MedHireHub
MedHireHub
  • Staffing Solutions
  • For Providers
  • View All Services
    NDIS & Disability
    • NDIS Support Worker Staffing
    • Disability Support Worker Recruitment
    Aged Care
    • Aged Care Staffing Solutions
    • PCA Recruitment
    Nursing
    • RN & EN Staffing
    Allied Health
    • Allied Health Recruitment
    • Mental Health Support Workers
    Home Care
    • Home Care & In-Home Support
    Recruitment
    • Permanent Placement
    • Temporary & Casual Staffing
    • Bulk Workforce Solutions
  • Search Jobs
  • Locations
  • Login Sign Up

Privacy Policy

Last Updated: 21 June 2026

1. Introduction

HYRE UP PTY LTD (ABN 78 685 669 210, ACN 683 179 961) ("MedHireHub", "we", "us", or "our") is committed to protecting the privacy of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

MedHireHub operates as a staffing agency engaging casual healthcare workers and connecting them with NDIS providers, aged care facilities, home care providers, plan managers, and support coordinators. We primarily engage workers on a casual basis and provide staffing services where workers attend client locations to deliver care and support services. We are not a registered NDIS provider, aged care provider, or healthcare service provider.

By using our website, services, or platform, you consent to the collection and handling of your personal information as described in this Privacy Policy. If you do not agree with any aspect of this policy, you should not use our services.

Important: This Privacy Policy is a general document prepared for informational purposes. It does not constitute legal advice. HYRE UP PTY LTD recommends that you seek independent legal advice to ensure this policy meets your specific circumstances and complies with all applicable laws.

2. What is Personal Information?

"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not.

"Sensitive information" is a subset of personal information that includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information, genetic information, and biometric information. We treat sensitive information with a higher level of protection.

3. What Personal Information We Collect

We may collect the following types of personal information:

3.1 Healthcare Workers (Candidates and Casual Employees)

  • Name, date of birth, contact details (phone, email, address)
  • Employment history, qualifications, skills, and experience
  • AHPRA registration numbers and expiry dates
  • NDIS Worker Screening Check details and clearance numbers
  • Police check results and Working with Children Check details
  • Immunisation records (including COVID-19, influenza, hepatitis B)
  • Visa status and work rights documentation
  • Bank account and tax file number (TFN) details for payroll — collected only for casual employees (TFN workers), provided through our integration with Intuit QuickBooks
  • ABN (Australian Business Number) — collected only for independent contractors (ABN workers). Contractors are responsible for their own tax and superannuation
  • Emergency contact information
  • Photographs for identification purposes
  • References and referee contact details
  • Availability, shift preferences, and work location preferences
  • Any disabilities or health conditions relevant to workplace safety
  • Uploaded documents: Qualifications, certificates, police checks, working with children checks, NDIS screening clearances, immunisation records, visas, and other credentials uploaded to your profile
  • Roster and shift data: Allocated shifts, client locations, shift start and end times, shift notes, incident reports, and completion confirmations
  • Platform activity: Login history, profile updates, document uploads, and roster interactions
  • Device and app permissions: Camera access (for document uploads and shift photos), location access (for shift check-in and verification), push notifications (for shift alerts), and device storage (for offline access)
  • Location data: GPS location data when you check in or out of a shift at a client location, and approximate location for shift allocation and travel time estimation
  • Biometric data: If you enable fingerprint or facial recognition login on your device, this data is processed locally on your device and is not transmitted to or stored by MedHireHub

3.2 Third-Party Participant and Resident Data (Collected via Shift Notes)

During shifts, workers may record notes, observations, and care records relating to NDIS participants, aged care residents, or home care clients ("Participant Data"). This data may include:

  • Names, identifiers, or pseudonyms of participants or residents
  • Health information, care observations, behavioural notes, and wellbeing reports
  • Incident reports and risk assessments
  • Photographs or videos taken during shifts (for care documentation or incident reporting, where permitted by client policy)

Participant Data is sensitive health information. We collect and store this data solely on behalf of the client provider for whom the shift was performed. MedHireHub acts as a service provider for the client provider, which remains the controller of Participant Data. We do not use Participant Data for our own purposes, including marketing, analytics, or any purpose other than facilitating the delivery of care services.

