Privacy & Policy

AMICI Tech Pty Ltd ACN 630 920 400 trading as Backy Check (AMICI Tech, we, us, our) is committed to respecting the privacy of your personal and sensitive information. We are bound by the Australian Privacy Principles in the Privacy Act 1988 (Commonwealth) and other applicable laws.

Data protection and information security is of the utmost importance to AMICI Tech, so you can have trust and confidence in dealing with our organisation.

We want to be transparent in explaining how and why we gather, store, share and use your personal information. Accordingly, this document provides a clear set of guidelines so that you can understand how we manage your personal information, the steps we take to protect your privacy as well as how, when and where we may collect, hold, use and disclose your personal information. It covers all personal information provided by you, as well as other individuals who have given their written consent to us to conduct a police history check or to otherwise use or services.

This privacy policy is in addition to our Terms and Conditions.

AMICI Tech must, on request by the ACIC, promptly provide the ACIC with a copy of the AMICI Tech’s privacy policy.

AMICI Tech is accredited, under Contract, to access the National Police Checking Service (NPCS) through the Australian Criminal Intelligence Commission. Australian Criminal Intelligence Commission is a registered trade mark of the Commonwealth of Australia. Find out more at acic.gov.au.

‘Personal Information’ and ‘Sensitive Information’ Defined

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not and recorded in a material form or not.

Sensitive information means information or an opinion about, among other things, an individual’s criminal record that is also personal information or health information about an individual.

References to personal information in this policy include sensitive information except where indicated otherwise.

We will reasonably ensure that personal information we collect, use or disclose is accurate, complete and up to date.

As a user of our system, you will be able to confirm that the information that you have provided is true and correct prior to submitting the data.

What personal information do we collect and hold?

The personal information we collect and hold about you includes information that you choose to provide us in the national police checking service application/consent form, or which you otherwise provide to us, including by way of forms and other documents or information you submit to us (whether in paper or electronic form). This information may include you name, address, phone number, email address, credit card details, date of birth, contact details, drivers licence details, passport details, or any other information you provide to us or authorise us to obtain.

Sensitive information we may collect and hold about your criminal history information. We use this sensitive information to create a Nationally Coordinated Criminal History Check for you. Where we receive unsolicited sensitive information from the third party Australian Criminal Intelligence Commission, we will destroy the information in a prompt and timely manner in accordance with our legal requirements. Under no instance will we keep unsolicited sensitive information.

We may also collect data about how you use our website or other websites you have visited so we can tailor our service to meet our customers’ needs. We may aggregate and de-identify this information (‘Aggregate Information’) and use the Aggregate Information to help us understand customer trends and to make improvements to our website and our services.

You may choose what personal information you provide to us

It is up to you what personal information you provide to us. However, if you choose not to provide certain information, it may affect the way we can interact with you or your employer in providing our services. For example, if you choose not to provide information required for a specific background search requested by your employer, we will report that lack of results to your employer, which may in turn adversely impact your arrangements or prospects with that employer.

Additionally, for purposes of background searches directed through ACIC or certain other data suppliers, we are required to obtain such evidence as is reasonable in the circumstances to satisfy ourselves as to your identity, as well as your consent to proceed. Accordingly, we may make enquiries to help satisfy ourselves that you are who you say you are. This may include validating certain document information you provide with the document issuer or official record holder for purposes of confirming your identity. If the information you send us does not meet our current security requirements, we may contact you or your employer and ask to be provided with additional documentation or an interview to prove your identity. If you do not provide sufficient information, or we are otherwise not satisfied as to your identity, we may refuse to supply you or your employer (as relevant) with one or more of the information services.

Why and how do we collect, hold, use and disclose your personal information?

We generally collect personal information about you by way of a consent form or other documents or information you submit to us (whether in paper or electronic form), correspondence you provide to us and telephone calls or meetings with you.

Where we collect personal information, we will only process it:

• to perform a contract with you;
• where we have legitimate interests to process the personal information and they’re not overridden by your rights;
• in accordance with our legal obligations; or
• where we have your consent.

