We manage personal information in accordance with the Privacy Act 1988, the Australian Privacy Principles, the Australian NDB Scheme, and the European General Data Protection Regulation (GDPR). This policy applies to information collected by HealthcareLink Pty Ltd.
We only collect information that is reasonably necessary for the proper performance of our activities or functions.
We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.
We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
By following the links in this document, you will be able to find out how we manage your personal information as an APP Entity under the Australian Privacy Principles (APPs), and the GDPR.
You will also be able to find out about the information flows associated with that information.
APP Entity / GDPR
HealthcareLink Pty Ltd manages personal information, as an APP Entity, under the Australian Privacy Principles (APPs) and the GDPR.
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements.
For the GDPR the term “Data Controller” means the person or organisation deciding how and for what purpose any personal data is processed. The data controller of HealthcareLink, the “Data Protection Officer” can be contacted via email:firstname.lastname@example.org
A “Data Processor” is a person or organisation which processes personal data and / or sensitive personal data for the data controller.
“Date Processing” describes any manual or automated operation or set of operations performed on personal data or sets of it. Examples include collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction of data.
If you wish to know whether this applies to you, please contact us.
When we collect your personal information:
- we check that it is reasonably necessary for our functions or activities as a career service provider;
- we check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;
- we record and hold your information in our Information Record System. Some information may be disclosed to overseas recipients;
- we retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again - especially if some time has passed since we last checked.
- subject to some exceptions, we permit you to access your personal information in accordance with APP:12 of the (APPs).
- we correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs).
- we destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.
Kinds of information that we collect and hold
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a career service provider;
and is likely to differ depending on whether you are:
- a Candidate ( Jobseeker, Courseseekers, Serviceseekers)
- a Client ( Employers, Recruiter Partners, Course and Event providers, Service Providers)
- a Referee
The type of information that we typically collect and hold about Candidates is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us and includes:
- Information submitted and obtained from the Candidates and other sources (e.g. Referees or Clients)
- In connection with applications for work;
- Information about personality, character, skills, qualifications and experience;
- Information about career path and preferences;
- Information about work entitlement and ability to undertake specific types of work;
- Information about health status and ability to undertake specific types of work;
- Work performance information;
- Information about incidents in the workplace;
- Personal information / data including contact details;
- Sensitive personal information / data including medical history;
- Information in relation to absences from work due to leave, illness or other causes;
- Bank details and Tax File Number;
- Information required to undertake criminal history checks and obtain criminal history records; and
- Information required to ascertain a Candidate’s right to work in Australia.
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
- Client relationship information;
- Information about position, contracting and hiring authority;
- Information about team structures and roles;
- Information about incidents in the workplace;
- Client facility addresses, ABN, key personnel and contact details; and
- Credit check and financial information.
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Candidates for particular jobs or particular types of work and includes:
- Information about work position, authority to give a reference and preferred contact details;
- Opinions of the Referee regarding the Candidates character and work performance or work environment; and
- Facts or evidence in support of those opinions, sometimes involving the Referee’s own knowledge and experience of having worked with the Candidate.
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
- a Candidate
- a Client
- a Referee
The following sections are also relevant to our use and disclosure of your personal information:
- Our Policy on Direct Marketing
- Overseas Disclosures
Information that we collect, hold, use and disclose about Candidates is typically used for:
- work placement operations;
- recruitment functions;
- statistical purposes and statutory compliance requirements;
- career related marketing services
- connecting with career opportunities (eg: Education, events, service providers)
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- client and business relationship management;
- recruitment functions;
- marketing services to you;
- connecting with business growth opportunities (eg: Education, events, service providers)
- statistical purposes and statutory compliance requirements;
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- to confirm identity and authority to provide references;
- Candidate suitability assessment;
- recruitment functions;
Anonymity and Pseudonymity
While the APP does allow users to deal with HealthcareLink anonymously or by use of a pseudonym, we will be unable to provide services to a particular user without confirming their identity. We will be able to discuss services in a general nature, including costs and charges which it might ordinarily charge for those services, prior to obtaining a user’s identity. Until such time as HealthcareLink has been provided sufficient information to provide a detailed quotation or outline of services to an individual, communication will be general in nature and will not be binding.
Our Policy on Direct Marketing
Your personal information will specifically be used for marketing purposes, and this will include:
- your personal information might be used for marketing purposes directly or by a third party
- customer lists may be obtained from third parties for marketing purposes
- your personal information might flow between the organisation and third parties
- we will give individuals the direct option as to whether or not they wish to receive marketing communications (this can be accompanied by a tick box for a “yes” or “no” response), and
- HealthcareLink’s compliance with the requirements of the anti-spam legislation.
