Privacy Policy

1. Who We Are

JobSeek New Zealand Limited ("JobSeek", "we", "us", or "our") operates the recruitment, hiring, compliance, and workforce onboarding platform accessible at jobseek.nz and associated mobile applications (the "Platform").

We are a New Zealand company subject to the Privacy Act 2020 (the Act) and are committed to handling your personal information in accordance with all 13 Information Privacy Principles contained in that Act, and in many cases exceeding those requirements.

Our Privacy Officer can be contacted at: privacy@jobseek.nz

2. What Personal Information We Collect

The information we collect depends on how you use the Platform. We collect only what is necessary for the purpose for which it is collected (IPP 1).

2.1 Candidates

• Identity: Full name, preferred name, date of birth, gender, email address, mobile number, physical address, profile photograph
• Employment history: Past and current employers, positions held, dates, responsibilities, achievements
• Qualifications: Educational institutions, degrees, diplomas, trade certificates, professional licences, dates achieved, grades
• Skills: Professional skills, experience levels, years of experience
• References: Referee name, employer, position, email, phone, relationship — collected with your explicit consent and the referee's consent
• Work rights: Citizenship status, visa type, visa number (encrypted), visa expiry date, work conditions
• Driver licence: Licence number (encrypted), version number (encrypted), class, endorsements, issue date, expiry date
• Identity documents: Passport, driver licence, or national ID uploaded for verification purposes — stored encrypted
• Financial / payroll: IRD number (encrypted), bank account details (encrypted), KiwiSaver status, tax code — only collected during onboarding and only if you provide it
• Emergency contact: Name, relationship, phone number — only collected during onboarding
• CVs and documents: Uploaded resumes, cover letters, certificates, and other career documents
• Preferences: Preferred locations, salary expectations, employment type preferences, remote work preferences, shift availability
• Criminal check results: Status of check (not full report) — subject to your explicit consent
• Digital signature data: Typed signature, IP address, timestamp, device/browser information captured at signing

2.2 Employers

• Company information: Legal name, trading name, NZBN, industry, website, employee count, registered address, operational address
• Contact details: Primary contact name, email, phone, position
• User accounts: Names, email addresses, roles of team members with platform access
• Job postings: All content of job advertisements including salary ranges, requirements, questions
• Billing information: Subscription details, invoice records — payment card data is never stored by us (handled by our payment processor)

2.3 Recruitment Agencies

• Agency information: Agency name, NZBN, website, address
• Recruiter profiles: Name, email, phone, role within agency
• Client records: Names and contact details of employer clients
• Placement records: Candidate and client data related to placements, fees, and revenue

2.4 All Users (Automatically Collected)

• Technical data: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages visited, features used, search queries, time on platform, click patterns
• Session data: Login timestamps, session duration, logout time
• Geolocation: Country, region, city, latitude and longitude derived from IP address
• Login history: Date, time, IP address, device, browser, and success/failure status of every login attempt

3. How We Collect Personal Information

We collect personal information directly from you wherever practicable (IPP 2):

• When you register an account and complete your profile
• When you upload documents, CVs, or identity materials
• When you apply for jobs or submit applications
• When you complete verification processes
• When you correspond with us, employers, or recruiters through the Platform
• When you sign documents digitally
• When you complete onboarding tasks
• Automatically through cookies and server logs when you use the Platform

We may also collect information from third parties in the following circumstances:

• NZBN register: To verify employer company details at registration
• NZTA: To verify driver licence validity, classes, and endorsements (with your consent)
• Immigration New Zealand: To verify visa status and work rights (future capability, with your consent)
• RealMe: For high-assurance identity verification (future capability, with your consent)
• Ministry of Justice: For criminal record checks (with your explicit consent)
• References: When referees complete reference checks you have requested
• GeoIP providers: MaxMind or equivalent, to determine location from IP address for security purposes
• Microsoft / Google: If you choose to sign in using your Microsoft or Google account

In all cases we will tell you, at or before the time of collection, the purpose for which information is being collected and how it will be used (IPP 3).

