Medlink Recruitment

Australian Healthcare Recruitment

0435 112 145

Privacy

PRIVACY POLICY .

Australian owned medical recruitment business operating across all Australian states and territories

Reviewed on 23 April 2026

Important notice: This policy explains how Medlink collects, uses, stores, discloses and protects personal information in the course of recruiting and placing doctors, GPs, specialists, nurses, allied health professionals, paramedics and related healthcare personnel, and when dealing with clinics, hospitals, surgeries and other service providers.

This document is tailored for Medlink Recruitment and draws structural guidance from the Wave/Wavelength privacy policy page, including its collections notice and electronic transactions framework, while being customised for Medlink’s operations.

Contents

1. Introduction
2. Information Collection and Collections Notice
3. Kinds of Information We Collect and Hold
4. Purposes for Which We Use Information
5. How Personal Information Is Collected
6. Direct Marketing
7. Electronic Transactions, Website and Technology Use
8. How Information Is Held, Retained and Disposed Of
9. Disclosures
10. Access, Correction and Deletion
11. Complaints
12. Notifiable Data Breaches
13. Future Changes and Contact Details

1

Introduction

Medlink Recruitment Pty Ltd (Medlink, we, us or our) takes seriously its commitment to preserve the
privacy of the personal information that we collect. We only collect information that is reasonably necessary
for the proper performance of our activities and functions as a medical recruitment business. We do not
collect personal information simply because it may be useful at some future date if there is no present
business, contractual, legal or compliance need for it.

We are an Australian owned recruitment company working across all Australian states and territories and
across a range of healthcare settings including general practice, hospitals, specialist clinics, medical
centres, aged care, urgent care, locum services and allied health environments.

We are committed to complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs),
and where relevant the Notifiable Data Breaches scheme and applicable overseas privacy requirements
such as the GDPR for international recruitment or cross-border candidate processing.

We do not collect, use or disclose personal information for unlawful purposes, including discriminatory
purposes. If unsolicited personal information is provided to us and is not reasonably required for our
recruitment, compliance, contractual or legal functions, we will take reasonable steps to delete, de-identify
or otherwise remove it from our systems.

Individuals may choose not to identify themselves or may use a pseudonym when dealing with us where it
is lawful and practicable to do so. However, in many recruitment, onboarding, payroll, credentialing and
healthcare compliance situations, anonymous or pseudonymous dealings are not practicable because they
would prevent us from assessing suitability, fulfilling vacancy requirements, verifying credentials or meeting
legal obligations

We will not adopt, use or disclose government-related identifiers as our own identifier for you unless
required or authorised by law.

2

Information Collection and Collections Notice

Information collection usually begins when you contact us by phone, email, social media, online form,referral, job application, registration form or website submission, or when a client, referee or service partner engages with us.

  • check, so far as reasonably practicable, that the information we collect is current, complete, accurate
    and relevant, which may involve cross-checking with third parties;
  • record and hold information in our recruitment, compliance, communication and record-keeping
    systems;
  • retrieve and re-check information when it is needed for recruitment, placement, payroll, credentialing,
    migration, sponsorship, registration, compliance, dispute resolution or legal purposes;
  • permit access and correction rights subject to applicable legal exceptions;
  • retain or destroy information in accordance with lawful retention obligations and operational necessity;
  • collect sensitive information only with consent or where otherwise authorised or required by law and
    reasonably necessary for the role, contract or compliance framework.

By registering with us, applying for work, instructing us, supplying documents or otherwise engaging with
our services, you consent to our collection, use, storage and disclosure of your personal information as described in this policy, subject to your rights under applicable law.

We keep data with your permission and for legitimate recruitment, contractual, compliance and legal purposes. We do not share your personal information with third parties unless that disclosure is required by the nature of the vacancy, the recruitment contract, compliance obligations, payroll or credentialing processes, or Australian law.

3

Kinds of Information We Collect and Hold

The type of information we collect depends on whether you are a workseeker, client, referee, employee, contractor or website user. We collect only information reasonably necessary for the proper performance of our recruitment activities and related compliance obligations.

