1. Introduction

Next Step Medical takes your privacy very seriously and we are committed to protecting your personal data. This includes information you provide to us and information that we obtain about you from other sources. The statement below describes what data we will obtain, how the data is used and how the data is protected.

2. Policy

1.     Purpose  

Next Step Medical Pty Ltd privacy policy is in accordance with national privacy principles in the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to protect the privacy of the information we collect about our staff. It includes the information our business keeps about staff in addition to the information of other third parties.

We understand the importance of personal information and its privacy and respect that individuals have the right to know what information we hold about them.

2.     Scope Statement

This policy affects all staff, contractors and any third party that provides us with personal information.

3.     Responsibilities

All staff are responsible for ensuring the policy is adhered to at all times, particularly when dealing with customers, patients, family members etc.

4.     Our Commitment

This policy tells you how we use information. We may collect information offline or online through email, our website and other platforms.

In this policy we, us or our means “Our Business”.

Types of Personal Information

The types of personal information we may collect include:

  • Name, images and complete contact details;
  • Age and/or date of birth;
  • Bank account details in order to pay our workers;
  • Additional personal information provided to us in connection with employment application and employment with us; and
  • Any other personal information requested by us and/or provided by staff or a third party such as banking institutions.

Collection and Use of Personal Information

We may collect, hold, use and disclose personal information for the following purposes:

  • To consider an employment application;
  • To contact and communicate with staff;
  • To enable staff to access and use any staff intranet or cloud software;
  • For internal record keeping and administrative purposes; and
  • To comply with our legal obligations and resolve any disputes that we may have.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • Our staff and contractors;
  • Third party service providers for the purpose of enabling them to provide their services;
  • Our existing or potential agents or business partners;
  • Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • Credit reporting agencies, courts, tribunals and regulatory authorities, in the event staff fail to pay for goods or services we have provided; and
  • Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.

By providing us with personal information, staff consent to the disclosure of information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act (Act) and the Australian Privacy Principles (APPs). Note the Act and the APPs may not regulate third parties overseas. If any third party engages in any act or practice that contravenes the APPs, it would not be accountable under the Act.

How we Treat Sensitive Personal Information

Information classified as “Sensitive Information” has a higher level of protection under the APPs. Sensitive Information means information relating to racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

Provided consent, sensitive information (if we hold any) may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected. Sensitive information may also be used or disclosed if required or authorised by law.

Rights and Controlling your Personal Information

Choice and Consent: By providing personal information to us, implies consent to us collecting, holding, using and disclosing personal information in accordance with this policy. Staff do not have to provide personal information to us, however, if they do not, it may affect use of our software or the products and/or services offered on or through it.

Information from Third Parties: If we receive personal information from a third party, we will protect it as set out in this policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Access: Details of the personal information that we hold may be requested. An administrative fee may be payable for the provision of such information.

Correction: If staff believe that any information we hold about them is inaccurate, out of date, incomplete, irrelevant or misleading, please contact your Manager. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints: If staff wish to make a complaint about how we have handled personal information, please contact your Manager and provide us with full details of the complaint. We will promptly investigate your complaint and respond, in writing, setting out the outcome of our investigation and the steps we will take to deal with the complaint.

Deletion: Staff can request for the erasure or deletion of personal information by contacting their Manager. The deletion of personal information will only be carried out subject to applicable laws. The deletion of personal information will only apply to personal information being held by us at the time the request is received.

Overseas Transfer

Personal information may be transferred to an overseas jurisdiction with substantially similar data protection laws such as the United States of America, the United Kingdom or countries within the European Union (EU). These countries have data protection laws, which protect personal information in a way that is at least substantially similar to APPs and there will be mechanisms available to enforce protection of personal information under that overseas law. We do not require the overseas recipients to comply with the APP and we will not be liable for a breach of the APP if personal information is mishandled.

GDPR

In some circumstances, the European Union General Data Protection (GDPR) provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available under the GDPR if personal information is handled in a manner inconsistent with that law.

Storage and Security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at staff’s own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure that the personal information we collect will not be disclosed in a manner that is inconsistent with this policy.

5.     Amendments

We may, at any time and at our discretion, vary this policy.

6.     Breaches

Conduct which breaches this policy is unacceptable. Depending on the severity and circumstances, breach of this policy may lead to disciplinary action, regardless of the seniority of the particular individuals involved.

7.     Effective Date

This policy is effective as of 20th January 2025 and shall be formally reviewed annually and updated in consultation with internal and external stakeholders, ensuring alignment with any legislative amendments.

