- What is personal data?
- What is sensitive personal data?
- What is a Data Controller? Who is the Data Protection Officer?
- What is a Data Processor?
- What is Data Processing?
- What information do we collect and how do we collect it?
- How do we use personal information?
- Floating CVs to Medipeople clients
- Collection and disclosure of TFNs and tax information
- Will Medipeople use personal information to contact users?
- Anonymity and Pseudonymity
- What legal basis do we have for processing your personal data?
- When do we share personal data?
- Where do we store and process personal data?
- How do we secure personal data?
- How long do we keep your personal data for?
- Your rights in relation to personal data
- Use of automated decision-making and profiling
- Linking to other websites / third party content
- How to contact us
What is personal data?
Personal data means any information about a human which makes this particular human identifiable, including (but not limited to):
- Contact information (like address, email, phone numbers, fax numbers)
- Insurance details
- Employment history and details
- Financial, Tax & Accounting information
What is sensitive personal data?
Sensitive personal data means personal data which relates to information such as:
- Medical history
- Racial or ethnic origin
- Religious or philosophical beliefs
- Political opinion
- Trade union activities
- Criminal history
- Biometric data
What is a Data Controller? Who is the Data Protection Officer?
For the general data protection regulation (GDPR), the term “data controller” means the person or organisation deciding how and for what purpose any personal data is processed.
The data controller is Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000.
The data protection officer is James Whitaker, Managing Director who can be contacted at the above address, via firstname.lastname@example.org or via +61 2 8001 6272.
What is a Data Processor?
A data processor is a person or organisation which processes personal data and/or sensitive personal data for the data controller.
What is Data Processing?
Data processing describes any manual or automated operation or set of operations performed on personal data or sets of it. Examples include collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction of data.
What information do we collect and how do we collect it?
Medipeople collects data via forms on our website (including our service registration forms, newsletter registration forms, contact forms, feedback forms, enquiry forms, reward forms, disclosure forms), via email (if someone emails us or we email someone), via phone (if we call someone or someone calls us), via text messaging (if someone messages us directly or via an online service, via Google Ads (if someone interacts with one of our ads) and via Google Analytics services (information about our website visitors).
If you contact us but do not sign up for our professional services we still may collect your contact details including your full name, email address, physical address, any phone numbers as well as details on your professional status (grade and type of doctor) and communication preferences. We will also retain copies of your communication with us.
If someone signs up for our professional services we collect up to all of the following information:
- Full name and title
- Any address, email addresses, phone numbers, fax numbers and online contact details such as Skype ID
- Birth date
- Marital status and dependents
- How the person heard of us
- Email preferences
- Professional qualification details
- Employment details
- Visa and citizenship details
- Professional registration details
- Vehicle Ownership
- Work Preferences
- Acceptance of our policies and procedures
- Bank details
- Insurance Details
- Lobbyism history
- References and feedback from and/or about the person
- Compliance & credentialing documentation for various Australian states as well as other countries
- Any documents the person makes available to us such as CV, registration information, ID documentation, criminal history records, qualifications etc
- Any website usage data including page and content views, movements, form submissions, calls, clicks and any other website traffic related data
- Any information you disclose to us via mail, email, phone conversations and/or online communication systems such as Skype
We only collect information which we expect to help us provide an excellent service to our customers and market our business effectively.
In addition, we collect information from third parties. These include registration details via AHPRA (http://www.ahpra.gov.au/), criminal history information (with consent) via Fit2Work (https://www.fit2work.com.au/), Australian visa and residency information via the Australian Department of Immigration and Border Protection (https://online.immi.gov.au/), business information via the Australian Securities and Investment Commission (https://connectonline.asic.gov.au/) and the Australian Business Register (https://abr.business.gov.au/). In some cases it may be necessary for Medipeople to collect personal information about an individual from a third party. This will only be done where it is unreasonable or impracticable to collect the information from the individual themselves. Medipeople will never sell user, customer or client information to third parties.
We process sensitive personal data and/or financial information if made available to us by our customers. We use sensitive personal data in providing recruitment services (e.g. by providing a hospital with the necessary sensitive compliance information). We use financial information in our accounting and payroll functions.
How do we use personal information?
