Legal Policies

The details in this notice and policy (the "Policy") will tell you about the policy OneStaff Medical, LLC (“OneStaff Medical”) maintains with respect to your personal information. We last updated this Policy June 5, 2024.

This Policy covers OneStaff Medical. It does not cover OneStaff Medicals’ clients or facilities where you may be placed, they will have separate practices regarding your personal information, and you should refer to their websites or policies for more details.

In this Policy, we will tell you how we handle your personal information ”both online and offline” when you apply for a locum tenens position and through the course of your independent contractor relationship with us. We want to be clear with you about the following:

1. The personal information we collect about you: when, what, why, and from whom
2. Which information we collect automatically from you online
3. The legal categories of personal information we collect about you
4. Why we disclose your personal information with others (including with whom we share it and why)
5. How we protect your personal information; Retention
6. The right you have as a California consumer and how you may exercise those rights
7. How to contact us with questions about your personal information

Your privacy is important to us,and this section will describe the “who, what, when, and why” of the personal information we collect about you. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device("personal information"). Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information that you make publicly available.

We collect information from you when you interact with OneStaff Medical in the following ways:

Job Applications

• When:  When you apply for a locum tenens position.
• What:  We may collect your name, alias, email, phone number, Social Security number, driver’s license number, date of birth, physical address, criminal history, education information, employment history information, self-assessment of skills and qualifications, skills checklist, health records (including but not limited to vaccination status), license and certification information, core competency information, and name and contact information of references from you and from information available as a result of a background check.
• Why:  To complete the application process, to determine your qualifications for different opportunities, to ensure we meet our contractual obligations to you, and to manage our relationship with you. We also collect this information because our clients and facilities may require it in order for you to start work, in which case we would share that information with them.
• From Whom:  We will collect this information directly from you when you fill out an application or onboarding forms. Sometimes you might authorize someone else, like the company performing your background check or assessments, to share information with us.

Locum Tenens Relationship

• When:  Throughout your locum tenens relationship with OneStaff Medical as an independent contractor.
• What:  We may collect your name, address, phone number, email, gender, age, information for taxes related to your contracting relationship with us, education transcripts, Social Security number, citizenship information, veteran status and information, driver’s license number, I-9 information, emergency contact information, any information you provide when you submit a request under the FMLA or another leave, disability, or benefits law, and any other information you have chosen to provide to OneStaff Medical.
• Why:  To determine your qualifications for different opportunities, to ensure we meet our contractual obligations to you, and to manage our relationship with you.
• From Whom:  We will collect this information directly from you when you fill out an application or onboarding forms. Sometimes you might want someone else, like your doctor or your previous school, to provide information to us as well.

Travel

• When:  When you book travel through OneStaff Medical.
• What:  We may collect your name, address, email, phone number, birth date, passport number, driver’s license or government-issued ID number, ticket/document number, and other related travel information.
• Why:  To book travel for you or on your behalf as part of your locum tenens.
• From Whom:  We will collect this information directly from you.

Payroll and Benefits

• When:  When we are providing you with payroll and benefits services.
• What:  We may collect your name, address, birth date, age, marital status, Social Security number, email address, phone number, dependent information, beneficiary information, and bank account number, routing number, and account type.
• Why:  To pay you for your locum tenens assignments, or to provide you with benefits like insurance and retirement savings.
• From Whom:  We will collect this information directly from you.

Licenses, Credentials, and Certifications

• When:  When we track and maintain your licenses, credentials, and certifications.
• What:  We may collect your name, license number, license type, license state, email, phone number, work address, birth year, and last 4 digits of your Social Security number from you; and from state licensing authorities we may collect the status of your licenses, credentials, and certifications.
• Why:  To make sure your professional licenses, credentials, and certifications are current and to help you stay up to date when we can.
• From Whom:  We will collect information from you that we will use to identify your relevant credentials and track their status, and we will obtain information about the status of your credentials from the accrediting organization (for example, the state licensing board).

Background and Qualification Checks

• When:  When we conduct background checks, drug tests, and occupational health checks.
• What:  We may collect your full name, alias, Social Security number, date of birth, address, phone number, address history, driver’s license number, and signature from you, and we may collect your drug test status, criminal history, and physical information from the third party completing the inquiries.
• Why:  Depending on your position, we might need to get background checks, drug tests, occupational health tests, and competency exam information for you. We may need to do this when you first apply for a locum tenens position or around that time, and we may also need to update the information throughout your contractual relationship with OneStaff Medical.
• From Whom:  We will collect information from you that we will use to identify you to the vendors that are handling different checks, and we will obtain information about the results of these checks from the vendors who handle them on our behalf.

Audits

• When:  When we need to audit for legal, regulatory, or another type of compliance.
• What:  We may collect any of the information we described in this notice.
• Why:  There are different requirements we must comply with in connection with our independent contractor relationship and as a company that places medical professionals in locum tenens assignments, as well as more generally. Sometimes, we are asked to prove we are doing the right things and that we are doing them correctly.
• From Whom:  We will collect information from you and from the other companies we described in this section of this letter.

Website

• When:  When you interact with our website,www.onestaffmedical.com as an independent contractor or applicant.
• What:  We may automatically collect your browser type, operating system information, CPU speed, reference or exit webpages, click patterns, session ID, and your computer’s IP address. We may also collect general information about use of our website, such as what pages visitors access, the number of visits, average time spent on the website, and other similar factors. This information is generally collected in aggregate form, without identifying any user individually, although IP addresses and Session ID in relation to downloads may be tracked as part of our fraud prevention efforts.
• Why:  To determine whether and how well our website is working, to learn more about visits to our website, to improve our website, and to prevent fraud.
• From Whom:  This information is collected automatically from the device you use to access our website.