How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
- a Candidate
- a Client
- a Referee
We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us - see the section in this policy on Electronic Transactions.
See also the section on Photos & Images.
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.
Personal information is also collected when:
- When you sign up to the online platform
Personal information about you may be collected:
- when you provide it to us for business or business related social purposes;
Personal information about you may be collected when you provide it to us:
- in the course of our checking Candidate references with you and when we are checking information that we obtain from you about Candidates;
Photos & Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- ask to be on an email list such as a job notification list;
- register as a site user to access facilities on our site such as a job notification board;
- make a written online enquiry or email us through our website;
- submit a resume by email or through our website;
It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC's resource on Internet Communications and other Technologies
You can contact us by telephone or email if you have concerns about making contact via the Internet.
This section explains how we handle personal information collected from our website Healthcarelink.com.au and by other technology in the course of electronic transactions.
It is important that you understand that there are risks associated with use of the internet and you should take all appropriate steps to protect your personal information. It might help you to look at:
- Australia: http://www.privacy.gov.au/topics/technologies
- New Zealand: http://privacy.org.nz/you-your-privacy-and-technology/
It is important that you:
- Be careful what information you share on the Web.
- Use privacy tools on the site - control access to your search listing and profile.
- Make sure your anti-virus and data protection software is up-to-date.
Please contact our office by phone or mail if you have concerns about making contact via the internet.
Information Collected from Third-Party Websites
You may also create an account or log in to your HealthcareLink account using third-party websites including, but not limited to, Facebook or LinkedIn or Google. If you do not already have an HealthcareLink account but log in to HealthcareLink using your Facebook or LinkedIn or Google account, this creates an HealthcareLink account using the same email address used in your Facebook or LinkedIn or Google account. If you agree to provide this information to HealthcareLink, Facebook or LinkedIn or Google will authenticate you and redirect you to HealthcareLink. Please note, when you log in to HealthcareLink using your Facebook or LinkedIn or Google account, Facebook or LinkedIn or Google will cookie you in order to authenticate you as a Facebook or LinkedIn or Google user.
By accessing HealthcareLink through your Facebook or LinkedIn or Google account, you understand that Facebook or LinkedIn or Google will share certain data detailed in the above paragraph for the purposes of authentication to permit you to access HealthcareLink in a secure manner. You may stop this at any point from your Facebook or LinkedIn or Google account. This information will be considered HealthcareLink account information for purposes of your use of HealthcareLink.
You have the ability to disable the connection between your Facebook or LinkedIn or Google account and your HealthcareLink account at any time by accessing your privacy settings on your Facebook or LinkedIn or Google account. Facebook or LinkedIn or Google may also ask for your permission to share certain other details with HealthcareLink, including but not limited to your name, profile picture, public profile information, and email address. Once you give this permission, the requested information will be shared with HealthcareLink. This information will be used to provide services to you, including populating your HealthcareLink Profile on HealthcareLink. The shared information will remain associated with your HealthcareLink Profile until you modify or delete it.
When you create a professional profile with HealthcareLink, you can choose to keep your contact details private. Your full name and your contact details will not be shown to any employer without your permission. Employers can send access requests via HealthcareLink to your email. You have full control to accept or ignore requests.
Registered Users can modify their profile at any time, or modify the privacy options in relation to their HealthcareLink Profile at any time, by going to the Profile page of our Site.
To delete your HealthcareLink profile you will need to delete your entire account with HealthcareLink. HealthcareLink reserves the right to disable your profile at its sole discretion (for example if the information and data are found or believed to be untrue or being stored for improper purposes).
You can put a request through HealthcareLink help request to delete or disable your profile and data.
We retain the information you provide to us and which we collect about you, including Personal/Business Information and Personal/Business Data, for so long as we continue to provide services to you and specifically until such time as you request us to delete your Personal / Business Information and Personal/Business Data.
When an individual looks at our website, our internet service provider (AWS) makes a record of the visit and logs (in server logs) the following information for statistical purposes:
- the individual’s server address
- the individual’s top level domain name (for example .com, .gov, .org, .au, etc)
- the pages the individual accessed and documents downloaded
- the previous site the individual visited and
- the type of browser being used.
- Online activities performed ( i.e pages viewed, jobs viewed, courses viewed, search queries)
We do not identify users or their browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's server logs.
