PRIVACY AND CREDIT INFORMATION POLICY

The Medenterprises Group understands that protecting your personal information is important. This Privacy and Credit Information Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you. 

In this Policy, the Medenterprises Group, or a member of the Medenterprises Group, is referred to as “Medenterprises”, “we”, “us” or “our”.

The Medenterprises Group consists of MEDRECRUIT INTERNATIONAL LIMITED PARTNERSHIP (ABN 44 911 819 528), MEDRECRUIT PTY LIMITED (ABN 88 144 931 457), MEDRECRUIT AU TRADING PTY LIMITED (ABN 81 619 730 773), MEDRECRUIT LIMITED (NZBN 9429041813645), MEDWORLD LICENCING LIMITED (NZBN 9429046750587), MEDWORLD INSTITUTE LIMITED (NZBN 9429052359125), MEDENTERPRISES SERVICES LIMITED (NZBN 9429042517573) and MEDENTERPRISES INTERNATIONAL LIMITED (NZBN 9429041814857).

This Privacy and Credit Information Policy takes into account the requirements of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the New Zealand Information Privacy Principles. In addition to the Australian and New Zealand laws, individuals located in the European Union (EU) or European Economic Area (EEA) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

  • Identity Data including your name, age, profession, signature and photographic identification. 
  • Contact Data including your telephone number, address, email, social media contact details and next of kin/emergency contact details.
  • Financial Data including bank account, credit card details, tax details, superannuation, insurance, assets and liabilities, expenses, income and payment details.
  • Transaction Data including details about payments to you from us and from you to us and other details of services you have purchased from us or we have purchased from you.
  • Technical and Usage Data when you access any of our websites, mobile applications or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies), data where an action on our websites or mobile applications has incurred an error and communications with our website.
  • Account Data including your username and password for our platforms, profile picture, comments you post, send,  receive and share through our platform and support requests you have made.  
  • Interaction Data including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.  
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences and records of those communications including personalised offers and experiences.
  • Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions, qualifications, licences to work including any conditions imposed on those licenses, medical council records, professional experience, insurances, and any reference information we request, or that you provide about an individual other than yourself (for example, from previous employers and referees).  If you provide us information about another person, then you are responsible for making that individual aware that you have disclosed their personal information to us and that we can use that information as set out in this Policy.  
  • Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. The types of sensitive information we collect include:some text
    • criminal history;
    • health records; and
    • sensitive information contained as part of our process to verify that you are legally permitted to work (e.g. evidence of citizenship, visa or work permit documents).
  • Credit Information is a term used throughout this Privacy and Credit Information Policy and refers to “credit information” and “credit eligibility information” as these terms are defined in the Privacy Act 1988 (Cth) (Privacy Act).

The types of “credit information” we may collect about you include:

  • your name, address, contact number and email address;
  • the fact that you applied for credit from us;
  • the amount of credit applied for by you; 
  • the amount of credit provided to you by us (if any);
  • the terms of payment of credit provided to you by us, including any credit term;
  • details of your payment history, including details of any default of payment by you;
  • information regarding credit that was provided to you that has otherwise been discharged;
  • information retrieved from any credit referees; 
  • information regarding your personal insolvency; and
  • information about your involvement in any court proceedings.

The types of “credit eligibility information” we may collect about you from a credit reporting body include:

  • a credit report; and
  • a credit assessment score.

How we collect personal information

We collect personal information in a variety of ways, including:

  • when you provide it directly to us, including face-to-face, over the phone, over email, or online;
  • when you complete a form, such as registering for any events or newsletters, or responding to surveys;
  • when you use any website or mobile application we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies); 
  • from third parties, such as government agencies or medical registration and licence organisations; or
  • from publicly available sources.

We collect credit information in a variety of ways, including:

  • when you provide it directly to us, including through your completion of any credit application form provided by us or you entering an agreement with us for the supply of goods and/or services;
  • when you make payment of any amount of credit provided by us; or
  • from third parties, such as credit reporting bodies or from other credit providers, including any credit referees provided by you.