Medipeople uses personal information to provide professional recruitment services and to advertise to customers & potential customers. Specifically, we use personal information for:
- account set up and administration
- finding suitable job opportunities
- providing clients (health service providers) with customer (medical professional) information for candidate evaluation
- liasing with customers and clients
- meeting compliance standards in dealing with clients
- providing required customer information to clients for, before, during and/or after a locum or permanent work placement
- personalisation of content, advertisements, business information or user experience
- utilising targeted online advertising
- delivering marketing communication
- internal research and development purposes
- meeting audit requirements
- legal obligations (eg prevention of fraud)
Floating CVs to Medipeople clients
By working with Medipeople, you give Medipeople permission to forward your resume, references, registration information, criminal history checks and any other potentially required documentation to positions/position providers which may be suitable to your requirements. Your contact details such as phone number, email address, address etc. will not be provided to the third party before a placement is confirmed.
Collection and disclosure of TFNs and tax information
If you have agreed to a position and Medipeople, the client or a third-party payroll organisation requests taxation paperwork from you to process your salary payments and/or complete your credentialing, Medipeople may be required to collect, store, process and/or distribute your Australian tax information including your TFN. Medipeople will securely store your TFN information, use it for internal payment arrangements (where applicable) and only disclose it to third parties if their request directly relates to your work position(s). Penalties apply to unauthorised acts and practices relating to TFNs and TFN information. You can read more about TFN law here. If you have any questions about how we handle TFN information, please contact our data protection officer via the contact details at the bottom of this page.
Will Medipeople use personal information to contact users?
From time to time we will send website or operational announcement updates to users by email. In addition, Medipeople will regularly email users (unless they have unsubscribed) on various relevant topics including available jobs, hiring trends, blog posts, talent showcasing, events. Users may unsubscribe from operational and marketing emails at any time by clicking the unsubscribe link at the bottom of any marketing email (where present) or by emailing email@example.com.
Anonymity and Pseudonymity
While the APP does allow users to deal with Medipeople anonymously or by use of a pseudonym, Medipeople will be unable to provide services to a particular user without confirming their identity. Medipeople will be able to discuss its services in a general nature, including costs and charges which it might ordinarily charge for those services, prior to obtaining a user’s identity. Until such time as Medipeople has been provided sufficient information to provide a detailed quotation or outline of services to an individual any communication will be general in nature and will not be binding upon Medipeople.
What legal basis do we have for processing your personal data?
Medipeople Pty Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR) in regard to users with citizenship of an EU member state. We are also committed to the Australian APPs. The legal ground for processing your personal data is formed by the legitimate interest we have for processing your data, which is
for candidates/doctors/nurses/managers: to inform you about suitable job options and to help you find one or several job position(s)
for clients/contacts: to inform you about potentially suitable candidates for your job vacancies and/or organisation and to help you hire or contract more staff.
Especially with locum placements, but sometimes also with permanent placements, we help our candidates secure multiple placements over time. We often help our clients and contacts to hire multiple candidates over time.
Additional grounds for processing your data may be formed based on consent you give to Medipeople when registering with us, contacting us via our website forms, entering into a contract with us or entering into a contract with someone else which we facilitate on your behalf. If you are a client contact, your employing organisation may have entered into an agreement with us which provides us with consent to store and process your information.
You can withdraw or manage your consent by emailing Medipeople at firstname.lastname@example.org or calling +61 2 8001 6272. Additionally, there will likely be an opt-out or ‘manage preferences’ link at the bottom of any emails that we send you; if that link is not present and you would like to unsubscribe or update your preferences please email us at email@example.com.
When do we share personal data?
Medipeople are committed to protecting the privacy of our candidates, clients and users of this website and our services. We will disclose personal information and sensitive personal information of our candidates to our clients where it is helpful in order to present a candidate to a client or in regard to a work arrangement involving a customer and a client. If we think it will help us in our recruitment efforts we may upload your personal information and sensitive personal information to a client’s management system (e.g. Litmus). We may also disclose information to regulatory authorities such as AHPRA or the New Zealand Medical Council where necessary as well as to other service providers such as Fit2Work or payroll companies to provide services to our customers and ensure service reliability. We share your information as derived from your usage of our website and online advertisements with google and their analytics & advertisement partners when you visit our website or interact with our advertisements. We may also share your personal information with Google and/or Facebook for advertising purposes. Information is shared as directly as possible with the responsible person at a third party, typically electronically but where necessary in paper form.
