Privacy Policy

In this policy, “Shift Exchange”, "us", "we" or "our" means The Shift Exchange Pty Ltd ABN 75 136 869 997.

We are firmly committed to privacy and are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“the Act”).

This Privacy Policy ("Policy") explains how information about you or associated with you (“personal information”) is collected, used and disclosed by us when you visit our website and from the use of our web based application known as Vacim (collectively, the "Services").

The protection of your privacy is very important and we have adopted the following practices to safeguard the confidentiality of your personal information.

  1. What is personal information?
    1. When used in this policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, postcode and contact details (including phone numbers and email addresses). If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
  2. What information is collected by us?
    1. Information You Provide. When you register or use any of our Service we may collect a variety of information, including:
      1. Contact Information such as names, email address, and other contact information
      2. Your employees information including their names, date of birth, Medicare number and medical records; and
      3. Other Information such as details of your business and your credit card details.
    2. Information About How You Use the Services. We may collect information about your participation and actions on the Services. This may include information such as the pages, profiles and documents you create, view and how you browse the Services. It can also include the various functions and features that you use.
    3. Information from Content You Upload. When you upload data or document to the Services, we may collect information about the content, such as the time, date and place the document or content was taken or uploaded (also known as metadata), and how you use them, who views them or with whom you share.
    4. Cookies and Similar Technologies. We may use cookies and similar technologies to collect, analyze and store information, to provide and improve the Services offered by Shift Exchange, and to identify and prevent fraudulent activities.
    5. Your Communications with Us and Other Users. We collect communications you send to us. We also collect any comments, messages or other content or communications you and other users share on the Services.
    6. Information Provided by Others. We may be provided with information relating to you on the Services by other users of the Services.
  3. Why do we collect, hold, use and disclose personal information
    1. We use your personal information for purposes described in this Policy or disclosed to you on or in connection with our Services. The ways in which we may use this information include to:
      1. Provide the requested Services: to administer and maintain your Shift Exchange account and generally provide the functions and features that are part of the Services.
      2. Analyse and develop our services: to develop, deliver, measure, monitor, analyse and improve our Services and develop new services.
      3. Communicate with you: to respond to your comments and questions and provide customer service, to provide any messaging or communications associated with the functions and features of the Services.
      4. Protect the Services and Shift Exchange’s property: to detect and prevent abusive, fraudulent, malicious or potentially illegal activities, and to protect the rights, safety or property of Shift Exchange or our users including to enforce or exercise any rights in our Terms and Conditions of Use
    2. Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.
  4. Data Security
    1. We aim to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse. Among other things, we safeguard our IT systems against unauthorised access by the use of Secure Socket Layer (SSL) to establish an encrypted connection between a browser or user's computer and our server or website and we also use a 2 factor authentication for our backend system.
    2. We also ensure that access to your personal information within our database, which is hosted on a Cloud Server located in Australia, is only made available to authorised personnel who need to have access in order to do their work.
    3. If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach notification—A guide to handling personal information security breaches. We will aim to provide timely advice to you to ensure you are able to manage any loss (financial or otherwise) that could result from the breach.
  5. Sharing personal information with Third Parties
    1. Our Services allow you to share information about your employees and their medical records with other users and potential users of the Services as authorised by you. Consider your own privacy and your employee’s privacy when sharing such information with anyone.
    2. Additionally, we may share information with third parties as follows:
      1. with third party vendors, consultants, contractors and other service providers that perform services on our behalf, which may include, but is not limited to, providing administrative or technological support, providing fraud detection services, processing payments or providing analytics or attribution services;
      2. with the Australian Immunisation Registrar that keeps and maintain individuals’ immunisation records;
      3. in connection with any company transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings; and
      4. to, in our discretion, (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms and Conditions of Use, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of Shift Exchange, its users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal activities, security or technical issues.
    3. By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.
  6. Updating your personal information
    1. It is important to our relationship that the personal information we hold about you or your organisation is accurate and up to date. During the course of our relationship with you we will ask you to inform us if any of your personal information (or details of your organisation) has changed.
    2. If you wish to make any changes to your personal information (or details of your organisation) that we hold about you, you should contact us to have it updated. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.
    3. If your personal information has been provided to us by an organisation that is or was a user of our Services, then you should contact that organisation to make a request for your personal information to be updated.
  7. Accessing your personal information
    1. We will provide you with access to the personal information we hold about you, subject to limited exceptions in the Privacy Act as outlined below. You may request access to any of the personal information we hold about you at any time.
    2. To access personal information that we hold about you, use the contact details specified below. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.
  8. Denied access to personal information
    1. There may be situations where we are not required to provide you with access to your personal information. For example, such a situation would be where the disclosure of such information would breach the privacy of other users, or if your request is vexatious.
    2. An explanation will be provided to you if we deny you access to your personal information we hold.
  9. How can you complain about a breach of privacy?
    1. If you believe your privacy has been breached by us, have any questions or concerns about our Privacy Policy please contact us using the contact information below and provide details of the incident so that we can investigate it.
    2. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
    3. Please contact our Privacy Officer at: Privacy Officer, Shift Exchange Pty Ltd, 3 Amy Close, Wyong NSW 2259. Or email:
  10. Changes to our privacy policy
    1. We reserve the right to modify this Policy from time to time. If we make changes to this Policy, we will change the "Last Revision" date below and will post the updated Policy on this page.

Last Revision Date and Effective Date: This Agreement was last revised on 3 May 2018.