Updated

March 2026

Privacy Policy

MEDRISK PTY LTD – PRIVACY POLICY

Medrisk Pty Ltd (ABN 62 690 117 689) (we, us or our) provides virtual medical assessment services for employment and recruitment purposes and is committed to protecting your privacy. This policy explains how we collect, use and protect your personal information. It applies to all personal information we handle, whether we collect it through our website, in person, or through other means.

Quick overview

  • We collect information you provide to us and information we gather when we interact with you

  • We use this information to provide our services and improve your experience

  • We protect your information using secure systems and processes

  • You have rights regarding your personal information, including access and correction rights

Information we collect

Basic identifying and contact details

  • Name, address, email address and phone number

  • Professional details

Service-related information

  • Payment and transaction details for services you've purchased from us

  • Your preferences for our services and your marketing preferences

  • Feedback and survey responses

Digital information

  • IP address and general location information derived from your IP address 

  • Search and browsing behaviour

  • Website usage patterns

  • Cookie preferences

Medical assessment information

  • Virtual medical screening questionnaires and responses

  • Job role-specific health and safety information

  • Risk assessment outcomes and doctor reviews

  • Identity verification documents including driver's licence and passport details captured through GBG verification services

  • Document verification data obtained by checking captured details against official government issuers

Sensitive Information

We handle sensitive information with extra care and protection, and we only collect this information with your consent or when legally permitted. This includes:

Health information

  • Medical history information provided through our assessment questionnaires

  • Previous injuries, medical conditions, and treatment history relevant to job role suitability

  • Current medications and medical treatments that may affect work capacity

Biometric information

  • Biometric data collected through Au10tix identity verification services including facial recognition data from selfie photos, which is used specifically for identity confirmation purposes to verify you are the person completing the medical assessment.

  • Biometric data is used only for identity verification and not stored longer than required, our policy requires this data to be deleted from the identity verification provider servers, 3 hours after processing.

  • Medrisk may retain certain identity verification records within our own servers, relevant to a completed assessment, such as verification photographs, where necessary to confirm identity verification and maintain the integrity and auditability of the assessment process.

How we collect personal information

  • Directly from you when you: complete our virtual medical screening questionnaires, undergo identity verification through our platform, interact with us, contact us, fill out forms.

  • Automatically when you: visit our website, use our technologies, interact with our online services, complete biometric identity checks.

  • From third parties: GBG identity verification services, recruiting companies and employers who engage our services, service providers, business partners, public sources, government organisations and organisations or people authorised by you.

Why we collect, hold, use and disclose personal information

We collect and use your personal information to run our business and provide our services as set out below.

Identity verification process

  • To verify your identity before commencing medical assessments

  • To capture and verify document details (driver's licence, passport) against official government issuers

  • To prevent fraudulent completion of assessments by unauthorised individuals

  • To ensure assessment integrity and compliance with client requirements

  • To maintain secure access to our assessment platform

Medical assessment and employment screening purposes

  • To collect information through virtual medical screening questionnaires for employment screening purposes

  • To enable qualified medical practitioners to review questionnaire responses and provide risk assessment reports

  • To provide risk assessment reports to employers and recruitment agencies

Business operations

  • To manage our relationship with you as a customer or supplier

  • To process and deliver our services

  • To handle your inquiries, support requests, and communications

  • To maintain accurate records for billing and administration

  • To verify your identity when required or permitted by law

Communication and support

  • To respond to your questions and support requests

  • To communicate important updates about our services

  • To handle inquiries made through our website or platforms

  • To manage your participation in surveys

Service improvement

  • To conduct analytics and market research

  • To improve our business operations and services

  • To develop and enhance our applications and platforms

  • To understand how our services are used

Marketing and promotions

  • To send you (clients) promotional information about our services 

  • To inform you about services that may interest you

  • To manage your marketing preferences

  • To provide additional benefits to our customers

Legal and compliance

  • To comply with our legal obligations

  • To respond to court orders or legal processes

  • To maintain required business records

  • To fulfill regulatory requirements or reporting obligations

  • To protect our legal rights and interests or as authorised by law

Our disclosures of personal information to third parties

We may disclose personal information to:

Service providers

  • Identity verification services (for document verification checks with official government issuers)