Workers must only record Participant Data that is necessary for care delivery and must comply with the client provider's policies, the NDIS Code of Conduct, and all applicable privacy laws.

3.3 Clients (NDIS Providers, Aged Care Facilities, Home Care Providers, Plan Managers, and Support Coordinators)

  • Business name, ABN, and contact details
  • Name and contact details of authorised representatives
  • Facility accreditation details and provider numbers
  • Payment and billing information
  • Staffing requirements, roster requests, and placement history
  • Client location addresses where staff are deployed
  • Access logs for provider portal (roster viewing, note review, document checks)

3.3 Website Users

  • IP address, browser type, device information
  • Pages visited, time spent on site, referring websites
  • Cookies and tracking data (see Section 11)

3A. Tax File Numbers (TFNs)

We collect Tax File Numbers (TFNs) from workers for the sole purpose of complying with Australian taxation laws, including PAYG withholding, income tax reporting, and superannuation obligations. The collection, use, disclosure, storage, and destruction of TFNs is governed by the Privacy Act 1988 (Cth) and the Privacy (Tax File Number) Rule 2015.

We protect TFNs as follows:

  • TFNs are collected only from casual employees engaged under a TFN (not from independent contractors who invoice via ABN)
  • TFNs are used solely for lawful taxation, superannuation, and employment-related purposes for casual employees
  • TFNs are not disclosed to client providers, referees, or any third party except where authorised or required by taxation law (for example, to the Australian Taxation Office or our payroll processor Intuit QuickBooks for the purpose of processing PAYG withholding for casual employees)
  • TFNs are stored separately from other personal information where practicable, and access is restricted to personnel who require access for payroll and taxation purposes
  • TFNs are destroyed or de-identified when no longer required by law
  • We will not use TFNs for any purpose other than taxation, superannuation, or other purposes authorised by law

Providing your TFN is voluntary. However, if you do not provide your TFN, we may be required to withhold tax at a higher rate under PAYG withholding rules.

4. How We Collect Personal Information

We collect personal information through:

  • Directly from you: When you register an account on our platform, create your profile, upload documents, update your availability, accept roster allocations, record shift notes, or communicate with us
  • From third parties: With your consent, we may collect information from referees, previous employers, AHPRA, NDIS Worker Screening bodies, and background check providers
  • From publicly available sources: Professional registers, public directories, and social media profiles (where relevant to recruitment)
  • Through automated technologies: Cookies, web analytics, and server logs when you visit our website
  • Through our payroll integration: Bank account details and tax information are collected through Intuit QuickBooks for the purpose of processing casual worker payments
  • Through device permissions: When you install and use our mobile application, you may grant permissions for camera, location, notifications, and storage. You can manage these permissions through your device settings at any time

Where reasonably practicable, we will collect personal information directly from the individual concerned rather than from third parties.

5. Why We Collect, Use, and Disclose Personal Information

We collect, use, and disclose personal information for the following primary purposes:

  • To assess your suitability for casual employment and engagement with our clients
  • To verify your qualifications, registrations, and clearances at onboarding and periodically thereafter. Note: While we conduct checks, you remain solely responsible for ensuring your credentials remain current and valid at all times
  • To allocate rostered shifts to workers based on client needs and worker availability
  • To manage the roster system, including shift allocation, acceptance, completion, and note recording
  • To process payroll for casual workers, including payment to bank accounts provided via Intuit QuickBooks
  • To manage tax, superannuation, and other employment-related matters for casual employees
  • To comply with legal and regulatory requirements applicable to our business as a staffing agency, and to assist our clients in meeting their own compliance obligations (including NDIS Practice Standards, Aged Care Quality Standards, and Fair Work Act obligations). MedHireHub is not itself subject to NDIS Practice Standards or Aged Care Quality Standards as we are not a registered NDIS provider or aged care provider; these standards apply to our client facilities
  • To enable client providers to view rosters, shift notes, and verify worker credentials for their own clients
  • To communicate with you about shift opportunities, roster updates, and service-related matters
  • To maintain and improve our platform and services
  • To investigate and resolve complaints or disputes
  • To send marketing communications (where you have consented)
  • To protect our legal rights and interests

