- Updated February 2024 -
We recognise the importance of the privacy of individuals who have dealings with us, such as customers and suppliers. We are bound by the Australian Privacy Principles, to the extent required by the Privacy Act 1988, and where we operate internationally local privacy legislation. This policy outlines how we and our Group Companies collect, use and manage personal information.
A. This Policy
|Summary - This Policy
|This Policy explains how we Process Personal Data. This Policy may be amended or updated from time to time, so please check it regularly for updates.
This Policy is issued by Servcorp Limited (ABN 97089222506) on behalf of itself, its subsidiaries and its affiliates (together, “Servcorp” “we”, “us” and “our”) and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our sites, other users of our products or services, job applicants, and visitors to our premises (together, “you”). Defined terms used in this Policy are explained in Section B below.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to how we collect and use Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
C. Collection of Personal Data
|Summary - Collection of Personal Data
|We collect or obtain Personal Data: when the data is provided to us (e.g., where you contact us); in the course of our relationship with you (e.g., if you become a customer); when you make Personal Data public (e.g., if you make a public post about us on social media); when you visit our Sites; when you register to use any of our Sites, products, or services; or when you interact with any third party content or advertising on a Site. We may also receive Personal Data about you from third parties (e.g., law enforcement authorities).
Collection of Personal Data: We collect or obtain Personal Data about you from the following sources:
If you provide Persona Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Personal Data.
D. Creation of Personal Data
|Summary - Creation of Personal Data
|We create Personal Data about you (e.g., records of your interactions with us).
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your history.
E. Categories of Personal Data we Process
|Summary – Categories of Personal Data we collect, use and Process
|We Process: your personal details (e.g., your name); demographic data (e.g., your age); your contact details (e.g., your address); records of your consents; payment details (e.g., your billing address); information about our Site (e.g., the type of device you are using); details of your employer (where relevant); information about your interactions with our content or advertising; and any views or opinions you provide to us.
We may Process the following categories of Personal Data about you provided we have an applicable legal basis:
F. Sensitive Personal Data
|Summary – Sensitive Personal Data
|We do not seek to collect or otherwise Process Sensitive Personal Data. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases:
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
G. Purposes of Processing and legal bases for Processing
|Summary - Ways in which we can use your personal information
|We Process Personal Data for the following purposes: providing our Sites, products, and services to you; operating our business; communicating with you; enabling connectivity of our products and services; maintaining social media platforms; managing our IT systems; health and safety; financial management; conducting surveys; ensuring the security of our premises and systems; conducting investigations where necessary; compliance with applicable law; improving our Sites, products, and services; fraud prevention; and recruitment and job applications.
The purposes for which we Process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
H. Disclosure of Personal Data to Third Parties
|Summary – Disclosure of Personal Data to Third Parties
|We disclose Personal Data to: legal and regulatory authorities; our external advisors; our privacy managers and Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third party providers of advertising, plugins or content used on our Sites.
We disclose Personal Data to other entities within Servcorp, for legitimate business purposes and the operation of our Sites, products, or services, in accordance with applicable law. In addition, we disclose your Personal Data to:
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
|Summary – Profiling
|Personal Data are not subject to automated decision-making and Profiling.
We do not Process Personal Data for the purposes of automated decision-making and Profiling.
J. International Transfer of Personal Data
|Summary – International transfer of Personal Data
|We transfer Personal Data to recipients in other countries. Where we transfer Personal Data from Australia to a recipient outside Australia that is not in an Adequate Jurisdiction, for the European Union and the EEA we do so on the basis that we impose contractual obligation on the party to comply with laws consistent with this policy
Because of the international nature of our business, we transfer Personal Data within Servcorp, and to third parties as noted in Section H above, in connection with the purposes set out in this Policy. For this reason, we transfer Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
Where we transfer your Personal Data from Australia to recipients located outside Australia who are not part of the European Union, EEA or an Adequate Jurisdiction, we do so on the basis of standard contractual clauses that ensure compliance with this policy.
Please note that when you transfer any Personal Data directly to a Servcorp entity established outside Australia we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive this data, in accordance with the provisions of this Policy.
K. Data Security
|Summary – Data Security
|We implement appropriate technical and organisational security measures to protect your Personal Data. Please ensure that any Personal Data that you send to us is sent securely.
We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us is sent securely.
L. Data Accuracy
|Summary – Data Accuracy
|We take every reasonable step to ensure that your Personal Data is kept accurate and up-to-date and is erased or rectified if we become aware of inaccuracies.
