1.1 MedEnterprises is committed to protecting your privacy and the personal information we collect. Personal information is collected and managed in accordance with applicable privacy laws, such as:
1.3 “Personal information” means information about an identifiable individual. Personal information includes an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
2.1 This Policy relates to personal information collected by MedEnterprises NZ Limited Partnership (MELP) and other members of the MedEnterprises Group.
2.2 The MedEnterprises Group consists of MELP and:
2.3 In this Policy, the MedEnterprises Group, or a member of the MedEnterprises Group, is referred to as “MedEnterprises”, “we”, “us” or “our”.
**3 Privacy Officer **
3.1 Our Privacy Officer is the contact point for any queries, requests or complaints relating to your personal information.
3.2 The Privacy Officer can be contacted at:
**4 Consent **
4.1 In Australia and New Zealand: by submitting your personal information to MedEnterprises, you consent to MedEnterprises dealing with your personal information in accordance with this Policy. In addition, if applicable law requires your specific consent to deal with particular personal information, you will be asked to give that consent. Your personal information will be used, stored, disclosed and treated according to this Policy.
4.2 In the European Union: when submitting your personal information to MedEnterprises, you will be asked to provide consent to the use of your personal information for the purpose it was submitted and consent separately to the use of your personal information for the purpose of direct marketing outlined in this Policy.
**5 Collecting your personal information **
5.1 It is MedEnterprises’ usual practice to collect personal information directly from you. Collection may occur when you fill in and submit one of our application forms, provide information to us through our websites, or electronically via our telecommunications or email systems.
5.2 We also collect personal information that has been provided to us through an external third party, or a publicly available source. MedEnterprises will take reasonable steps, where practicable, to inform you that we have collected personal information from a third party.
5.3 The type of personal information we collect will depend on various factors such as the type of service you request or use and the applicable legal and regularly obligations. This may include collection of the following kinds of information:
5.4 If you do not provide information, or the information provided is insufficient or inaccurate, this may limit the scope of services that MedEnterprises can provide to you.
5.5 We collect personal information for the purposes set out in clause 6 (Use of Personal Information)
**6 Use of Personal Information **
6.1 MedEnterprises will only use your personal information in accordance with applicable privacy laws.
6.2 MedEnterprises collects your personal information for the purposes of:
6.3 MedEnterprises may also use personal information for purposes directly related or incidental to the above, and for any other purpose authorised by you or permitted by law.
6.4 MedEnterprises may use personal information for direct marketing purposes as follows:
6.4.1 If you are an Australian and New Zealand citizen, you acknowledge your personal information may be used for the purpose of direct marketing to the extent permitted by applicable law. If you are a European Union citizen, your personal information may be used for the purpose of direct marketing where consent is given to do so.
6.4.2 We market using a variety of methods including email, phone, and SMS. We may use information collected from you from one entity in the MedEnterprises Group to directly market the services of another entity in the MedEnterprises Group.
6.4.3 If you do not wish to have your personal information used for direct marketing purposes, you may contact our Privacy Officer and request not to receive direct marketing communications. Your marketing preferences will be updated on our systems.
**7 Information collected on our websites **
7.1 Users are advised that there are inherent risks in transmitting information across the internet. The internet is an open system and MedEnterprises cannot guarantee that the personal information you submit will not be intercepted by others. Our websites may have links to external websites operated by other organisations. We cannot guarantee the content or privacy practices of external websites and do not accept responsibility for those websites.
7.2 When you access our websites, our web hosting provider may make a record of the visit and log the following information for statistical purposes:
7.3 This statistical information is anonymous and no attempt is made to identify users or their individual browsing activities. An exception is in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect a web hosting provider's server logs.
**8 Cookies **
8.2 Cookies enable activities such as, retaining registration details, work preferences, logins, usernames and search queries. If you do not wish to retain information about your visit you can delete the cookies in your browser and change the settings in your web browser.
9 Disclosure of personal information
9.1 MedEnterprises will only disclose your personal information in accordance with the applicable privacy laws.
9.2 MedEnterprises may disclose your personal information for the purpose it was collected as set out in this Policy, and as otherwise permitted by applicable privacy law. Accordingly, MedEnterprises may disclose your personal information to other parties (located locally and/or overseas), including:
9.3 We take reasonable steps to ensure that personal information disclosed to third parties is protected in the same way that MedEnterprises protects this information.
9.4 MedEnterprises stores personal information overseas in connection with the operation of our business and provision of our services. MedEnterprises uses cloud service providers, such as AWS, Sharepoint and Salesforce. The countries in which your personal information may be stored may include Australia and New Zealand and other countries in Asia-Pacific. MedEnterprises may access and use personal information from overseas countries.
9.5 MedEnterprises may disclose personal information where required to do so by law, court order, subpoena or other legal process, as requested by a governmental or law enforcement authority.
**10 Data Quality and Correction **
10.1 MedEnterprises takes reasonable steps to ensure that the personal information it collects is accurate, up to date and complete.
10.2 You have the right to request a correction to any of your personal information that MedEnterprises holds, subject to certain grounds for refusal as set out in the relevant privacy laws. In circumstances where your personal information has changed or you find the information to be inaccurate please contact the Privacy Officer for correction. The Privacy Officer will take reasonable steps to update and correct the information in accordance with applicable privacy law. MedEnterprises may also contact you from time to time to check the information is correct.
