Locum AIBack to Home

Data Protection Compliance

Last updated: December 14, 2025

1. Introduction

Locum AI is committed to full compliance with applicable data protection laws including GDPR, CCPA, and other regional data protection regulations. This document outlines our practices, your rights, and our obligations under applicable laws.

We comply with data protection laws in all jurisdictions where we operate, ensuring that personal data is processed lawfully, fairly, and transparently.

2. Data Protection Principles

We adhere to core data protection principles:

2.1 General Principle

Personal data shall not be processed without the consent of the data subject, except in specific circumstances permitted by law. We obtain explicit consent before collecting and processing your personal data.

2.2 Notice and Choice Principle

We provide clear notice about:

  • What personal data we collect
  • The purposes for which it will be processed
  • Any third parties to whom it may be disclosed
  • Your choices regarding data collection
  • How to contact us regarding your data

2.3 Disclosure Principle

Personal data shall not be disclosed without the consent of the data subject. We disclose your data only:

  • For the purposes you have consented to
  • To fulfill our services (e.g., matching doctors with clinics)
  • When required by law
  • To protect vital interests

2.4 Security Principle

We implement appropriate security measures to protect your personal data from:

  • Unauthorized or accidental access
  • Alteration, disclosure, or destruction
  • Loss of data

Our security measures include encryption, access controls, regular security audits, and staff training.

2.5 Retention Principle

Personal data shall not be kept longer than necessary for the fulfillment of the purpose. We retain your data:

  • For as long as your account is active
  • As required for legal and regulatory compliance
  • For a maximum of 7 years after account closure for legal purposes

2.6 Data Integrity Principle

We take reasonable steps to ensure your personal data is:

  • Accurate and complete
  • Not misleading
  • Updated as necessary

2.7 Access Principle

You have the right to access and correct your personal data held by us. You can:

  • Request a copy of your personal data
  • Request corrections to inaccurate data
  • Exercise these rights at any time

3. Personal Data We Process

3.1 Categories of Data

We process the following categories of personal data:

  • Identity Data: Name, ID/Passport number, photographs
  • Contact Data: Email, phone number, address
  • Professional Data: Medical registration, qualifications, work history
  • Financial Data: Bank account details, payment records
  • Technical Data: IP address, device information, usage data
  • Location Data: GPS coordinates for job matching

3.2 Sensitive Personal Data

Applicable data protection laws provide additional protection for sensitive personal data. We process sensitive data only when absolutely necessary and with explicit consent, including:

  • Health information relevant to professional practice
  • Religious beliefs (only if provided voluntarily)
  • Professional disciplinary records

4. Your Data Protection Rights

As a data subject, you have the following rights:

4.1 Right to Access

  • Request confirmation whether we process your data
  • Access your personal data
  • Receive a copy of your data in an intelligible form

4.2 Right to Correction

  • Request correction of inaccurate personal data
  • Require us to inform third parties of corrections

4.3 Right to Withdraw Consent

  • Withdraw consent at any time by written notice
  • Withdrawal does not affect lawfulness of prior processing

4.4 Right to Object to Processing

  • Object to processing that causes damage or distress
  • Request cessation of processing in certain circumstances

5. How to Exercise Your Rights

To exercise any of your data protection rights:

  1. Submit a written request to our Data Protection Officer
  2. Provide sufficient information to verify your identity
  3. Specify the right you wish to exercise
  4. We will respond within 21 days of receiving your request

5.1 Data Access Request

A reasonable fee may be charged for processing data access requests, as permitted under applicable data protection regulations.

5.2 Data Correction Request

We will correct your data within 14 days of being satisfied that the data is inaccurate, incomplete, or misleading.

6. Cross-Border Data Transfer

Personal data may be transferred to places outside your country of residence under certain conditions. We ensure:

  • Transfers comply with applicable data protection requirements
  • Recipient countries have adequate data protection laws
  • Appropriate contractual safeguards are in place
  • Your consent is obtained where required

7. Data Processing for Healthcare

As a healthcare staffing platform, we are subject to additional obligations:

  • Compliance with medical practitioner confidentiality requirements
  • Coordination with medical regulatory body regulations
  • Protection of credential verification data
  • Secure handling of professional records

8. Data Protection Officer

We have appointed a Data Protection Officer responsible for:

  • Overseeing data protection compliance
  • Handling data subject requests
  • Liaising with data protection authorities
  • Conducting internal audits

9. Complaints

If you are not satisfied with our handling of your personal data, you may:

  1. Contact our Data Protection Officer
  2. Lodge a complaint with the relevant data protection authority in your jurisdiction

Contact information for data protection authorities varies by jurisdiction. Please refer to your local data protection authority for specific complaint procedures.

10. Contact Us

For data protection-related inquiries:

  • Data Protection Officer: dpo@locum.ai
  • General Inquiries: privacy@locum.ai
  • Address: Global Operations - Available Worldwide