Privacy Policy – DXC Medical Recruitment

DXC Medical Recruitment Privacy Policy

Updated: October 2017

Introduction

The DXC Medical Recruitment Privacy Policy ensures our commitment to preserve the privacy and confidentiality of the personal information we collect from our candidates and clients. This policy has been created in line with the Australian Privacy Principles established by the Australian Privacy Act (1988).
DXC Medical Recruitment will only collect information that is necessary for the performance of our business as a recruitment agency and none of the information collated will be used for unlawful discrimination.

Information Collection

As a recruitment business, it is essential that we collect personal information, which will be gathered at the point of registration with DXC Medical Recruitment. Registration may occur via email, through our website, or by phone.
Following the collection of personal information, we will:
– check that it is current, complete and accurate. During this process, we may have to cross check the information that we collect from you with third parties (e.g. AHPRA)
-record and hold your information in our Client Relationship Management (CRM) system. Some information may be disclosed to overseas recipients only as is reasonably necessary for our functions or activities as a recruitment business.
– retrieve your information when we need to use or disclose it for our functions and activities as a recruitment business. All information will be checked for accuracy at this time.
– permit you to access personal information in accordance with the Australian Privacy Policy.
– destroy or de-identify your personal information when it is no longer required. We do not destroy or de-identify information that is contained in a Commonwealth Record.
Future Changes
DXC Medical Recruitment may update this policy considering future changes to privacy laws, technology and business. It is important that you check this policy regularly to ensure that you are aware of the extent of any consent, authorisation or permission you might give.

Types of information collected and held by DXC Medical Recruitmentand how it is used
We collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a recruitment business. The information required will vary depending whether you are a Client, Candidate or Referee.
Sensitive information is only collected with consent and where necessary for the performance of our functions and activities as a recruitment business. Sensitive information will need to be collected where it relates to a genuine occupational requirement or an inherent requirement of the job or work being considered.
Candidates
The type of information that we collect and hold covers personal and sensitive details, as necessary to assess suitability for potential placements, including but not limited to:
• personal details such as name, address, date of birth, gender and contact information
• information about personality, character, skills, qualifications and experience
• information about career history and future job requirements and preferences
• information about work entitlement and ability to undertake specific types of work
• work performance information
• information about incidents in the workplace
• information submitted and obtained in relation to absences from work due to leave, illness or other causes
• information submitted and obtained from Candidates and other sources (e.g. Referees or Clients) about applications for work
• bank details for the purpose of making payment
• criminal history records
• health records
• Tax File Number, ABN or any other relevant pay rolling information.
Information is typically used for:
• work placement operations
• recruitment functions
• staff management
• payment purposes
• training needs assessments
• risk management
• work health and safety operations
• marketing services to you; but only where this is permitted and whilst you are registered with us
• statistical purposes and statutory compliance requirements.

Clients

The type of information that we typically collect and hold about DXC Medical Recruitment Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
• client relationship information
• information about position, contracting and hiring authority
• information about team structures and roles
• information about incidents in the workplace
• information regarding current and predicted business levels (patient numbers etc.)
• company financials
• credit history checks
Information is typically used for:
• client and business relationship management
• recruitment functions
• training needs assessments
• risk management
• work health and safety operations
• marketing services to you
• statistical purposes and statutory compliance requirements
• sponsorship applications
• District of Workforce Shortage (DWS) applications
• Area of Need (AON) applications

Referees

The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Candidates for jobs or types of work and may include:
• information about work position, authority to give a reference and preferred contact details;
• opinions of the Referee regarding the Candidates character and work performance or work environment;
• facts or evidence in support of those opinions, sometimes involving the Referee’s own knowledge and experience of having worked with the Candidates
Information typically used for:
• to confirm identity and authority to provide references;
• Candidate suitability assessment;
• recruitment functions;
• risk management

Direct Marketing

DXC Medical Recruitment may use your personal information for the purposes of direct marketing except where you have specifically requested we don’t.
Any opinions you provide to us such as testimonials may be passed onto a third party for the purposes of creating marketing material. In these cases, we will ask your consent before passing this information onto the third party.
We provide candidates and clients the option to opt out of marketing material and upon receipt of this request their marketing preferences are updated on our systems.
If you do not wish to have your personal information used for direct marketing purposes, you may contact us and request not to receive direct marketing communications.