3.1 For workseekers and healthcare professionals

  • Information submitted by you and obtained from other sources in connection with applications for work, placements, locum roles, permanent roles, credentialing and onboarding;
  • Personal details such as name, address, email, phone number, date of birth, gender and emergency contact details;
  • Information about personality, character, skills, qualifications, registrations, career path, preferences and experience;
  • Resume, CV, cover letters, references, referee details and work performance information;
  • Identification documents and images including passport, visa, driver licence and profile photographs or other identity images;
  • Provider number, Medicare related practice details, AHPRA registration, specialist registration, nursing registration, allied health or paramedic registration and any other professional licence, authority or board details;
  • Academic documents, transcripts, certificates, CPD records, training records, credentialing packs and continuing professional development information;
  • Travel documents, immigration records, visa details, work rights, sponsorship records and relocation information;
  • Criminal history, police checks, working with children checks, NDIS worker checks and other screening records where relevant;
  • Health information, vaccination or fitness-for-work information, only where reasonably required for role suitability, workplace health and safety, placement conditions or client compliance needs;
  • Information about incidents, complaints, disciplinary matters, insurance investigations, litigation, inquests, inquiries, registration proceedings or professional conduct matters;
  • Bank account details, TFN, ABN, superannuation and other payroll or contractor payment information;
  • Legal evidence, supporting documents and records relevant to disputes, claims, defence of allegations, contract enforcement or regulatory responses.

3.2 For clients, clinics, hospitals, surgeries and service providers

  • Client relationship information and contact details;
  • Information about vacancies, rosters, workforce needs, budgets, team structures, role descriptions and hiring authority;
  • Registration details for clinics, hospitals, surgeries, practices and other service providers;
  • Provider and facility information necessary for placement, billing, credentialing, sponsorship, DPA, MMM, DWS, AON or other workforce and regulatory applications;
  • Incident reports, workplace safety information and onboarding requirements;
  • Financial, billing, payment and credit information where relevant to the delivery of services.

3.3 For referees

  • Identity, role, authority to provide a reference and preferred contact details;
  • Opinions regarding a candidate’s character, conduct, skills, work environment and performance;
  • Facts or evidence supporting those opinions, including the referee’s direct experience working with the candidate.

3.4 For employees and internal staff

  • Application materials, identity and contact details;
  • Qualifications, experience, performance, training and workplace records;
  • Leave, payroll, banking, tax and superannuation information;
  • Health information where reasonably required to tailor the work environment or meet legal obligations;
  • Complaint, incident and conduct records relevant to employment administration.

3.5 Photos and images

We may request proof of identity and related images where reasonably necessary for recruitment, registration, migration, onboarding, payroll, credentialing, fraud prevention or legal verification. Your communications with us may also contain profile images or attachments that you have uploaded to online platforms or provided directly to us

4

Purposes for Which We Use Information

We collect, hold, use and disclose personal information only for purposes reasonably necessary for the proper performance of our recruitment and related business functions.

4.1 Workseekers

  • Recruitment and placement operations;
  • Assessing suitability, availability and amenability to work offers;
  • Credentialing, compliance and registration checks including AHPRA and other professional boards;
  • Onboarding, payroll, invoicing, contractor administration and payment processing;
  • Work health and safety, staff management, training needs assessment and risk management;
  • Marketing relevant job opportunities and service updates where permitted;
  • Statistical, regulatory and statutory compliance purposes;
  • Sponsorship, immigration, district priority, workforce shortage, area of need and related applications where relevant.

4.2 Clients and service providers

  • Client and business relationship management;
  • Workforce planning and recruitment services;
  • Presentation of candidates and screening support;
  • Risk management, WHS and service delivery administration;
  • Marketing of our services where permitted;
  • Sponsorship, DWS, DPA, AON, provider, registration or similar workforce support applications.

4.3 Referees and employees

  • Identity confirmation and authority verification;
  • Candidate suitability assessment and recruitment administration;
  • Internal employment, payment, training, performance and WHS functions.

5

How Personal Information Is Collected

Personal information may be collected directly from you, from clients, referees, employers, regulators, registration boards, migration advisers, insurers, legal representatives, service providers, public sources and technology systems used in our communications and business operations.

5.1 Direct collection

  • Application forms, resumes, onboarding packs, compliance forms and website forms;
  • Phone calls, meetings, interviews, emails, SMS, messaging apps and video conferences;
  • Documents you upload or send to us including identity, academic, travel, registration and legal materials.

