- What is personal data?
- What is sensitive personal data?
- What is a Data Controller? Who is the Data Protection Officer?
- What is a Data Processor?
- What is Data Processing?
- What information do we collect and how do we collect it?
- How do we use personal information?
- Floating CVs to Medipeople clients
- Collection and disclosure of TFNs
- Will Medipeople use personal information to contact users?
- Anonymity and Pseudonymity
- What legal basis do we have for processing your personal data?
- When do we share personal data?
- Where do we store and process personal data?
- How do we secure personal data?
- How long do we keep your personal data for?
- Your rights in relation to personal data
- Use of automated decision-making and profiling
- Use of Google Analytics
- Linking to other websites / third party content
- How to contact us
What is personal data?
Personal data means any information about a human which makes this particular human identifiable, including (but not limited to):
- Contact information (like address, email, phone numbers, fax numbers)
- Insurance details
- Employment history and details
- Financial, Tax & Accounting information
What is sensitive personal data?
Sensitive personal data means personal data which relates to information such as:
- Medical history
- Racial or ethnic origin
- Religious or philosophical beliefs
- Political opinion
- Trade union activities
- Criminal history
- Biometric data
What is a Data Controller? Who is the Data Protection Officer?
For the general data protection regulation (GDPR), the term “data controller” means the person or organisation deciding how and for what purpose any personal data is processed.
The data controller is Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000.
The data protection officer is James Whitaker, Managing Director who can be contacted at the above address, via email@example.com or via +61 2 8001 6272.
What is a Data Processor?
A data processor is a person or organisation which processes personal data and/or sensitive personal data for the data controller.
What is Data Processing?
Data processing describes any manual or automated operation or set of operations performed on personal data or sets of it. Examples include collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction of data.
What information do we collect and how do we collect it?
Medipeople collects data via forms on our website (including our service registration forms, newsletter registration forms, contact forms, feedback forms, enquiry forms, reward forms, disclosure forms), via email (if someone emails us) and via phone (if we call someone).
If someone contacts us but does not sign up for our professional services we still may collect your contact details including your full name, email address, physical address, any phone numbers as well as details on your professional status (grade and type of doctor) and communication preferences.
If someone signs up for our professional services we collect up to all of the following information:
- Full name and title
- Any address, email addresses, phone numbers, fax numbers and online contact details such as Skype ID
- Birth date
- Marital status and dependents
- How the person heard of us
- Email preferences
- Professional qualification details
- Employment details
- Visa and citizenship details
- Professional registration details
- Vehicle Ownership
- Work Preferences
- Acceptance of our policies and procedures
- Bank details
- Insurance Details
- Lobbyism history
- References and feedback from and/or about the person
- Any documents the person makes available to us such as CV, registration information, ID documentation, criminal history records, qualifications etc
- Any information you disclose to us via mail, email, phone conversations and/or online communication systems such as Skype
We only collect information which we expect to help us provide an excellent service to our customers.
In addition, we collect information from third parties. These include registration details via AHPRA (http://www.ahpra.gov.au/), criminal history information (with consent) via Fit2Work (https://www.fit2work.com.au/), Australian visa and residency information via the Australian Department of Immigration and Border Protection (https://online.immi.gov.au/), business information via the Australian Securities and investment Commission (https://connectonline.asic.gov.au/) and the Australian Business Register (https://abr.business.gov.au/). In some cases it may be necessary for Medipeople to collect personal information about an individual from a third party. This will only be done where it is unreasonable or impracticable to collect the information from the individual themselves. Medipeople will never sell user, customer or client information to third parties.
We process sensitive personal data and/or financial information if made available to us by our customers. We use sensitive personal data in providing recruitment services (e.g. by providing a hospital with the necessary sensitive compliance information). We use financial information in our accounting and payroll functions.
How do we use personal information?
Medipeople uses personal information to provide professional recruitment services and to advertise to customers. Specifically, we use personal information for:
- account set up and administration
- finding suitable job opportunities
- providing clients (health service providers) with customer (medical professional) information for candidate evaluation
- liasing with customers and clients
- meeting compliance standards in dealing with clients
- providing required customer information to clients for, before, during and/or after a locum or permanent work placement
- personalisation of content, business information or user experience
- delivering marketing communication
- internal research and development purposes
- meeting audit requirements
- legal obligations (eg prevention of fraud)
Floating CVs to Medipeople clients
By working with Medipeople, you give Medipeople permission to forward your resume to positions which may be suitable to your requirements. Your contact details such as phone number, email address, address etc. will not be provided to the third party.
Collection and disclosure of TFNs
If you have agreed to a position and Medipeople, the client or a third-party payroll organisation requests taxation paperwork from you to process your salary payments and/or complete your credentialing, Medipeople may request to collect your TFN information. Medipeople will securely store your TFN information, use it for internal payment arrangements (where applicable) and only disclose it to third parties if their request directly relates to your work position(s). Penalties apply to unauthorised acts and practices relating to TFNs and TFN information. You can read more about TFN law here. If you have any questions about how we handle TFN information, please contact our data protection officer via the contact details at the bottom of this page.
Will Medipeople use personal information to contact users?
