Privacy Policy

1 Purpose

1.1 Medenterprises is committed to protecting your privacy and the personal information provided to us, or otherwise collected by us when providing our Services. Personal information is collected and managed in accordance with applicable privacy laws, such as:

1.1.1 the Privacy Act 2020 (NZ);

1.1.2 the Privacy Act 1988 (AU); and

1.1.3 the General Data Protection Regulation (EU).

1.2 This Medenterprises Privacy Policy (Policy) outlines how Medenterprises collects, discloses, uses, stores and handles your personal information.

1.3 “Personal information” means information about an individual who is identified or reasonably identifiable. Personal information includes opinions whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

2 Scope

2.1 This Policy relates to personal information collected by Medenterprises International Limited and other members of the Medenterprises Group.

2.2 The Medenterprises Group consists of:

2.2.1 Medrecruit: a recruitment service matching doctors to clients in the healthcare markets of Australia and New Zealand

2.2.2 Medenterprises: provides group support services

2.2.3 Medworld: is a digital solution to make career management easy for medical staff and to improve staffing for Medical providers

2.3 In this Policy, the Medenterprises Group, or a member of the Medenterprises Group, is referred to as “Medenterprises”, “we”, “us” or “our”.

3 Privacy Officer

3.1 Our Privacy Officer is the contact point for any queries, requests or complaints relating to your personal information.

3.2 The Privacy Officer can be contacted at:

3.2.1 Email: privacy.officer@medrecruit.com

3.2.2 Phone: 0508 633 227 (NZ) or 1800 633 227 (AU).

4 Consent

4.1 In Australia and New Zealand: by submitting your personal information to Medenterprises, you consent to Medenterprises dealing with your personal information in accordance with this Policy. In addition, if applicable law requires your specific consent to deal with particular personal information, you will be asked to give that consent. Your personal information will be used, stored, disclosed and treated according to this Policy.

4.2 In the European Union: when submitting your personal information to Medenterprises, you will be asked to provide consent to the use of your personal information for the purpose it was submitted and consent separately to the use of your personal information for the purpose of direct marketing outlined in this Policy.

5 Collecting your personal information

5.1 It is Medenterprises’ usual practice to collect personal information directly from you. Collection may occur when you fill in and submit one of our application forms, provide information to us through our websites or mobile applications, or electronically via our telecommunications or email systems.

5.2 We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website or mobile applications, in emails, over the telephone, in your online enquiries and when you share updates or information on Medworld.

5.3 We also collect personal information that has been provided to us through an external third party, or a publicly available source. Medenterprises will take reasonable steps, where practicable, to inform you that we have collected personal information from a third party.

5.4 The type of personal information we collect will depend on various factors such as the type of service you request or use and the applicable legal and regularly obligations. This may include collection of the following kinds of information:

5.4.1 Contact: information that allows us to communicate with you (e.g., e-mail, social media contact details, address, telephone number, comments made on our websites or mobile applications, Facebook, LinkedIn Twitter or on email)

5.4.2 Correspondence: Records of correspondence where Medenterprises is contacted, including by phone, email or post. Sometimes, we collect personal information, comments and feedback that individuals choose to give us via our websites. We may use this information to provide services, for marketing purposes, or to contact you for further information or feedback.

5.4.3 Identity: information that allows us to identify you (e.g., name, date of birth, address occupation, government issued identification, photo identification)

5.4.4 Professional: information that helps us to understand more about your employment history including qualifications, talents, skills and abilities (e.g., references, resume/cv, qualification documents, criminal history, health records)

5.4.5 Financial: information that allows us to pay you should you be engaged by us or one or more of our clients (e.g., bank details, tax details, superannuation, insurance, assets and liabilities, expenses, income)

5.4.6 Web Searches: information that allows us to assess your suitability for a position (e.g., background checking via Google, regulatory and immigration sites, electronic identity verification databases and medical registrations boards)

5.4.7 Other Individuals: information we request, or that you provide, about an individual other than yourself (previous employer and referees). If you provide us information about another person, then you are responsible for making that individual aware that you have disclosed their personal information to us and that we can use that information as set out in this Policy.

5.4.8 Immigration: information that allows us to verify that you are legally permitted to work (e.g., evidence of citizenship, visa or work permit documents).

5.5 If you do not provide information, or the information provided is insufficient or inaccurate, this may limit the scope of services that Medenterprises can provide to you.