5.2 Indirect collection

  • References and feedback from referees, clients and former employers;
  • Professional associations, AHPRA, medical boards, immigration bodies and other regulators;
  • Competency, psychometric, medical, background, screening and credentialing checks;
  • Publicly available sources including newspapers, journals, directories, websites, Google, LinkedIn and other social media platforms, where reasonably necessary for our recruitment functions.

6

Direct Marketing

We may use personal information for direct marketing relating to jobs, services, market updates, events or business development. Where practicable, we will obtain your consent and provide an unsubscribe or optout option. Where prior consent is not practicable, we will provide an opt-out once communications are sent, where required by law.

We may use email, phone, SMS, print and digital channels for marketing. Testimonials or opinions may
only be used in marketing materials with consent. We may use mass-email technology providers or CRM
systems for lawful marketing campaigns

7

Electronic Transactions, Website and Technology Use

This section explains how we handle personal information collected through our website, electronic communications and technology systems. Internet communications carry inherent risks, and users should take reasonable steps to protect their own information online.

7.1 Social networks and web searches

To assess suitability for positions and to assist you in finding work, we may conduct lawful background checks through search engines, social media platforms, public regulatory registers, migration sites and medical registration boards.

7.2 Web browsing and cookies

  • IP address, browser type and version, operating system, pages visited, links clicked and time and date of visit;
  • Cookies and similar technologies used to remember preferences, improve site performance, analyse trends, personalise content and assist with fraud prevention;
  • Analytics and website statistics tools such as Google Analytics or similar services where used from time to time.

By themselves, cookies do not necessarily identify you personally, but they may link to a database record if you register with us. You may disable or delete cookies in your browser, although doing so may affect site functionality.

7.3 Online products, cloud systems and ATS/CRM platforms

We may use cloud computing services, applicant tracking systems, customer relationship management systems and candidate sourcing or enrichment tools, including tools similar to ContactOut or Prophet, to support recruitment operations. We take reasonable steps to ensure their terms and handling practices are consistent with our privacy obligations.

7.4 Emails, calls, messages and conferencing

  • Our systems may log emails sent and received and may generate tracking data such as delivery, bounce, open or click-through metrics in marketing or campaign systems;
  • Our phone and mobile systems may log calls and messages, including call number display and SMS records;
  • Teleconferences and video conferences may be recorded with your consent, and where recording is proposed we will explain the purpose and retention basis first;
  • Staff may access information through laptops, phones, tablets and other portable devices for recruitment purposes subject to internal security controls.

7.5 Third-party websites

Our website or communications may contain hyperlinks to third-party websites. We are not responsible for the privacy practices, security or content of third-party sites, and you should review their privacy policies before providing them with personal information.

8

How Information Is Held, Retained and Disposed Of

Personal information may be held in our cloud-based ATS/CRM, secure website systems, network drives, email systems, communication systems and physical files. Access is restricted by approved credentials and need-to-know controls.
  • Financial and taxation-related records may be retained for at least 7 years where required by law or prudent record-keeping practice;
  • Other personal information may be retained for a minimum period reasonably required for recruitment and business operations, after which it may be destroyed or de-identified if no longer needed and if lawful to do so;
  • We may retain information for longer where required for claims, litigation, insurance, audits, professional conduct matters, Commonwealth records, contractual disputes or legal compliance;
  • Hard copy records are securely shredded or disposed of through secure destruction methods when no longer required.

8.1 Information security

  • Staff training and confidentiality obligations;
  • Document naming and handling protocols for sensitive material;
  • Clean desk, authorisation and need-to-know procedures;
  • Password protection, multi-factor access controls and device security policies where implemented;
  • Restricted office access and after-hours security measures where applicable;
  • Secure destruction, deletion and shredding practices.

Although we take reasonable steps to protect information, no storage, transmission or technology environment is completely risk free.

9

Disclosures

We do not sell your personal information. We only disclose personal information for the primary purpose for which it was collected, a related purpose reasonably expected in the circumstances, with your consent, or where authorised or required by law.