We collect, hold, use and disclose your personal information for the following purposes unless otherwise required or permitted by law:

• to be able to lodge an application for and receive the results of a Nationally Coordinated Criminal History Check through the National Police Checking Service;
• to conduct a Visa Entitlement Verification Online check through the Australian Government Department of Immigration and Border Protection;
• to conduct a Bankruptcy Register Search through the Australian Financial Security Authority;
• for proof of identity purposes;
• to process payments for our services;
• to provide the results of a Nationally Coordinated Criminal History Check to any person you authorise us to;
• to allow third parties who you have agreed to allow access to the results of these searches for the purposes of verifying the contents of a police check;
• to provide you with the best possible service in supplying you with our goods and services;
• to comply with our obligations under any agreement we have with the Australian Criminal Intelligence Commission regarding the National Police Checking Service;
• for any other purpose we explain when the personal information was collected, including the uses and disclosures outlined in this privacy policy; and
• for any purpose that is related to these purposes (or, with respect to sensitive personal information, directly related to these purposes) that would reasonably be expected by the individual concerned.

We may disclose personal information to the following kinds of entities for the relevant purposes mentioned above:

• our contractors, consultants, advisers, associates and related entities;
• any industry body, tribunal, court or otherwise in connection with any complaint made by you about us;
• other entities or third parties with your consent (such as third parties who you have agreed may access the results of the police check searches for verification purposes) or as permitted or required by law. For example recruitment companies, immigration agents, prospective employers, your current employer, service providers (including suppliers and providers who assist us to operate our business or in connection with providing our products and services to you or your employer), payment systems operators (e.g. merchants receiving card payments)
• to overseas recipients where your background or the specific search requested relates to a foreign activity or presence (in which case, the recipients are likely to be in those relevant jurisdictions, or in a jurisdiction, such as the USA, that has agents in those relevant jurisdictions);

We only collect personal information about an individual where the information is reasonably necessary for one or more of the above functions.

You consent to us using and disclosing personal information for these purposes or any other purpose we obtain consent for (Secondary Purpose). Without limitation, such a Secondary Purpose which you consent to us taking reasonable steps to de-identify your personal information, such as by removing your personal identifiers, (De-identified Data) and disclose such De-identified Data to third parties or otherwise use the De-identified Data.

All personal information will be collected lawfully, fairly and not in an intrusive way. If we are unable to collect your personal information, we may be unable to provide you with all our services, and some functions and features on our website may not be available to you.

Direct marketing

We may use your personal information, including your contact details, to provide you with information about products and services (including those of third parties) which we consider may be of interest to you if you opted in for marketing communications.

At any time, you may advise us that you do not wish to receive marketing communications. You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel (such as by email, telephone, sms, or mail).

How we hold and protect your personal information

We are committed to protecting your personal information. We implement appropriate technical and organisational measures to help protect the security of your personal information; however, please note that no system is ever completely secure. We have implemented various policies including information security, password policies to guard against unauthorised access and unnecessary retention of personal information in our systems.

We store personal information we collect in relation to you in various ways, including in electronic form using third party data storage providers. All information that is stored electronically is password protected on secure servers.

As at the date of this privacy policy, any personal information we possess about you will only be stored in Australia.

Our aim is to ensure that all personal information is securely protected from misuse, loss, and unauthorised access, modification or disclosure by way of maintaining:

• physical security by preventing unauthorised access to our premises;
• computer network security, including password security to prevent unauthorised access;
• using industry-standard Transport Layer Security (TLS) protocols for all data exchanged between users and our platform to be secured. This guarantees that web sessions are encrypted and protected from interception or tampering.
• all data stored within our systems—including files and databases—is encrypted at rest using strong encryption protocols (e.g., AES-256). This ensures that data remains protected at all times, even in the unlikely event of unauthorized access.
• sensitive data is transmitted exclusively via secure, point-to-point transport protocols. We do not use unsecured methods (such as email) for the transfer of confidential information or the delivery of verification results to our users.
• limiting access to authorised staff and contractors of AMICI Tech.
• maintaining a rigorous patch management process to ensure all systems are updated promptly with the latest security patches and vendor-provided updates, minimizing exposure to known vulnerabilities.
• securely hosting our data in Microsoft Azure data centres located in East Australia. These facilities are certified under leading international standards (e.g., ISO 27001, SOC 2) and support AES-256 encryption to safeguard data at rest.

