This Policy relates to personal information collected by the MedEnterprises Group. The MedEnterprises Group consists of: MedRecruit, MedCaptial and MedWorld.
MedRecruit is a recruitment service providing doctors to clients in the healthcare markets of Australia and New Zealand. MedCapital provides financial management services exclusively to doctors. MedWorld advocates for doctors’ welfare and provides online programs to assist doctors develop the necessary skills to promote wellbeing. Specialist Medical Payroll employs doctors that are on-hired to healthcare providers.
The MedEnterprises Group may be referred to as “MedEnterprises”, “we”, “us” or “our”.
Our Privacy Officer is the contact point for any queries, requests or complaints relating to your personal information. The Privacy Officer can be contacted on firstname.lastname@example.org or +64 3 4412470.
In Australia and New Zealand:
When submitting your personal information to MedEnterprises, you will be asked to consent to the use of your personal information in accordance with this Policy. Once consent is given your personal information will be used, disclosed and treated according to this Policy.
In the European Union:
When submitting your personal information to MedEnterprises, you will be asked to provide consent to the use of your personal information for the purpose it was submitted and consent separately to the use of your personal information for the purpose of direct marketing outlined in this Policy.
Personal information about you that we collect from others
We may collect personal information about you from other people including referees, previous employers, professional registration authorities, educational institutions, who may be in a position to provide us with information that we may use to assess your suitability to be placed in or continue in positions that you may be offered.
If we reasonably believe that your being in, or remaining in, a position might present a risk to your health and safety or to that of others for whose health or safety we are responsible, we may collect relevant personal information (including health information) that will allow us to manage that risk.
Collecting your personal information
It is MedEnterprises usual practice to collect personal information directly from you. Collection may occur when you fill in and submit one of our application forms, provide information to us through our websites or electronically via our telecommunications or email systems.
We also collect personal information that has been provided to us through an external third party, or a publicly available source. MedEnterprises will take reasonable steps where practicable to inform you that we have collected personal information from a third party.
The type of personal information we collect and use will depend on various factors such as the type of service you request or use and the applicable legal and regularly obligations. This may include, but is not limited to, collection and use of the following kinds of information:
Contact - information that allows us to communicate with you (e.g. e-mail, social media contact details, address, telephone number, comments made on our websites, Facebook, Twitter or on email)
Identity - information that allows us to identify you (e.g. name, date of birth, occupation, government issued identification, photo identification)
Professional - information that helps us to understand more about your employment history including qualifications, talents, skills and abilities (e.g. references, resume, qualification documents, criminal history, health records)
Financial - information that allows us to provide financial advice or pay you should you be engaged by our clients (e.g. bank details, tax details, superannuation, insurance, assets and liabilities, expenses, income)
Web Searches - information that allows us to assess your suitability for a position (e.g. background checking via Google, regulatory and immigration sites and medical registrations boards)
Other individuals - information we request, or that you provide, about an individual other than yourself (previous employer and referees)
Immigration - information that allows us to verify that you are legally permitted to work (e.g. evidence of citizenship, visa or work permit documents)
If you do not provide information, or the information provided is insufficient or inaccurate, MedEnterprises will be limited in its ability to provide its services to you.
Use of Personal Information
MedEnterprises collects your personal information so that we can:
- Assist you in finding or retaining work
- Assist in your career performance or management
- Pay you should you be engaged as an employee or contractor
- Help in work rehabilitation
- Directly market our services to you (you have a right to opt-out from receiving direct marketing)
- Manage risk
- Gather statistical information and comply with statutory requirements
- Provide you with MedEnterprises services
- Provide plans for you to reach your financial goals
- Make recommendation regarding your financial situation
- Promote doctor wellbeing
- Advocate for improved doctor health
- Improve our services to you
Use by Third Parties:
MedEnterprises may use and disclose your personal information to third parties for the purpose it was collected, or for a related or ancillary purpose such as providing you with one of our services. Accordingly, MedEnterprises may disclose your personal information to a number of third parties (located onshore and overseas). Including but not limited to:
- MedEnterprises related entities
- Prospective employers
- Clients who wish to engage your services
- MedEnterprises suppliers or service providers
- Medical Specialist Payroll
- Your nominated referees
- Any government authority
- Any law enforcement body, including the police
- Any educational or vocational organisation to the extent necessary to verify your qualifications
We take reasonable steps to ensure that personal information disclosed to third parties is protected in the same way that MedEnterprises protects this information.
MedEnterprises sends personal information overseas in connection with the provision of our services. The countries to which your data may be transferred is not restricted and may include: Australia, New Zealand and Japan.
Australian and New Zealand citizens’ personal information may be used for the purpose of direct marketing. European Union citizens’ personal information may be used for the purpose of direct marketing where consent is given to do so.
We market using a variety of methods including email, phone, and SMS. We may use information collected from you from one entity in the MedEnterprises Group to directly market the services of another entity in the MedEnterprises Group.
If you do not wish to have your personal information used for direct marketing purposes, you may contact our Privacy Officer and request not to receive direct marketing communications. Your marketing preferences will be updated on our systems.
Any opinions you provide to us such as testimonials may be passed onto a third party for the purposes of creating marketing material. We will ask your consent before passing this information onto the third party.
Data Quality and Correction
MedEnterprises takes reasonable steps to ensure that the personal information it collects is accurate, up to date and complete.
