1Medical
Job Search Login/Register

Privacy policy

1. Introduction

1 Medical Group (comprising 1 Medical Pty Ltd, 1M Services Pty Ltd, and 1M Holding Pty Ltd, collectively referred to as ‘we’, ‘us’, or ‘our’) is committed to protecting the privacy of individuals whose personal information we collect, hold, use and disclose in the course of our business operations.

This APP Privacy Policy (Policy) sets out how we manage personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). It applies to all personal information we collect across our recruitment and healthcare staffing services, website, and other interactions.

This Policy is reviewed at least annually and will be updated to reflect changes in our information handling practices or applicable law.

By using our services or providing your personal information to us, you acknowledge that you have read and understood this Policy.

Our full Policy is available at: https://www.1medical.com.au/about/privacy-policy/

2. What is Personal Information?

Personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information is true and whether or not it is recorded in a material form.

Sensitive information is a subset of personal information that includes health information, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or practices, criminal records, and biometric data. We handle sensitive information with additional care and collect it only with your informed, voluntary consent or as required or authorised by law.

3. Kinds of Personal Information We Collect and Hold

The kinds of personal information we collect and hold will depend on the nature of your interaction with us. These include:

Candidates and Healthcare Workers

The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:

  • Contact and identification details (e.g. name, address, email, phone number)
  • Education, work history, qualifications, and professional skills
  • Right to work information, including details, copies (including images and photos), or presentation of originals of a visa, passport, birth or citizenship certificate, work permits, or other relevant documents
  • Tax file number, bank account, and superannuation details
  • Driver’s licence, driving history, and other licences or certifications relevant to a role
  • Results of assessments, induction courses, and reference checks, as well as any background check results you choose to provide to us
  • Training and professional development records
  • Third-party opinions about work performance (e.g. referee feedback), collected only with your consent
  • Sensitive information, including: health information (e.g. vaccination status and medical history), and professional registration and membership details — collected only with your explicit consent or as required by law
  • Information relating to workplace injuries, insurance claims, investigations, or disciplinary matters
  • Any other information reasonably necessary to provide our services
Clients
  • Contact details of client representatives
  • Job descriptions, role requirements, and organisational needs
  • Records of interactions and confidential feedback about candidates
Referees
  • Contact details and preferred contact method
  • Opinions regarding a candidate’s character, work performance, and suitability for a role
  • Professional background relevant to the reference provided
  • We may disclose personal information and opinions provided by referees to our clients (potential employers). Where a referee has agreed to be contacted by a potential employer, we will also disclose their information to that employer
Website and Platform Users
  • IP address, browser type, device identifiers, and other software or hardware information
  • Pages visited, search queries, and content viewed on our platforms
  • Name and contact details submitted via online forms or registrations
  • Our website or third-party tools we use (such as analytics services) may collect device identifiers or similar technical information — we recommend checking our cookie settings for further detail
  • Cookie data, which may include pages visited, content viewed, search queries made, and advertisements viewed on our platforms and other websites (see Section 11 for more detail)

4. How We Collect Personal Information

We collect personal information in the following ways:

Directly from you
  • When you complete an application form, submit a resume, or register on our website or a third-party platform
  • During interviews, telephone calls, emails, or other direct communications
  • When you provide information to us in person
  • When you complete an online form, assessment, or induction course
  • When you voluntarily provide us with background check results or other screening documents you have obtained
From third parties

We may also collect personal information from third-party sources where it is unreasonable or impracticable to collect directly from you, or where you have consented. These sources include:

  • Referees you have nominated (reference checks conducted only with your explicit consent)
  • Clients or host employers (e.g. workplace feedback, incident reports)
  • Third-party job boards and recruitment platforms
  • Your employer or ex-employer, in connection with reference checks or work performance matters
  • Workers compensation bodies, insurers, or regulatory authorities, as required or authorised by law
  • Government or regulatory bodies in connection with checking or assessing your eligibility to work within Australia
  • Information services providers and publicly maintained records, including via social media platforms, mobile sites, applications, and social media pages such as LinkedIn and Facebook

Where we collect personal information about you from a third party, we will take reasonable steps to notify you of that collection, either directly or through the third party, unless notification is not required by law or is impracticable in the circumstances.