When personal information is no longer needed, we will take reasonable steps to destroy and/or de-identify that information (see also the ‘Retention’ section below).

We have current security measures in place to prevent unauthorised use of our police check service including:

• capturing IP addresses;
• capturing payment information; and
• verification of ID and signatures.

Why will we disclose information to another organisation?

AMICI Tech will only disclose your personal information as required to deliver the professional services you have requested.

As part of providing our services, and depending on the specific product or purpose of your engagement with AMICI Tech, we may need to share your personal information with third parties, including:

• Third-party service providers, such as those conducting criminal record checks, law enforcement agencies, regulatory and licensing authorities, credit reporting agencies, educational institutions, professional bodies, and psychometric testing providers.
• Current or former employers, to verify your employment history.
• Partner organizations involved in the verification process.
• Government authorities, regulators, and law enforcement agencies.
• Service providers who perform functions on our behalf, such as IT support and direct marketing.
• Auditors, insurers, and re-insurers.

AMICI Tech only engages with third-party providers and partners who have strong data protection standards in place—at minimum, equivalent to those practiced by AMICI Tech.

Please note that in certain circumstances, we may be legally required to disclose your personal information to relevant authorities.

Our goal is to deliver the highest quality products and services to our customers. To support this, we may occasionally partner with other trusted organisations. Some of the services we use may be delivered, in whole or in part, from overseas providers if the service requires such support (e.g. international police checks). For more information, please refer to the International Data Transfers section below.

International Data Transfers

To complete a check, we may need to share certain personal information with the relevant organization(s) responsible for confirming its accuracy. If the check relates to another country, your information will be disclosed to entities located overseas.

AMICI Tech may also engage an international intermediary or agent to assist with the verification process. In cases where we contact a referee or former employer based overseas—such as when you've worked internationally—your personal information (e.g., your name and possibly your role) will be shared with them.

By requesting an international check, you provide consent for your information to be disclosed outside your country of residence.

We will only disclose your personal information to those third-party suppliers that require the information to enable us to provide our services to you or your employer. In addition, when providing this information, we will only provide the minimum information that these third parties require. An example of this is where your background or a specific search requested relates to a foreign activity, accreditation or presence. In these situations, we may need to disclose your personal information to our overseas affiliates or to our or their third-party data suppliers. Where we need to disclose your personal information to third parties, we put appropriate steps in place to ensure that these third parties are aware of and bound by their obligations in relation to your privacy.

Other than where personal information is shared with an offshore third party as is reasonably necessary for one or more of our functions or activities, we store and process your personal information in Australia.

In relation to Nationally Coordinated Criminal History Checks:

• AMICI Tech won't disclose or transfer any Nationally Coordinated Criminal History Checks related information outside Australia.
• If you are outside Australia, you are still able to access to the portal, to all the information related the screening services and to download your report results.
• The applicant will be able to send its results to a company outside Australia. AMICI tech can't send any report directly to an overseas company.
• Applicants cannot share the portal access with any third party, nor with anybody else authorised for this purpose.

For further information, please contact us using the details set out below.

How can you access to your personal information and correct it if it is wrong?

If necessary, you may request access to the personal information that we hold about you, under Australian Privacy Principles 12 and 13. We will provide this information upon request or otherwise as required by law. You may obtain this information by contacting us using the details set out below.

Under freedom of information (FOI) you have a right, with limited exceptions, to access documents held by AMICI Tech. A FOI request can take up to 30 days to process.

The Freedom of Information Act 1982 (FOI Act) may give any person the right to:

• access copies of documents (except exempt documents) we hold;
• ask for information we hold about you to be changed or annotated if it is incomplete, out of date, incorrect or misleading; and
• seek a review of our decision not to allow you access to a document or not to amend your personal record.

You can request access to check results under the Agreement, and you do not have to apply under FOI or Privacy Act rights.