Cookies are uniquely numbered identification numbers like tags which are placed on your browser. By themselves cookies do not identify you personally, but they may link back to a database record about you. If you register on our site we will then link your cookie back to your personal information details.
Our website uses session cookies during a search query of the website and when an individual accesses jobs, course and articles page]. Our internet service provider does not employ cookies on our website except in those circumstances. The website statistics for this site are generated from the server logs as outlined above.
When an individual closes their browser the session cookie set by our website is destroyed and no personal information is maintained which might identify an individual should they visit our website at a later date.
Cloud Computing Services
We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions or against third parties and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
In cases where we use cloud computing services we will take reasonable steps to ensure that:
- disclosure of your personal information to the cloud service provider is consistent with our disclosure obligations under the Privacy Principles. This may include ensuring that we have obtained your consent, or that the disclosure is for purposes within your reasonable expectations.
- disclosure is consistent with any other legal obligations, such as the restrictions on the disclosure of tax file number information or the disclosure by private employment agencies of Candidate details;
- our Cloud computing services provider’s terms of service recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
Social Networks and Web Searches
In order to assess your suitability for positions and to assist you to find work, we will need to collect, use and disclose personal information about you. It has become common practice in some places for employment service providers to conduct background checking via social network media sites frequented by candidates.
We will not conduct background checking via social network media sites other than those that you identify and authorise us to check. However, we do conduct internet searches using search engines and entering your name and relevant identifying details.
Our technology systems log emails received and sent and may include voting and read and receipt notifications to enable tracking.
When your email address is received by us because you send us a message, the email address will only be used or disclosed for the purpose for which you have provided it and it will not be added to a mailing list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.
Call and message logs
Our telephone technology (systems and mobile phones) logs telephone calls and messages received and sent and enables call number display.
When your call number is received by us because you phone us or send us a message, the number will only be used or disclosed for the purpose for which you have provided it and it will not be added to a phone list or used or disclosed for any other purpose without your consent other than as may be permitted or required by law.
Teleconferences and Video conferences
Teleconferences and video conferences may be recorded with your consent. In cases where it is proposed that they be recorded, we will tell you first the purpose for which they are to be used and retained.
We use software and databases to log and record recruitment, educational advertising operations.
Recognising the environmental advantages and efficiencies it provides, we operate a wholly/partially paperless office as a result of which your paper based communications with us may be digitised and retained in digital format, the paper based communications may be culled.
It is therefore important that, except where specifically requested, you do not send us originals of any paper based document and that you retain copies for your own records.
Where we do request original paper based documents we will return them to you once they are no longer required by us for the purpose for which they may be used or disclosed.
How your personal information is held
Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
Our Information Record System
Provide a description of your Information Record System including information about:
- We store the files and required information on Google Drive on the cloud securely, we do not create any data on portable electronic devices or printed hard copies.
- We store all the data in the AWS database and this is backed up on a daily basis and stored in AWS cloud.
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.
We may disclose your personal information where we are under a legal duty to do so.
Disclosure will usually be:
- internally and to our related entities
- to our Clients
- to Referees for suitability and screening purposes.
Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
- Software solutions providers;
- I.T. contractors and database designers and Internet service suppliers;
- Legal and other professional advisors;
- Insurance brokers, loss assessors and underwriters;
- Superannuation fund managers;
- Background checking and screening agents;
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
Some of your personal information is likely to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
The likely countries, type of information disclosed, and recipients are indicated, so far as is practicable, in the following table:
|Country||Type of Information||Likely Recipients|
|Philippines and India||All personal data stored on servers located in Australia||IT Personnel and Contractors of our technology providers who may access data for maintenance and software upgrade purposes or verification|
Access & Correction
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.
Important exceptions include:
- evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator. You will need to be in a position to verify your identity.
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
You can also find out information about our Data Breach Response and Notification Procedures.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
For more information see our Complaints Procedure.
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are email@example.com.
You can also make complaints to the Office of the Australian Information Commissioner
Complaints may also be made to RCSA, the industry association of which we are a member.
RCSA administers a Code of Conduct for the professional and ethical conduct of its members.
The RCSA Code is supported by rules for the resolution of disputes involving members.
NOTE: The Association Code and Dispute Resolution Rules do NOT constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of the Associations members.
When we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
- We may ask for clarification of certain aspects of the complaint and for further detail;
- We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
- We will require a reasonable time (usually 30 days) to respond;
- If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
- If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response;
- If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.