Privacy Policy

Scheduling and calendar management

Secure messaging and notifications

File and document uploads (e.g., contracts, timesheets, medical compliance documents)

Payments and invoicing

Analytics and reporting tools

Visit MedMatch’s websites, including medmatch.co.nz and other MedMatch-affiliated sites, such as blogs, event registration pages, community discussions, forums, and social media platforms (collectively, our “Sites”).

Access or use our web application, APIs, or other products and Services as a Service User or authorised user.

Engage with MedMatch in any way, including customer support, marketing, registering for, attending, or otherwise partaking in our events, training sessions, events, or webinars (collectively, “Marketing Activities”).

Information that Service Users collect from individuals with whom they interact (e.g., patient data, data about locums). Service Users are responsible for notifying and obtaining consent from individuals with whom they interact under their own privacy policies and applicable healthcare regulations (such as New Zealand’s Health Information Privacy Code), and for all other aspects of their own compliance with applicable laws (including privacy and data protection laws and healthcare regulations).

Third-party services or products accessible via our platform. Please review their privacy policies for more information.

Job applicants applying for roles at MedMatch.

Employees of, and contractors to, MedMatch.

Contact Information: We collect your contact information when you sign up for or use our platform, communicate with us, or engage in MedMatch activities. This may include your full name, email address, phone number, location, and mailing address.

Professional Information: We collect information about your professional role and qualifications when you create an account or interact with our Services. This may include your facility or organisation name, job title, specialty, certifications, and licences.

Account Information: We collect details needed to manage your account, such as login credentials, profile information, and communication preferences.

Compliance Information: We collect documents and records to verify credentials, qualifications, and compliance with applicable healthcare regulations. This may include uploaded licences, certifications, proof of identity, and health clearances.

Transactional Information: We collect billing and payment information when processing payments, invoices, or other transactions through our Services.

Your Content: We collect the content you create, upload, or submit through the platform, such as availability entries, messages, uploaded documents, contracts, compliance records, and timesheet submissions (collectively, “Your Content”).

Marketing Information: When you engage with our Marketing Activities or interact with our sales or customer support representatives, we collect information you provide, including through form submissions, surveys, email communications, or phone calls. This may include the nature of your communication, your contact preferences, and any information you choose to provide in free-text fields.

Image and Audio Information: We may collect images or audio recordings in certain circumstances. For example, if you contact us by phone or participate in a video call, we may record those interactions. If you attend an event hosted or sponsored by MedMatch, we may capture your image and/or voice in photographs, videos, or audio recordings taken at the event. You may opt out at any time. For phone calls, tell our team member “no recording please” when notified a call may be recorded; we will proceed with recording off. For video calls, you may turn off your camera and/or ask the host to disable recording for your participation. For in-person events, ask staff at check-in for a no-photo/recording badge and use the designated no-filming area. If your image or voice is captured and you want it removed or blurred from MedMatch-controlled materials, contact privacy@medmatch.co.nz with details and we’ll take reasonable steps to action your request. If you are recorded by another participant, or a member of the public, at an event hosted or sponsored by MedMatch, we do not have any control over that recording and you should contact that participant or member of the public directly.

Troubleshooting and Support Information: We collect information you provide when contacting our support team, including messages, inquiries, or troubleshooting details. Support information includes content of a message or attachments that you send to us.

Service User-Provided Data: We may collect information from Facilities or other Service Users when they authorise us to access or manage user or shift data. This includes authorised user data, shift and timesheet data, and interactions with Facility systems.

Automatically Collected Information: We automatically collect information to help operate and improve our platform. This may include usage data (logs, clicks, pages viewed, errors), device information (browser, OS, device type, screen resolution), location data derived from IP address, and cookies or tracking data.

Information You Voluntarily Provide to Us: We collect any information you choose to provide to us, such as feedback on your experience with our Services or participation in public discussion forums as part of our Marketing Activities.

Payment Processor Data: We receive transaction details, billing information, and verification data from providers such as Stripe to process payments and invoices. We do not have access to your credit card information.

Service Provider Data: We may receive information from third parties that support our platform operations, including hosting, cloud storage, communications, or analytics providers.

Authorised User Data: Details about Locums or staff added to the platform by Facilities, including names, roles, and contact information.

Shift and Timesheet Data: Information related to work assignments, bookings, hours worked, and timesheet submissions.

Facility Interaction Data: Information about interactions between Locums and Facility systems that is necessary to operate and manage the platform.

Usage Information: Details about how you use our Sites and Services, such as clicks, pages viewed, searches, features accessed, time spent, errors encountered, and date/timestamps associated with your usage. We may also collect request information, including speed, frequency, referring page (the site from which you linked to us), exit page (the site you visit immediately after ours), and information about other websites you have recently visited.

Device Information: Details about the devices and browsers you use to access our platform, including operating system, device type, screen resolution, and mobile network.