In circumstances where your personal information has changed or you find the information to be inaccurate please contact the Privacy Officer for correction. The Privacy Officer will take reasonable steps to update and correct the information in accordance with applicable privacy law. MedEnterprises may also contact you from time to time to check the information is correct.
If we have disclosed personal information about you that is inaccurate you can ask us to notify third parties to whom we made the disclosure. Reasonable steps will be taken to notify the third party unless it is impracticable or unlawful to do so.
If we do not agree the information should be changed and refuse to correct your personal information you may make a complaint.
Subject to some exceptions, you may gain access to the personal information we hold.
An important exception is where evaluative material is obtained confidentially during reference checks. We will refuse access if it would breach confidentiality or if it would interfere with the privacy of others.
If you wish to obtain access to your personal information you should contact our Privacy Officer. You will need to verify your identity. If we refuse access to personal information or to give access in the manner requested, you may make a complaint.
European Union citizens have the right to “data portability”. You may receive your personal data in a structured, commonly used and readable format. You have the right to transmit that data to another data controller where technically feasible and where it does not infringe on the rights of another individual.
Data Security and Storage
MedEnterprises takes reasonable steps to protect the personal information we hold from loss, unauthorized access and misuse. Your information is stored on our database and cloud storage. This database is operated on a server that allows disclosure to cross boarder recipients only as required for the performance of our services. The database has restricted user access. Some personal information may be stored on the database of third-party websites used by MedEnterprises.
We take a range of measures to protect your personal information. These measures include:
- Staff training
- Document control for sensitive information
- Confidentiality procedures
- Password protection and encryption
- Office alarm systems and restricted access after hours
- Policies on laptop, mobile phone and portable storage device security
We only retain your personal information until it is no longer required or you withdraw your consent. You can withdraw your consent at any time by contacting the Privacy Officer.
Unless we have a legal obligation to retain the data, it will be deleted. If we are unable to dispose of the data then it will undergo a de-identification processes. Sensitive data is purged after one (NZ) or three years (AU) as required by law.
Note: Employee records are exempt from disposal requirements in Australia. In New Zealand sensitive employment related data (i.e. immunization records) will be kept to defend any action that may be taken against you or us regarding your engagement as a doctor.
Right of erasure, or to be forgotten
European Union citizens have the “right to be forgotten”. You may request the deletion of any of your personal or sensitive information.
Be aware that requesting deletion, is total and irreversible. This means that we will also lose all records of you on our systems. To request deletion of your personal information, contact the Privacy Officer using the email address we hold for you or otherwise proving your identity.
Information collected on our Websites
Users are advised that there are inherent risks in transmitting information across the internet. The internet is an open system and MedEnterprises cannot guarantee that the personal information you submit will not be intercepted by others. Our websites may have links to external websites operated by other organisations. We cannot guarantee the content or privacy practices of external websites and do not accept responsibility for those websites.
When you access our websites, our web hosting provider and analytics systems make a record of the visit and log your usage/behaviour data including, not limited to:
- your IP address;
- the date and time of visits to the Site;
- the number of, and pages viewed;
- bounce rates,
- the referring site (if any) through which you clicked through to this Site;
- browser type and version;
- navigation paths;
- heat maps;
- scroll depth; and
- other technical information on browser connections.
This statistical information is anonymous and no attempt is made to identify users or their individual browsing activities. An exception is in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet service provider's server logs.
Sometimes, we collect personal information, comments and feedback that individuals choose to give us via our websites, third-party services installed on our websites or external websites. We may use this information to provide services, for marketing purposes, or to contact you for further information or feedback.
- Authentication - to identify you when you visit our website and as you navigate our website
- Status - to help us to determine if you are logged into our website
- Personalisation - to store information about your preferences and to personalise the website for you
- Security - as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
- Advertising - to help us to display advertisements that will be relevant to you
- Analysis - to help us to analyse the use and performance of our website and services
If you do not wish to retain information about your visit you can delete the cookies in your browser and change the settings in your web browser.
In the event that personal information has been lost or subjected to unauthorised access, we will take all necessary steps to immediately contain and rectify the data breach and prevent reoccurrence.
Where the data breach is likely to result in serious harm, we will take reasonable steps to notify you and provide you with relevant information in relation to the breach. As soon as practicable, we will also contact and prepare a statement for the Information Commissioner (Aus) or the Privacy Commissioner (NZ) detailing the breach and the steps taken. A review of the incident will be completed, and action taken to prevent future breaches.
Where data breaches occur in the European Union we will notify the supervisory authority within 72 hours and notify you if there is a high risk to your personal rights and freedoms.
You may make a complaint about our handling of your personal information if you believe that we have interfered with your privacy. Complaints should be made to the Privacy Officer in writing.
When we receive your complaint, we will take steps to confirm the authenticity of the complaint and the contact details of the complainant. Upon confirmation, we:
- will write to you to acknowledge receipt and to confirm that we are handling your complaint;
- may ask for clarification of certain aspects of the complaint and for further details;
- will consider the complaint and may make further enquiries;
- will require a reasonable time to respond (usually 30 days);
- will suggest possible solutions if the complaint can be resolved through access or correction;
- will suggest a solution, on a confidential and without prejudice basis, if we believe that your complaint may be capable of some other solution.
If the complaint cannot be resolved, we will suggest that you take your complaint to a recognised external dispute resolution provider such as the Office of the Australian Information Commissioner (Australian citizens), or the New Zealand Privacy Commissioner (New Zealand citizens) or in the case of European Union citizens, with a supervisory authority in the Member State of your habitual residence.