5.6 We collect personal information for the purposes set out in clause 6 (Use of Personal Information)

6 Use of Personal Information

6.1 Medenterprises will only use your personal information in accordance with applicable privacy laws.

6.2 Medenterprises collects your personal information for the purposes of:

6.2.1 Verifying your identity;

6.2.2 Assisting you in finding or retaining work;

6.2.3 Assisting in your career performance or management;

6.2.4 Assisting you in accommodation and flights for locum services;

6.2.5 Paying you should you be engaged as an employee or contractor;

6.2.6 Helping in work rehabilitation;

6.2.7 Directly marketing our services to you (you have a right to opt-out from receiving direct marketing). Any opinions you provide to us such as testimonials may be passed onto a third party for the purposes of creating marketing material. We will ask your consent before passing this information onto the third party;

6.2.8 Managing risk;

6.2.9 Protecting and/or enforcing our legal rights and interests, including defending any claim;

6.2.10 Gathering statistical information and comply with statutory requirements;

6.2.11 Conducting research and statistical analysis (on an anonymised basis);

6.2.12 Providing you with Medenterprises services;

6.2.13 Promoting doctor wellbeing;

6.2.14 Advocating for improved doctor health;

6.3 Medenterprises may also use personal information for purposes directly related or incidental to the above, and for any other purpose authorised by you or permitted by law.

6.4 Medenterprises may use personal information for direct marketing purposes as follows:

6.4.1 If you are an Australian and New Zealand citizen, you acknowledge your personal information may be used for the purpose of direct marketing to the extent permitted by applicable law. If you are a European Union citizen, your personal information may be used for the purpose of direct marketing where consent is given to do so.

6.4.2 We market using a variety of methods including email, phone, and SMS. We may use information collected from you from one entity in the Medenterprises Group to directly market the services of another entity in the Medenterprises Group.

6.4.3 If you do not wish to have your personal information used for direct marketing purposes, you may use the opt out or unsubscribe option provided on marketing communications,update your details in the preference centre, or contact our Privacy Officer and request not to receive direct marketing communications. Your marketing preferences will be updated on our systems.

7 Information collected on our websites

7.1 Users are advised that there are inherent risks in transmitting information across the internet. The internet is an open system and Medenterprises cannot guarantee that the personal information you submit will not be intercepted by others. Our websites and mobile applications may have links to external websites operated by other organisations. We cannot guarantee the content or privacy practices of external websites and do not accept responsibility for those websites.

7.2 When you access our websites or mobile applications, our web hosting provider may make a record of the visit and log the following information for statistical purposes:

7.2.1 your IP address;

7.2.2 the date and time of visits to the website;

7.2.3 the number of, and pages viewed;

7.2.4 the referring site (if any) through which you clicked through to this website;

7.2.5 technical information on browser connections.

7.3 This statistical information may be combined with voluntarily provided personal information to create a profile of you in order for us to improve the site and provide you with a more personalised experience.

8 Cookies

8.1 We use cookies to monitor usage of our website.

8.2 Cookies are pieces of information stored directly on the device you are using to store your preferences, allowing a more personalised experience of our site. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

8.3 If you are an EU citizen, we will seek your consent to use cookies to the extent required by applicable law.

9 Disclosure of personal information

9.1 Medenterprises will only disclose your personal information in accordance with the applicable privacy laws.

9.2 Medenterprises may disclose your personal information for the purpose it was collected as set out in this Policy, and as otherwise permitted by applicable privacy law. Accordingly, Medenterprises may disclose your personal information to other parties (located locally and/or overseas), including:

9.2.1 Other Medenterprises entities;

9.2.2 Prospective employers, and in this regard, we may disclose all relevant personal information to prospective employers, including personal information Medenterprises holds that is historical in nature (such as previous employment engagements, complaints, and disciplinary matters);

9.2.3 Clients who may wish to engage your services;

9.2.4 Medenterprises suppliers or service providers, including any organisation that supports Medenterprises’ business, operations, or services, such as hosting or maintaining any IT system we use to provide our services;

9.2.5 Your nominated referees;

9.2.6 Any government authority in accordance with applicable law;

9.2.7 Any law enforcement body, including the police; and

9.2.8 Any educational or vocational organisation to the extent necessary to verify your qualifications.

9.3 We take reasonable steps to ensure that personal information disclosed to third parties is protected in the same way that Medenterprises protects this information.

9.4 Medenterprises stores personal information overseas in connection with the operation of our business and provision of our services. Medenterprises uses cloud service providers, such as AWS, SharePoint and Salesforce. The countries in which your personal information may be stored may include Australia, New Zealand, the United States of America and other countries in Asia-Pacific. Medenterprises may access and use personal information from overseas countries.