10.3 If we have disclosed personal information about you that is inaccurate you can ask us to notify third parties to whom we made the disclosure. Reasonable steps will be taken to notify the third party unless it is impracticable or unlawful to do so.
10.4 MedEnterprises will respond to your request for correction within 20 working days. If we do not agree the information should be changed and refuse to correct your personal information you may make a complaint.
**11 Access **
11.1 You have the right to request access to the personal information held about you by MedEnterprises.
11.2 If you wish to obtain access to your personal information you should contact our Privacy Officer. You will need to verify your identity. We may charge you our reasonable costs of providing you copies of your personal information.
11.3 We may refuse to provide you with access in certain circumstances permitted by applicable law. One important circumstance is where evaluative material is obtained confidentially during reference checks. We may refuse access if it would breach confidentiality or if it would interfere with the privacy of others.
11.4 MedEnterprises will respond to your request for access within 20 working days. If we refuse access to personal information or to give access in the manner requested, you may make a complaint.
11.5 European Union citizens have the right to “data portability”. If this right applies to you: (i) you may receive your personal data in a structured, commonly used and readable format; and (ii) you have the right to transmit that data to another data controller where technically feasible and where it does not infringe on the rights of another individual.
**12 Data Security and Storage **
12.1 MedEnterprises takes reasonable steps to protect the personal information we hold from loss, unauthorized access and misuse.
12.2 Your information is stored on our database and cloud storage. This database is operated on a server that allows disclosure to cross border recipients only as required for the performance of our services. The database has restricted user access.
12.3 MedEnterprises may provide your personal information to third parties contracted by MedEnterprises in order to perform data storage and data processing services. All reasonable steps will be taken to ensure that the third parties comply with MedEnterprises’ instructions and will not use your personal information for any other purpose.
12.4 We take a range of measures to protect your personal information. These measures include:
12.5 While MedEnterprises takes reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk. MedEnterprises makes no warranty (express or implied) in respect of data transferred over the internet. You acknowledge that the security of any personal information collected via the internet is not guaranteed.
**13 Retention and Disposal **
13.1 Subject to clause 13.2, we retain your personal information for only as long as it is required for the purposes for which it may lawfully be used. In addition, if applicable law requires us to cease holding your personal information when you withdraw consent, we will cease retaining it after you withdraw your consent. You can withdraw your consent at any time by contacting the Privacy Officer.
13.2 If we are unable to dispose of or delete personal information then it will either be encrypted for protection or undergo a de-identification process, to disassociate personal information from other data stored by us.
13.3 You acknowledge that we may have lawful purposes for retaining employee records, immunization records, patient-based issues, or complaints for a period continuing beyond the time during which you are actively engaged as a candidate, client, or employee with or by MedEnterprises.
14 Right of erasure, or to be forgotten
14.1 European Union citizens have the “right to be forgotten”. If you are a European citizen you may request the deletion of any of your personal or sensitive information. We will deal with such requests in accordance with applicable law.
14.2 Be aware that deletion is total and irreversible, meaning we may lose all records of you on our systems. To request deletion of your personal information, contact the Privacy Officer using the email address we hold for you or otherwise proving your identity.
15 Data Breaches
15.1 In the event that personal information has been lost or subject to unauthorised access, misuse, interference, or disclosure, we will take all necessary steps to contain and rectify the data breach, as soon as practicable, and prevent reoccurrence.
15.2 Where the privacy breach is likely to result in serious harm, we will take reasonable steps to notify you and provide you with relevant information in relation to the breach, as required by applicable law. As soon as practicable, and to the extent we reasonably consider we are required or permitted to by applicable law, we will also contact and prepare a statement for the Information Commissioner (AU) or the Privacy Commissioner (NZ) detailing the breach and the steps taken. A review of the incident will be completed, and action taken to reduce the likelihood of future breaches.
15.3 Where you are a European Union citizens and the data breach relates to your personal information, we will notify the applicable supervisory authority within 72 hours and notify you if there is a high risk to your personal rights and freedoms.
16.1 We may change this Policy from time to time. If we change this Policy, we will update the copy of this Policy available on our website. Your continued use of our services, or continued engagement with us, constitutes your acceptance of the changed Policy and that any personal information collected or held by us will be subject to the changed Policy.
**17 Privacy Complaints **
17.1 You may make a complaint about our handling of your personal information if you believe that we have interfered with your privacy. Complaints should be made to our Privacy Officer in writing.
17.2 When we receive your complaint, we will take steps to confirm the authenticity of the complaint and the contact details of the complainant. Upon confirmation, we:
17.3 If the complaint cannot be resolved, you may take your complaint to a recognised external dispute resolution provider such as the Office of the Australian Information Commissioner (Australian citizens), or the New Zealand Privacy Commissioner (New Zealand citizens) or in the case of European Union citizens, with a supervisory authority in the Member State of your habitual residence.
18 Additional European Union and California privacy terms
18.1 To the extent that you are a European Union citizen, the General Data Protection Regulation (EU) 2016/679 (GDPR) will apply to the processing of your personal information and the following provisions will apply:
18.2 To the extent you are a natural person resident in California, United States of America (a “consumer”), the California Consumer Privacy Act of 2018 (CCPA) will apply to the processing of your personal information and the following provisions will apply: