Where those at the leading edge of healthcare connect
Who we are: MEDD Australia Pty Ltd (“MEDD”, “we”, “us”).
Why we collect data: To create and manage professional member accounts; provide news, CPD content, and networking features; ensure safety; improve services; meet legal duties.
Key data types: Identity details, professional credentials, profile & CV, CPD activity records, user-generated content (posts, messages), usage & cookie data, optional location.
Sharing: With members you choose to connect with, accredited CPD bodies, trusted processors, or where the law compels us.
Your rights: Access, correction, deletion, portability, objection, complaint to the OAIC (Australia) or other regulator.
MEDD.com.au is a membership platform that lets registered medical professionals, healthcare organisations, and approved allied users share professional content, complete continuing professional development (CPD) activities, and network via messaging and a news feed (the “Services”). This Privacy Policy explains how MEDD Australia Pty Ltd (ABN 12 345 678 910) collects, uses, discloses, and safeguards your information.
MEDD
3/8 Stuart Street, Bulimba, QLD, 4171, Australia
[email protected]
| Category | Typical Examples | Source |
|---|---|---|
| Account & Identity | Name, professional title, workplace, AHPRA number or equivalent, e-mail, password hash | You / verifying bodies |
| Professional Profile | Bio, CV, qualifications, skills, specialty, profile photo | You |
| CPD & Education | Course enrolments, completion status, assessment scores, certificates | System generated / CPD providers |
| Networking & UGC | Posts, comments, likes, direct messages, uploaded files | You |
| Contact Lists | Connections, followers, groups | You / other members (if they invite you) |
| Usage & Log Data | IP address, browser type, device ID, time-stamps, page interactions, referral URLs | Automatic |
| Cookies & Similar Tech | Session cookies, analytics pixels, preference cookies | Automatic |
| Optional Location | City/region for local event suggestions (if you enable) | Browser / device |
Sensitive data note: We may process limited health-related details (e.g., speciality, CPD topics) strictly for professional-use purposes and under enhanced safeguards.
Directly from you via registration forms, profile edits, posts, messages, or support requests.
Automatically through cookies, server logs, and analytics scripts (e.g., Google Analytics, Matomo).
From third parties such as CPD accrediting bodies, employer organisations, or publicly available AHPRA/MCNZ registers to verify credentials.
| Purpose | Legal Basis* | Details |
|---|---|---|
| Operate & secure the website, create accounts, authenticate members | Contract – Terms of Use | Mandatory data |
| Provide networking features, public profiles, news feed, messaging | Contract; Legitimate interest | Visibility controlled by your privacy settings |
| Deliver CPD courses, track progress, issue certificates | Contract; Legal obligation (professional standards) | |
| Personalise content (recommended articles, events) | Legitimate interest; Consent (for location) | |
| Marketing newsletters, event invitations | Consent (opt-in) | Unsubscribe anytime |
| Analytics, research & service improvement | Legitimate interest | Aggregated or pseudonymised data |
| Compliance, fraud prevention, dispute handling | Legal obligation; Legitimate interest |
*For GDPR/UK GDPR users; Australian users rely on APPs equivalents.
Public vs Member-only: Your core profile (name, specialty, city) is visible to logged-in members. You can adjust visibility for additional fields.
Posts & comments are visible to the audience you select (public, connections, groups).
Direct messages are end-to-end encrypted and visible only to participants.
Deletion: Deleting a post removes it from public/member view, but copies may persist in backups for up to 30 days.
| Recipient | Purpose | Safeguards |
|---|---|---|
| Other members | Networking, messaging, CPD collaborations | Controlled by your settings |
| CPD Accrediting Bodies | Verify completion and issue CPD points | Secure data transfer; contractual protection |
| Service Providers (hosting on AWS, email delivery, analytics) | Operate infrastructure, analytics, customer support | Data-processing agreements, encryption |
| Legal Authorities | Compliance with law, court orders, public-health directives | Minimum necessary disclosure |
| Corporate Transactions (merger, acquisition) | Business continuity | Prior notice if permissible |
We never sell your personal data.
We use:
Essential cookies for login and session management (cannot be disabled).
Analytics cookies (e.g., GA4) to understand performance (opt-out via cookie banner or browser settings).
Functional cookies to remember preferences (language, layout).
Advertising cookies only with explicit opt-in and, where required, consent under EU ePrivacy and Australian spam laws.
Cookie durations range from session-only to 12 months; see our detailed Cookie Notice for full list and opt-out methods.
Account & profile: Kept while you hold an account and for up to 7 years after closure (professional record-keeping).
CPD records: Stored for 10 years to meet regulatory audit requirements.
Back-ups & logs: Rotated and deleted within 30-90 days.
On expiry, data are anonymised or securely destroyed.
TLS 1.3 encryption for data in transit.
AES-256 encryption at rest.
Zero-trust network architecture.
Role-based access controls and MFA for admin users.
Annual penetration tests and ISO 27001-aligned policies.
Bug-bounty programme.
Data may be processed in Australia, the EU, the United States, and other jurisdictions where our vendors operate. We use Standard Contractual Clauses or equivalent legal mechanisms plus technical safeguards (encryption) for cross-border transfers.
Depending on your location, you can:
Access the personal data we hold.
Correct inaccurate or incomplete data.
Delete your account or specific content (“right to be forgotten”).
Port data to another service (JSON/CSV export).
Object / Restrict certain processing (e.g., marketing, analytics).
Withdraw consent for optional features at any time.
Complain to the Office of the Australian Information Commissioner (OAIC) or your local data-protection authority.
Exercise rights via Account Settings → Privacy or by contacting [email protected].
The Service is designed exclusively for users aged 18 and older. We do not knowingly process children’s data. Parents who believe a minor has registered should contact us to delete the account.
We do not make decisions with legal or similarly significant effects solely by automated means. Content recommendations use simple relevance algorithms; no credit or employment decisions are made.
External articles, CPD providers, or sponsor pages may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing data.
We may update this Policy to reflect legal, technical, or business changes. Material updates will be announced via the website banner or e-mail at least 30 days before taking effect.
For questions, requests, or complaints, contact:
Privacy Officer — MEDD
E-mail: [email protected]
3/8 Stuart Street, Bulimba, QLD, 4171, Australia