9.1 General disclosures

  • To clients, clinics, hospitals, surgeries and service providers where this is required by the nature of the vacancy, placement, contract or credentialing process;
  • To referees, employers, professional associations and registration bodies for verification and screening;
  • To our related entities, advisers and contracted service suppliers involved in lawful service delivery;
  • To government agencies, regulators, courts, tribunals and law enforcement bodies where required or authorised under Australian law, including for legal claims, investigations, subpoenas, warrants, audits, registration matters, migration matters, tax, payroll or workplace compliance.

9.2 Related-purpose disclosures

  • Software and cloud providers;
  • Legal, accounting, payroll, migration, compliance and other professional advisers;
  • Background checking, credentialing and screening providers;
  • Marketing suppliers and data cleansing or verification partners where lawful.

 

We take reasonable steps to require third parties receiving information from us to handle it in accordance with privacy laws and their own applicable privacy obligations. However, once data has been lawfully shared with a third party as required by a vacancy, contract, service process or law, Medlink is not responsible for third-party breaches, misuse, security failures or acts outside our control, although we seek to work only with parties that maintain appropriate privacy and security standards.

9.3 Cross-border disclosures

Where recruitment involves international candidates, overseas registrations, migration processes, offshore support or cloud platforms, some information may be disclosed to overseas recipients. Likely destinations depend on the role, client, service provider and candidate journey and may include countries such as New Zealand, Singapore, India, the Philippines, the United Kingdom, France and other jurisdictions relevant to recruitment support, registration, migration or cloud hosting. Cross-border disclosures may include resumes, qualifications, background check results, photo identification, registration documents, application documents and database records. We take reasonable steps to ensure overseas recipients recognise and support our privacy obligations.

10

Access, Correction and Deletion

Subject to legal exceptions, you may request access to, correction of, or deletion of personal information we hold about you.

10.1 Access

You may request access to your personal information by contacting our Privacy Officer. We may need to verify your identity. In some cases, a reasonable non-excessive administrative charge may apply. We usually aim to respond within 5 business days for straightforward requests, although more complex requests may take longer.

Access may be refused where permitted by law, including where access would unreasonably affect the privacy of others, reveal confidential evaluative material obtained during reference checks, prejudice legal proceedings, or otherwise fall within a lawful exception. If access is refused, we will provide written reasons unless it would be unreasonable to do so and we will explain available complaint avenues.

10.2 Correction

If information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request correction. Where reasonable and practicable, we will correct it and, if requested and lawful, notify relevant third parties to whom the incorrect information was previously disclosed. There is generally no charge for correction requests.

10.3 Deletion

You may request deletion of personal information. However, we may retain information where required for record-keeping, taxation, payroll, legal claims, contractual compliance, defence of allegations, fraud prevention, professional conduct matters, Commonwealth records or other legal obligations. Where deletion cannot be completed, we may instead restrict, archive or de-identify the information where appropriate.

11

Complaints

If you believe we have interfered with your privacy, you may make a complaint to our Privacy Officer in writing. We may take steps to verify your identity and authority before discussing complaint details.
  • We will acknowledge receipt of the complaint;
  • We may ask for clarification or supporting information;
  • We will investigate and may make inquiries of relevant personnel or service providers;
  • We generally aim to provide a response within 30 days, or notify you if more time is required;
  • If the matter is not resolved, we may advise you of further options including complaint rights to the Office of the Australian Information Commissioner.

12

Notifiable Data Breaches

If an eligible data breach occurs and is likely to result in serious harm, we will assess the incident and, where required, notify affected individuals and the Office of the Australian Information Commissioner in accordance with applicable law.

13

Future Changes and Contact Details

This policy may change over time in light of changes in privacy law, technology, business practices, service providers and recruitment operations. The current version should be checked periodically, especially if you use our website or services regularly.
Privacy Officer Medlink Recruitment Pty Ltd
Email helo@medlinkrecruitment.com.au
Website www.medlinkrecruitment.com.au
Address Australia (contact details available on request or website)

Reference Notes

This Medlink policy was customised using the structure and topics shown on the Wave/Wavelength privacy policy page, reviewed there as 7 April 2025, including its sections on collection, electronic transactions, web browsing, cookies, cloud services, disclosures, access, correction, deletion and complaints. It also references OAIC privacy guidance and Medlink-specific healthcare recruitment and compliance needs.

Source consulted:
OAIC online privacy guidance: OAIC – Social media and online privacy