We take every reasonable step to ensure that:
From time to time we may ask you to confirm the accuracy of your Personal Data.
M. Data Minimisation
|Summary – Data Minimisation
|We take every reasonable step to limit the volume of your Personal Data that we Process to what is necessary.
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.
N. Data Retention
|Summary – Data Retention
|We take every reasonable step to ensure that your Personal Data is only retained for as long as it is needed in connection with a lawful purpose.
We take every reasonable step to ensure that your Personal Data is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, the data, except to the extent that the data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
O. Your Legal Rights
|Summary – Your Legal Rights
|Subject to applicable law, you may have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. In some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.
Subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data:
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:
• The right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf; and
• The right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please visit https://www.servcorp.com.au/en/privacy/ or use the contact details provided in Section V below. Please note that:
P. Cookies and Similar Technologies
|Summary – Cookies and Similar Technologies
|We Process Personal Data by using Cookies and similar technologies.
Q. Terms and Conditions
|Summary – Terms and Conditions
|Our Terms and Conditions govern all use of our Sites.
All use of our Sites, products, or services is subject to our Terms and Conditions. We recommend that you review our Terms and Conditions regularly, which can be located on our website or via the hyperlink https://www.servcorp.com.au/en/terms-and-conditions/, in order to review any changes we might make from time to time.
R. Direct Marketing
|Summary – Direct Marketing
|We Process Personal Data to contact you with information regarding Sites, products, or services that may be of interest to you. You may unsubscribe for free at any time.
We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, products, or services that may be of interest to you. If we provide Sites, products, or services to you, or if you have requested to receive our newsletter, we may send information to you regarding our Sites, products, or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
Our newsletters contain tracking pixels. A tracking pixel is an invisible graphic in HTML emails; its purpose is to generate a log file when the email is opened and to log which links are activated from the newsletter and subsequently analyse this data. This allows us, by means of statistical evaluations, to determine the success of our newsletter campaigns and to optimise our newsletters, e.g. so that you receive information and offers that are more appropriate to your interests.
You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Sites, products, or services you have requested.
S. Online Application Process
|Summary – Online Application Process
|We Process Personal Data in the context of our online application process.
We provide an online job application process. The data you submit, including any files you upload, are transferred via a secure connection. Your electronic application data will be routed to the relevant personnel department, who will send it only to the relevant department for the job in question and/or to the people who are authorised to process the application. All parties will treat your application documents with the utmost care and keep the content strictly confidential.
Following completion of the candidate selection process, we will retain your application documents for six months, after which time we will delete them and/or destroy any copies, unless we have entered into an employment contract with you. If we wish to keep your application documents on file in our applicant pool, we will contact you about this. During this communication, we will give you the opportunity to actively consent to the continued storage of your documents. Regardless of whether or not you currently have an open application, your applicant account and the associated data will continue to be stored unless you deactivate them; this gives you the opportunity to apply for other jobs with us.
Please note that applications submitted to us by email are transferred to us in an unencrypted format. We therefore recommend that you use the online application portal where possible.
|Summary – Minors
|Our Sites are not aimed at minors and we do not knowingly collect Personal Data from minors.
Our Sites are not aimed at minors and we do not knowingly collect Personal Data from minors.
U. Social Media and other Third Party Platforms
|Summary – Social Media and other Third Party Platforms
|We Process personal data in the context of Servcorp Pages on social media and other third party platforms and for purposes of delivering targeted advertising campaigns.
Social Media Buttons
We may use social media buttons for Facebook, , Instagram, Pinterest, YouTube, LinkedIn and Xing (and other similar social media pages) on our Websites. The social media buttons are not integrated as plugins via iFrame, but only provide a link to our company representation page (“Servcorp Page”) on the respective social media platform. No Personal Data is transmitted to such social media provider upon clicking on a social media button.
Servcorp Pages on Social Media Platforms
We maintain Servcorp Pages on social media and other third party platforms to market and promote our products and services. When we provide a Servcorp Page on a social media or other third party platform, we are a joint controller with the provider of the platform. We operate Servcorp Pages in joint controllership with Facebook and Instagram, Pinterest, WeChat, WhatsApp, LINE, YouTube, LinkedIn and Xing (incl. Kununu). We recommend that you review each such company’s privacy notice for further information about the processing they carry out and the contact details for such companies.
We will Process Personal Data of both registered and non-registered visitors of our Servcorp Pages.