We may require you to identify and specify what information and documents you require access to. You can ask to see any document that we hold. We may refuse access to some documents, or parts of documents that are exempt. Exempt documents may include those relating to national security, documents containing material obtained in confidence, or other matters set out in the FOI Act. Other occasions when we may deny access to personal information include where release of the information would have an unreasonable impact on the privacy of others.

While we will endeavour to ensure that the personal information collected from you is up to date accurate and complete, we will assume that any personal information provided by you is free from errors and omissions. If the applicant is able to establish that the information we hold about them is not accurate, complete or up to date, and the applicant requests us in writing to correct this information, we will then take reasonable steps to correct the information. You may request that we update or vary personal information that we hold about you using the contact details listed below.

If you wish to access information we hold about you please put your request in writing and send it to:

Data Protection Officer
AMICI Tech Pty Ltd
12/11-13 Penkivil Street
Bondi - 2026

Our Data Protection Officer can also be contacted on:

Email: support@backycheck.com.au

Minors and children’s privacy

We generally require the consent of a parent or guardian before collecting personal information from individuals under the age of 18. However, in certain cases where we are legally required to provide services to individuals under 18 without parental or guardian consent, we may do so. For example, under New Zealand law, minors are permitted to access their own criminal records without the need for such consent.

For specific services such as the Nationally Coordinated Criminal History Checks, AMICI Tech is legally obligated to obtain parental or guardian consent for individuals under 18 and further personal information from the minor’s guardians. In these instances, we will ensure that appropriate consent is obtained before proceeding.

Retention

We retain your personal data only as long as necessary to provide you with our services and for legitimate and essential business purposes (such as maintaining the performance of our services), making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. Following this period, we will make sure the relevant personal data is deleted or anonymised. Our disposal and retention policy is included in the Terms and Conditions, which applies to the service provided by AMICI Tech.

Unsubscribe

Should you not wish to receive communications from us, you will have the option to unsubscribe on any email you receive from us or to indicate your communication preferences to us. Alternatively, you can contact our Data Protection Officer, set out above, to unsubscribe from our communications.

What are ‘cookies’ and how do they work?

Our website uses cookies. Cookies are small data files that are downloaded from our web servers and stored on your hard drive.

A cookie is a string of letters and numbers that uniquely identify the computer you are using and the Username and password you may have used to register at the site. This enables the website to track the pages you have visited.

Most browsers can be configured to refuse to accept cookies. You can also delete cookies from your hard drive. However, doing so may hinder your access to valuable areas of information within our site.

We will not be responsible for any damage to your computer or hard drive from cookies. You can set your browser to refuse cookies, however, this may mean you are unable to take full advantage of our website.

How do you request to delete your information prior the legal disposal and retention policy period?

You can request to delete your information prior to the expiry of the ACIC retention period if the service requested included a Nationally Coordinated Criminal History Check by writing to us at support@backycheck.com.au, AMICI Tech will then request this to the ACIC, which will make the decision. In case your request of deletion is approved we will delete your information. We will keep you informed about the process via email.

What if I have a complaint?

If you have a complaint about our dealings with personal information, this policy or an alleged breach of the Australian Privacy Principles you have the right to expect that we will handle it in a friendly and professional way.

When we receive a complaint we look on it as valuable feedback that may help us to improve the services we offer and to ensure your needs are met in a satisfactory and appropriate manner.

If you wish to complain at any time about the handling, use or disclosure of your personal information just write to us at the following address:

Data Protection Officer
AMICI Tech Pty Ltd
12/11-13 Penkivil Street
Bondi - 2026

Our Data Protection Officer can also be contacted on:

Email: support@backycheck.com.au

We will make all efforts possible to investigate your complaint within 20 days and advise you of the outcome as soon as possible within 30 days of you making the complaint.

If the matter is not resolved to your satisfaction you can then refer your complaint to the Director of Compliance (Investigations) at the Office of the Australian Information Commissioner who can be contacted at:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001.

Changes to this Privacy Policy

We reserve the right to change, modify or update this privacy policy from time to time to take into account of any new laws and technology, changes to our functions and activities, and to make sure it remains appropriate. Where we make changes to this privacy policy we will update the policy by posting the revised version on our website. The revised version shall take effect immediately upon posting. You should therefore refer to this privacy policy on our website regularly.