  • Medical practitioners contracted to review assessments 

  • AI technology providers

  • IT service providers

  • Data storage providers

  • Web hosting and server providers

  • Payment processors

  • Marketing and advertising providers

  • Analytics providers

Employers and recruitment agencies 

  • Organisations who have requested medical assessments

  • Recruitment agencies acting on behalf of employers

  • HR departments and occupational health teams

Professional advisers

  • Bankers

  • Auditors

  • Insurers and insurance brokers

  • Legal advisers

Business partners

  • Our existing or potential agents

  • Our business partners or contractors

Corporate transactions

If we merge with or are acquired by another company, or sell our business assets:

  • Your information may be disclosed to our advisers

  • Your information may be disclosed to the potential purchaser's advisers

  • Your information may be included in the transferred assets

Legal and regulatory bodies

  • Courts and tribunals

  • Regulatory authorities including as required for reporting obligations

  • Law enforcement officers

Other parties

  • Third parties you have authorised

  • Emergency services when necessary

  • Any other parties as required or permitted by law

Overseas disclosure

Storage and access

We store your personal information in Australia through AWS cloud services. However, your information may be accessed from or transferred to locations outside Australia in these circumstances:

  • When our service providers are located overseas

  • When we work with overseas business partners

  • When using cloud-based services or data storage solutions

Our approach to overseas disclosure

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information.

Your privacy rights and choices

Providing information

You can choose whether to provide personal information to us, however, if you don't provide certain information, we may not be able to provide some services. Let us know if you don’t want to provide information and we will let you know when information is required versus optional.

Access to your information

You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

Correction rights

You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

Marketing communications

You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable.

How to contact us about your rights or to make a complaint and what happens next

Step 1: Contact our privacy officer

What to include:

Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

We will:

  • Verify your identity before processing your request

  • Investigate thoroughly (for complaints) or process your request (for rights)

  • Respond to you in writing within reasonable timeframes

  • Explain what actions we will take and keep you updated on progress

  • Not charge you for making a request (except for reasonable access fees if applicable)

  • Help you understand and exercise your rights

Step 3: If you're not satisfied (complaints only)

If you're not satisfied with our response to your complaint, you can:

  • Ask for a review by our senior management, or

  • Contact external bodies:

    • Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)

This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

Protecting your information

We use multiple layers of security to protect your information.

Technical safeguards

  • Enterprise-grade encryption for data storage and transmission

  • Security monitoring and testing procedures

Operational security

  • Staff training on security and privacy

  • Strict access controls based on job requirements

  • Regular security audits and incident response procedures testing

Physical security

  • Secure premises with controlled access

  • Secure disposal of physical documents

  • Equipment security protocols

Public information

Please note that any information you choose to share publicly on online platforms (such as comments or reviews) can be accessed and used by others. We cannot control or protect information that you make publicly available.

How long we keep your information

We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

Cookies and Analytics

What We Use

We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

Cookies

  • Small text files stored on your device

  • Help remember your preferences

  • Enable certain website functions

  • Make your interactions with our website more efficient

Tracking Pixels

  • Tiny, invisible images in web pages and emails

  • Help us understand how you interact with our content

  • Allow us to measure email engagement

  • Enable more relevant content delivery

How we use these technologies

Essential Functions

  • Remember your login status

  • Maintain your session security

  • Store your preferences

  • Enable core website features

Analytics and Performance

  • Understand how our website is used

  • Measure page views and traffic

  • Analyse user navigation patterns

  • Identify areas for improvement

Personalisation

  • Remember your preferences

  • Tailor content to your interests

  • Improve your browsing experience

  • Provide relevant recommendations

Your control

You can manage these technologies by:

  • Adjusting your browser settings to block or delete cookies

  • Using privacy-focused browser extensions

  • Configuring your email client to block images

  • Using our cookie preference settings

Note: Blocking all cookies may affect website functionality and your user experience.

Google Analytics

We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google's advertising features through your Google account settings, browser add-ons, or your device's privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google's privacy pages.

Meta advertising tools

We use Meta's advertising tools (such as Meta Pixel) to understand how our ads perform and to show you more relevant advertisements on Meta platforms like Facebook and Instagram when you visit our website or app. You can manage whether we connect information from our website with your Meta account for advertising purposes by adjusting your settings within your Meta account preferences.

Artificial Intelligence (AI) Technologies

Overview

We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

How we use AI

We may use AI technologies to:

  • Assist with generating role-specific medical questionnaires and analysing industry data

  • Structure and format questions based on specific job role requirements and associated risk factors

  • Automate the creation of job role modules to streamline questionnaire development

  • Analyse industry injury data to focus questions on relevant health areas for specific roles

When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

Amendments

We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.