9.5 Medenterprises may disclose personal information where required to do so by law, court order, subpoena or other legal process, as requested by a governmental or law enforcement authority.

10 Data Quality and Correction

10.1 Medenterprises takes reasonable steps to ensure that the personal information it collects is accurate, up to date and complete.

10.2 You have the right to request a correction to any of your personal information that Medenterprises holds, subject to certain grounds for refusal as set out in the relevant privacy laws. In circumstances where your personal information has changed or you find the information to be inaccurate, please contact the Privacy Officer for correction. The Privacy Officer will take reasonable steps to update and correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Medenterprises may also contact you from time to time to check the information is correct.

10.3 If we have disclosed personal information about you that is inaccurate you can ask us to notify third parties to whom we made the disclosure. Reasonable steps will be taken to notify the third party unless it is impracticable or unlawful to do so.

10.4 Medenterprises will respond to your request for correction within twenty working days. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

11 Access

11.1 You have the right to request access to the personal information held about you by Medenterprises.

11.2 If you wish to obtain access to your personal information you should contact our Privacy Officer. You will need to verify your identity. We may charge you our reasonable costs of providing you copies of your personal information.

11.3 We may refuse to provide you with access in certain circumstances permitted by applicable law. One important circumstance is where evaluative material is obtained confidentially during reference checks. We may refuse access if it would breach confidentiality or if it would interfere with the privacy of others.

11.4 Medenterprises will respond to your request for access within twenty working days. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

11.5 European Union citizens have the right to “data portability”. If this right applies to you: (i) you may receive your personal data in a structured, commonly used and readable format; and (ii) you have the right to transmit that data to another data controller where technically feasible and where it does not infringe on the rights of another individual.

12 Data Security and Storage

12.1 Medenterprises takes reasonable steps to protect the personal information we hold from loss, unauthorized access and misuse.

12.2 Your information is stored in our database and cloud storage. This database is operated on a server that allows disclosure to cross border recipients only as required for the performance of our services. The database has restricted user access.

12.3 Medenterprises may provide your personal information to third parties contracted by Medenterprises in order to perform data storage and data processing services. All reasonable steps will be taken to ensure that the third parties comply with Medenterprises’ instructions and will not use your personal information for any other purpose.

12.4 We take a range of measures to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure. These measures include:

12.4.1 Staff training;

12.4.2 Document control for sensitive information;

12.4.3 Confidentiality procedures;

12.4.4 Password protection and encryption;

12.4.5 Office alarm systems and restricted access after-hours; and

12.4.6 Policies on laptop, mobile phone and portable storage device security;

12.5 While Medenterprises takes reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk. Medenterprises makes no warranty (express or implied) in respect of data transferred over the internet. You acknowledge that the security of any personal information collected via the internet is not guaranteed.

13 Retention and Disposal

13.1 Subject to clause 13.2, we retain your personal information for only as long as it is required for the purposes for which it may lawfully be used. In addition, if applicable law requires us to cease holding your personal information when you withdraw consent, we will cease retaining it after you withdraw your consent. You can withdraw your consent at any time by contacting the Privacy Officer.

13.2 If we are unable to dispose of or delete personal information then it will either be encrypted for protection or undergo a de-identification process, to disassociate personal information from other data stored by us.

13.3 You acknowledge that we may have lawful purposes for retaining employee records, immunization records, patient-based issues, or complaints for a period continuing beyond the time during which you are actively engaged as a candidate, client, or employee with or by Medenterprises.

14 Right of erasure, or to be forgotten

14.1 European Union citizens have the “right to be forgotten”. If you are a European citizen, you may request the deletion of any of your personal or sensitive information. We will deal with such requests in accordance with applicable law.

14.2 Be aware that deletion is total and irreversible, meaning we may lose all records of you on our systems. To request deletion of your personal information, contact the Privacy Officer using the email address we hold for you or otherwise proving your identity.

15 Third Party Sites

15.1 Our website may contain links to other parties’ websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

16 Cross Border Transfer

16.1 Your personal information may be transferred outside of the country in which you are located for the purposes specified in this Privacy Policy. Where we do transfer your personal information outside of Australia or New Zealand we ensure, by means such as contracts and personal data agreements, that your personal data is protected at all times in accordance with applicable privacy laws, regulations or binding codes.

17 Data Breaches

17.1 In the event that personal information has been lost or subject to unauthorised access, misuse, interference, or disclosure, we will take all necessary steps to contain and rectify the data breach, as soon as practicable, and prevent reoccurrence.

