PRIVACY POLICY

How we collect, use, store, and protect your personal information

Version 1.0  |  Effective May 2026  |  ABN 38 692 384 740


1.  Introduction

Aus Nurse Agency Pty Ltd (ABN 38 692 384 740) ('we', 'us', 'our', or 'the Agency') is a labour hire provider supplying registered nurses, enrolled nurses, and assistants in nursing to healthcare and aged care facilities throughout Western Australia.

We are committed to protecting the privacy of all individuals whose personal information we collect, use, and hold. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) ('Privacy Act') and the Australian Privacy Principles ('APPs').

As a labour hire provider supplying clinical staff to healthcare settings, we are likely to qualify as a health service provider under the Privacy Act, meaning this Policy applies to our operations regardless of our annual turnover.

By engaging with us — whether as a worker, client, or website visitor — you consent to the collection, use, and disclosure of your personal information as described in this Policy.

2.  Personal Information We Collect

2.1  Worker Information

We collect the following personal information from nurses and healthcare workers who register with or are employed by the Agency:

  • Full name, address, date of birth, and contact details

  • AHPRA registration number, registration type, and expiry date (for registered nurses and enrolled nurses)

  • Aged Care Worker Screening Check or NDIS Worker Screening Check (for AINs and unregistered aged care workers)

  • Qualifications, certifications, and employment history

  • National Police Clearance and Working with Children checks

  • Immunisation and vaccination records (including influenza, hepatitis B, COVID-19, varicella, MMR, and pertussis)

  • Emergency contact details

  • References and background check results

  • Timesheet and payroll data

Sensitive Information

Immunisation records and screening check information are classified as sensitive health information under the Privacy Act and are subject to additional protections described in this Policy.


2.2  Client Information

We collect the following information from client facilities and organisations:

  • Organisation name, ABN, and address

  • Contact names, positions, phone numbers, and email addresses

  • Accounts payable and billing details

  • Facility-specific requirements and shift information

  • Signed Terms of Business and booking records

2.3  Website Visitors

When you visit our website, we may collect standard technical data including your IP address, browser type, pages visited, and time of visit, through cookies and similar technologies. This information is used for website analytics and improvement purposes only.

3.  How We Collect Personal Information

We collect personal information directly from individuals wherever practicable. Collection methods include:

  • Registration and onboarding forms completed by workers

  • Signed Terms of Business and engagement documents from clients

  • Telephone and email communications

  • Our applicant tracking and CRM system (JobAdder)

  • Our payroll platform (APositive Payroll)

  • Third-party verification bodies (AHPRA, Australian Criminal Intelligence Commission, Aged Care Quality & Safety Commission, NDIS Quality and Safeguards Commission, Working with Children/Vulnerable People authorities)

  • Our website contact forms

We will only collect personal information by lawful and fair means. Where we collect sensitive information, we will obtain your explicit consent unless collection is required or authorised by law.

4.  Why We Collect and Use Personal Information

4.1  Primary Purposes

We collect and use personal information for the primary purposes of:

  • Assessing worker suitability, qualifications, and compliance for placement in healthcare roles

  • Employing workers and managing their assignments, payroll, superannuation, and entitlements

  • Verifying clinical registrations, police clearances, screening checks, and immunisation status as required by law and client facilities

  • Matching workers to suitable client bookings

  • Providing labour hire services to client facilities

  • Invoicing and managing accounts

  • Meeting obligations under the Fair Work Act 2009, Nurses Award 2020, Aged Care Award 2010, and other applicable legislation

  • Complying with WA Health, aged care, and NDIS regulatory requirements

4.2  Secondary Purposes

We may also use personal information for related secondary purposes including:

  • Communicating shift availability, rosters, and updates to workers

  • Sending relevant industry news, policy changes, or award rate updates

  • Improving our recruitment and placement processes

  • Meeting our insurance, legal, and compliance obligations

We will not use your personal information for purposes unrelated to those described above without your consent, unless required or authorised by law.

5.  Disclosure of Personal Information

We may disclose personal information to the following parties:

5.1  Client Facilities

We disclose worker compliance information (AHPRA registration status or Aged Care/NDIS Worker Screening Check status, police clearance currency, immunisation status, and relevant qualifications) to client facilities prior to and during assignments. This is necessary for the primary purpose for which the information was collected and workers are made aware of this disclosure through their employment agreements.

5.2  Service Providers

We disclose personal information to trusted third-party service providers who assist us in operating our business, including:

  • APositive — payroll processing, timesheet management, and invoice funding (payroll and financial data)

  • JobAdder — applicant tracking and CRM platform (worker and client contact information)

  • Xero — accounting software (financial and invoicing data)

  • Microsoft 365 — email, document storage, and communications

  • Referoo — reference checking and right to work verification (worker information)

These providers are required to handle personal information in accordance with applicable privacy laws and our contractual requirements. Some providers may store data on servers located outside Australia — see Section 7 (Overseas Disclosure) for further detail.