We may disclose your personal information for the purposes for which it is primarily held or for a related secondary purpose and in some cases we may only disclose information with your consent.
Medipeople may forward your personal information to clients at their request, and additionally display promotional excerpts from your details in email marketing material. In such cases Medipeople will take all reasonable steps to de-identify the personal information that is being disclosed.
If the position you are applying for is in a country other than your country of residence or you register your interest in working in a country other than your country of residence, by completing your registration or submitting your application to us, you are agreeing to your personal details being forwarded to our offices, and possibly to employers in that country.
Where do we store and process personal data?
Medipeople stores and processes data across the globe. Our website and the information it contains are stored in Australia in a secure hosting environment. Our CRM is based in the US on the Salesforce platform, runs in a secure cloud environment and is backed up through secure cloud services. Some of our third-party providers are located outside of the EU or Australia. Where this is the case we will take steps to ensure suitable security measures are in place to protect your privacy rights as outlined in this policy. By providing us with your personal information and/or sensitive personal information you agree to this transfer, storing and/or processing. We are confident that our third-party suppliers in the US have appropriate data protection and transfer measures in place.
How do we secure personal data?
We have taken steps to ensure your information is treated securely with Medipeople. Any information you provide us with through our website is secured by 128 Bit encryption on SSL. To check whether our website is currently secure simply look for a lock icon in or near the address bar of your web browser (where you can see the https://medipeople.com.au/). If the icon is present our website is secure. If you can’t see the icon our website’s data encryption is inactive; you can also open our website on a different browser or replace http:// with https:// to see if you can see it then.
How long do we keep your personal data for?
It typically is necessary for us to store and process customer data for years (at least 7 years for a lot of data types in order to meet legal obligations). The reasons are that it may take months to find a suitable placement, that some placements take over a year to complete and that some customers find temporary work repeatedly through us for many years. Accordingly we cannot specify a specific maximum data retention period; however, we will delete customer data in line with our regulatory requirements once a customer requests us to do so, if we deem that our services can definitely no longer be of use for our customer or if we find ourselves permanently unable to contact a customer.
Your rights in relation to personal data
Making a request in relation to your personal data
If you would like to make a request as outlined below, please contact the data protection officer and include all of the following information (incomplete requests may not be processed):
- Full name
- Email address
- The details of your request (what you would like us to do and which specific data your request relates to) dated and signed
If we are not satisfied you are who you claim to be, we reserve the right to refuse to grant your request.
Citizen Group A
If you are not a citizen of the European Union, UK, California or Brazil, then the Australian Privacy Principles and the rights granted by them apply to you. You can read more here: Australian Privacy Principles. If you would like to make such a request, please contact the data protection officer. You have a right to:
- know why your personal information is being collected, how it will be used and who it will be disclosed to
- have the option of not identifying yourself, or of using a pseudonym in certain circumstances
- ask for access to your personal information
- stop receiving unwanted direct marketing
- ask for your personal information that is incorrect to be corrected
- make a complaint about an entity covered by the Privacy Act, if you consider that they have mishandled your personal information’
However, we reserve the right to act in accordance with the rights outlined below even for citizens of countries other than the European Union, California or Brazil.
Citizen Group B
If you are a citizen of the European Union, UK, California, Brazil or another country with similarly revised privacy legislation, the following rights apply to you. In addition, if you have any other privacy rights under the EU GDPR, UK GDPR, California CCPA, Brazilian LGPD or similar legislation and those rights are not explicitly listed below, then you still have full access to those rights and we will execute them on your request.
Citizen Group B: Right of access to personal information
You have the right to request a copy of the information we hold about you. If you would like a copy of some or of all your personal information, please contact the data protection officer. We will respond to your request within one month of receipt of the request.
Citizen Group B: Right of correction and deletion
You have a right of correction and deletion. It is important to us that your personal information is accurate and current. If you would like us to correct or remove information, please contact the data protection officer.
Citizen Group B: Right of withdrawal of consent
You can withdraw your consent to us storing and processing your information any time. If you would like to make such a request, please contact the data protection officer.
