Privacy Policy

Privacy Policy


Medipeople are committed to protecting the privacy of our candidates, clients and users of this website and our services.  Medipeople are committed to complying with the Australian Privacy Principles (APP) as set out in the Privacy Act 1988, the Australian NDB scheme as well as the European General Data Protection Regulation (GDPR). This Privacy Policy sets forth Medipeople’s policies regarding the collection and treatment of personal information.

This Privacy Policy governs how Medipeople Pty Ltd (including our website, customer relationship management system, emailing systems and recruitment services) will deal with any personal information received from individuals, whether by means of this website or otherwise. Please read this policy carefully and contact us with any questions or concerns about our privacy practices. This privacy policy contains the following information:

  • What is personal data?
  • What is sensitive personal data?
  • What is a Data Controller? Who is the Data Protection Officer?
  • What is a Data Processor?
  • What is Data Processing?
  • What information do we collect and how do we collect it?
  • How do we use personal information?
  • Floating CVs to Medipeople clients
  • Collection and disclosure of TFNs
  • Will Medipeople use personal information to contact users?
  • Anonymity and Pseudonymity
  • What legal basis do we have for processing your personal data?
  • When do we share personal data?
  • Where do we store and process personal data?
  • How do we secure personal data?
  • How long do we keep your personal data for?
  • Your rights in relation to personal data
  • Use of automated decision-making and profiling
  • Use of Google Analytics
  • Linking to other websites / third party content
  • How are users notified of changes to the Online Privacy Policy?
  • How to contact us

What is personal data?

Personal data means any information about a human which makes this particular human identifiable, including (but not limited to):

  • Names
  • Contact information (like address, email, phone numbers, fax numbers)
  • Insurance details
  • Employment history and details
  • Financial, Tax & Accounting information

What is sensitive personal data?

Sensitive personal data means personal data which relates to information such as:

  • Medical history
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Political opinion
  • Trade union activities
  • Criminal history
  • Biometric data

What is a Data Controller? Who is the Data Protection Officer?

For the general data protection regulation (GDPR), the term “data controller” means the person or organisation deciding how and for what purpose any personal data is processed.

The data controller is Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000.

The data protection officer is James Whitaker, Managing Director who can be contacted at the above address, via or via +61 2 8001 6272.

What is a Data Processor?

A data processor is a person or organisation which processes personal data and/or sensitive personal data for the data controller.

What is Data Processing?

Data processing describes any manual or automated operation or set of operations performed on personal data or sets of it. Examples include collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction of data.

What information do we collect and how do we collect it?

Medipeople collects data via forms on our website (including our service registration forms, newsletter registration forms, contact forms, feedback forms, enquiry forms, reward forms, disclosure forms), via email (if someone emails us) and via phone (if we call someone).
If someone contacts us but does not sign up for our professional services we still may collect your contact details including your full name, email address, physical address, any phone numbers as well as details on your professional status (grade and type of doctor) and communication preferences.
If someone signs up for our professional services we collect up to all of the following information:

  • Full name and title
  • Any address, email addresses, phone numbers, fax numbers and online contact details such as Skype ID
  • Gender
  • Birth date
  • Marital status and dependents
  • How the person heard of us
  • Email preferences
  • Professional qualification details
  • Employment details
  • Visa and citizenship details
  • Professional registration details
  • Vehicle Ownership
  • Work Preferences
  • Acceptance of our policies and procedures
  • Bank details
  • Insurance Details
  • Lobbyism history
  • References and feedback from and/or about the person
  • Any documents the person makes available to us such as CV, registration information, ID documentation, criminal history records, qualifications etc
  • Any information you disclose to us via mail, email, phone conversations and/or online communication systems such as Skype

We only collect information which we expect to help us provide an excellent service to our customers.

In addition, we collect information from third parties. These include registration details via AHPRA (, criminal history information (with consent) via Fit2Work (, Australian visa and residency information via the Australian Department of Immigration and Border Protection (, business information via the Australian Securities and investment Commission ( and the Australian Business Register ( In some cases it may be necessary for Medipeople to collect personal information about an individual from a third party. This will only be done where it is unreasonable or impracticable to collect the information from the individual themselves. Medipeople will never sell user, customer or client information to third parties.

We process sensitive personal data and/or financial information if made available to us by our customers. We use sensitive personal data in providing recruitment services (e.g. by providing a hospital with the necessary sensitive compliance information). We use financial information in our accounting and payroll functions.