We will not use or disclose personal information for a purpose other than the primary purpose of collection unless the secondary purpose is related to the primary purpose and the individual would reasonably expect such use or disclosure, or we have obtained your consent.

5A. Data Minimisation

We collect only the personal information that is reasonably necessary for our business operations, compliance obligations, and the services we provide. We do not collect personal information merely because it might be useful in the future. Where possible, we use de-identified or aggregated data for analytics and business improvement.

5B. Artificial Intelligence and Technology

MedHireHub may use technology, including artificial intelligence and machine learning tools, to improve our Platform and Services. Our use of technology is subject to the following principles:

  • We do not transfer personal or sensitive information into publicly available generative AI tools (such as ChatGPT, Gemini, or similar public platforms)
  • Any AI or automated tools we use operate on anonymised or de-identified data where practicable
  • We do not fully automate decisions that significantly affect individuals. Where technology assists with decision-making (such as shift allocation suggestions), a human remains the final decision maker
  • Platform algorithms may operate to tailor user experiences, such as suggesting relevant shifts to Workers based on their availability, location, and qualifications
  • We keep personal information secure in accordance with this Privacy Policy and Australian privacy laws when using any technology tools

5C. Unsolicited Information

If we receive personal information that we did not request (unsolicited information), we will determine whether we could have collected the information under the APPs. If we could not have collected it lawfully, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

6. Disclosure of Personal Information

We may disclose personal information to:

  • Client facilities: To NDIS providers, aged care facilities, home care providers, plan managers, and support coordinators for the purpose of staffing placements, roster management, and verification of worker credentials
  • Provider portal access: We may disclose worker names, qualifications, clearances, shift rosters, and shift notes to a client provider for the purpose of managing care for that provider's own clients. This access is limited to the provider's own client engagements
  • Payroll processing: To Intuit QuickBooks for the processing of casual worker wages, tax, and superannuation payments
  • Government agencies: NDIS Quality and Safeguards Commission, Aged Care Quality and Safety Commission, AHPRA, Fair Work Ombudsman, and other regulatory bodies as required by law
  • Verification bodies: Providers of police checks, working with children checks, NDIS Worker Screening, and qualification verification services
  • Service providers: IT service providers, cloud storage providers, and other contractors who assist us in operating our business
  • Professional advisers: Lawyers, accountants, insurers, and auditors
  • Financial institutions: Banks and payment processors for transaction processing
  • Referees: Contact details provided by candidates for reference checking
  • Advertising and analytics partners: We may disclose limited information (such as email addresses) to operators of other websites, social media platforms, and search engines to deliver tailored advertisements, where you have consented to marketing

We take reasonable steps to ensure that these third parties are bound by privacy obligations consistent with the APPs and do not use personal information for their own purposes.

6A. Provider Access to Worker Information

Where a worker is allocated to work with a client's participants or residents, that client provider may be granted access to certain worker information through our provider portal for the sole purpose of managing care for their own clients.

Information that may be accessible to client providers includes:

  • Worker name and photograph
  • Relevant qualifications and credential status (verified, expired, pending)
  • Rostered shift times and attendance status for that provider's engagements
  • Shift notes and care records recorded by the worker during shifts with that provider's clients

Important: Client providers cannot access a worker's full profile, bank details, tax file number, or documents relating to engagements with other providers. Access is restricted to information directly relevant to the provider's own client engagements. Providers are bound by confidentiality obligations and must not use worker information for purposes other than managing care for their own clients.

