Talent Grid Limited (NZBN: 9429051450724) ("TalentGrid", "we", "us", or "our") operates the website talentgrid.co.nz and the TalentGrid platform accessible at app.talentgrid.co.nz (collectively, the "Platform").
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the New Zealand Privacy Act 2020 ("Privacy Act") and the Information Privacy Principles ("IPPs") set out in that Act. It also describes your rights regarding your personal information and how to exercise them.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
2. Definitions
"Contractor" means a healthcare worker who registers on the Platform to claim and work shifts as an independent contractor.
"Facility" means a healthcare organisation, aged care provider, hospital, or similar entity that registers on the Platform to post shifts and engage Contractors.
"Personal Information" means information about an identifiable individual, as defined under the Privacy Act 2020.
"User" means any individual who accesses or uses the Platform, including Contractors, Facility representatives, and website visitors.
"Sensitive Information" means personal information relating to health, professional credentials, police vetting results, or financial details.
3. Information We Collect
3.1 Information You Provide Directly
We collect information you voluntarily provide when you register, create a profile, submit forms, or communicate with us:
For All Users:
Full name, email address, phone number, and postal address
Account login credentials (email and encrypted password)
Communications with our support team (emails, messages, enquiry forms)
Feedback, reviews, and ratings you submit
For Contractors:
Professional qualifications, registrations, and certifications (e.g., Nursing Council registration, first aid certificates)
Employment history, references, and CV/resume
Police vetting results and right-to-work documentation
Professional indemnity insurance details
Banking details for payment processing (bank account number)
IRD number and tax status (e.g., GST registration)
Profile photo and biographical information
Shift preferences, availability, and work history on the Platform
For Facilities:
Organisation name, business registration details, and NZBN
Contact person name, role/title, email, and phone number
Facility type, size (number of beds), and location
Staffing requirements and preferences
Billing details and invoicing preferences
Feedback and ratings about Contractors
For Website Visitors (Contact & Enquiry Forms):
Name, email address, and phone number (optional)
User type (facility, healthcare worker, or other)
Message content and any additional information you provide
3.2 Information Collected Automatically
When you access or use the Platform, we automatically collect certain technical and usage information:
Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers
Network Information: IP address, internet service provider, and general geographic location (city/region level, not precise GPS)
Usage Data: Pages visited, time spent on pages, links clicked, features used, search queries, and navigation paths
Referral Information: How you arrived at the Platform (e.g., search engine, direct link, referring website)
Log Data: Server logs, error reports, access times, and system activity
3.3 Cookies and Tracking Technologies
We use cookies and similar technologies to collect and store information. For detailed information about the cookies we use and your choices, please see our Cookie Policy.
3.4 Information from Third Parties
We may receive information about you from third-party sources, including:
Credential Verification Services: Confirmation of professional registrations and qualifications from the Nursing Council of New Zealand or similar regulatory bodies
Police Vetting: Results of police vetting checks conducted through authorised channels
References: Employment references provided by your nominated referees
Google reCAPTCHA: We use Google reCAPTCHA v3 to protect our forms from spam. This service collects certain device and usage data. Please see Google's Privacy Policy for more information.
4. How We Use Your Information
We use your personal information for the following purposes, in accordance with IPP 10 of the Privacy Act 2020:
4.1 Providing and Operating the Platform
Creating and managing your account
Matching Contractors with Facility shift requirements
Facilitating shift posting, claiming, and management
Processing payments and generating invoices
Verifying Contractor credentials and qualifications
Enabling communication between Facilities and Contractors
Providing customer support and resolving disputes
4.2 Safety, Security, and Compliance
Verifying user identity and preventing fraud
Ensuring the safety of healthcare workers and patients/residents
Complying with legal obligations (including tax, employment, and health and safety laws)
Enforcing our Terms of Service, Contractor Agreement, and other policies
Protecting our rights, property, and safety, and that of our Users
Sending marketing communications (only with your consent, and you may opt out at any time)
4.4 Improvement and Analytics
Understanding how Users interact with the Platform
Identifying and fixing technical issues and bugs
Improving Platform features, functionality, and user experience
Conducting internal research and analysis (using aggregated, de-identified data where possible)
5. Legal Basis for Processing
Under the New Zealand Privacy Act 2020, we process your personal information based on the following lawful grounds:
Contractual Necessity: Processing necessary to perform our contract with you (e.g., managing your account, processing payments, matching shifts)
Legitimate Purpose: Processing for purposes directly related to the function for which the information was collected (e.g., improving our services, fraud prevention)
Consent: Where you have given explicit consent (e.g., marketing communications, analytics cookies)
Legal Obligation: Processing necessary to comply with applicable law (e.g., tax reporting, health and safety obligations)
6. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information in the following circumstances, in accordance with IPP 11 of the Privacy Act 2020:
6.1 Between Platform Users
Contractor Profiles to Facilities: When you apply for or are matched to a shift, Facilities can see your professional profile, qualifications, ratings, and work history on the Platform. They do not see your banking details, IRD number, or private contact information until a shift is confirmed.
Facility Information to Contractors: Contractors can view Facility name, location, shift details, rates, and Facility ratings when browsing available shifts.
