How WorkZerk Adheres to Australian Privacy Principles

Privacy
Written By Chris Jack

At WorkZerk, protecting your data isn't just a legal obligation it's fundamental to how we've built our platform. As an Australian SaaS company handling sensitive compliance documentation for contractors, visitors, students, and staff, we take the Privacy Act 1988 and its 13 Australian Privacy Principles (APPs) very seriously.

Here's how WorkZerk addresses each principle:

APP 1: Open and Transparent Management of Personal Information

What it requires: Organisations must manage personal information openly and maintain a clear, up-to-date privacy policy.

How WorkZerk complies: Our Privacy Policy and Terms of Use are publicly accessible from our website footer and within the application. We clearly explain what data we collect, how we store it, and what we do with it. Our Data Safety page provides additional transparency about our security practices.

APP 2: Anonymity and Pseudonymity

What it requires: Where practicable, individuals should have the option to remain anonymous or use a pseudonym.

How WorkZerk complies: WorkZerk is designed for compliance verification—collecting SWMS documents, licenses, certifications, and Working With Children Checks. Australian workplace health and safety laws require verified identification for these purposes, which is a lawful exception under APP 2. However, our template system allows administrators to collect only the minimum information necessary for their specific compliance requirements.

APP 3: Collection of Solicited Personal Information

What it requires: Only collect personal information that is reasonably necessary, with higher standards for sensitive information.

How WorkZerk complies: Our template-based onboarding system gives administrators precise control over what information is collected for each portal. Every onboarding step includes clear instructions explaining why specific information is being requested. We collect directly from individuals (first-party collection), and sensitive information like identification documents is only requested when required for specific compliance purposes.

APP 4: Dealing with Unsolicited Personal Information

What it requires: Organisations must assess unsolicited information and destroy it if it wouldn't have been collected legitimately.

How WorkZerk complies: Our platform design minimises unsolicited information—users upload only specifically requested documents. Administrators can reject inappropriate uploads, and our self-destruct feature automatically deletes documents after approval, preventing accumulation of unnecessary data.

APP 5: Notification of Collection

What it requires: Individuals must be told what information is being collected and why, at or before the time of collection.

How WorkZerk complies: Each onboarding step template includes rich text instructions explaining what's being collected and why. Our Privacy Policy and Terms of Use are accessible throughout the onboarding process. When onboarding is complete, individuals receive an email receipt summarising what they've submitted.

APP 6: Use or Disclosure of Personal Information

What it requires: Personal information should only be used for the purpose it was collected, with limited exceptions.

How WorkZerk complies: Data collected through WorkZerk is used solely for compliance verification and onboarding management. Disclosure is limited to authorised administrators within the subscriber's workspace. We don't sell or share data with unrelated third parties. Our Terms clearly state that subscribers retain ownership of their data.

APP 7: Direct Marketing

What it requires: Strict conditions apply before personal information can be used for direct marketing.

How WorkZerk complies: We do not use collected compliance data for direct marketing. Email communications are limited to transactional purposes—onboarding receipts, rejection notices, and expiry reminders. Our Terms explicitly prohibit subscribers from using WorkZerk for spam or unsolicited marketing.

APP 8: Cross-Border Disclosure

What it requires: Before disclosing personal information overseas, organisations must ensure equivalent privacy protections exist.

How WorkZerk complies: WorkZerk data is hosted on Microsoft Azure's Sydney data centres, ensuring Australian data sovereignty. Our Terms require all users to be physically located in Australia or New Zealand. We don't routinely disclose personal information across borders.

APP 9: Government Related Identifiers

What it requires: Organisations generally cannot adopt government identifiers as their own customer identifiers.

How WorkZerk complies: WorkZerk uses its own internal identification system (Contact IDs, Guest IDs, Compliance IDs). Government identifiers like ABNs, White Card numbers, or WWCC numbers are collected only for verification purposes—never adopted as customer identifiers. Our passwordless access system uses secure 64-character random tokens.

APP 10: Quality of Personal Information

What it requires: Organisations must take reasonable steps to ensure personal information is accurate, up-to-date, and complete.

How WorkZerk complies: Our expiry tracking system ensures credentials remain current and prompts for renewal when documents are approaching expiry. The rejection workflow allows administrators to request corrections when information is inaccurate or incomplete. Human-in-the-loop (HITL) verification ensures manual review of critical documents before approval.

APP 11: Security of Personal Information

What it requires: Organisations must protect personal information from misuse, interference, loss, and unauthorised access.

How WorkZerk complies: Security is built into every layer of WorkZerk:

  • Mandatory MFA for all administrative users

  • Azure cloud infrastructure with enterprise-grade security

  • Encrypted storage using Azure Blob Storage

  • Temporary access tokens (SAS tokens with 8-hour expiry) for document viewing

  • Passwordless onboarding eliminates credential storage vulnerabilities

  • Self-destruct capability for sensitive documents after verification

  • Cloudflare DDoS protection for web infrastructure

  • Comprehensive audit trails tracking all compliance actions

  • 7-year data retention for audit purposes, aligned with Australian standards

APP 12: Access to Personal Information

What it requires: Individuals have the right to access personal information held about them.

How WorkZerk complies: Onboardees retain access to their portal link to view submitted information. Administrators can export data and provide access to stored compliance records on request. Onboarding receipts emailed to individuals contain a summary of submitted information.

APP 13: Correction of Personal Information

What it requires: Organisations must correct personal information if it's inaccurate, out-of-date, incomplete, or misleading.

How WorkZerk complies: Our rejection workflow is specifically designed for requesting corrections—when an administrator rejects a submission, the individual is automatically notified with clear reasoning and can re-submit corrected documents through their portal link. Administrators can also update Contact records directly when corrections are identified.

Our Commitment to Privacy

WorkZerk was built from the ground up with Australian privacy requirements in mind. Our Australian-hosted infrastructure, comprehensive security measures, and transparent data practices reflect our commitment to protecting the personal information entrusted to us.

We believe compliance onboarding shouldn't come at the cost of privacy. That's why we've designed WorkZerk to collect only what's necessary, protect it rigorously, and give both administrators and individuals visibility into how their data is handled.

For more information about our privacy practices, visit Privacy Policy from the link the footer of this website.

Chris Jack https://www.chrisjack.com.au
Previous

Omni‑Onboarding: We Invented a New Software Category
Next

Syntactic Equivalence and Compliance Onboarding