Citizen Group B: Right of data portability
You have the right to receive all personal data which we hold of you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without delay from the current data controller (us) if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
If you would like to make such a request, please contact the data protection officer.
Citizen Group B: Right to be Forgotten
You have the right to have all information that we hold about you deleted. If you would like to make such a request, please contact the data protection officer.
In certain circumstances, in line with article 17(3) of the GDPR, we may not be able to erase your data. In such cases you will be informed and given our reasons for that decision. While we will usually be happy to erase the personal data you request, we reserve the right to charge a fee or refuse the request if it is considered to be ‘manifestly unfounded or excessive’ in accordance with Article 12(5) of the GDPR.
Citizen Group B: Right to lodge a complaint
If you think that your personal data has not been processed in accordance with the GDPR, you have the right to lodge a complaint with the relevant supervisory authority. The most appropriate authority in Australia is most likely the Office of the Australian Information Commissioner.
Use of automated decision-making and profiling
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you and present you with more relevant advertising. We may make use of extra information about you when it is available from external sources to help us do this effectively.
Occasionally, we will compile aggregate statistics based on the information provided by Google Analytics. All of our Google tracking activity falls within the bounds of the Google Analytics Terms of Service. If you want to be 100% sure that we do not hold current cookie information about you, please use the opt-out options as described below, permanently stop visiting any pages of the medipeople website and delete your browser’s cookies and browsing history. You can also use browser extensions to block some tracking processes – we recommend conducting an online search using the key words “ad blocker” for your specific browser if you are interested.
Medipeople uses several analytics & advertising features. Through our usage of cookies, Google Analytics can record which website you came from to get here, how long you stay for, what kind of browser & device you’re using, what you’re looking at on our website, your IP address, your location and quite a bit more. Our website places advertising cookies, which share information about you between different Google services/features in order to provide more accurate information about you (see further down in this paragraph). These cookies also help us to advertise to you with more relevant information and in more relevant ways. They also help us to to (re-) engage you with in relation to our content and/or services. If you’ve visited our website, we may show ads to you which are designed to encourage you to return to our website and interact with our offers. This is done through Google Remarketing, which is using individually identifiable information about you to display advertisements to you across your web browsing activity. We may use a Google functionality called ‘Customer Match’, which involves taking personal information we have collected from/about you and giving it to Google for advertising purposes. In this case, Google may act as the data controller in order to process your information and learn form it. If you would like to opt out of our use of Google Remarketing or Google Customer Match, please make a written request to the Data Protection Officer (contact details are listed at the bottom of this page).
Google collects and uses many different types of information about you, including your browsing history. We collect, use and share your information derived from your usage of our website with Google for tracking, analysis, aggregation, advertisement and advertisement personalisation. The online ads we publish through Google’s network may appear in many different places, including but not limited to search results, other websites and third-party apps. Specifically, we may be be using Google advertising features such as Analytics, Analytics 360, Google Tag Manager, Conversation Tracking, Google Ads, Remarketing Ads, Remarketing with Analytics, demographics & interest reports, integrated services, Campaign Manager integration, Display & Video 360 integration, Google Display Network (GDN) Impression Reporting, Search Ads 360, ad-based calls, ad-based messaging, AdSense, BigQuery, Ad Exchange and/or Search Console at any given time and in integration with each other. Depending on the permissions you have given to or revoked from Google, Google may incorporate a larger selection of information about you in the data it presents to us than what Google can gather from our website’s data alone. Any data Google provides to us about you falls within the bounds of Google’s Terms of Service.
We may use ‘Custom Audiences’ for Facebook advertising. Through this advertising feature we present advertisements to Facebook users based on names, phone numbers, email addresses and similar information we have collected of our users in the course of business and directly shared with Facebook for advertising purposes. We may also create a ‘Lookalike Audience’ in Facebook – this is an audience of people which Facebook considers similar to people who are part of one or several of our ‘Custom Audiences’ (and as such are based on the information we provide to Facebook to create a ‘Custom Audience’). We may also be using a Facebook functionality called ‘Lead Ads’. Facebook in these cases operates as both Data Processor (to run the advertisements for us) and Data Controller (to use the data we provide for internal processing & learning from it).
Linking to other websites / third party content
How to contact us
Phone: +61 2 8001 6272
Mail: James Whitaker, Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000