Purpose
This Privacy Policy applies to everyone who interacts with Medilinks Access Pty Ltd A.C.N 658 402
352 and Medilinks Connect Pty Ltd A.C.N 675 326 959, our related entities, our agents and
contractors (Medilinks).

We are committed to protecting your privacy and collect, store, use and disclose personal
information responsibly and transparently when we deliver our services and conduct our businesses.
This Privacy Policy will tell you how we may collect, hold, use and disclose personal information
about you, in accordance with the requirements under the Privacy Act 1988 (Cth) (Act) and other
applicable legislations. Please be sure to read this entire Privacy Policy before submitting personal
information to us, our agents or contractors.

In this Privacy Policy, “we” and “us” refers to Medilinks and “you” refers to any individual about
whom we collect personal information.

What is personal information?
Personal information is any information about an individual, such as name, age, telephone number,
email address, profession or occupation. If the information we collect personally identifies you, or
you are reasonably identifiable from it, the information will be considered personal information.

What personal information does the Medilinks usually collect and hold?
The type of personal information we collect and hold may include:
• your personal details, such as your name and date of birth;
• your contact details;
• health-related information, such as health summary, medical diagnosis, medication
requirements, hospital discharge summary, radiology reports and pathology reports;
• information relevant to administering your payment arrangements such as your banking
details, your pension arrangements and entitlements, and information regarding your
income and assets;
• government identifiers such as Medicare number, driver licence, Department of Veterans’
Affairs file number etc;
• employment information such as work history, contact details of referees etc.
• any other types of personal information which enables us to deliver our services, perform
our activities and functions.

If you are receiving services from us, all information we collect from you is classified as “sensitive
information” under the Act. We will collect, use and/or disclose your personal information with your
consent, or otherwise as permitted by law.

If you are not a client, we will collect, use and/or disclose your personal information in accordance
with the Act.

Passive information collection
When you visit the Medilinks’ website and other online resources, our quality and performance
software and internet service providers record anonymous information for statistical purposes only,
including:
• the type of browser, computer platform and screen resolution you are using
• your traffic patterns through our site such as:
• the date and time of your visit to the site
• the pages you accessed and documents downloaded
• the previous page you visited prior to accessing our site
• the Internet address of the server accessing our site

Our quality and performance software uses cookies when collecting this information.
No attempt is or will be made to identify you or to use or disclose your personal information except
where required under a law, for example, a law enforcement agency may exercise a warrant to
inspect our service providers' logs.

How we collect your personal information
We collect your personal information in a number of ways, including:
• directly from you, when you provide it to us or our agents or contractors, such as in an
application and other forms, over the telephone or in person;
• from publicly available resources;
• by analysing our own records of your use of our services; or
• monitoring devices such as surveillance cameras installed at various places;

We may also collect your personal information from:
• your veteran representatives and legal representatives;
• other healthcare and service professionals and health service providers involved in your care
if you have given them consent to or as authorised by law;
• government agencies responsible for administering applicable benefits and entitlements
(such as Services Australia, Medicare, Department of Social Services, National Disability
Insurance Agency, Department of Veterans Affairs, and other government agencies
responsible and/or associated with your services).

We may also collect information about you from your employers, family members, a carer, an
attorney, a guardian or other authorised person.

Why do we collect, hold, use and disclose personal information?
We require personal information to operate as a business. Non-disclosure or withholding some of
your personal information may mean we are unable to meet your request or provide our services to
you.

The personal information you provide us may be used for a number of purposes connected with our
business operations, which include to:
• meet your goals;
• support your chosen quality of life;
• verify your identity;
• facilitate provision of our services to you;
• assist in determining your suitability for a position as an employee or contractor;
• address or respond to any requests from you;
• inform you of existing and proposed services which we provide;
• develop and improve the quality and scope of the services we provide, and seek your
feedback;
• to assist in investigating your complaints, feedback and inquiries; and
• for other purposes which are reasonably necessary in connection with our normal functions
and activities.

Direct marketing communications
Please note if you are receiving regular email or SMS communication services from us as part of your
services delivery, they are not considered as direct marketing communications.

We will not use or disclose your personal information we hold for the purpose of direct marketing
unless you have provided your consent to us, or alternatively as authorised by law.