How do we use personal information?

Medipeople uses personal information to provide professional recruitment services and to advertise to customers. Specifically, we use personal information for:

  • account set up and administration
  • finding suitable job opportunities
  • providing clients (health service providers) with customer (medical professional) information for candidate evaluation
  • liasing with customers and clients
  • meeting compliance standards in dealing with clients
  • providing required customer information to clients for, before, during and/or after a locum or permanent work placement
  • personalisation of content, business information or user experience
  • delivering marketing communication
  • internal research and development purposes
  • meeting audit requirements
  • legal obligations (eg prevention of fraud)

Floating CVs to Medipeople clients

By working with Medipeople, you give Medipeople permission to forward your resume to positions which may be suitable to your requirements. Your contact details such as phone number, email address, address etc. will not be provided to the third party.

Collection and disclosure of TFNs

If you have agreed to a position and Medipeople, the client or a third-party payroll organisation requests taxation paperwork from you to process your salary payments and/or complete your credentialing, Medipeople may request to collect your TFN information. Medipeople will securely store your TFN information, use it for internal payment arrangements (where applicable) and only disclose it to third parties if their request directly relates to your work position(s). Penalties apply to unauthorised acts and practices relating to TFNs and TFN information. You can read more about TFN law here. If you have any questions about how we handle TFN information, please contact our data protection officer via the contact details at the bottom of this page.

Will Medipeople use personal information to contact users?

From time to time we will send website or operational announcement updates to users by email. In addition, Medipeople will regularly email users who have registered their details on various relevant topics including available jobs, hiring trends, blog posts, talent showcasing, events. users may unsubscribe from operational and marketing emails at any time by clicking the unsubscribe link at the bottom of any marketing email (where present) or by emailing

Anonymity and Pseudonymity

While the APP does allow users to deal with Medipeople anonymously or by use of a pseudonym, Medipeople will be unable to provide services to a particular user without confirming their identity. Medipeople will be able to discuss its services in a general nature, including costs and charges which it might ordinarily charge for those services, prior to obtaining a user’s identity. Until such time as Medipeople has been provided sufficient information to provide a detailed quotation or outline of services to an individual any communication will be general in nature and will not be binding upon Medipeople.

What legal basis do we have for processing your personal data?

Medipeople Pty Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR). We are also committed to the Australian APPs. The legal ground for processing your personal data is formed by the legitimate interest we have for processing your data, which is
for candidates/doctors/nurses/managers: to inform you about suitable job options and to help you find one or several job position(s)
for clients/contacts: to inform you about potentially suitable candidates for your job vacancies and/or organisation and to help you hire or contract more staff.
Especially with locum placements, but sometimes also with permanent placements, we help our candidates secure multiple placements over time. We often help our clients and contacts to hire multiple candidates over time.
Additional grounds for processing your data may be formed based on consent you give to Medipeople when registering with us, contacting us via our website forms, entering into a contract with us or entering into a contract with someone else which we facilitate on your behalf. If you are a client contact, your employing organisation may have entered into an agreement with us which provides us with consent to store and process your information.
You can withdraw or manage your consent by emailing Medipeople at or calling +61 2 8001 6272. Additionally, there will likely be an opt-out or ‘manage preferences’ link at the bottom of any emails that we send you; if that link is not present and you would like to unsubscribe or update your preferences please email us at

When do we share personal data?

Medipeople are committed to protecting the privacy of our candidates, clients and users of this website and our services. We will disclose personal information and sensitive personal information to our clients where it is necessary in order to present a customer to a client or in regard to a contractual agreement involving a customer and a client. We may also disclose information to regulatory authorities such as AHPRA or the New Zealand Medical Council where necessary as well as to other service providers such as Fit2Work or payroll companies to provide services to our customers and ensure service reliability. Information is shared as directly as possible with the responsible person at a third party, typically electronically but where necessary in paper form.

We may disclose your personal information for the purposes for which it is primarily held or for a related secondary purpose and in some cases we may only disclose information with your consent.

Medipeople may forward your personal information to clients at their request, and additionally display promotional excerpts from your details in email marketing material. In such cases Medipeople will take all reasonable steps to de-identify the personal information that is being disclosed.

If the position you are applying for is in a country other than your country of residence or you register your interest in working in a country other than your country of residence, by completing your registration or submitting your application to us, you are agreeing to your personal details being forwarded to our offices, and possibly to employers in that country.

Where do we store and process personal data?

