Privacy Policy

Medlo Pty Ltd (ACN 667 986 361) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our platform Medlo to you (Services) or when otherwise interacting with you, including via our website.

The information we collect

If you are a Doctor:
  • Identity Data including first name, middle name, last name, maiden name, title, date of birth, gender, job title, photographic identification, and images of you.
  • Contact Data including billing address, email address and telephone numbers.
  • Financial Data including bank account and payment card details (through our third party payment processor).
  • Background Verification Data including evidence of your medical qualification(s), AHPRA registration, medical provider numbers, working with children check, criminal record check, passport number, driver licence number, photographic identification, visa or other details requested as part of our verification process to comply with our due diligence obligations and related ongoing monitoring commitments. We may also collect information about you that we find online, including on your social media platforms, online search engines (such as Google) and medical registration websites.
  • Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
  • Technical and Usage Data including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
  • Profile Data including your username and password for Medlo, profile picture, support requests you have made, content you post, send receive and share through our platform, your interests, preferences, feedback and survey responses. 
  • Interaction Data including information you provide to us when you participate in any interactive features of our Services, including surveys or events, and in the course of any of our scheduled meetings that you attend (including online meetings). 
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
  • Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.  In the course of providing our Services, we may collect, or come across such sensitive information in different situations, including during the course of conducting a background verification check on you or when reviewing your CV.

Unless otherwise permitted by law, we will not collect sensitive information about you without first obtaining your consent.
If you are a hospital contact liaising with us on behalf of a Hospital:
  • Identity Data including your first name, middle name, last name and job title.
  • Contact Data including billing address, email address and telephone numbers.
  • Financial Data including bank account and payment card details (through our third party payment processor).
  • Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
  • Technical and Usage Data including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
  • Profile Data including your username and password for Medlo, profile picture, support requests you have made, content you post, send receive and share through our platform, your interests, preferences, feedback and survey responses. 

Interaction Data including information you provide to us when you participate in any interactive features of our Services, including surveys or events and in the course of any of our scheduled meetings that you attend (including online meetings). 

Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
If you are a Referee:
  • Identity Data such as first name, middle name, last name, title, job title, and your relationship with the Doctor.
  • Contact Data including email address and telephone numbers.
  • Interaction Data including information you provide to us when you provide a reference check to us in relation to a Doctor. 

How we collect personal information

We collect personal information in a variety of ways, including:
  • Directly: We collect personal information which you directly provide to us, including when you register for an account, through the ‘contact us’ form on our website or when you request our assistance via email, or over the telephone.
  • Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
  • From third parties: We collect personal information from third parties, such as from your employer where they allocate you as an authorised user, or details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
  • From publicly available sources: We collect personal data from publicly available resources such as the Australian Securities and Investment Commission (ASIC) and professional networking sites such as LinkedIn, the Australian Health Practitioner Regulation Agency website and Google .

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.
Category
Type of Personal Information We May Collect
Primary Purpose of Collection
Identity Data
Your first name, last name, title, date of birth, gender, job title.
If you are a Doctor or a Hospital, to enable you to access and use Medlo, including to provide you with a login. If you are a Referee, to verify your identity to enable you to provide a reference check for a Doctor.
Contact Data
Your billing address, email address and telephone numbers.
If you are a Doctor or a Hospital, to contact and communicate with you about our services, including in response to any service requires you lodge with us or other enquiries you make with us. If you are a Referee, to contact and communicate with you in relation to a reference check for a Doctor.
Financial Data and Transaction Data
Your bank account and payment card details (through our third party payment processor), details about payments to you from us.
For internal record keeping, administrative, invoicing and billing purposes.
Background Verification Data
Evidence of your medical qualifications, AHPRA registrations, working with children check, criminal record check, identification documents or other details requested as part of our verification process.
To comply with our due diligence obligations and related ongoing monitoring commitments, including to ensure that you have the necessary qualifications to work at partner Hospitals.
Technical and Usage Data
Your IP address, device and network information, browsing behaviour, information about your access and use of our website and related information.
For analytics, market research and business development, including to operate and improve our services, associated applications and associated social media platforms.
Profile Data
Your username and password for Medlo, and any other interactions you have with us via Medlo, including your preferences, feedback and survey responses
To enable you to access and use Medlo and for analytics, market research and business development, including to operate and improve our services, associated applications and associated social media platforms.
Interaction Data
Information you provide to us when you participate in any interactive features of our services, or where you attend a meeting we schedule.
For analytics, market research and business development, including to operate and improve our services, associated applications and associated social media platforms.
Marketing and Communications Data
Your preferences in receiving marketing from us and our third parties and your communication preferences.
For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.
Any Relevant Personal Information
Any personal information you may otherwise provide to us.
To comply with our legal obligations or if otherwise required or authorised by law.

Our disclosures of personal information to third parties

We may disclose personal information to:
  • other users on Medlo (for example, to a hospital for the purposes of facilitating your placement at an interested hospital);
  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • marketing or advertising providers;
  • professional advisors, bankers, auditors, our insurers and insurance brokers;
  • payment systems operators such as Xero;
  • our existing or potential agents or business partners including hospitals and health boards;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties to collect and process data, such as Google Analytics (See here how Google uses data when you use third party websites or applications), Meta Pixel or other relevant analytics businesses; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics: We may have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Overseas disclosure

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia, including New Zealand. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles. We take rigorous steps to protect your personal information from misuse or unauthorised disclosure. For example, we ensure that we only collect your personal information for legitimate business purposes (including to allow you to access and use Medlo and for us to deliver our services to you) and we will only share your personal information with third parties for lawful purposes as permitted under the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

The security measures we have implemented to safeguard your personal information includes:
  • we do not sell, trade, rent or otherwise share for marketing purposes your personal information without your prior consent;
  • we are a paperless business and where we receive your personal information on paper, we will upload the personal information and/or document into our online systems and will destroy the paper copy in a confidential and secure manner;
  • where personal information is no longer required for the purposes for which it was collected, we will, after we have retained the documents in accordance with the periods mandated by legislation, either destroy the personal information or de-identify it; and
  • personal information you provide us is securely stored at all times.

Multi-factor Authentication

We prioritise the security of your personal information and have implemented multi-factor authentication to safeguard access to your Medlo account using Google and Microsoft Azure. By employing multi-factor authentication, we aim to reduce the risk of unauthorised access to your account and ensure the integrity of your personal information. If you sign up for Medlo using your existing Google or Outlook account, we will employ the Google API and the Outlook API (APIs) to pull your name and email address, and for the sole purposes of verifying your details to create an account for you on Medlo. We will not otherwise use the APIs to collect any other personal information about you.

Recordings

We may record meetings that we schedule. Where we record those meetings, we will seek your prior written consent before the recording commences. All recordings will be stored in accordance with this Privacy Policy.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

Book Locum Explore

Last update: 5 July 2023