Registered visitors: We Process data relating to our Sites (such as user identification), Personal details and Contact details (e.g. shared profile data). We also Process Personal Data generated through sharing of content, message exchange and communication. We may also Process special categories of Personal Data, if the user has shared such Personal Data.
Registered and non-registered visitors: We Process pseudonymized data such as statistics and insights on visitors’ interaction with the content on our Servcorp Page (page activities, page views, like information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success of our advertisements, and other analyses. We cannot merge pseudonymized data with the corresponding attribution features (e.g. name details) and hence it is not possible for us to identify individual visitors who remain anonymous.
We are not responsible for the user’s experience within the Servcorp Pages, e.g. with regard to the use of interactive functions such as sharing and rating.
A Servcorp Page or other corporate presence on third party platforms is just one of several options for contacting us or receiving information from us. As an alternative, the information offered via our Servcorp Pages and corporate presences can also be accessed on our websites.
For the creation of custom audiences, we and Facebook Ireland are acting as joint controllers and have entered into Facebook’s Controller Addendum to determine the parties’ respective responsibilities. We are responsible to provide the information set out herein, and Facebook Ireland is responsible for enabling data subjects’ rights with regard to personal data stored by Facebook Ireland after the joint processing.
You can find the relevant contact details and further information on how Facebook Ireland processes personal data, including legal basis and ways to exercise your rights against Facebook Ireland in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy/.
Facebook may also use the custom audience data to create lookalike audiences, which are Facebook users with similar interests or profiles as our custom audiences, for the purpose of delivering our ads to these audiences. For any such processing, Facebook is the data controller and its privacy notice will apply to this processing.
You can view your Facebook ad settings and update your preferences with Facebook at any time.
V. Details of Controllers
|Summary – Details of Controllers
|There are several Servcorp entities that act as Controllers for the purposes of this Privacy Notice, which have different contact details. The relevant Controllers and their respective contact details are set out below.
For the purposes of this Policy, the relevant Controllers are:
Servcorp Administration Pty Ltd
Servcorp Serviced Offices Pte. Ltd.
Servcorp New Zealand Limited
Servcorp Bonifacio, Inc.
Servcorp Thai Holdings Ltd.
Amalthea Nominees (Malaysia) Sdn Bhd
Jeddah Branch of Servcorp Square Pte Ltd
Servcorp Limited Liability Company Servcorp (L.L.C.)
Servcorp Qatar L.L.C.
Servcorp Aswad Real Estate Company W.L.L
Servcorp BFH W.L.L
Servcorp Phoenicia SAL
Servcorp Edouard VII SARL
Servcorp Brussels Sprl
Servcorp UK Limited
Servcorp Berlin GmbH
United States of America
Servcorp Manhattan LLC
Servcorp Business Service (Beijing) Co., Ltd
Servcorp Co-working GK
Call: +61 2 9231 7500
Level 63 25 Martin Place
Sydney, NSW 2000
APPENDIX 1 – COUNTRY SPECIFIC PROVISIONS
Summary – Country Specific Provisions
In this Appendix we have set out provisions that are specific to a certain country. Note that the provisions in this Appendix only apply in relation to the specified country.
(R) Direct Marketing
Double-Opt-In-Procedure within Newsletter Subscription
If explicitly requested by you, we will send you our newsletter on the topics you have chosen as well as information about our company. Please note that the delivery can only take place after you have explicitly confirmed your subscription request again within the scope of our double opt-in procedure.
The personal data collected during the newsletter registration process is used exclusively for the purpose of sending and personalising the newsletter (e.g. to address you with your name). You can revoke your consent to the storage of personal data that you have given us for the purpose of sending the newsletter at any time with effect for the future. For the purpose of revoking your consent, each newsletter contains a corresponding link; alternatively, you can also contact us directly so that we can implement your revocation. We have provided details of the consent given to us in the double opt-in e-mail.
Our Sites are not aimed at minors and we do not knowingly collect Personal Data from minors (except applicants). If persons under the age of 16 transmit personal data to us, this is only permitted if the parent or guardian has given his or her consent or has agreed to the consent of the minor. The contact details of the parent or guardian must be provided to us in order to convince us of the consent or approval of the parent or guardian. This data and the data of the minor will then be processed in accordance with this Privacy Notice. If we discover that a minor under the age of 16 has sent personal data to us without the consent of the parent or legal guardian, we will delete the data immediately.