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

Purpose of use / disclosure Type of Personal Information
To enable you to access and use our platform and services, including to provide you with a login.
  • Identity Data
  • Contact Data
  • Account Data
Before we provide our services to you: To assess whether to take you on as a new service provider or user, employee, client or candidate, including information that allows us to assess your suitability for a position (e.g. background checking via Google, regulatory and immigration sites, electronic identity verification databases and medical registration boards).
  • Identity Data
  • Contact Data
To provide our services and do business with you, including to:
  • perform reference checks and verify your credentials;
  • input/provide your credit card information into our third-party payment processor;
  • assist you in finding or retaining work;
  • promote and advocate for doctor health and wellbeing.
  • Identity Data
  • Contact Data
  • Financial Data
To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us.
  • Identity Data
  • Contact Data
  • Account Data
To contact and communicate with you about any enquiries you make with us via any website we operate.
  • Identity Data
  • Contact Data
For internal record keeping, administrative, invoicing and billing purposes.
  • Identity Data
  • Contact Data
  • Financial Data
  • Transaction Data
For analytics, market research and business development, including to operate and improve our business, associated applications, and associated social media platforms.
  • Account Data
  • Technical and Usage Data
For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.
  • Identity Data
  • Contact Data
  • Technical and Usage Data
  • Account Data
  • Marketing and Communications Data
If you have applied for employment with us, to consider your employment application.
  • Identity Data
  • Contact Data
  • Professional Data
To comply with our legal obligations or if otherwise required or authorised by law.
  • Any relevant Personal Information
To enable any error on our websites or mobile applications to be resolved for you by the IT service providers, data storage, web-hosting, and server providers, as appropriate, and to contact you to resolve if necessary.
  • Any other relevant Personal Information
Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:
  • any purposes you consent to;
  • the primary purpose for which it is collected, to assess your application and suitability to use our services;
  • secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to do business with you;
  • to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
  • if otherwise required or authorised by law.
  • Sensitive Information
  • Contact Data
We may collect, hold, use and disclose credit information and credit eligibility information for the following purposes:
  • verifying your identity;
  • obtaining credit information from credit reporting bodies;
  • assessing your application for credit (or assessing your application to be a guarantor in relation to such credit);
  • assessing your credit worthiness, including collecting your payment history in relation to any credit provided by us to you;
  • enforcing our rights against you or your guarantors for repayment of any amount owed by you to us;
  • doing business with you;
  • administering your account, including for internal record keeping, administrative, invoicing and billing purposes;
  • dealing with complaints or issues you may have in relation to our business;
  • complying with our legal obligations and resolving any disputes that we may have; and
  • if otherwise required or authorised by law.
  • Credit Information

Our disclosures of personal information to third parties

Personal information: We will only disclose personal information (excluding sensitive information) to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may disclose personal information (excluding sensitive information) to:

  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • marketing or advertising providers;
  • marketing is performed using a variety of methods including email, phone, and SMS. Information collected may be used from you by one entity in the Medenterprises Group to directly market the services of another entity in Medenterprises.  
  • professional advisors, bankers, auditors, our insurers and insurance brokers;
  • payment systems operators or processors;
  • our existing or potential agents or business partners;
  • if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
  • courts, tribunals and regulatory authorities, debt collection agents in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties to collect and process data, such as analytics providers and cookies; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Sensitive information: We will only disclose sensitive information with your consent or where permitted by law. This means that we may disclose sensitive information to:

  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • professional advisors;
  • if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties to collect and process data, such as analytics providers and cookies; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Credit information: We will only disclose your credit information to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may disclose credit information to:

  • other credit providers to allow them to determine your financial arrangements with us;
  • potential guarantors to allow them to consider whether to offer to act as a guarantor in relation to a credit request or to offer property as security for credit;
  • guarantors, to exercise our rights against guarantors;
  • IT service providers, data storage, web-hosting and server providers;
  • payment systems operators, debt collectors or other service providers who may assist us in securing a debt and professional advisors;
  • our employees, contractors and/or related entities;
  • our existing or potential agents or business partners;
  • if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
  • courts, tribunals and regulatory authorities, debt collection agents in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; 
  • any other third parties where you have consented; and 
  • as required or permitted by law, such as where we receive a subpoena.

Digital Tracking and Analytics:   We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google, Meta and Bing advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you. You can opt-out of these tracking and analytics tools.

You can opt-out of Google Analytics Advertising Features by using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device. 

To find out how Google uses data when you use third party websites or applications, please see here. 

Overseas disclosure

Personal Information

We store your personal information in Australia, New Zealand and countries where the privacy regulation is similar or equivalent. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia and New Zealand, including but not limited to, the United States of America and other countries in Asia-Pacific. We will only disclose your personal information overseas in accordance with the New Zealand and Australian Privacy Principles respectively.

Your rights and controlling your personal information

Your choice: Please read this Privacy and Credit Information Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy and Credit Information Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy and Credit Information Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please opt-out using the opt-out facilities provided in the communication or update your details in the preference centre, or contact us using the details below.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (if you are an Australian resident), or the Office of the New Zealand Privacy Commissioner (if you are a New Zealand resident).