From time to time we will send website or operational announcement updates to users by email. In addition, Medipeople will regularly email users who have registered their details on various relevant topics including available jobs, hiring trends, blog posts, talent showcasing, events. users may unsubscribe from operational and marketing emails at any time by clicking the unsubscribe link at the bottom of any marketing email (where present) or by emailing firstname.lastname@example.org.
Anonymity and Pseudonymity
While the APP does allow users to deal with Medipeople anonymously or by use of a pseudonym, Medipeople will be unable to provide services to a particular user without confirming their identity. Medipeople will be able to discuss its services in a general nature, including costs and charges which it might ordinarily charge for those services, prior to obtaining a user’s identity. Until such time as Medipeople has been provided sufficient information to provide a detailed quotation or outline of services to an individual any communication will be general in nature and will not be binding upon Medipeople.
What legal basis do we have for processing your personal data?
Medipeople Pty Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR). The legal ground for processing your personal data is formed by the consent you give to Medipeople when registering or contacting us via our website forms. In addition, we enter into a contract with you or facilitate a contract on your behalf if you we help you find a work position through our recruitment services.
You can withdraw or manage your consent by emailing Medipeople at email@example.com or calling +61 2 8001 6272.
When do we share personal data?
Medipeople are committed to protecting the privacy of our candidates, clients and users of this website and our services. We will disclose personal information and sensitive personal information to our clients where it is necessary in order to present a customer to a client or in regard to a contractual agreement involving a customer and a client. We may also disclose information to regulatory authorities such as AHPRA or the New Zealand Medical Council where necessary as well as to other service providers such as Fit2Work or payroll companies to provide services to our customers and ensure service reliability. Information is shared as directly as possible with the responsible person at a third party, typically electronically but where necessary in paper form.
We may disclose your personal information for the purposes for which it is primarily held or for a related secondary purpose and in some cases we may only disclose information with your consent.
Medipeople may forward your personal information to clients at their request, and additionally display promotional excerpts from your details in email marketing material. In such cases Medipeople will take all reasonable steps to de-identify the personal information that is being disclosed.
If the position you are applying for is in a country other than your country of residence or you register your interest in working in a country other than your country of residence, by completing your registration or submitting your application to us, you are agreeing to your personal details being forwarded to our offices, and possibly to employers in that country.
Where do we store and process personal data?
Medipeople stores and processes data across the globe. Our website and the information it contains are stored in Australia in a secure hosting environment. Our CRM is running in a secure cloud environment and backed up through the Amazon AWS. Some of our third-party providers are located outside of the EU. Where this is the case we will take steps to ensure suitable security measures are in place to protect your privacy rights as outlined in this policy. By providing us with your personal information and/or sensitive personal information you agree to this transfer, storing and/or processing. Our third-party supplies in the US are part of the “Privacy Shield” where participating companies are considered to have suitable data protection.
How do we secure personal data?
We have taken steps to ensure your information is treated securely with Medipeople. Any information you provide us with through our website is secured by 128 Bit encryption on SSL. To check whether our website is currently secure simply look for a lock icon in or near the address bar of your web browser (where you can see the https://medipeople.com.au/). If the icon is present our website is secure. If you can’t see the icon you can also open our website on a different browser to see if you can see it there.
How long do we keep your personal data for?
It typically is necessary for us to store and process customer data for years (at least 7 years to meet tax obligations). The reasons are that it may take months to find a suitable placement, that some placements take over a year to complete and that some customers find temporary work repeatedly through us for many years. Accordingly we cannot specify a specific maximum data retention period; however, we will delete customer data in line with our regulatory requirements once a customer requests us to do so, if we deem that our services can definitely no longer be of use for our customer or if we find ourselves permanently unable to contact a customer.
Your rights in relation to personal data
Right of access to personal information
You have the right to request a copy of the information we hold about you. If you would like a copy of some or of all your personal information, please contact us via firstname.lastname@example.org or calling +61 2 8001 6272. We will respond to your request within one month of receipt of the request.
Right of correction and deletion
It is important to us that your personal information is accurate and current. If you would like us to correct or remove information, please contact us via email@example.com or calling +61 2 8001 6272.
Right of withdrawal of consent
You can withdraw your consent to us storing and processing your information any time. If you would like to do so, please contact us via firstname.lastname@example.org or calling +61 2 8001 6272.
Right of data portability
You have the right to receive all personal data which we hold of you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without delay from the current data controller (us) if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Right to be Forgotten
You have the right to have all information that we hold about you deleted. If you would like to do so, please contact us via email@example.com or calling +61 2 8001 6272 or in writing to Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000.
Right to lodge a complaint
If you think that your personal data has not been processed in accordance with the GDPR, you have the right to lodge a complaint with the relevant supervisory authority. This authority in Australia is the Office of the Australian Information Commissioner.
Use of automated decision-making and profiling
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively.
This tracking information gives us a better understanding about what kind of people come to our website and what content they’re reading. This allows us to make better decisions about design and content. Occasionally, we will compile aggregate statistics based on the information provided by Google Analytics. No personally identifying data is included in this type of reporting. All of our tracking activity falls within the bounds of the Google Analytics Terms of Service.
Linking to other websites / third party content
How to contact us
Phone: +61 2 8001 6272
Mail: James Whitaker, Medipeople Pty Ltd, Suite 2 Level 18, 45 Clarence Street, Sydney NSW 2000