Data Security & Privacy

We believe that all businesses can be compliant when hiring and employing workers. We help businesses in all industries with this goal, which will eventually raise the compliance levels across Australia.

In order to do that, collecting personal information is part of that process. Simultaneously, developing and maintaining our customers’ trust is a top priority for our business and our team.

Below you will find documents and information that detail privacy and security measures which we take seriously, so that you can be confident using our application, and engaging with us to ensure your data is safe and secure.


The Privacy Act 1988 and The Australian Privacy Principles

As an organisation dealing with personal identifying information (PII) CheckWorkRights is bound by The Privacy Act 1988. The Privacy Act includes 13 Australian Privacy Principles. We follow these principles when we collect, use and disclose personal information to other sources Australian Department of Home Affairs, and Australian Employers.

We’re SOC 2 Compliant

SOC 2 is a rigorous industry standard set by the American Institute of Certified Public Accountants (AICPA), focusing on the safety and privacy of information and systems. Think of it as a robust shield, designed to safeguard your data’s integrity and confidentiality.

Prescient Assurance LLC conducted our audit, thoroughly evaluating our security measures. Their detailed assessment confirms that we’re not just meeting but surpassing the highest standards of data protection.

We’re committed to security

At CheckWorkRights, our team’s extensive experience in designing secure systems and handling sensitive data from global companies is deeply integrated into our operations. Since our inception, we’ve maintained an unwavering commitment to security and privacy, ensuring the utmost protection of our customers’ data.

 

CheckWorkRights Architecture

We do not store data outside of Australia. CWR hosts applications and API services with Amazon Web Services in Sydney. As one of the largest providers of cloud services globally Amazon is naturally a market leader in relation to security and redundancy. Detail on AWS physical and web security is available here.

CWR Application specific security measures:

  • Encryption of data in transit and at rest
  • Automated ongoing monitoring of our APIs, applications and infrastructure. These scan our application and notify us in real-time of any vulnerabilities or issues.
  • Web Application Firewall Our application sits behind a Web application firewall which limits our exposure to threats from the internet.
  • Two-factor Authentication using SMS to secure your account and protect your data. We encourage all customers to use and take advantage of this additional access security tool.
  • Rolling encrypted backups enable us to reinstate our application and customer data with the minimum possible downtime in the event of an unexpected disaster occurring.
  • Regular penetration testing is conducted by CWR personnel and external independent CREST-certified security organisations.

End-User Licence Agreement (EULA)

This document forms the contract between CheckWorkRights who is providing the software and the client, who is using the software. 

It includes topics such as what you can do when using the software and our rights and obligations to you as the software provider.

By using our applications, you agree that you have read and understand the EULA, and agree to be bound by all terms and conditions contained within.

CheckWorkRights Privacy Policy

The CheckWorkRights Privacy Policy goes into specific detail on the steps we, as an organisation handling sensitive personal data, take to safeguard this information whilst in our care. The policy goes into specific detail on the thirteen Privacy Principles as specified within The Privacy Act.