact us

If you have any questions, requests or concerns about this Privacy Policy or the way we handle personal information, please contact:

Remote Shifts Pty Ltd
Attention: Privacy Officer
Email: info@remoteshifts.com
Address: Strathfield South NSW 2136 Australia , Sydney NSW, Australia

15. Complaints

If you believe we have breached the Privacy Act, the APPs or any other applicable privacy law, you can lodge a complaint with us. Please include as much detail as possible, and we will:

  1. Acknowledge your complaint
  2. Investigate the circumstances
  3. Respond to you within a reasonable time with our findings and any actions taken.

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant regulator, such as:

  • The Office of the Australian Information Commissioner (OAIC) in Australia OAIC+1
  • A local data protection authority in the EU/EEA or UK, if GDPR/UK GDPR applies.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements or business model.

The updated version will be posted on our website with a revised “Last updated” date. We encourage you to review this policy periodically.

 

Icon Let's talk about your project!

Contact Us
Image Image