7. Overseas Disclosure

MedHireHub primarily stores and processes personal information in Australia. However, some of our service providers (such as cloud storage providers, email services, or analytics providers) may operate overseas or store data on servers located outside Australia.

Where we disclose personal information to overseas recipients, we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles, or we will seek your consent. Overseas recipients may be located in countries including the United States, Singapore, and the European Union.

By using our services, you consent to the disclosure of your personal information to overseas recipients on the basis that we will take reasonable steps to ensure the recipient handles the information in accordance with the APPs.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:

  • Physical security measures at our offices
  • Electronic security measures including encryption, firewalls, and secure servers
  • Access controls and authentication requirements for our systems
  • Regular security assessments and updates
  • Staff training on privacy and data protection
  • Confidentiality agreements with employees and contractors
  • Secure document upload and storage systems with encryption for uploaded qualifications, clearances, and credentials
  • Role-based access controls ensuring client providers can only access worker data relevant to their own engagements
  • Audit logs tracking access to worker documents and shift notes

While we implement these measures, no data transmission over the internet or data storage system can be guaranteed as 100% secure. We cannot guarantee the security of information transmitted to or from our website. Workers are responsible for maintaining the security of their own account credentials and should not share login details with others.

9. Data Breach Notification (Notifiable Data Breaches Scheme)

Under the Notifiable Data Breaches scheme, we are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if we experience an eligible data breach that is likely to result in serious harm.

Our data breach response plan includes:

  • Containment and assessment of suspected or known breaches
  • Evaluation of risks associated with the breach
  • Notification to affected individuals as soon as practicable (within 72 hours where possible)
  • Notification to the OAIC where required
  • Review of our security measures and remediation of vulnerabilities

If you suspect a data breach involving your personal information, please contact us immediately using the details in Section 14.

10. Accessing and Correcting Your Personal Information

You have the right to request access to personal information we hold about you and to request correction of that information if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To request access or correction:

  • Contact our Privacy Officer (details in Section 14)
  • Provide proof of identity
  • Specify the information you wish to access or correct

We will respond to your request within 30 days of receipt. In some circumstances, we may refuse access or correction — for example, where it would reveal personal information about another person or where required by law. If we refuse, we will provide written reasons.

There is no charge for making a request, but we may charge a reasonable fee for processing a request for access in limited circumstances (for example, if the request is manifestly unfounded or excessive).

10A. Data Deletion and Account Closure

You may request deletion of your personal information and closure of your account at any time by contacting our Privacy Officer. We will take reasonable steps to delete your personal information within 30 days, except where we are required by law to retain it (for example, taxation records, payroll records, or workers compensation records).

Upon account closure, we may retain de-identified or aggregated data for analytics and business improvement purposes. We may also retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.

Note for Workers: If you are a casual employee or contractor, certain employment records must be retained for 7 years in accordance with taxation and employment laws. We will de-identify or restrict access to these records after your account is closed.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyse website traffic, and understand user behaviour.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly
  • Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
  • Marketing cookies: Used to deliver relevant advertisements and track their effectiveness (where you have consented)

You can control cookies through your browser settings. Disabling cookies may affect your ability to use certain features of our website.

12. Direct Marketing and the Spam Act 2003

We may use your personal information to send you direct marketing communications about job opportunities, industry updates, and relevant services that we believe may be of interest to you.

We will only send you marketing communications where we have obtained your consent or where permitted under the Spam Act 2003 (Cth) and the Privacy Act 1988.

Every marketing email we send will include an unsubscribe link. You can opt out of marketing communications at any time by clicking the unsubscribe link or contacting us directly.

