Application of this Statement

Automatic Data Processing Limited is committed to complying with the Privacy Act 1988 and related laws. Our corporate Privacy Statement sets out our policy in relation to the collection, use, disclosure and handling of such information. Please visit to view our corporate Privacy Statement.

Overseas Disclosure of Personal Information

As a global business, ADP may disclose your personal information to ADP related bodies corporate and other entities overseas, in the United States, Canada, India, the Philippines, and in countries of the European Union (e.g. France, Spain and Romania), as needed to provide the services that you and your employer have requested. These entities are required to enter into agreements containing appropriate confidentiality and privacy obligations. ADP will always protect the privacy and security of your personal information, regardless of where it is processed.

In order to provide clients with a high quality and competitive service, ADP may change its service arrangements from time to time, as a result of which personal information may be disclosed to ADP related bodies corporate and other entities in other countries. Where ADP does so, it will update this webpage. Individuals and clients of ADP are encouraged to check this webpage from time to time.

Notifiable Data Breaches (NDB) Scheme

The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches (NDB) scheme in Australia. The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) from 22 February 2018.

ADP maintains a formal process for responding to all security incidents. Our incident response process is designed to ensure that all incidents are addressed in a timely and effective manner and in accordance with ADP security policies, procedures, and legal requirements. These policies and procedures incorporate a specific assessment for determining if a security incident is an eligible data breach under the NDB scheme.

ADP notifies Clients of security incidents that result in exposure of Client’s data, without regard to whether the incident is an eligible data breach under the NDB scheme.

In the event that an eligible data breach does occur, ADP will work with our Clients to facilitate notification to the affected individuals and the OAIC.

More information on the Notifiable Data Breaches scheme can be obtained from the Office of the Australian Information Commissioner.