4. Why We Collect Personal Information

We collect personal information for the following purposes:

• To create and manage your account and verify your identity
• To match candidates with suitable job opportunities
• To enable employers and recruiters to review candidate suitability
• To conduct identity, work rights, licence, qualification, and criminal record verification
• To generate and maintain the JobSeek Passport™ trust score
• To facilitate digital offer letters, employment agreements, and signatures
• To manage employee onboarding processes
• To process billing and subscription payments
• To detect fraud, prevent abuse, and maintain platform security
• To comply with our legal obligations under New Zealand law
• To improve the Platform through analysis of usage patterns
• To send relevant communications, alerts, and notifications
• To enable AI-powered matching, recommendations, and insights

5. How We Use Personal Information

We will only use personal information in ways that are consistent with the purpose for which it was collected (IPP 10), and we will not use it for a secondary purpose without your consent, unless permitted by law.

5.1 Candidate Profiles

Your candidate profile is used to present you to employers and recruiters when you apply for roles, or when you opt in to being searchable. You control who can see your profile through your privacy settings. You can choose to hide your current employer, restrict recruiter searches, or make your profile entirely private.

5.2 Verification Data

Identity documents, visa details, and licence information are used solely for verification. Once verified, we display only the verification status to employers and recruiters — not the underlying documents or sensitive numbers. Passport numbers, visa numbers, and licence numbers are encrypted at rest and never exposed to any third party.

5.3 Payroll and Financial Information

IRD numbers, bank account details, and tax codes are collected only during the onboarding stage, only if you provide them, encrypted immediately upon receipt, and shared only with the employer for the purpose of establishing your payroll. We do not use this information for any other purpose.

5.4 Communications

We may send you emails, SMS messages, and in-app notifications relating to:

• Account security (login alerts, password resets, MFA codes)
• Application updates (status changes, interview requests, offers)
• Verification reminders and expiry alerts
• Onboarding tasks and deadlines
• Platform updates that affect you

Marketing communications are only sent with your explicit consent and you may opt out at any time through your account settings or by emailing privacy@jobseek.nz.

6. AI and Automated Processing

JobSeek uses artificial intelligence and automated processing in the following ways:

6.1 CV Parsing

When you upload a CV, our AI extracts structured data (employment history, skills, qualifications) to pre-fill your profile. You review and confirm all extracted data before it is saved. The AI does not make employment decisions — it only assists with data entry.

6.2 Candidate-Job Matching

We use AI to calculate a match score between your profile and job listings. This score is based on skills, experience, qualifications, location, work rights, and verification status. The match score is a recommendation tool only — all hiring decisions are made by human employers and recruiters.

6.3 Trust Score (JobSeek Passport™)

We calculate a Trust Score based on your verification status across identity, work rights, criminal check, driver licence, qualifications, references, and profile completeness. This score is shown to employers as an indicator of verification completeness. The score is recalculated automatically when underlying verification data changes.

6.4 Fraud and Risk Detection

We use automated systems to detect duplicate accounts, suspicious registrations, and potentially fraudulent activity. These systems flag anomalies for human review — no automated decision that materially affects you is made without human oversight. You have the right to request human review of any automated decision that affects you.

6.5 Your Rights Regarding Automated Decisions

If you believe an automated system has produced an incorrect result that affects you, you may contact us at privacy@jobseek.nz to request a manual review. We will respond within 10 working days.

7. Sharing and Disclosure

We do not sell your personal information. We do not share your personal information except in the following circumstances:

7.1 Employers and Recruiters

When you apply for a job or are submitted by a recruiter, the employer or recruiter receives access to your candidate profile including the information you have made available for that purpose. Sensitive data (passport numbers, licence numbers, visa numbers) is never shared — only the verification status is shared.

7.2 Verification Providers

To conduct verification checks, we share limited information with authorised providers including:

• NZTA — driver licence verification
• Immigration New Zealand — work rights verification (future)
• RealMe — identity verification (future)
• Ministry of Justice — criminal record checks (with explicit consent only)
• NZBN Register — employer company verification

Each provider is bound by their own privacy obligations under New Zealand law.