You always have the right to opt out of receiving this information and if you would like us to stop,
please call Operations Manager on 07 3703 1683 or email privacy@medilinks.com.au and we will
remove your contact details from our marketing database within 30 days and for free.

Who will my personal information be disclosed to?
We may disclose your personal information in certain circumstances, such as where we are required
or authorised by law or where you have consented to us doing so.

We may also disclose your personal information to:
• others in accordance with a request made or consent given by you;
• persons engaged in providing us with professional, business, technology and corporate
services, when reasonably required; and
• relevant government agencies which regulate or oversee services, operations and activities.

When making such a disclosure we will take reasonable steps to ensure that the recipient is bound
by privacy obligations. Without your consent, we will not disclose your personal information to third parties.

Does my personal information leave Australia?
We will only send your personal information outside Australia:
• if we are authorised to do so by law; or
• if you have consented to us doing so.
Access and correction

You have the right to access the personal information that we hold about you. For enquiries
regarding access to your personal records, please contact us as specified under “how to contact us”
below.

Any requests for information will be processed within a reasonable timeframe (usually within 15
business days). If the retrieval of information involves accessing archived information and will take
longer than normal, we will endeavour to provide you with an estimated timeframe.
You may also request to change the personal information about you. We will take reasonable steps
to correct any information that is inaccurate, incomplete, out-of-date or misleading.

If the information retrieval process requires us to allocate additional staff or resources to meet your request, we reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information.

Under some circumstances, we may refuse you access to personal information where denying access
is required or authorised by law, for example if access would pose a threat to life or the health of
anyone, where the request for access is regarded as frivolous or vexatious, or where information
relates to anticipated or existing legal proceedings. If you are denied access to your information, we will explain why.

While we recognise your rights under APP 12 to access your personal information, we may lawfully
refuse direct access if we believe it could pose a serious threat to your health or safety, or that of others, or if it might lead to misinterpretation of complex medical information causing distress or confusion. We do not provide copies of reports directly to you. We recommend you request a copy
via your medical treating professional or obtain a copy through appropriate channels, such as
requesting it from the relevant claims support officer or delegate, or by submitting a Freedom of
Information (FOI) request (e.g., using form D8601). If you do obtain a copy, we strongly advise
interpreting it with the support of a qualified medical professional.

Storage and security
We will take all reasonable precautions to safeguard your information from loss, misuse,
unauthorised access, modification, disclosure or destruction. We may store your files on paper
format and/or electronically. We implement a range of physical and electronic security measures to
protect the personal information that we hold, including physical access restrictions, password
protection, multifactor authentications, access being restricted to authorised personnel and
encryption of personal information before sending to 3rd party storage providers.

Notifiable Data Breaches scheme
In the event of any loss or unauthorised access or disclosure of your personal information that is
likely to result in serious harm to you, we will:
• investigate; and
• notify you and the Office of the Australian Information Commissioner as soon as practicable,
in accordance with the Act.

What if I have a complaint or question?
If you have any questions or concerns about our collection, use or disclosure of personal
information, or if you believe we have not complied with this Privacy Policy or the Act, please
contact us as set out below. Our Privacy Officer will investigate the complaint and determine
whether a breach has occurred and what action, if any, to take.
Medilinks will take any privacy complaint seriously and will aim to resolve any such complaint in a
timely and efficient manner, and our target response time is less than 30 days.

Medilinks expects our procedures will deal fairly and promptly with your complaint. However, if you
remain dissatisfied, you can also make a formal complaint with the Office of the Australian
Information Commissioner (which is the regulator responsible for privacy in Australia):
Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
1300 363 992

Director of Compliance
Office of the Australian
Information Commissioner
GPO Box 5218
Sydney NSW 2001
www.oaic.gov.au
 
How to contact us
To access and update your personal information, or should you have any questions or concerns
about this Privacy Policy, or our information practices please contact our Privacy Officer:

Privacy Officer
Phone: 07 3703 1683
Email: privacy@medilinks.com.au

Changes to this Privacy Policy
Our Privacy Policy may change from time to time as updated on the Medilinks website:
https://medilinks.com.au Before providing us with personal information, please check this Privacy
Policy on our website for any changes.
This Privacy Policy was last updated on 1 December 2024.