Privacy policy.

Winnchester is committed to protecting your privacy. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also consider overseas privacy laws (e.g., UK GDPR/EU GDPR) when we process information about individuals located in those jurisdictions.

If you do not agree with this Policy, please do not use the Site or provide personal information to us.

1. Who this Policy applies to

This Policy applies to:

  • visitors to our Site;

  • prospective, current and former clients (including their personnel);

  • candidates and referees involved in recruitment-related services we provide to our clients;

  • attendees of our events, webinars and consultations; and

  • suppliers and business partners.

Our handling of personal information about our own employees is largely covered by the employee records exemptions under the Privacy Act and may be dealt with in separate internal policies.

2. What personal information we collect

The personal information we collect depends on your relationship with us and how you interact with us. It may include:

  • Identification and contact details: name, job title, employer, business address, email, phone.

  • Booking and transaction details: appointment history, services purchased, payment method (tokenised by our payment provider), invoices, and receipts.

  • HR/recruitment information (client projects): CVs, employment history, qualifications, licences, background-check results (e.g., WWCC/RSA/driving), reference notes and related documentation provided by clients or candidates.

  • Sensitive information (only with consent or as permitted by law): health information relevant to workplace adjustments; union membership indicators where necessary for an engagement; criminal history results if a client has a lawful basis to request screening.

  • Website/technical data: IP address, device/browser type, pages viewed, and cookies/analytics information (see Section 8).

  • Communications: emails, call notes, chat transcripts, feedback and testimonials.

We generally do not need Tax File Numbers or credit card numbers directly. If such information is incidentally provided, we handle it securely and delete or de-identify it when no longer required.

3. How we collect information

We collect personal information:

  • directly from you (e.g., when you enquire, book, complete intake forms, attend sessions, or provide documents);

  • from your employer (our client) where you are their employee/contractor;

  • from third parties with your consent or as permitted by law (e.g., referees, background-check providers, publicly available sources such as LinkedIn); and

  • automatically via our Site and emails (cookies, pixels and similar technologies).

Where you provide information about someone else, you confirm that you are authorised to do so and have informed them of this Policy.

4. Why we collect and use your information

We collect, use and disclose personal information to:

  • provide, schedule and deliver our HR/advisory services;

  • verify identity and manage client accounts and billing;

  • conduct recruitment, screening and reference checks for clients;

  • provide resources, reports, templates and training;

  • improve our Services and Site (analytics, product development, quality assurance);

  • send service updates, administrative notices and—where permitted—marketing communications (you can opt out at any time); and

  • comply with legal and regulatory obligations and manage risk, disputes and claims.

5. Lawful basis and consent

We rely on the APPs to collect and process personal information. We only collect sensitive information with your consent or where authorised by law. If you are located in the UK/EU, our legal bases may include performance of a contract, legitimate interests (e.g., delivering B2B services and security), consent (for certain activities), and compliance with legal obligations.

6. Disclosing your information

We may disclose personal information to:

  • Clients (your employer or prospective employer) as necessary to perform a contracted engagement (e.g., recruitment outcomes, reference summaries);

  • Service providers who support our operations, such as:

    • scheduling and forms platforms (e.g., Acuity Scheduling or equivalent);

    • payment processors (e.g., Stripe/Square/PayPal);

    • cloud hosting, email and productivity tools (e.g., Microsoft 365/Google Workspace);

    • background-checking or identity verification vendors (as instructed by clients); and

    • IT security, analytics and CRM providers;

  • Professional advisers (lawyers, accountants, insurers) and authorities or regulators where required by law or to protect our rights; and

  • Successors/assignees in connection with a business reorganisation (subject to confidentiality).

We require our service providers to handle personal information securely and only for the purposes for which it is disclosed.

7. Overseas disclosures

Some recipients may be located outside Australia, including (without limitation) the United States, the United Kingdom, New Zealand and member states of the European Union (depending on your location and the systems we use). By engaging with us, you consent to such disclosures. Where practicable, we take reasonable steps to ensure overseas recipients protect information in a way that is substantially similar to the APPs or otherwise permitted by law.

8. Cookies and analytics

We use cookies, pixels and similar technologies to operate and improve the Site, remember preferences, measure performance and run marketing (e.g., Google Analytics, Microsoft Clarity, Meta pixels). You can adjust your browser settings to refuse some or all cookies or to alert you when cookies are being sent. Blocking cookies may impact Site functionality. Where required, we will present a cookie banner and/or allow preferences to be set.

9. Direct marketing

We may send you updates about our Services, events and resources that we believe may be relevant to you. You can opt out at any time by using the unsubscribe link in our emails or by contacting us at admin@winnchester.com.au.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Measures include access controls, encryption in transit (TLS), secure configuration, multi-factor authentication for key systems, and staff confidentiality obligations. No method of transmission or storage is completely secure; if a data breach occurs that is likely to result in serious harm, we will assess and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme.

11. Retention and de-identification

We retain personal information only for as long as reasonably necessary to provide our Services and comply with legal obligations (e.g., tax, corporate records) and then take reasonable steps to destroy or de-identify it. Typical retention periods are 7 years for client and financial records unless a longer period is required or permitted by law or necessary to resolve disputes.

12. Access and correction

You may request access to, or correction of, your personal information by contacting us at admin@winnchester.com.au. We may need to verify your identity before actioning a request. In limited circumstances permitted by the APPs, we may refuse access (for example, where providing access would unreasonably impact the privacy of others). If we refuse, we will tell you why and how to complain.

13. Working with us as a service provider (client instructions)

When we handle information about our clients’ personnel or candidates, we do so to provide services to our client. We take reasonable steps to ensure our clients have obtained any necessary consents and lawful bases for that processing. If you have questions about data we process on behalf of your employer/prospective employer, you may wish to contact them first; we will assist where appropriate.

14. Third-party sites

The Site may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.

15. Children

Our Services are intended for business use. We do not knowingly collect personal information from children under 16.

16. Changes to this Policy

We may update this Policy from time to time. The updated version will be posted on the Site with a new effective date. Your continued use of the Site/Services after an update indicates acceptance of the revised Policy.

17. How to contact us

For questions, access/correction requests, or complaints about privacy, please contact:

Privacy Officer
Winnchester Consulting Pty Ltd
Email: admin@winnchester.com.au

We aim to acknowledge and respond to complaints within 10 business days and to resolve them within 30 days where possible.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
www.oaic.gov.au | Tel: 1300 363 992 | GPO Box 5288, Sydney NSW 2001