6.2 Third-Party Service Providers
We engage trusted third-party service providers who process data on our behalf. These providers are contractually bound to protect your information and only use it for the specified purposes:
Payment Processing: To process Contractor payments and Facility invoicing
Email Services (Resend): To send transactional and notification emails
Analytics (Google Analytics 4): To understand Platform usage (with your consent only — see our Cookie Policy)
Spam Prevention (Google reCAPTCHA): To protect our forms from automated abuse
Cloud Hosting and Infrastructure: To securely host and operate the Platform
Credential Verification: To verify professional registrations and qualifications
6.3 Legal and Regulatory Disclosure
We may disclose your personal information where required or permitted by law, including to:
Comply with a legal obligation, court order, or lawful government request
Protect the rights, property, or safety of TalentGrid, our Users, or the public
Report to regulatory bodies (e.g., Nursing Council of New Zealand, WorkSafe New Zealand)
Assist in the investigation of fraud, security incidents, or unlawful activity
Enforce our Terms of Service, Contractor Agreement, or other agreements
6.4 Business Transfers
If TalentGrid is involved in a merger, acquisition, sale of assets, or restructuring, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.
7. International Data Transfers
Some of our third-party service providers may process or store your information outside of New Zealand (for example, cloud servers located in Australia, the United States, or the European Union). Where your data is transferred overseas, we ensure that appropriate safeguards are in place in accordance with IPP 12 of the Privacy Act 2020, including contractual obligations requiring the recipient to protect your information to a standard comparable to New Zealand law.
8. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, in accordance with IPP 9 of the Privacy Act 2020:
Active Accounts: Information is retained for the duration of your account and for a reasonable period afterward to allow you to reactivate
Closed Accounts: Core account data is retained for 7 years following account closure to comply with tax, financial reporting, and legal obligations under the Tax Administration Act 1994 and the Companies Act 1993
Contractor Credentials: Professional qualifications and verification records are retained for 7 years after the last shift worked, as required for regulatory and audit purposes
Payment and Financial Records: Retained for 7 years as required by the Tax Administration Act 1994
Shift Records: Retained for 7 years for audit, dispute resolution, and legal compliance
Communications and Support Tickets: Retained for 3 years from the date of resolution
Website Analytics Data: Aggregated, de-identified analytics data may be retained indefinitely
Contact Form Enquiries: Retained for 2 years unless a business relationship is established
When personal information is no longer required, we will securely delete or de-identify it.
9. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, in accordance with IPP 5 of the Privacy Act 2020. These include:
Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS). Sensitive data such as passwords are hashed and salted before storage.
Access Controls: Access to personal information is restricted to authorised personnel on a need-to-know basis, with role-based access controls.
Infrastructure Security: Our Platform is hosted on secure, professionally managed cloud infrastructure with regular security updates and monitoring.
Regular Reviews: We periodically review and update our security practices to address new threats and vulnerabilities.
Incident Response: We maintain procedures for detecting, responding to, and reporting data security incidents.
While we implement reasonable safeguards, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information. If you become aware of any security breach, please contact us immediately.
10. Your Rights Under the Privacy Act 2020
You have the following rights under the New Zealand Privacy Act 2020:
Right of Access (IPP 6): You have the right to request access to the personal information we hold about you. We will respond to your request within 20 working days.
Right of Correction (IPP 7): You have the right to request correction of any personal information that is inaccurate, incomplete, or misleading. You can update most information directly through your account settings, or contact us for assistance.
Right to Request Deletion: You may request that we delete your personal information. We will comply where we are not required by law to retain it. Please note that some information must be retained for legal and regulatory purposes (see Section 8).
Right to Withdraw Consent: Where we rely on your consent to process your information (e.g., marketing emails, analytics cookies), you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Right to Complain: If you are not satisfied with our response to your request, you have the right to lodge a complaint with the Office of the Privacy Commissioner of New Zealand.
We use cookies and similar technologies on the Platform. A summary is provided below; for full details, please see our Cookie Policy.
Essential Cookies: Required for the Platform to function (e.g., session management, security). These cannot be disabled.
Analytics Cookies (Google Analytics 4): Help us understand how Users interact with the Platform. These are only activated with your consent via our cookie banner.
Preference Cookies: Remember your settings and preferences (e.g., cookie consent choice stored in local storage).
By default, non-essential analytics cookies are disabled and are only enabled when you click "Accept" on our cookie consent banner. You can change your preference at any time by clearing your browser's local storage or contacting us.
12. Marketing Communications
We may send you marketing communications about our services, new features, and relevant industry updates, but only where:
You have given your express consent to receive marketing communications; or
You are an existing customer and the communication relates to similar services (in accordance with the Unsolicited Electronic Messages Act 2007)
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, updating your communication preferences in your account settings, or contacting us directly.
Please note that opting out of marketing does not affect transactional communications (e.g., shift confirmations, payment notifications, account security alerts).
13. Children's Privacy
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as practicable. If you believe a child has provided us with their personal information, please contact us immediately.
14. Third-Party Links
The Platform may contain links to third-party websites or services (such as LinkedIn, Google, or external resources). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.
15. Notifiable Privacy Breaches
In the event of a privacy breach that is likely to cause serious harm to affected individuals, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, in accordance with Part 6 of the Privacy Act 2020. We will provide information about the breach, the steps we are taking to address it, and guidance on what you can do to protect yourself.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
Update the "Last Updated" date at the top of this page
Post a notice on the Platform
Notify registered Users via email for significant changes
We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:
Talent Grid Limited
Privacy Officer
Email:
General Email:
Address: Auckland, New Zealand
We aim to respond to all privacy-related enquiries within 20 working days.