How your personal information is collected?
The ways DXC Medical Recruitment will generally collect your personal information are likely to differ depending on whether you are a candidate, client or referee.
Candidates
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work.
Information will also be collected electronically via our telecommunications or email systems.
Personal information is also collected when:
• we receive or give any reference about you;
• we receive results of inquiries that we might make of your former employers, work colleagues, professional associations or registration body;
• we receive the results of any competency, psychometric, or medical test;
• we receive performance feedback (whether positive or negative);
• we receive any complaint from or about you in the workplace;
• we receive any information about a workplace accident in which you are involved;
• we receive any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you are involved;
• you provide us with any additional information about you;
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. We collect personal information about you from publicly available sources for inclusion in our records only as is reasonably necessary for the proper performance of our functions and activities as a recruitment agency, and this information is managed in accordance with the DXC Medical Recruitment Privacy Policy.

Clients

Personal information about you may be collected by DXC Medical Recruitment:
• when you provide it to us for business or business related social purposes
• electronically through our telecommunications and technology systems
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories; the Internet and social media sites. We collect personal information about you from publicly available sources for inclusion in our records only as is reasonably necessary for the proper performance of our functions and activities as a recruitment agency, and this information is managed in accordance with our Privacy Policy.

Referees

Personal information about you may be collected when you provide it to us:
• in the course of our taking Candidate references with you
• for business or business related social purposes;
• electronically through our telecommunications and technology systems
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. We collect personal information about you from publicly available sources for inclusion in our records only as is reasonably necessary for the proper performance of our functions and activities as a recruitment agency, and this information is managed in accordance with our Privacy Policy.

Photos & Images

DXC Medical Recruitment may request proof of identification from you including copies of your passport, visa and or driver’s license and will only do so to for the proper performance of our functions and activities as a recruitment business.

Electronic Transactions

It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.
It is important that you:
• know your rights: read our privacy policy, personal data collection & privacy notice.
• be careful what information you share on the Web.
• use privacy tools on the site – control access to your search listing and profile.
• make sure your anti-virus and data protection software is up-to-date.
Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
• ask to be on an email list such as a job notification list;
• register as a site user to access facilities on our site such as a job notification board;
• make a written online enquiry or email us through our website;
• submit a resume by email or through our website;
• follow, interact and converse via social networking platforms such as Facebook, Twitter and LinkedIn

Social Networks and Web Searches

In order to assess your suitability for positions and to assist you to find work, we will need to collect, use and disclose personal information about you. We will conduct background checking via social network media sites, Google, regulatory and immigration sites and medical registration boards, for the purposes of assessing suitability for representation by DXC Medical Recruitment.

Web Browsing

When you look at the DXC Medical Recruitment website, our web hosting provider makes a record of the visit and logs (in server logs) the following information for statistical purposes:
• your server address
• your top-level domain name (for example .com, .gov, .org, .au, etc)
• the pages you accessed and documents downloaded
• the previous site you visited and
• the type of browser being used.

We do not identify users or their browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet service provider’s server logs.
We do not accept responsibility for the privacy policy of any other site to which our site has a hyperlink, and it is advisable to look at the privacy policy of other sites before disclosing personal information.

Cookies

Cookies are uniquely numbered identification numbers like tags which are placed on your browser. By themselves cookies do not identify you personally, but they may link back to a database record about you. If you register on our site we will then link your cookie back to your personal information details.
This site uses cookies to monitor usage of our website, including session level usage, to create a personal record of when you visit our website and what pages you view. Cookies are necessary to enable various activities, such as retaining and allowing you to update your registration details and work preferences, login, username and search queries on our web site, but if you do not wish us to retain any information about your visit to our site you can delete the cookies in your browser and change the settings in your web browser program.
The website statistics for dxcmedical.com.au are generated from this usage data, as outlined above, and analytics programs such as Google Analytics are used to view and access the data.

Cloud Computing Services

In cases where we use cloud computing services DXC Medical Recruitment will take reasonable steps to ensure that:
• our Cloud computing services provider’s terms of service recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
Emails
Our technology systems log emails received and sent and may include voting, and read and receipt notifications to enable tracking. Our mass email technology systems also collect usage data such as receipts, bounce backs, open and click-through rates and subsequent DXC Medical website actions.
When your email address is received by us because you send us a message, the email address will only be used or disclosed for the purpose for which you have provided. It may be added to a mailing list for the purposes of communicating with your information we feel you would be interested in unless you have specifically requested not to be added to any mailing lists, or you opt-out of receiving communications.

