Privacy Policy

This Privacy Policy outlines how Medilinks collects, uses, and discloses personal information when you use our services. By accessing our website and utilising our services, you agree to the collection and use of information as described in this policy.

Purpose

This Privacy Policy applies to everyone who interacts with Medilinks Access Pty Ltd A.C.N 658 402 352 and Medilinks Connect Pty Ltd A.C.N 675 326 959, our related entities, our agents and contractors (Medilinks). 

We are committed to protecting your privacy and collect, store, use and disclose personal information responsibly and transparently when we deliver our services and conduct our businesses. 

This Privacy Policy will tell you how we may collect, hold, use and disclose personal information about you, in accordance with the requirements under the Privacy Act 1988 (Cth) (Act) and other applicable legislations. Please be sure to read this entire Privacy Policy before submitting personal information to us, our agents or contractors.

In this Privacy Policy, “we” and “us” refers to Medilinks and “you” refers to any individual about whom we collect personal information.

What is personal information? 

Personal information is any information about an individual, such as name, age, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information. 

What personal information does the Medilinks usually collect and hold? 

The type of personal information we collect and hold may include:

  • your personal details, such as your name and date of birth; 

  • your contact details;

  • health-related information, such as health summary, medical diagnosis, medication requirements, hospital discharge summary, radiology reports and pathology reports; 

  • information relevant to administering your payment arrangements such as your banking details, your pension arrangements and entitlements, and information regarding your income and assets; 

  • government identifiers such as Medicare number, driver licence, Department of Veterans’ Affairs file number etc; 

  • employment information such as work history, contact details of referees etc. 

  • any other types of personal information which enables us to deliver our services, perform our activities and functions. 

If you are receiving services from us, all information we collect from you is classified as “sensitive information” under the Act. We will collect, use and/or disclose your personal information with your consent, or otherwise as permitted by law. 

If you are not a client, we will collect, use and/or disclose your personal information in accordance with the Act. 

Passive information collection

When you visit the Medilinks’ website and other online resources, our quality and performance software and internet service providers record anonymous information for statistical purposes only, including:

  • the type of browser, computer platform and screen resolution you are using

  • your traffic patterns through our site such as: 

  • the date and time of your visit to the site

  • the pages you accessed and documents downloaded

  • the previous page you visited prior to accessing our site

  • the Internet address of the server accessing our site

Our quality and performance software uses cookies when collecting this information.

No attempt is or will be made to identify you or to use or disclose your personal information except where required under a law, for example, a law enforcement agency may exercise a warrant to inspect our service providers' logs.

How we collect your personal information 

We collect your personal information in a number of ways, including:

  • directly from you, when you provide it to us or our agents or contractors, such as in an application and other forms, over the telephone or in person;

  • from publicly available resources;

  • by analysing our own records of your use of our services; or 

  • monitoring devices such as surveillance cameras installed at various places; 

We may also collect your personal information from:

  • your veteran representatives and legal representatives; 

  • other healthcare and service professionals and health service providers involved in your care if you have given them consent to or as authorised by law;

  • government agencies responsible for administering applicable benefits and entitlements (such as Services Australia, Medicare, Department of Social Services, National Disability Insurance Agency, Department of Veterans Affairs, and other government agencies responsible and/or associated with your services).

We may also collect information about you from your employers, family members, a carer, an attorney, a guardian or other authorised person.

Why do we collect, hold, use and disclose personal information? 

We require personal information to operate as a business. Non-disclosure or withholding some of your personal information may mean we are unable to meet your request or provide our services to you.

The personal information you provide us may be used for a number of purposes connected with our business operations, which include to:

  • meet your goals;

  • support your chosen quality of life; 

  • verify your identity;

  • facilitate provision of our services to you;

  • assist in determining your suitability for a position as an employee or contractor;

  • address or respond to any requests from you;

  • inform you of existing and proposed services which we provide;

  • develop and improve the quality and scope of the services we provide, and seek your feedback; 

  • to assist in investigating your complaints, feedback and inquiries; and

  • for other purposes which are reasonably necessary in connection with our normal functions and activities.

Direct marketing communications

Please note if you are receiving regular email or SMS communication services from us as part of your services delivery, they are not considered as direct marketing communications. 

We will not use or disclose your personal information we hold for the purpose of direct marketing unless you have provided your consent to us, or alternatively as authorised by law. 

You always have the right to opt out of receiving this information and if you would like us to stop, please call Operations Manager on 07 3703 1683 or email privacy@medilinks.com.au and we will remove your contact details from our marketing database within 30 days and for free.  

Use of Technology in Service Delivery

Medilinks uses certain technologies to support the delivery, quality, and improvement of our services. These tools help us maintain high standards of care, ensure operational efficiency, and support staff training and development. As our practice evolves and digital tools and technologies continue to be developed, Medilinks may assess and integrate them in a manner that prioritises transparency, client consent, privacy compliance, and data security.