5. How We Hold Personal Information

We hold personal information in electronic format only. Records are stored in secure databases, including cloud-based systems hosted by third-party data storage providers operating under contractual confidentiality and security obligations.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Identity documents are retained only for the period required to meet our legal obligations (including employment, tax, and immigration laws) and are securely destroyed when no longer needed. Where we are, or become, your employer, we are not obligated to delete your identity documents for so long as: (a) we are still actively employing or placing you with host clients; (b) we need to retain them to comply with employment, tax, immigration, or other applicable laws; or (c) retention remains in connection with the purposes for which the documents were originally collected. Identity documents will only be used for the purposes for which they were collected, stored securely, and deleted or destroyed once no longer needed for any legitimate purpose.

For a description of the security measures we use to protect personal information, see Section 10.

6. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

We collect, hold, use and disclose personal information for the following primary purposes:

  • Providing recruitment, staffing, and related services
  • Assessing your suitability for a role or work placement, including through reference checks and assessments
  • Facilitating or managing your actual or potential work placements with our clients
  • Conducting performance appraisals in relation to work placements
  • Identifying and facilitating training needs and professional development
  • Managing workplace injuries, rehabilitation, workers compensation matters, or insurance claims
  • Responding to complaints, investigations, or legal proceedings that concern you
  • Communicating with you about roles, placements, and relevant opportunities
  • Administrative and business management purposes, including billing and payroll
  • Marketing purposes — informing you of products, services, and training courses that may interest you (you may opt out at any time — see Section 12)
  • Our internal recruitment processes
  • Complying with applicable legal obligations

We will not use or disclose personal information for any purpose other than those described in this Policy unless you have consented, or the use or disclosure is authorised or required by law. Personal information will not be used for secondary purposes unless consent has been obtained or it is permitted by applicable legislation.

You are not obliged to provide your personal information to us. However, if you choose not to, or if you provide inaccurate or incomplete information, we may not be able to provide our services to you.

7. Who We Disclose Personal Information To

We disclose personal information to third parties where necessary to provide our services or as otherwise described in this Policy. Recipients may include:

  • Our clients, who may be your potential or actual employer or a host employer
  • Your nominated referees
  • Our staff and associated entities within the 1 Medical Group
  • Third-party organisations that deliver training or professional development programs
  • Our insurers and legal advisors
  • Professional associations or registration bodies (with your consent, where relevant to our services)
  • Workers compensation bodies, as required by applicable legislation
  • Work health and safety regulators (such as SafeWork NSW or the relevant state or territory equivalent) where we are required to report a notifiable incident under applicable work health and safety legislation
  • Our contractors, suppliers, and professional service providers
  • Any other third party with your consent, or where disclosure is required or authorised by law

All disclosures are made on a confidential basis or as required by law.

8. Overseas Disclosure

We do not disclose personal information to overseas recipients in the ordinary course of our business operations.

Some of our third-party data storage or technology providers may host data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure those providers are subject to contractual obligations requiring them to protect personal information to a standard comparable to the APPs.

If you are a citizen of a European Union member state, additional rights under the General Data Protection Regulation (GDPR) may apply to you. See Section 13 for more information.

9. Automated Decision-Making and Artificial Intelligence

We do not currently use automated decision-making tools or artificial intelligence to make decisions about individuals. All recruitment and placement decisions are made by our staff. If this changes in the future, we will update this Policy accordingly and ensure any use of automated decision-making complies with the APPs, including the obligations under APPs 1.7–1.9 that commence on 10 December 2026.

10. Security of Personal Information

We take all reasonable steps to protect the personal information we hold from misuse, interference, loss, and from unauthorised access, modification or disclosure.

Our security measures include:

  • Advanced encryption protocols for data in transit and at rest
  • Secure server infrastructure with regular security updates and patching
  • Multi-factor authentication and role-based access controls
  • Network firewalls and intrusion detection and monitoring systems
  • Secure backup procedures with encrypted storage
  • Regular vulnerability assessments and security audits
  • Secure disposal procedures for electronic media containing personal information
  • Background checks and privacy training for staff with access to personal information
  • Strict confidentiality obligations binding staff and contractors
  • Secure disposal procedures for electronic media containing personal information

In the event of a data security incident that may compromise your personal information, we have established procedures to promptly investigate, contain, and assess the incident. Where required by applicable law (including the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals within the prescribed timeframes.