Call & Message Logs

When your call number is received by us because you phone us or send us a message, the number will only be used or disclosed as is reasonable for the proper performance of our functions and activities as a recruitment agency.
Our cloud computing system will also log any SMS messages sent to and received from your mobile phone number and will only be used or disclosed for the purpose for which you have provided it.
Database
We use a cloud based recruiting CRM to log and record recruitment operations. This recruiting database is operated on a server that allows disclosure to cross boarder recipients only as is reasonable for the proper performance of our functions and activities as a recruitment business. The database will contain personal details and documentation you have provided to us and will only be used or disclosed for the purpose for which you have provided it.
Mobile Access
This is used for recruitment purposes and will only be used or disclosed for the purpose for which you have provided it.

How is your personal information is held and disposed of?

When your personal information is collected it will be held in our cloud based recruiting database, on our website and on our network drive, all of which restrict user access without the use of approved login credentials.
Financial information is held for a period of seven (7) years or at which time it will be de-identified or destroyed if it is lawful for us to do so.
Personal information will be held for a minimum of three (3) months after which we may destroy or de-identify it if it no longer serves our functions or activities as a recruitment agency.
There are some inherent risks in the use of the Internet Communications and other Technologies. See link for more information
http://www.oaic.gov.au/privacy/privacy-topics/internet-communications-and-other-technologies/

Information Security

We take all reasonable steps to ensure your personal information remains secure and confidential and is only used as is reasonably necessary for the proper performance of our functions and activities as a recruitment agency.
We take a range of measures to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure, these measures include
• Document naming protocols for sensitive information
• Password protection
• Culling procedures including shredding and secure disposal
Disclosures
Personal Information that we hold about you is only disclosed for the primary and related purposes for which it was collected.
General Disclosures
We may disclose your personal information for any of the purposes for which it is primarily held or for a related purpose where lawfully permitted.
We may disclose your personal information where we are under a legal duty to do so, including circumstances where we are under a contractual duty to disclose information.
Disclosure will usually be:
• internally and to our related entities
• to our Clients
• to Referees for suitability and screening purposes
Cross-Border Disclosures
Some of your personal information is likely to be disclosed to overseas recipients. The likely countries, type of information disclosed and likely recipients are indicated, so far as is practicable, in the following table:
Country Type of Information Likely Recipients
United Kingdom Any personal or sensitive information held on our database system. An approved UK Partner agency

We take reasonable steps to ensure that terms of service with overseas recipients recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

Access & Correction

You have a right to access and correct personal information under the Australian Privacy Principles (APPs).
Access
Subject to some exceptions that are set out in privacy law, you can gain access to the personal information that we hold about you.
Important exceptions include:
• evaluative opinion material obtained confidentially during our performing reference checks and access that would impact on the privacy rights of other people. We do refuse access if it would breach any confidentiality that attaches to that information or if it would interfere with the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that we make and which the communicator of that information is entitled to expect will be observed.
If you wish to obtain access to your personal information you should contact our us at privacy@dxcmedical.com.au and you may need to verify your identity.
If we refuse to give access to the personal information or to give access in the manner requested by you, we will give you a written notice that sets out:
• the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
• the mechanisms available to complain about the refusal.
Correction
We will take reasonable steps to ensure information we hold about you is accurate and up to date where it is practicable to do so. We also rely on you to tell us when there are changes to your personal information that we hold about you. This could be for example a change of address or employment status.
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us directly.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
In some cases, we may not agree that the information should be changed.
If we refuse to correct your personal information as requested by you, we will give you a written notice that sets out:
• the reasons for the refusal except to the extent that it would be unreasonable to do so; and
• the mechanisms available to complain about the refusal.
You may also ask us to associate a statement that the information is contested as being inaccurate, out of date, incomplete, irrelevant or misleading and we will take such steps as are reasonable to do
Complaints
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy:

How to Complain

If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information by sending an email to privacy@dxcmedical.com.au
When we receive your complaint:
• We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
• We will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
• We may ask for clarification of certain aspects of the complaint and for further detail;
• We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
• We will require a reasonable time (usually 30 days) to respond;
• If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;
• If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response;
If the complaint cannot be resolved by means that we propose in our response we will suggest that you take your complaint to the Office of the Australian Information Commissioner http://www.oaic.gov.au/privacy/privacy-complaints