Technology Monitoring

• When:  When you use our systems or applications.
• What:  We may collect your session actions, page visits, and specific user actions you take. This collection may be through the use of session recording software.
• Why:  To maintain the security of our systems, networks, and information.
• From Whom:  We use the information we collect automatically from you.

Locum Tenens Marketing

• When:  When we send you information about our locum tenens assignments or potential opportunities.
• What:  We may collect your name, email, and phone number.
• Why:  To provide you with information about our services or potential opportunities that is relevant to you.
• From Whom:  We use the information we collect from you.

This section gives you more specific details about the information we collect from you online. We’ll tell you about cookies and different online technologies that automatically collect information, what types of information we collect automatically, and how we use online information we collect automatically from you.

As you navigate through and interact with our website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the website.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Go to www.aboutads.info/choices or www.networkadvertising.org/choices for information on how you can opt out of behavioral tracking on this website and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

The information we collect automatically is only statistical data and does not include personal information. It helps us to improve our web site and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies).  A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
• Flash Cookies.  Certain features of our website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
• Web Beacons.  Pages of our web site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

We use third-party analytics services on our websites, including Google Analytics. To learn more about Google Analytics, visit:  https://policies.google.com/technologies/partner-sites.

This website does not respond to Do Not Track signals.

California residents may have additional personal information rights and choices. Please see Your California Privacy Rights for more information.

Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: privacy@onestaffmedical.com. However, please know we do not currently sell data triggering that statute's opt-out requirements.

Our obligations under the California Privacy Rights Act (the "CPRA") require us to tell California residents about the personal information we collect about you in a certain way. Specifically, we need to tie it back to “legal categories” of personal information that are listed in the law. To do this, we bundled up the information we gave you in Section 1 of this Policy and matched the different types of personal information we collect about you with the legal category. To make things easier to understand, we’ve put this information in a chart that shows you three things in connection with each legal category of personal information:

1. The types of personal information we collect about you for each legal category,
2. The business purpose for why we collect and use your personal information for each legal category, and
3. How we disclose each category of personal information for business purposes.

We’ve attached the chart to this letter as Appendix A.

This section will tell you about how we disclose your personal information with others for business purposes. We’ll take the “legal categories” of information from Appendix A and match them up with what we share and who we share it with.

Sharing for Business Purposes.  We only share your information for our business purposes. Put another way, we only share your information to operate our business and for the purposes we’ve described for you in this letter (to accomplish the “why” in Section 1).

Clients and Facilities: With your approval, we may share your personal information with our clients and facilities to present you for placement opportunities and to manage your contractual relationship with us. We share the following legal categories of personal information with clients, facilities, and potential facilities for locum tenens positions:

Your privacy is important to us, and we have implemented measures designed to secure your personal information from unauthorized access, disclosure, alteration, or destruction. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

In general, we keep your personal information for as long as we need it to carry out the purposes described in this letter, and as necessary to comply with our records-management policies and laws that apply to us. We also keep your information when we need to comply with other legal obligations we might have, such as in connection with a lawsuit, complaint, or investigation.

While we cannot guarantee that loss, misuse , or alteration will never occur, we use reasonable efforts to prevent it. When you send your personal information to us over the internet, please keep in mind that no method of storage or transmission over the Internet is completely secure, so your provision of information to us is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.

If you are a California resident, we are required to provide additional notice and information to you about how we collect, use and disclosure your information that may be considered "Personal Information" under the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020 and its implementing regulations (collectively, "CPRA") and any terms defined in the CPRA have the same meaning when used in this Policy. This section of our Policy for California Residents("California Policy") supplements the information contained in the remainder of our privacy policy and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you").

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
• The specific pieces of personal information we collected about you (also called a data portability request).

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete),we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations basedon your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:

• Calling us at 1-877-783-1483 x 586.
• Emailing us at privacy@onestaffmedical.com

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. To designate an authorized agent, the agent must be a natural person or a business entity that is registered with the California Secretary of State.

If you would like to designate an agent to act on your behalf, you and the agent will be required to provide us with proof of the agent’s identity and proof that you gave the agent signed permission to submit a request on your behalf. Additionally, you will be required to verify your identity by providing us with certainPersonal Information as described above or provide us with written confirmation that you have authorized the agent to act on your behalf.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
  • Our verification of your full legal name, date of birth, home address, and last two job placements.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete.

We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day time frame, please contact us at privacy@onestaffmedical.com.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically pdf format.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive,repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA/CPRA that can result in different prices, rates, or quality levels. Any CCPA/CPRA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

For questions regarding this Privacy Notice please contact us via email at privacy@onestaffmedical.com. You can also write to us at: OneStaff Medical, L.L.C.; Attn: PrivacyTeam; 10802 Farnam Dr, Omaha, NE 68154. You may also call us at (877) 783-1483.

Changes to Our Privacy Practices

We may need to adapt to changes to continue to protect your personal information, so we may make changes to our privacy practices at any time, and we will review our practices at least every 12 months. The date this policy was last revised is identified at the top of the page. If we make a significant change to the privacy practices we described for you in this letter, we will inform you via email or posting the updated Policy to the Website. You are responsible for ensuring we have an up-to-date active email for you, and for periodically visiting the Website and this Policy to check for any changes.