Please note that transmission of information over the internet is not always fully secure. While we take reasonable steps to protect information transmitted through our platforms, we cannot guarantee the security of information in transit.

11. Cookies and Website Usage

Our websites and digital platforms may use cookies and similar tracking technologies to remember your preferences and to collect information about your use of our sites, including pages visited, content viewed, and search queries made.

You may disable cookies through your browser’s security settings, though this may affect your ability to access certain features or personalised content on our platforms.

Our websites may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites, and we encourage you to review their privacy policies before submitting any personal information.

12. Direct Marketing

We may use and disclose your personal information to inform you of products, services, and training opportunities that may be relevant to you, via email, SMS, mail, or other communication methods, in accordance with the Spam Act 2003 (Cth) and the Privacy Act.

You may opt out of receiving direct marketing communications at any time by contacting us at the details in Section 16, or by using the opt-out mechanism provided in any marketing communication. We will action your opt-out request as soon as practicable.

13. EU Citizens and the GDPR

If you are a citizen of a European Union member state, the General Data Protection Regulation (GDPR) may apply to the processing of your personal data. We act as a Data Controller in relation to such processing.

The legal bases for processing your data include our legitimate interest in providing you with suitable job opportunities and placements, your consent provided at the time of registration, contact, or engagement with our platforms, the performance of or preparation to enter into a contract, and contracts entered into by your employing organisation on your behalf. If you are a client, your employing organisation may have entered into an agreement with us that provides consent to store and process your information. You may withdraw or manage your consent at any time by contacting us.

If you are an EU citizen, you have the right to:

  • Request access to a copy of the personal information we hold about you
  • Request correction or deletion of your personal information
  • Withdraw your consent to our storage and processing of your personal information
  • Receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller (data portability)
  • Lodge a complaint if you believe your personal data has not been processed in accordance with the GDPR

To exercise any of these rights, please contact us using the details in Section 16.

14. Accessing and Correcting Your Personal Information

We take reasonable steps to ensure that the personal information we hold is accurate, up-to-date, complete, relevant and not misleading. Under APPs 12 and 13, you have the right to request access to the personal information we hold about you, and to request its correction if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make an access or correction request:

  • Contact our Privacy Officer using the details in Section 16
  • Provide proof of identity so that we can confirm we are providing personal information to the correct individual
  • Please be as specific as possible about the information you are seeking

We will endeavour to respond to your request within 30 days. We may charge a reasonable administrative fee to cover our costs of providing access.

We may be unable to provide access to information that would impact the privacy of another individual (for example, confidential referee feedback). If we refuse access or correction, we will provide written reasons for the refusal and advise you of any applicable complaint mechanisms.

For government agencies, access and correction rights under this Policy operate alongside and do not replace rights available under the Freedom of Information Act 1982 (Cth) or other applicable legislation. We may also have specific access or correction obligations outside the Privacy Act — for example, obligations under the Consumer Data Right (Part IVD of the Competition and Consumer Act 2010). Where applicable, we will explain those obligations on request.

15. Privacy Complaints

If you believe we have breached the APPs or any binding registered APP code, or otherwise mishandled your personal information, you are encouraged to raise the matter with us directly. All privacy complaints are treated seriously, handled promptly and confidentially, and will not affect your existing obligations or commercial arrangements with us. In most cases, under s 40(1A) of the Privacy Act, a complaint must first be made in writing to us before it can be taken to the OAIC.

The complaint process is as follows:

  • Step 1 — Contact us in writing (see Section 16). We ask that you provide details of your complaint so we can investigate it thoroughly.
  • Step 2 — We will acknowledge receipt and commence an investigation. We aim to respond substantively within 30 days.
  • Step 3 — If you are dissatisfied with our response, you may refer your complaint to a recognised external dispute resolution scheme of which we are a member (if applicable).
  • Step 4 — If the matter remains unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

16. How to Contact Us

For all privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

Privacy Officer

1 Medical Group

Postal Address: Privacy Officer, 1 Medical Group, Level 11, 10-14 Spring Street, Sydney NSW 2000

Email: info@1medical.com.au

Phone: 02 9544 1180

Website: https://www.1medical.com.au/about/privacy-policy/

If you would like this Policy provided in a different format (for example, in large print, or in a format accessible via assistive technology), please contact us and we will take reasonable steps to accommodate your request.

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
ErrorHere