Location Information: We may collect your precise location from your device when using the platform, and general location derived from your IP address, such as city and country.

Telemetry Information: We collect anonymised statistical and telemetry information, as well as aggregated, de-identified data about how our Services are used.

API Information: We collect functional data and customer-initiated events from third-party services that connect or integrate with MedMatch, such as authentication tokens or API endpoints.

Cookies and Tracking Information: Information collected through cookies or similar technologies to enhance functionality, analyse usage, and deliver personalised experiences, as described in the Cookies section below.

Service Operation: To operate and administer our Sites and provide, operate, deliver, monitor, and maintain our Services, including troubleshooting, system maintenance, scheduling, timesheet processing, payments, and platform improvements.

Product Development and Improvement: To improve functionality, quality, user experience, and develop new features, including enhancements to shift management, notifications, and algorithms.

Support: To provide you with assistance and technical support, such as responding to your requests and inquiries. MedMatch personnel are prohibited from viewing Your Content except when instructed by you, as necessary to resolve support issues you may have, or for security, Services integrity, or legal purposes.

Communication: To send you marketing and administrative messages, such as technical or legal notices, invoices, product updates, surveys, security alerts, promotions, newsletters, training, event reminders, and/or provide other news or information about MedMatch and/or our partners. Please see the Your Choices and Rights section below to learn how to manage your communication preferences.

Account Administration: To create and manage your account, complete transactions, and send billing, tax, and other administrative information, such as purchase confirmations, receipts, and invoices.

Marketing Activities: To develop and improve our Marketing Activities, such as to review and analyse trends, usage, and interactions with our Services and Sites, and to personalise and improve our Marketing Activities. We may also use your information to provide you with content and/or features that match your interests and preferences.

Security: To detect, investigate, prevent, protect against, and respond to potential threats, fraudulent transactions, unauthorised access, and other malicious, deceptive, fraudulent, or illegal activity.

Legal, Safety, and Compliance: To comply with applicable laws and regulations, or a court or legal order, and to review compliance with applicable terms.

Complaints: To respond to any complaints you may make.

Protection and Enforcement: To protect and/or enforce our legal rights and interests, including defending any claim.

For Any Other Purposes authorised by the Act or with Your Consent.

With Service Users (Facilities and Locums): To enable interaction through the platform, we share information necessary for bookings, shift management, and communications (e.g., names, profiles, certifications, and availability). Personal contact details, such as phone numbers and email addresses, will only be shared once a booking is confirmed (meaning both parties have agreed to the booking and it has been accepted through the platform). In addition, reviews and feedback provided by Facilities and Locums about each other may also be shared.

With Third-Party Service Providers: To operate, maintain, and improve our Services, we may share information with vendors that provide hosting, cloud storage, payment processing, communication, analytics, or other technical services.

With Regulatory Authorities: We may share information when required by law, healthcare regulations, or legal process.

As authorised by Law: We may share information to any other person authorised by the Act or another law (e.g. a law enforcement agency).

With Corporate Affiliates or Successors: In the event of a merger, acquisition, or corporate restructuring, we may share or transfer information as part of business assets.

With Your Consent: We may share information with other parties with your authorisation.

Service Operation and Administration: To operate, deliver, monitor, and maintain our platform, including troubleshooting, system maintenance, and upgrades.

Legal and Regulatory Compliance: To comply with applicable laws or legal obligations.

Dispute Resolution and Enforcement: To resolve disputes, enforce agreements, and protect our rights or the rights of our Service Users.

Account Management: To manage accounts, transactions, and billing history.

Deletion and Anonymisation: When information is no longer required, we securely delete or anonymise it unless retention is required by law or necessary for legitimate business purposes.

Access and correction: Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

Marketing Communications: You can choose not to receive marketing emails or messages from us by clicking the "Unsubscribe" link in any email or by contacting us through the Contact Us section. Even if you opt out, you will still receive essential messages related to your account, transactions, or use of our Sites and Services.

Recording & event photography choices: You can (a) opt out of call/video recording for your participation, and (b) request not to be photographed/filmed at events. If content featuring you was captured, you may request removal, cropping, or blurring from MedMatch-controlled materials by emailing privacy@medmatch.co.nz. We will acknowledge within 5 business days and aim to complete feasible actions within 14 days. For third-party channels we do not control, we will take reasonable steps (e.g., submit a take-down/blur request) but may not be able to guarantee removal.

Account Information and Preferences: You can update or correct your account details at any time by logging into your account or contacting our support team. If you wish to delete your account, instructions are available in the help centre of the Services. You can also manage how we communicate with you, such as opting in or out of SMS notifications. Some information may be retained as described in the How We Retain Your Information section above.

Cookies and Tracking: You can control browser-based cookies and other tracking technologies through settings described in the Cookies section below.