17.2 Where the privacy breach is likely to result in serious harm, we will take reasonable steps to notify you and provide you with relevant information in relation to the breach, as required by applicable law. As soon as practicable, and to the extent we reasonably consider we are required or permitted to by applicable law, we will also contact and prepare a statement for the Information Commissioner (AU) or the Privacy Commissioner (NZ) detailing the breach and the steps taken. A review of the incident will be completed, and action taken to reduce the likelihood of future breaches.

17.3 Where you are a European Union citizen and the data breach relates to your personal information, we will notify the applicable supervisory authority within 72 hours and notify you if there is a high risk to your personal rights and freedoms.

18 Changes

18.1 We may change this Policy from time to time. If we change this Policy, we will update the copy of this Policy available on our website. Your continued use of our services, or continued engagement with us, constitutes your acceptance of the changed Policy and that any personal information collected or held by us will be subject to the changed Policy.

19 Privacy Complaints

19.1 You may make a complaint about our handling of your personal information if you believe that we have interfered with your privacy. Complaints should be made to our Privacy Officer in writing.

19.2 When we receive your complaint, we will take steps to confirm the authenticity of the complaint and the contact details of the complainant. Upon confirmation, we:

19.2.1 will write to you to acknowledge receipt and to confirm that we are handling your complaint;

19.2.2 may ask for clarification of certain aspects of the complaint and for further details;

19.2.3 will consider the complaint and may make further enquiries;

19.2.4 will require a reasonable time to respond, particularly where further information, processing, assessment, consultation, or investigation is required;

19.2.5 will suggest possible solutions if the complaint can be resolved through access or correction;

19.2.6 will suggest a solution, on a confidential and without prejudice basis, if we believe that your complaint may be capable of some other solution.

19.3 If the complaint cannot be resolved, you may take your complaint to a recognised external dispute resolution provider such as the Office of the Australian Information Commissioner (Australian citizens), or the New Zealand Privacy Commissioner (New Zealand citizens) or in the case of European Union citizens, with a supervisory authority in the Member State of your habitual residence.

20 Additional European Union and California privacy terms

20.1 To the extent that you are a European Union citizen, the General Data Protection Regulation (EU) 2016/679 (GDPR) will apply to the processing of your personal information and the following provisions will apply:

20.1.1 you remain the controller of the personal information you provide to us for processing. We will process personal data only on documented processing instructions from you, and will not transfer personal data to a third country or other international organization, except where agreed between us;

20.1.2 we will not engage another processor to process personal information you provide to us without your prior consent. You acknowledge the disclosure that we have made to you of the sub-processors that we use in this Policy and note your consent to the use of those sub-processors. Where we use (with your consent) another processor to process personal information, we have appropriate arrangements in place with that processor to protect the personal information to the same standard that the personal information is protected under these terms and conditions.

20.1.3 you may have an independent auditor audit our compliance with the privacy requirements under this Policy, and we will provide reasonable assistance to such audits, provided that:

(a) you clearly identify the nature and purpose of the audit;

(b) you conduct no more than one audit in each twelve-month period unless you have specific reason to believe that these privacy requirements are not being complied with;

(c) audits may only be conducted during normal business hours in New Zealand, and will be conducted in such a way as to minimize any disruption to our business;

(d) your auditor must comply with all reasonable health and safety and/or security measures required by us:

(e) you will bear all costs of such an audit; and

(f) your auditor will only have access to the data and systems necessary to conduct this audit.

20.1.4 we shall cooperate as reasonably requested by you to enable you to comply with any exercise of rights by a data subject under Chapter III of the GDPR.

20.2 To the extent you are a natural person resident in California, United States of America (a “consumer”), the California Consumer Privacy Act of 2018 (CCPA) will apply to the processing of your personal information and the following provisions will apply:

20.2.1 you remain the controller of the personal information you provide to us for processing. We will process personal information only on documented processing instructions from you (including for the purposes set out in the Policy), and we will not disclose or retain the personal information for any purpose other than for the specific purpose of providing services to you or performing our responsibilities (or exercising our rights) under this Policy, or as permitted by the CCPA.

20.2.2 we will not engage another service provider to process personal information you provide to Us without your prior consent. You acknowledge the disclosure that we have made to you of the service providers that we use in this Policy and note your consent to the use of those service providers. Where we use (with your consent) another service provider to process personal information, we have appropriate arrangements in place with that service provider to protect the personal information to the same standard that the personal information is protected under this Policy.

20.2.3 we shall co-operate as reasonably requested by you to enable you to comply with any request by a consumer for the deletion of that consumer’s personal information, as permitted by the CCPA.