7.3 Technology Service Providers

We use trusted third-party providers to operate the Platform. These providers act as our processors and are contractually obligated to handle personal information only as directed by us and to maintain appropriate security. They include:

• Microsoft Azure — cloud infrastructure and authentication
• OpenAI — AI processing for CV parsing, matching, and content generation
• Xero — accounting and invoicing (recruiter billing)
• MaxMind — GeoIP intelligence
• SMS providers — for authentication and notification messages
• Our SMTP provider — for transactional email delivery

7.4 Legal Requirements

We may disclose personal information if required to do so by law, by a court order, or by a government agency with lawful authority to require such disclosure, in accordance with the Act and other applicable New Zealand legislation. Where possible and lawful, we will notify you of any such disclosure.

7.5 Business Transfers

If JobSeek is involved in a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify users of any such change in advance and ensure the acquiring entity is bound by privacy obligations equivalent to or greater than those in this policy.

8. GeoIP and Security Intelligence

When you access the Platform, we record your IP address and use it to determine your approximate geographic location (country, region, city). We also detect whether you are using a VPN, proxy, Tor network, or datacentre IP address.

This information is used exclusively for:

• Fraud prevention and detecting suspicious account activity
• Generating a risk score that may be visible to employers and compliance staff when reviewing applications
• Identifying potentially fraudulent registrations (e.g., a candidate applying for a local role from a high-risk jurisdiction with no NZ work rights and a VPN active)
• Maintaining a login history so you can review whether your account has been accessed from unexpected locations

We do not use GeoIP data to discriminate against candidates based on their nationality or location. Risk flags are reviewed by humans before any action is taken on a candidate account.

9. Identity and Compliance Verification

Our verification platform allows candidates to voluntarily submit information for verification. The following principles govern our handling of this data:

• All verification is voluntary unless required by an employer for a specific role
• Sensitive identifiers (passport number, visa number, licence number) are encrypted using AES-256 and are never stored in plain text
• Identity documents are stored in a secure storage location that is not accessible via HTTP
• Criminal check results are stored only as a status (Pending / Clear / Completed) — full report contents are not stored on our Platform
• Employers see only verification status badges — they do not receive copies of documents
• Verification records are subject to expiry and must be renewed
• You may withdraw consent for any verification at any time, subject to contractual obligations with specific employers

10. Digital Signatures and Signed Documents

When you digitally sign a document on the Platform (such as an employment offer letter or onboarding form), we capture and permanently retain the following information as part of the legal audit trail:

• Your typed signature (the name you entered)
• Your full name as registered on the Platform
• The date and time of signing in New Zealand time and UTC
• Your IP address at the time of signing
• Your browser and device details (user agent)
• A SHA-256 verification seed computed from the above data, embeded in the signed document
• A copy of the signed document in PDF format

This information is retained for the legally required period and may be provided to relevant parties (employer, courts, government agencies) if required to establish the validity of a signed agreement.

You may request a copy of any document you have signed through your onboarding vault at any time.

11. Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law (IPP 9):

• Active accounts: Retained while your account remains active
• Closed candidate accounts: Profile data is retained for 12 months after account closure in case of dispute, then deleted or anonymised. CV and document files are deleted within 30 days of account closure
• Closed employer accounts: Company records are retained for 7 years in accordance with the Companies Act 1993
• Signed employment documents: Retained for 7 years from the date of signing in accordance with employment law requirements
• Criminal check results: Automatically expired and deleted after 12 months unless renewed
• Audit logs: Retained for 7 years
• Login history and security events: Retained for 2 years
• Verification records: Retained until expiry plus 12 months
• Billing records: Retained for 7 years in accordance with the Tax Administration Act 1994

Records are never physically deleted — they are marked as deleted and become inaccessible to users and operators. Permanent purging occurs on the schedule above unless a legal hold is in place.

