GDPR and Privacy Policy

GDPR and Privacy Policy


This policy sets out how Stepfirst collects, uses, and discloses personal data in accordance with the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988 (Privacy Act).

What is personal data?

Personal data is any information that relates to an identified or identifiable individual. This can include information such as name, address, email address, phone number, date of birth, and employment history.

How do we collect personal data?

Stepfirst collects personal data from a variety of sources, including:

Job applicants
Visitors to the Company’s website
Cloud-based storage systems

How do we use personal data?

Stepfirst uses personal data for a variety of purposes, including:

To provide recruitment services to clients
To process job applications
To manage employee records
To communicate with clients, contractors, and employees
To improve the Company’s website and services
To store data in cloud-based storage systems

How do we disclose personal data?

Stepfirst discloses personal data to third parties only when necessary to carry out its business functions. This may include disclosing personal data to:

Government agencies
Law enforcement agencies
Cloud-based storage providers

How do we protect personal data?

Stepfirst takes all reasonable steps to protect personal data from unauthorized access, use, disclosure, alteration, or destruction. This includes implementing appropriate technical and organizational security measures, such as encryption and access controls. The Company also uses cloud-based storage providers that have implemented appropriate security measures to protect personal data.

Rights of individuals

Individuals have a number of rights under the GDPR and the Privacy Act, including the right to:

Access their personal data
Rectify their personal data
Erase their personal data
Restrict processing of their personal data
Object to processing of their personal data
Port their personal data

Contact information

If you have any questions about this policy or your rights under the GDPR or the Privacy Act, please send us an email to

Additional Considerations for Cloud Data

When storing personal data in cloud-based storage systems, the Company takes the following additional steps to protect personal data:

Stepfirst only uses cloud-based storage providers that have implemented appropriate security measures to protect personal data.
Encrypts all personal data before storing it in cloud-based storage systems.
Restricts access to personal data to authorized personnel.
Monitors cloud-based storage systems for suspicious activity.

Stepfirst is committed to protecting your personal data, including cloud data, and complying with all applicable privacy laws and regulations.

Last Revised

This policy was last updated on 1st October 2023