5.3  Regulatory and Government Bodies

We may disclose personal information to regulatory or government bodies where required or authorised by law, including:

  • The Australian Health Practitioner Regulation Agency (AHPRA)

  • The Aged Care Quality & Safety Commission

  • The NDIS Quality and Safeguards Commission

  • The Australian Taxation Office (ATO)

  • WorkCover WA

  • Fair Work Ombudsman

  • WA Department of Health or aged care regulators

  • Law enforcement agencies where required by law

We will not sell, rent, or trade personal information to third parties for marketing purposes.

6.  Sensitive Information

We handle the following categories of sensitive information:

  • Health information — immunisation records and work-related medical information

  • Criminal history information — national police clearances

  • Worker screening information — Aged Care Worker Screening Check and NDIS Worker Screening Check results

  • Government identifiers — Tax File Numbers (handled strictly in accordance with the Tax File Number Guidelines)

Sensitive information is subject to stricter protections under the Privacy Act. We will only collect, use, or disclose sensitive information:

  • With your explicit consent, and only to the extent necessary for our functions

  • Where required or authorised by law (for example, verifying screening checks as required by healthcare and aged care facility accreditation standards)

  • For the primary purpose for which it was collected

Sensitive information is stored separately with restricted access controls and is not disclosed to any party beyond what is necessary to fulfil your placement and employment requirements.

7.  Overseas Disclosure

Some of our third-party service providers may store or process personal information on servers located overseas, including in the United States and other jurisdictions where data protection laws may differ from Australian law. These providers include Microsoft (Azure/365), JobAdder, and other cloud-based platforms.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure that those recipients handle the information in a manner consistent with the Australian Privacy Principles. By using our services, you consent to this overseas disclosure where it arises from your engagement with us.

8.  Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • Password-protected and access-controlled digital systems

  • Encrypted email communications for sensitive documents

  • Role-based access controls limiting information to staff who need it

  • Secure cloud storage through Microsoft 365

  • Physical security for any paper-based records

Not with standing these measures, no data transmission or storage system is completely secure. If you have reason to believe that your personal information has been compromised, please contact us immediately using the details in Section 12.

9.  Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and contractual obligations. Our retention periods are guided by:

  • Fair Work Act 2009 — employee records must be kept for a minimum of 7 years

  • Taxation Administration Act 1953 — financial records retained for 5 years minimum

  • WA Health and aged care regulatory requirements — compliance records retained as required

  • Limitation of actions legislation — records relevant to potential legal claims retained for applicable limitation periods

Once personal information is no longer required and retention obligations have been met, we will take reasonable steps to destroy or de-identify the information securely.

10.  Access and Correction

Under APP 12 and APP 13, you have the right to request access to the personal information we hold about you and to request that inaccurate, incomplete, or out-of-date information be corrected.

To make an access or correction request, please contact our Privacy Officer using the details in Section 12. We will respond to your request within 30 days. We may need to verify your identity before providing access.

In some circumstances we may be unable to provide access — for example, where doing so would unreasonably impact the privacy of another person, or where access is restricted by law. If we decline your request, we will explain the reason in writing.

There is no charge for making an access or correction request, though we may charge a reasonable fee for the cost of providing access. We will advise you of any fee before proceeding.

11.  Notifiable Data Breaches

Australia's Notifiable Data Breaches (NDB) scheme requires us to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals if a data breach is likely to result in serious harm.

If we become aware of an actual or suspected eligible data breach, we will:

  • Contain the breach and assess its severity as quickly as possible

  • Notify the OAIC within 30 days of becoming aware if the breach is likely to result in serious harm

  • Notify affected individuals as soon as practicable

  • Take steps to prevent a recurrence

If you believe your personal information held by us has been subject to unauthorised access or disclosure, please notify us immediately using the contact details in Section 12.

12.  Contact Us & Complaints

For all privacy-related enquiries, access requests, correction requests, or complaints, please contact:

Privacy Officer — Aus Nurse Agency Pty Ltd

PO Box 133, Port Hedland WA 6721

Email: info@ausnurseagency.com.au

Website: www.ausnurseagency.com.au


We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):


Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au
Phone: 1300 363 992
GPO Box 5218, Sydney NSW 2001


13.  Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The current version will always be available on our website at www.ausnurseagency.com.au.

Where changes are material, we will take reasonable steps to notify workers and clients of the update. Continued engagement with the Agency after notification of a change constitutes acceptance of the updated Policy.

This Policy was last reviewed and updated in May 2026.