Use of Artificial Intelligence 

We may use AI tools (such as Heidi) to assist in documenting client assessments. These tools help summarise key information from client interactions, which may be used to update medical records or support reporting. All information processed through AI is handled securely and in accordance with the Privacy Act 1988 (Cth). We will always seek appropriate consent before using AI tools as part of your care.

Call Recording

Calls to and from our main business numbers may be recorded for staff training and quality assurance purposes. This applies only to administrative calls and does not include telehealth sessions or clinical consultations, which remain private and confidential. Callers are notified at the beginning of any recorded call and have the option to opt out of being recorded. Recordings are securely stored and accessed only by authorised personnel.

Who will my personal information be disclosed to?

We may disclose your personal information in certain circumstances, such as where we are required or authorised by law or where you have consented to us doing so.

We may also disclose your personal information to:

  • others in accordance with a request made or consent given by you;

  • persons engaged in providing us with professional, business, technology and corporate services, when reasonably required; and

  • relevant government agencies which regulate or oversee services, operations and activities.  

When making such a disclosure we will take reasonable steps to ensure that the recipient is bound by privacy obligations.

Without your consent, we will not disclose your personal information to third parties.

Does my personal information leave Australia?

We will only send your personal information outside Australia:

  • if we are authorised to do so by law; or 

  • if you have consented to us doing so.

Access and correction

You have the right to access the personal information that we hold about you. For enquiries regarding access to your personal records, please contact us as specified under “how to contact us” below. 

Any requests for information will be processed within a reasonable timeframe (usually within 15 business days). If the retrieval of information involves accessing archived information and will take longer than normal, we will endeavour to provide you with an estimated timeframe.

You may also request to change the personal information about you. We will take reasonable steps to correct any information that is inaccurate, incomplete, out-of-date or misleading. 

If the information retrieval process requires us to allocate additional staff or resources to meet your request, we reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information.

Under some circumstances, we may refuse you access to personal information where denying access is required or authorised by law, for example if access would pose a threat to life or the health of anyone, where the request for access is regarded as frivolous or vexatious, or where information relates to anticipated or existing legal proceedings. If you are denied access to your information, we will explain why.

While we recognise your rights under APP 12 to access your personal information, including clinical reports, we may lawfully refuse direct access if we believe it could pose a serious threat to your health or safety, or that of others, or if it might lead to misinterpretation of complex medical information causing distress or confusion. If you wish to access your information, please contact Medilinks directly. We will assess your request and advise you of the appropriate way to access your records. In some cases, we may recommend releasing the information to your treating health professional or a relevant claims support officer, who can help interpret it accurately. In other situations, we may advise that you submit a Freedom of Information (FOI) request through the Department of Veterans’ Affairs (DVA). If FOI is appropriate, we will provide guidance and the necessary form at that time. Each request will be considered on a case-by-case basis, and we will inform you of any decision and your options. If you do obtain a copy, we strongly advise interpreting it with the support of a qualified medical professional. 

Storage and security

We will take all reasonable precautions to safeguard your information from loss, misuse, unauthorised access, modification, disclosure or destruction.  We may store your files on paper format and/or electronically. We implement a range of physical and electronic security measures to protect the personal information that we hold, including physical access restrictions, password protection, multifactor authentications, access being restricted to authorised personnel and encryption of personal information before sending to 3rd party storage providers.

We retain personal information for as long as necessary to fulfil its intended purpose, unless a longer retention period is required by law. When no longer needed, and where lawful, we take reasonable steps to securely destroy or de-identify the information.

Notifiable Data Breaches scheme

In the event of any loss or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will:

  • investigate; and

  • notify you and the Office of the Australian Information Commissioner as soon as practicable, in accordance with the Act.

What if I have a complaint or question? 

If you have any questions or concerns about our collection, use or disclosure of personal information, or if you believe we have not complied with this Privacy Policy or the Act, please contact us as set out below.  Our Privacy Officer will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. 

Medilinks will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner, and our target response time is less than 30 days. 

Medilinks expects our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):

Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
1300 363 992
Director of Compliance  
Office of the Australian 
Information Commissioner 
GPO Box 5218 
Sydney NSW 2001
www.oaic.gov.au

How to contact us

To access and update your personal information, or should you have any questions or concerns about this Privacy Policy, or our information practices please contact our Privacy Officer:

Privacy Officer
Phone: 07 3703 1683 
Email: privacy@medilinks.com.au 

Changes to this Privacy Policy

Our Privacy Policy may change from time to time as updated on the Medilinks website: https://medilinks.com.au Before providing us with personal information, please check this Privacy Policy on our website for any changes.

This Privacy Policy was last updated on 1 July 2025.