Retention and Disposal: We retain your personal information for only as long as it is required for the purposes for which it may lawfully be used. In addition, if applicable law requires us to cease holding your personal information when you withdraw consent, we will cease retaining it after you withdraw your consent. You can withdraw your consent at any time by contacting the Privacy Officer.  If we are unable to dispose of or delete personal information then it will either be encrypted for protection or undergo a de-identification process, to disassociate personal information from other data stored by us.  You acknowledge that we may have lawful purposes for retaining employee records, immunization records, patient-based issues, or complaints for a period continuing beyond the time during which you consent or are actively engaged as a candidate, client, or employee with or by Medenterprises.

Right of erasure, or to be forgotten: You have the “right to be forgotten”. You may request the deletion of any of your personal or sensitive information. We will deal with such requests in accordance with applicable law.  Be aware that deletion is total and irreversible, meaning we may lose all records of you on our systems. To request deletion of your personal information, contact the Privacy Officer using the email address we hold for you or otherwise proving your identity.

Contact Medenterprises Privacy Officer at:

Email: privacy.officer@medenterprises.com

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. 

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

If you are an EU or UK citizen, we will seek your consent to use cookies to the extent required by applicable law.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy and Credit Information Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy and Credit Information Policy by publishing the amended Privacy and Credit Information Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy and Credit Information Policy.

For any questions or notices, please contact the Medenterprises Privacy Officer at:

Email: privacy.officer@medenterprises.com

APPENDIX 1: ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights provided to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy and Credit Information Policy above and this Appendix carefully and contact us using the contact details at the end of the Privacy and Credit Information Policy if you have any questions.

What personal information is relevant? 

This Appendix applies to the personal information set out in the Privacy and Credit Information Policy above. This includes any Sensitive Information also listed in the Privacy and Credit Information Policy above which is known as ‘special categories of data’ under the GDPR.

Purposes and legal bases for processing

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.  

Purpose of use / disclosure Type of Data Legal Basis for Processing
To enable you to access and use our platform and services, including to provide you with a login.
  • Identity Data
  • Contact Data
  • Account Data
  • Performance of a contract with you
To assess whether to take you on as a new service provider or user, employee, client or candidate including information that allows us to assess your suitability for a position (e.g. background checking via Google, regulatory and immigration sites, electronic identity verification databases and medical registration boards).
  • Identity Data
  • Contact Data
  • Performance of a contract with you
  • To comply with a legal obligation
  • Public interest
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities, for example terrorism
To do business with you, including to:
  • provide our services;
  • perform reference checks and verify your credentials;
  • assist you in finding or retaining work;
  • promote and advocate for doctor health and wellbeing.
  • Identity Data
  • Contact Data
  • Performance of a contract with you
To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us.
  • Identity Data
  • Contact Data
  • Account Data
  • Performance of a contract with you
To contact and communicate with you about any enquiries you make with us via our website.
  • Identity Data
  • Contact Data
  • Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions
For internal record keeping, administrative, invoicing and billing purposes.
  • Identity Data
  • Contact Data
  • Financial Data
  • Transaction Data
  • Performance of a contract with you
  • To comply with a legal obligation
  • Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms and conditions and any other administrative points
For analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms.
  • Account Data
  • Technical and Usage Data
  • Legitimate interests: to keep our website updated and relevant, to develop our business, improve our business and to inform our marketing strategy
For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.
  • Identity Data
  • Contact Data
  • Technical and Usage Data
  • Account Data
  • Marketing and Communications Data
  • Legitimate interests: to develop and grow our business
If you have applied for employment with us, to consider your employment application.
  • Identity Data
  • Contact Data
  • Professional Data
  • Legitimate interests: to consider your employment application
To comply with our legal obligations or if otherwise required or authorised by law.
  • Any relevant Personal Information
  • To comply with a legal obligation
To enable any error on our websites or mobile applications to be resolved for you by the IT service providers, data storage, web-hosting and server providers, as appropriate, and to contact you to resolve if necessary.
  • Any relevant Personal Information
  • Performance of a contract with you

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

Data Transfers 

The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy and Credit Information Policy and Appendix 1. This includes:

  • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
  • including standard contractual clauses in our agreements with third parties that are overseas.

Data retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Extra rights for EU and UK individuals

You may request details of the personal information that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation. 

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out above in our Privacy and Credit Information Policy above. 

For any questions or notices, please contact our privacy officer at:

Privacy officer: privacy.officer@medenterprises.com

Updated: October 2024