Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.If you are a California resident, you have specific privacy rights under California law.

This Privacy Statement sets out our policy with respect to the way in which we obtain, use and disclose information about clients and/or other business contacts and employees.

Collection of Personal Information (after 1 July 2021)

For the purposes of this Statement, “Personal Information” is information from which identity is apparent, or can be reasonably ascertained.


We collect any Personal Information when clients and/or contacts provide their details. We store it in hard copy format or via electronic means, that is, via the website or email systems. Our website does not have software to record Personal Information such as “cookies”, and nor do we monitor such activity on our website.

With respect to our clients or potential clients, the Personal Information collected includes, but is not limited to: name, date of birth, address at work and home, phone, mobile and fax numbers, business title, tax file number, Employer Identification and Business Number, credit card or other bank details, and email addresses.


If Indygene is obtaining Personal Information for the purpose of recruitment activity, it will collect the same types of Personal Information that is collected from clients, as well as information relating to: education, employment, extra-curricular activities, and/or positions of responsibility, academic, work and/or character references. Such Personal Information is necessary to assess suitability for a position. Failure to provide the Personal Information may influence the processing and outcome of one’s application.

The ways Indygene gathers such Personal Information includes:

• Written applications and curriculum vitaes;
• Interviews;
• Written or software application skills tests;
• Reference checking; and
• Agency candidate referrals.

Indygene rarely needs to collect sensitive information (such as health, ethnicity, membership of professional associations). It will not do so without consent. References from current or former employer(s) or other sources will be obtained with written or verbal consent.

Whether a client, employee or candidate, Indygene endeavours to collect Personal Information directly from the contact. However, if information is obtained from a third party, reasonable steps will be taken to inform you of this when it is deemed appropriate or is necessary. The treatment of Personal Information will be in accordance with this Statement.


Use and Disclosure

Indygene will act on the basis that when Personal Information is supplied to us, we are to be permitted by our clients or employees or candidates to use it for one or more of the following purposes:

  • As a client, Indygene may use Personal Information of, and incidental to, supplying our services as requested by our client. As a candidate Indygene may use Personal Information to assess suitability against a vacant position. As an employer we maintain this information on file in the HR department for reference as and when it is required throughout the duration of your employment with Indygene and beyond.
  • Indygene may also store Personal Information on a database and use it to market related services and provide clients with educative information. However, on each such communication, Indygene will give contacts the opportunity to elect not to receive further marketing or educative information.
  • Indygene may use Personal Information by providing it to insurers, suppliers, the Internal Revenue Service so as to enable the provision of services as requested by clients.
  • Indygene may use Personal Information by disclosing it, as and if required by law, for example, to comply with credit report obligations, tax legislation, employment legislation, and any other relevant body of legislation applicable to our business as accountants and tax agents.
  • Indygene may use and disclose Personal Information of, or incidental to, a sale of our business to a third party or where we outsource duties, including enforcing the terms and conditions of our engagement with clients or database management to an external service provider for purposes of rendering the required services.
  • Indygene may use Personal Information by disclosing it to any Co-Directors of a Company of which a client is a Director, legal representatives and the legal representatives and accountants of Co-Directors is granted.
  • Indygene may use Personal Information by forwarding it to recipients overseas. The Company may need to do this as part of, or incidental to, the services Indygene provides. If there are no suitable privacy protection laws in the country of the recipient, Indygene will take all reasonable steps to make contractual arrangements that provide for privacy protection of your Personal Information.

Clients are not obliged to provide Personal Information. However, if as our client, the choice is not to provide Indygene with Personal Information, Indygene may be unable to provide the services requested. If, as a candidate, one chooses not to provide Indygene with Personal information, Indygene may be unable to assess whether one is suitable for a position.

Indygene will not sell or trade any Personal Information to any third party without consent.


Clients, contacts or employees may request in writing access to Personal Information, by contacting our HR department. At all times, conduct in responding to such request for access to Personal Information will be governed by the following principles:

  • All requests for access will be treated seriously;
  • All requests will be dealt with promptly;
  • All requests will be dealt with in a confidential manner; and
  • Requests to access personal information will not affect existing obligations or affect the commercial arrangements between clients, contacts and Indygene or contractual agreements between an employee and Indygene.

We will provide access by allowing clients, contacts or employees to inspect, take notes or receive copies or print outs of the Personal Information that we hold about you.

To obtain access to Personal Information, we may require proof of identity.