Medipeople stores and processes data across the globe. Our website and the information it contains are stored in Australia in a secure hosting environment. Our CRM is based on the Salesforce platform, runs in a secure cloud environment and is backed up through secure cloud services. Some of our third-party providers are located outside of the EU. Where this is the case we will take steps to ensure suitable security measures are in place to protect your privacy rights as outlined in this policy. By providing us with your personal information and/or sensitive personal information you agree to this transfer, storing and/or processing. Our third-party suppliers in the US are part of the “Privacy Shield” where participating companies are considered to have suitable data protection.

How do we secure personal data?

We have taken steps to ensure your information is treated securely with Medipeople. Any information you provide us with through our website is secured by 128 Bit encryption on SSL. To check whether our website is currently secure simply look for a lock icon in or near the address bar of your web browser (where you can see the If the icon is present our website is secure. If you can’t see the icon you can also open our website on a different browser to see if you can see it there.

For information which you send to us via email we strive to protect your personal information. However, this information channel is not entirely under our control and so we cannot guarantee the security of any information you send to us in this way. It is at your own risk. After we receive information from you we make our best effort to ensure its security on our systems including password protected information access zones for different tiers of staff to prevent unauthorised access. We are independently audited by Certex International to ensure our privacy policy is followed.

How long do we keep your personal data for?

It typically is necessary for us to store and process customer data for years (at least 7 years to meet legal obligations). The reasons are that it may take months to find a suitable placement, that some placements take over a year to complete and that some customers find temporary work repeatedly through us for many years. Accordingly we cannot specify a specific maximum data retention period; however, we will delete customer data in line with our regulatory requirements once a customer requests us to do so, if we deem that our services can definitely no longer be of use for our customer or if we find ourselves permanently unable to contact a customer.

Your rights in relation to personal data

Right of access to personal information

You have the right to request a copy of the information we hold about you. If you would like a copy of some or of all your personal information, please contact us via or calling +61 2 8001 6272. We will respond to your request within one month of receipt of the request.

Right of correction and deletion
It is important to us that your personal information is accurate and current. If you would like us to correct or remove information, please contact us via or calling +61 2 8001 6272.

Right of withdrawal of consent

You can withdraw your consent to us storing and processing your information any time. If you would like to do so, please contact us via or calling +61 2 8001 6272.

Right of data portability

You have the right to receive all personal data which we hold of you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without delay from the current data controller (us) if:

(a)    The processing is based on consent or on a contract, and
(b)    The processing is carried out by automated means.

Right to be Forgotten

You have the right to have all information that we hold about you deleted. If you would like to do so, please contact us via or calling +61 2 8001 6272 or in writing to Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000.

Right to lodge a complaint
If you think that your personal data has not been processed in accordance with the GDPR, you have the right to lodge a complaint with the relevant supervisory authority. This authority in Australia is the Office of the Australian Information Commissioner.

Use of automated decision-making and profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively.

Use of Cookies and Google Analytics

Google Analytics is a piece of software that collects data about our website visitors (you) by using cookies. A cookie is a small file that is downloaded to your device when you visit our website. The majority of websites use cookies. These files usually contain information like a website’s name and a unique user ID. By using cookies, Google Analytics records which website you came from to get here, how long you stay for, what kind of device you’re using, what you’re looking at on our website and quite a bit more.

This tracking information gives us a better understanding about what kind of people come to our website and what content they’re reading. This allows us to make better decisions about design and content. Occasionally, we will compile aggregate statistics based on the information provided by Google Analytics. No personally identifying data is included in this type of reporting. All of our tracking activity falls within the bounds of the Google Analytics Terms of Service.

You can opt out of Google’s advertising tracking cookie or use a browser plugin to opt out of all Google Analytics tracking software.

Linking to other websites / third party content

Medipeople may provide links to websites of third parties. In addition, clients and providers may also provide links to their websites. Medipeople are not responsible for the content, reliability, security, or privacy practices of these websites. This Online Privacy Policy applies solely to this website.

How are users notified of changes to the Online Privacy Policy?

From time to time, Medipeople may update this Privacy Policy by posting a revised policy on this website. Users who are unwilling to accept such changes must “opt out” by terminating their registration with the website or Medipeople.

How to contact us

Please contact us if you have any questions about our privacy policy or about information we hold about you. If you would like to make a request of any kind we urge you to make it in writing so that there is a verifiable record of your request.

Phone: +61 2 8001 6272
Mail: James Whitaker, Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000