13. Retention and Destruction of Personal Information

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

General retention periods include:

  • Worker records and uploaded documents: 7 years after last engagement (or longer if required by taxation or employment law)
  • Client records and roster data: 7 years after the business relationship ends
  • Roster and shift records: 7 years for compliance with NDIS Practice Standards, Aged Care Quality Standards, and Fair Work obligations
  • Application records (unsuccessful candidates): 12 months unless consent is given for longer retention
  • Financial and payroll records: 7 years as required by the Income Tax Assessment Act 1936 (Cth)
  • Audit logs and access records: 2 years

When personal information is no longer required, we take reasonable steps to destroy or de-identify the information securely.

14. Contact Us and Making a Complaint

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a complaint about how we have handled your personal information, please contact our Privacy Officer:

HYRE UP PTY LTD (ABN 78 685 669 210, trading as MedHireHub)

Privacy Officer

Email: [email protected]

Phone: (02) 7240 1884

Address: 4 Australis Way, Gables NSW 2765

Business Hours: Mon–Fri: 8:00 AM – 6:00 PM

If you are not satisfied with our response to your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: [email protected]

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational needs. Any changes will be posted on this page with an updated "Last Updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.

16. Disclaimer

This Privacy Policy is provided as a general guide and does not constitute legal advice. While we have endeavoured to ensure this policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, laws and regulations may change. HYRE UP PTY LTD recommends seeking independent legal advice to ensure this policy meets your specific circumstances and complies with all applicable laws.

MedHireHub provides staffing and recruitment services only and is not a registered NDIS provider, aged care provider, or healthcare service provider. Any references to NDIS, aged care, or healthcare services in this policy relate solely to our role as a staffing agency.

MedHireHub

Australia's trusted healthcare staffing agency. Connecting quality nurses, aged care workers, and NDIS support staff with leading facilities across Sydney and Australia.

Services

  • NDIS Support Worker Staffing
  • Aged Care Staffing Solutions
  • Disability Support Worker Recruitment
  • RN & EN Staffing
  • Allied Health Recruitment
  • Home Care & In-Home Support
  • Mental Health Support Workers
  • PCA Recruitment
  • Permanent Placement
  • Temporary & Casual Staffing
  • Bulk Workforce Solutions
  • Staffing Solutions
  • For Providers

Locations

  • Western Sydney
  • Parramatta
  • Blacktown
  • Liverpool
  • Penrith
  • Campbelltown
  • View All Locations

Job Seeker

  • Register for free
  • Find Jobs
  • Applied Jobs
  • Profile

Help

  • Contact us
  • FAQs
  • About Us
  • Our Team
  • Case Studies
  • Resources
  • Livara Care NDIS

Policies

  • Privacy Policy
  • Terms & Conditions
  • Clinical Governance
  • Incident Management
  • Grievance Policy

Find MedHireHub — Aged Care & NDIS Staffing Agency Sydney

Visit our Western Sydney headquarters. We provide NDIS support workers, aged care staff & registered nurses across 63+ Sydney suburbs with same-day 2-4 hour fill rates.

Get DirectionsCall Now
Address
4 Australis Way, Gables NSW 2765
Phone (24/7)(02) 7240 1884
Email[email protected]
Business HoursMon–Fri: 8:00 AM – 6:00 PMEmergency staffing: 24/7
Service Areas
ParramattaBlacktownLiverpoolPenrithCampbelltownCastle HillSydney CBDNorth SydneyEastern SuburbsWestern Sydney

MedHireHub is Sydney's leading aged care staffing agency, NDIS support worker provider, and registered nurse staffing specialist. Located in Gables, Western Sydney, we deploy qualified healthcare professionals across 63+ suburbs with same-day 2-4 hour fill rates. From 24/7 RN coverage to SIL support workers, we keep NSW healthcare facilities fully staffed.

© 2026 HYRE UP PTY LTD.|ABN 78 685 669 210
(02) 7240 1884[email protected]

MedHireHub provides staffing and recruitment services only. We are not a registered NDIS provider or aged care provider. Staffing response times, fill rates, and outcomes depend on role, location, time of request, and staff availability. Individual results may vary. All service terms are subject to our agreement with you.