Access will be denied if:

  • requests do not relate to one’s own Personal Information;
  • providing access would pose a serious and imminent threat to one’s life or health;
  • providing access would create an unreasonable impact on the privacy of others
  • the request is frivolous or vexatious;
  • the request relates to existing or anticipated legal proceedings;
  • providing access would prejudice any negotiations Indygene is having with a client, contact or employee;
  • access would be unlawful;
  • denial of access is authorised or required by law;
  • access would prejudice law enforcement activities;
  • access discloses a ‘commercially sensitive’ decision making process or information; or
  • any other reason that is provided for in the NPPs set out under the Privacy Act.

Indygene may choose to provide access to the appropriate parts of the record or by using an appropriate ‘intermediary’.

Indygene will take all reasonable steps to provide access as soon as practicable, usually within 21 days of your request, depending on the volume of information that you have requested.

Indygene reserves the right to impose fees, for the provision of access, including for photocopying, retrieval from off-site premises and sourcing from electronic databases.

Privacy Complaints

At all times, Indygene’ conduct in responding to a complaint will be governed by the following principles:

  • All complaints will be treated seriously;
  • All complaints will be dealt with promptly;
  • All complaints will be dealt with in a confidential manner; and
  • The privacy complaint will not affect existing obligations or the commercial arrangements that exist between the client, contact and Indygene or employee of Indygene.

If a formal complaint is sought to be made, clients/contact/employees should do so in writing to Indygene’ Privacy Officer or HR department, or one of Indygene’ Directors. All complaints will be recorded appropriately.

Once the complaint has been made formally, the following procedure will apply:

  1. Request further information and investigation:

The Privacy Officer may request further information and the client/contact/employee should be prepared to give as many details as possible including details of any relevant dates and documentation. This will enable Indygene to investigate the complaint and determine an appropriate and useful solution. It may be necessary to contact others in order to proceed with the investigation. All details provided will be kept confidential.

  1. Discuss options:

A Indygene representative will discuss options for resolution with the client/contact/employee and welcome suggestions on how the matter might be resolved. Indygene may suggest solutions or give examples of how Personal Information can be revised or stored in an alternative way.

  1. Refer to Managing Director:

If a complaint is not resolved in discussion with our Privacy Officer, HR department or a Indygene representative, it will be referred to the Managing Director. The Managing Director will be provided with full details and may discuss the complaint with the employees or any others involved.

  1. Resolution

The client/contact/employee will be informed of the outcome and the reasons for the decision. If this does not resolve the complaint, the matter will be referred to a mutually agreed intermediary.

If after the above steps have been followed the client/contact/employee is still dissatisfied with the outcome one may refer the complaint to the Federal Office of the Privacy Commissioner.

Indygene aims to achieve an effective resolution of any complaint within approximately 30 days or as soon as reasonably practicable after all information requested by Indygene is provided.

Indygene cannot deal with anonymous complaints because it is unable to investigate or follow up such complaints adequately. However, in the event that an anonymous complaint is received Indygene will note the issues and attempt to resolve them appropriately.

Storage and Security

Indygene has controls and procedures to ensure that Personal Information provided remains confidential. All employees are made aware of the Barnes Partner’s privacy procedures and are bound by strict duties of confidentiality to clients and to Indygene.

  • Indygene keeps Personal Information secure and is accessible to employees on a need-to-know basis. All Personal Information is stored on a database. Personal Information provided in an application is stored appropriately.
  • Candidates’ Personal Information may be held for up to six months, after which time it may be archived or destroyed. If an applicant is unsuccessful, Indygene may seek consent from the candidate to reconsider the applicant against suitable future vacancies, and allows the candidate the right of response.
  • All other Personal Information is usually held indefinitely. Tax and other records are only kept as long as required by law. Destruction of all Personal Information is done securely to protect privacy.

Indygene’ server is equipped with “firewall” software, which prevents unauthorised access to Indygene’ systems, and protects any personal information, which is submitted via email.

Whilst Indygene takes all due care and diligence in protecting the security, confidentiality and privacy of the information submitted, we cannot guarantee that systems will be completely free from third party interception or damage to information transmitted by email which is caused by viruses. However, Indygene does all it can to prevent security breaches such as regularly updating Indygene’ security software.

The Indygene website may have links to other sites of interest. However, it makes no warranties or representations as to the quality, currency and accuracy of information on any other site to which it provides a link. Indygene encourages clients/contacts/employees to view the terms and conditions of use, privacy policies and security statements on those sites.

Changes to our Privacy Statement

Nothing in this Statement is intended to create a contract or agreement. Indygene reserves the right to modify or amend this Statement at any time and will endeavour to post any changes on our website including updates and amendments to wording. Indygene encourages clients/contacts/employees to review the Policy Statement so that all remain informed regarding how Indygene protects Personal Information.

Indygene welcomes questions and comments regarding this Statement by contacting Indygene’ Privacy Officer or HR department.

Scroll to Top