12. Security

We take all reasonable steps to protect personal information from unauthorised access, use, modification, disclosure, and loss (IPP 5):

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Encryption at rest: Sensitive fields (passport numbers, licence numbers, visa numbers, IRD numbers, bank accounts) are encrypted at rest using AES-256
• File storage: Uploaded documents are stored outside the web root in a location not directly accessible via HTTP
• Authentication: Passwords are hashed using industry-standard algorithms. Multi-factor authentication is available and encouraged for all accounts
• Access controls: Role-based access ensures staff and users can only access information appropriate to their role
• Audit logging: All significant actions are logged with user ID, IP address, and timestamp
• Session management: Sessions expire after inactivity and are invalidated on logout
• Penetration testing: The Platform is subject to regular security assessments

If you become aware of a security vulnerability or suspect unauthorised access to your account, please contact us immediately at security@jobseek.nz.

In the event of a privacy breach that is likely to cause serious harm, we will notify the Privacy Commissioner and affected individuals as required by the Act.

13. International Data Transfers

Some of our service providers are located outside New Zealand. When we transfer personal information outside New Zealand, we ensure appropriate safeguards are in place in accordance with IPP 12, including:

• Contractual obligations requiring overseas recipients to maintain equivalent privacy protections
• Ensuring that overseas recipients are subject to comparable privacy laws or binding frameworks

Specifically:

• Microsoft Azure (Australia/New Zealand regions): CV data and documents may be processed in Australia or New Zealand data centres. Microsoft is bound by GDPR and similar international frameworks
• OpenAI (United States): CV content and job descriptions may be processed by OpenAI's API for AI features. We do not send identity documents or sensitive identifiers to OpenAI. OpenAI's data use is governed by their API data processing agreement

14. Your Rights

Under the Privacy Act 2020, you have the following rights:

14.1 Right of Access (IPP 6)

You have the right to request access to personal information we hold about you. We will respond within 20 working days. You can access much of your information directly through your account at any time.

14.2 Right of Correction (IPP 7)

If you believe personal information we hold about you is incorrect, you may request correction. Where we are unable to agree to the correction, you may request that we attach a notation to the record indicating that you dispute its accuracy.

14.3 Right to Know (IPP 3)

You have the right to know why we are collecting your information, who will receive it, and what happens if you do not provide it. This policy, together with in-product explanations, fulfils this right.

14.4 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

14.5 Right to Account Deletion

You may request deletion of your account at any time through your account settings or by contacting us. Note that some records (audit logs, signed employment documents, billing records) must be retained for legal purposes as described in section 11.

14.6 Right to Make a Complaint

If you believe we have breached the Privacy Act 2020, you may make a complaint to us at privacy@jobseek.nz. We will acknowledge your complaint within 5 working days and respond fully within 20 working days.

If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner:

• Website: www.privacy.org.nz
• Phone: 0800 803 909
• Email: enquiries@privacy.org.nz

14.7 How to Exercise Your Rights

To exercise any of the above rights, contact our Privacy Officer at privacy@jobseek.nz or write to:

Privacy Officer
JobSeek New Zealand Limited
New Zealand

We may need to verify your identity before processing your request.

15. Cookies and Tracking

We use cookies and similar technologies to operate the Platform. Our cookies are divided into:

• Essential cookies: Required for the Platform to function (authentication, session management, CSRF protection). These cannot be disabled
• Functional cookies: Remember your preferences (theme, language, display settings)
• Analytics cookies: Help us understand how the Platform is used. We use privacy-respecting analytics that do not track you across other websites

We do not use advertising or cross-site tracking cookies. You may manage non-essential cookie preferences through your browser settings or our cookie preference centre.

For full details, see our Cookie Policy.

16. Children

The Platform is not intended for use by persons under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child without appropriate consent, we will delete that information promptly.

If you believe a child has provided us with personal information without appropriate consent, please contact us at privacy@jobseek.nz.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will:

• Update the effective date at the top of this policy
• Display a prominent notice on the Platform
• Send an email notification to all registered users
• Where required by law, seek your consent before the change takes effect

We recommend reviewing this policy periodically. The current version will always be available at jobseek.nz/privacy.

18. Contact and Complaints

19. Privacy Principles Reference

The table below maps the 13 Information Privacy Principles (IPPs) of the Privacy Act 2020 to our practices: