Privacy Policy

Privacy Policy

Method Privacy Policy

Last Updated: 09/02/2026

1. Privacy Policy

Method is committed to providing quality services to our clients and candidates and this policy outlines our ongoing obligations to you, and to our internal employees in respect of how we manage your Personal Information.


We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). The National Privacy Principles govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.


Method manages personal information in an open and transparent way. This principle aims to handle sensitive private information and to assist in building community trust and confidence in those practices.


The organisations collecting your personal information are Method Recruitment Group Pty Ltd, Method Services Pty Ltd and Method Advisory Pty Ltd, which are referred to as Method, in this Policy.


A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.

2. What is Personal Information and why do we collect it?

Personal Information is information or opinion that relates to (rather than is about) an identified or reasonably identifiable individual.


Examples of Personal Information we collect include names, addresses, email addresses, phone numbers, previous employment history and salary information.


This Personal Information is obtained in many ways including:

  • Interviews
  • Correspondence, by telephone and by email or social media platforms such as LinkedIn
  • Via our website www.methodrecruitmentgroup.com.au, and from cookies
  • From third parties e.g. referrals (We don’t guarantee website links or policies of authorised third parties)


We collect your Personal Information for the primary purpose of providing our recruitment services to you, providing information to our candidates and clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. Your Personal Information is unlikely to be disclosed outside of Australia, and if required to disclose internationally, you will be expressly requested for your consent.

3. Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.


Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained – recruitment services
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent or where required or authorised by law.

4. Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. See Method Referral Program Terms and Conditions for further information on how we ensure that all parties are made aware; located on the Method website.


  • Require privacy impact assessments to be conducted prior to undertaking activities with high privacy risks, which may include some activities involving targeted advertising, individual profiling, sensitive information, children, automated decision making and sale of personal information.
  • Require entities to determine and record the purposes for which they collect, use and disclose personal information.

5. Third Party Management

5.1 Assessments

  • Third parties must sign the Method Terms and Conditions of Business Document which includes a Confidentiality clause (clause 7).
  • Alternatively, Method must sign the Third Party’s Third-Party Non-Disclosure Agreement
  • Third parties engaging in recruitment services must also sign the MRG Client Agreement (Contractor Engagement Agreement) which includes a Confidentiality clause (clause 7).
  • All third-party relationships must be evaluated for inherent information security risk prior to any interaction with Method Information Resources
  • Criteria for inherent risk classifications must be established; “High”, “Medium”, and “Low”.
  • All third-party relationships must be re-evaluated for inherent information security risk bi-annually and any time there is a material change in how Method utilizes the third-party product or service
  • Third party relationships with significant inherent risk (classified as “High” or “Medium”) must be evaluated for residual risk using questionnaires, publicly available information, and/or technical tools
  • Residual information security risk assessments must account for administrative, physical, and technical controls
  • Residual information security risk thresholds must be established for third party relationships with significant inherent risk (classified as “High” or “Medium”)
  • Third parties are required to determine and record the purposes for which they collect, use and disclose personal information.

5.2 Third party relationships that do not meet established residual information security risk thresholds:

  • Must be terminated
  • Must be formally approved by executive management following an established waiver process, and/or
  • Changed in a manner that reduces inherent and/or residual information security risk to meet Method Group’s established thresholds
  • Third party relationships concerning industry and/or regulatory requirements (i.e. PCI- DSS, HIPAA, etc.) must be reviewed on no less frequent than an annual basis

5.3 Third party agreements and contracts must specify:

  • Method’s information the vendor should have access to
  • How Method’s information is to be protected by the third party
  • How Method’s information is to be transferred between (Method) and the third party
  • Acceptable methods for the return, destruction or disposal of (Method) information in the third party’s possession at the end of the relationship/contract
  • Minimum information security requirements
  • Information security incident response and notification requirements
  • The right for Method to audit third party information security protections and controls
  • If the third party subcontracts part of the information and communication technology service provided to Method, the third party is required to ensure appropriate information security practices are followed throughout the supply chain
  • The third party must only use Method Information Resources for the purpose of the business agreement and/or contract
  • Work outside of defined parameters in the contract must be approved in writing by the appropriate Method point of contact
  • third party performance must be reviewed annually to ensure compliance with agreed upon contracts and/or service level agreements (SLAs). In the event of non- compliance with contracts or SLAs regular meetings will be conducted until performance requirements are met.
  • The third party’s major IT work activities must be entered into or captured in a log and made available to Method upon request
  • The log must include events such as personnel changes, password changes, project milestones, deliverables, and arrival and departure times
  • Any other Method information acquired by the third party during the contract cannot be used for the third party’s own purposes or divulged to others
  • Third party personnel must report all security incidents directly to the appropriate Method IT personnel
  • Method will provide a technical point of contact for the third party
  • The point of contact will work with the third party to ensure compliance with this policy
  • Third parties must provide Method list of key personnel working on the contract when requested
  • Third parties must provide Method with notification of key staff changes within 24 hours of change
  • Upon departure of a third party employee from a contract, for any reason, the third party will ensure all sensitive information is collected and returned to Method or destroyed within 24 hours
  • Upon termination of contract, third parties must be reminded of confidentiality and non-disclosure requirements
  • Upon termination of contract or at the request of Method, the third party must surrender all Method badges, access cards, equipment and supplies immediately
  • Any equipment and/or supplies to be retained by the third party must be documented by authorized Method IT management and Support Team and be wiped or have the data removed before being retained
  • Disclosure if transferring personal information outside Australia

6. Disclosure of Personal Information & Consent

Your Personal Information may be disclosed in a number of circumstances including the following:

  • Third parties where you consent to the use or disclosure
  • Where required or authorised by law


Method will ensure consent for this disclosure by following the process outlined below:

  • You will receive the Method Privacy Collection Statement on first interaction with the company
  • You will receive written notification of the company or third party name that your personal information will be shared with via email
  • You will have an opportunity to authorize this by confirming your consent via reply email
  • Your details will be provided to the company or third party once the above has been received

7. Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.


When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years and a maximum of 20 years. Processes in place to ensure your Personal Information is stored securely:


  • Method’s CRM was chosen due to the company’s robust security and ethics policy
  • Method’s CRM users follow the Australian Cyber Security Centre’s guidelines on password management
  • Method’s internal employee onboarding and offboarding includes a Personal Information Security checklist


If there is a breach where your personal information is store, such as:

  • A device containing your personal information is lost or stolen
  • A database containing your personal information is hacked
  • Mistakenly given to the wrong person


Then you will be notified and recommendations will be given about the steps you should take in response to the data breach. Method will notify the Office of the Australian Information Commissioner (OAIC) via the online Notifiable Data Breach form within 72 hours. Method will follow the data breach response plan.

8. Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. Method will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.


In order to protect your Personal Information we will require identification from you before releasing the requested information.

9. Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.


Processes in place to ensure your Personal Information is up to date:

  • CRM automations to directly allow you to update your Personal Information
  • Regular communications from Method via phone and email

10. Withdrawing your Personal Information

If you wish to withdraw your consent for Method to hold or use your Personal Information, you may email your request to support@methodrecruitment.com.au. All requests will be actioned in a timely manner. You may also request deletion and erasure of your Personal Information.

11. AI and Automated Decision Making

Method will inform individuals when relying on substantially automated decision-making based on personal information where there is a legal effect or other significant effect for the individual.


Your Personal Information will not be used to train Generative AI Products. Your Personal Information may be used by Method’s approved licensed Generative AI Product if the related purpose is within reasonable expectations and related to a primary purpose. If this is not the case, you will be contacted to request consent for that use and be offered a meaningful and informed ability to opt-out of such a use. Method’s employees are regularly trained and expressly required not to input any Personal Information into publicly available Generative AI tools such as ChatGPT.


For further information, see the Method Generative AI Usage Policy.

12. Governance

Privacy impact assessments are conducted prior to undertaking activities with high privacy risks, which may include some activities involving targeted advertising, individual profiling, sensitive information, children, automated decision making and sale of personal information. The training on this Policy as part of the Method’s Onboarding Process includes:



  • WorkPro Privacy Online Module including test passing requirements
  • Face to Face Security Awareness Module run by the HR department
  • Face to Face Policy Training Module on the Privacy Act 1988 and this Method Privacy Policy, with an understanding and acknowledgement to be signed post module completion

13. Enforcement

Method employees found to have violated any provision of this policy may be subject to sanctions up to and including removal of access rights, termination of employment, termination of contract, and/or related civil or criminal penalties.

14. Policy Updates

This Policy may change from time to time and is available on our website.

15. Privacy Policy Complaints and Enquiries

In the case of a formal complaint about the use and/or handling of your information, Method will take action by conducting a formal investigation and attempt to resolve the complaint following the Method Grievance Procedure. Complaints and enquiries may be directed to support@methodrecruitment.com.au


For more information, you may also contact the Office of the Australian Information Commissioner on 1300 363 992.

Get In Touch

Contact Us

Office

120 Maiden Ln
San Francisco, CA
555-555-5555

Email

mymail@mailservice.com