8.     Authorisation

Name: Charles Safapour

Position: CEO

 

3. Collection and use of personal data

Purpose of processing and legal basis

Next Step Medical will collect your personal data (which may include sensitive personal data) and will process this for the purposes of providing you with work-finding services. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during internal audits to demonstrate our compliance with certain industry standards.

The legal bases we rely upon to offer these services to you are:

Where we have a legitimate interest;

  • To comply with a legal obligation that we have;
  • To fulfil a contractual obligation that we have with you; and/or
  • Your consent for direct marketing related to non-work finding services.

Legitimate interest

As a recruitment business, Next Step Medical  have a legitimate interest in identifying suitable individuals for work opportunities with our clients provided it is reasonable and does not go against what you would reasonably expect from us. We are also interested in trends in recruitment and the development of reports that help us to advise our clients on recruitment strategies for hiring the best staff.

This can include:

  • Managing our database and keeping work-seeker records up to date;
  • Contacting you to seek your consent where needed;
  • Providing work-finding services to you, including sending your information to our clients where you have demonstrated an interest in doing that work.

Legal obligations

Given the nature of recruitment, Next Step Medical has a large number of legal obligations to various individuals, clients and public bodies. Our activity is regulated and obliges us to take reasonable steps to ensure your suitability for any work opportunities that we introduce you for. As a healthcare recruiter, we have important obligations relating to the safeguarding of children and vulnerable adults. Certain information, such as copies of your passport and National Police check certificate are used to determine whether you can lawfully and/or safely engage in certain types of work or activities.

We are required by law to verify a candidate’s mental and physical fitness to carry out their responsibilities and permitted to ask questions about disability and health in order to establish whether an individual has physical or mental capacity for a specific role.

Contractual obligations

In the course of our activities, we may assume certain contractual obligations to both you and to our clients. This includes the obligation to pay you for any work undertaken and to ensure you gain the benefit of any statutory or contractual rights. It may also include certain audit rights that a client may have in relation to the services we provide.

If we are unable to obtain or hold the information necessary to meet our legal or contractual obligations, we will not be able to provide work finding services to you.

Consent

If we, or any member of our group, wish to contact you about other products or services not related to the provision of work finding services, we will seek your explicit consent before doing so. We will not be required to obtain such consent where you have voluntarily expressed an interest in services or where you have requested that we contact you.

From time to time we may ask you to undertake a customer satisfaction survey. You do not have to do so but this assists us to provide the best recruitment services to you.

4. Source of your personal data

We source work seekers data by two different methods, either directly from you registering with us or obtaining your Curriculum Vitae (C.V.) and contact details via a job board you have uploaded it to.

It is important that the personal information we hold about you is accurate and current. Please keep us informed by emailing your recruitment consultant if your personal information changes during the period which we hold your data.

You may provide Next Step Medical with details of other individuals (including, without limitation, referees and next of kin/persons to be contacted in an emergency). By doing so you are confirming that you have that person’s consent to provide us with their details, to process the information for the intended purpose and to contact them for the intended purpose if necessary and/or appropriate.

5. Sharing of personal data

We are not a job board, or a commercial database and we will not sell access to your data to other businesses for marketing or any other purpose.
We may share your data with the following people or companies:

Clients

Next Step Medical will share relevant data with our clients only when introducing you for work opportunities or supplying your services to them. We will share your information with our suppliers or partners only when it is necessary for providing you the benefit of our services. We may also share data with your former or prospective new employers in order to obtain or provide references.

Payroll provider or third-party employer

Where you have chosen to use a named payroll provider or third-party employer, we will share relevant information to enable the provider to complete any legal or contractual obligations that they may have.

Public bodies

We may be required by law to share your information with certain public bodies or regulatory authorities. For example; this may include HMRC in respect of payments and deductions for tax and national insurance, or a local authority in respect of information required for safeguarding purposes.

Third parties who ensure our business is run correctly

Third parties we may engage to ensure we run our business correctly include:

  • Auditors
  • Legal advisors
  • Insurers
  • Government departments
  • Payroll software providers
  • Compliance software providers

Suitability checks

Next Step Medical use companies to carry out suitability checks on work-seekers, these include:

  • Security Watchdog
  • National Police checks
  • AHPRA membership checks

Group Companies

Next Step Medical may share your data with other members of our group for the purposes of monitoring and managing the services provided by Next Step Medical.
Other members of our group include:

  • Allied and Clinical Healthcare Recruitment
  • Next Step Nursing
  • Minerva Nursing

7. Protection of your data

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss or unauthorised access.

Access to your data is restricted to ensure it can only be accessed by authorised users. We have minimised the need for data to be accessed unless this is strictly necessary to meet our obligations or to respond to any reasonable and lawful request and information is regularly backed up on cloud services to reduce the risk of loss or corruption.