Last Updated: 21 June 2026
HYRE UP PTY LTD (ABN 78 685 669 210, ACN 683 179 961) ("MedHireHub", "we", "us", or "our") is committed to protecting the privacy of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
MedHireHub operates as a staffing agency engaging casual healthcare workers and connecting them with NDIS providers, aged care facilities, home care providers, plan managers, and support coordinators. We primarily engage workers on a casual basis and provide staffing services where workers attend client locations to deliver care and support services. We are not a registered NDIS provider, aged care provider, or healthcare service provider.
By using our website, services, or platform, you consent to the collection and handling of your personal information as described in this Privacy Policy. If you do not agree with any aspect of this policy, you should not use our services.
Important: This Privacy Policy is a general document prepared for informational purposes. It does not constitute legal advice. HYRE UP PTY LTD recommends that you seek independent legal advice to ensure this policy meets your specific circumstances and complies with all applicable laws.
"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not.
"Sensitive information" is a subset of personal information that includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information, genetic information, and biometric information. We treat sensitive information with a higher level of protection.
We may collect the following types of personal information:
During shifts, workers may record notes, observations, and care records relating to NDIS participants, aged care residents, or home care clients ("Participant Data"). This data may include:
Participant Data is sensitive health information. We collect and store this data solely on behalf of the client provider for whom the shift was performed. MedHireHub acts as a service provider for the client provider, which remains the controller of Participant Data. We do not use Participant Data for our own purposes, including marketing, analytics, or any purpose other than facilitating the delivery of care services.
Workers must only record Participant Data that is necessary for care delivery and must comply with the client provider's policies, the NDIS Code of Conduct, and all applicable privacy laws.
We collect Tax File Numbers (TFNs) from workers for the sole purpose of complying with Australian taxation laws, including PAYG withholding, income tax reporting, and superannuation obligations. The collection, use, disclosure, storage, and destruction of TFNs is governed by the Privacy Act 1988 (Cth) and the Privacy (Tax File Number) Rule 2015.
We protect TFNs as follows:
Providing your TFN is voluntary. However, if you do not provide your TFN, we may be required to withhold tax at a higher rate under PAYG withholding rules.
We collect personal information through:
Where reasonably practicable, we will collect personal information directly from the individual concerned rather than from third parties.
We collect, use, and disclose personal information for the following primary purposes:
We will not use or disclose personal information for a purpose other than the primary purpose of collection unless the secondary purpose is related to the primary purpose and the individual would reasonably expect such use or disclosure, or we have obtained your consent.
We collect only the personal information that is reasonably necessary for our business operations, compliance obligations, and the services we provide. We do not collect personal information merely because it might be useful in the future. Where possible, we use de-identified or aggregated data for analytics and business improvement.
MedHireHub may use technology, including artificial intelligence and machine learning tools, to improve our Platform and Services. Our use of technology is subject to the following principles:
If we receive personal information that we did not request (unsolicited information), we will determine whether we could have collected the information under the APPs. If we could not have collected it lawfully, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
We may disclose personal information to:
We take reasonable steps to ensure that these third parties are bound by privacy obligations consistent with the APPs and do not use personal information for their own purposes.
Where a worker is allocated to work with a client's participants or residents, that client provider may be granted access to certain worker information through our provider portal for the sole purpose of managing care for their own clients.
Information that may be accessible to client providers includes:
Important: Client providers cannot access a worker's full profile, bank details, tax file number, or documents relating to engagements with other providers. Access is restricted to information directly relevant to the provider's own client engagements. Providers are bound by confidentiality obligations and must not use worker information for purposes other than managing care for their own clients.
MedHireHub primarily stores and processes personal information in Australia. However, some of our service providers (such as cloud storage providers, email services, or analytics providers) may operate overseas or store data on servers located outside Australia.
Where we disclose personal information to overseas recipients, we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles, or we will seek your consent. Overseas recipients may be located in countries including the United States, Singapore, and the European Union.
By using our services, you consent to the disclosure of your personal information to overseas recipients on the basis that we will take reasonable steps to ensure the recipient handles the information in accordance with the APPs.
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:
While we implement these measures, no data transmission over the internet or data storage system can be guaranteed as 100% secure. We cannot guarantee the security of information transmitted to or from our website. Workers are responsible for maintaining the security of their own account credentials and should not share login details with others.
Under the Notifiable Data Breaches scheme, we are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if we experience an eligible data breach that is likely to result in serious harm.
Our data breach response plan includes:
If you suspect a data breach involving your personal information, please contact us immediately using the details in Section 14.
You have the right to request access to personal information we hold about you and to request correction of that information if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
To request access or correction:
We will respond to your request within 30 days of receipt. In some circumstances, we may refuse access or correction — for example, where it would reveal personal information about another person or where required by law. If we refuse, we will provide written reasons.
There is no charge for making a request, but we may charge a reasonable fee for processing a request for access in limited circumstances (for example, if the request is manifestly unfounded or excessive).
You may request deletion of your personal information and closure of your account at any time by contacting our Privacy Officer. We will take reasonable steps to delete your personal information within 30 days, except where we are required by law to retain it (for example, taxation records, payroll records, or workers compensation records).
Upon account closure, we may retain de-identified or aggregated data for analytics and business improvement purposes. We may also retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.
Note for Workers: If you are a casual employee or contractor, certain employment records must be retained for 7 years in accordance with taxation and employment laws. We will de-identify or restrict access to these records after your account is closed.
Our website uses cookies and similar tracking technologies to enhance user experience, analyse website traffic, and understand user behaviour.
Types of cookies we use:
You can control cookies through your browser settings. Disabling cookies may affect your ability to use certain features of our website.
We may use your personal information to send you direct marketing communications about job opportunities, industry updates, and relevant services that we believe may be of interest to you.
We will only send you marketing communications where we have obtained your consent or where permitted under the Spam Act 2003 (Cth) and the Privacy Act 1988.
Every marketing email we send will include an unsubscribe link. You can opt out of marketing communications at any time by clicking the unsubscribe link or contacting us directly.
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
General retention periods include:
When personal information is no longer required, we take reasonable steps to destroy or de-identify the information securely.
If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a complaint about how we have handled your personal information, please contact our Privacy Officer:
HYRE UP PTY LTD (ABN 78 685 669 210, trading as MedHireHub)
Privacy Officer
Email: [email protected]
Phone: (02) 7240 1884
Address: 4 Australis Way, Gables NSW 2765
Business Hours: Mon–Fri: 8:00 AM – 6:00 PM
If you are not satisfied with our response to your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: [email protected]
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational needs. Any changes will be posted on this page with an updated "Last Updated" date.
We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.
This Privacy Policy is provided as a general guide and does not constitute legal advice. While we have endeavoured to ensure this policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, laws and regulations may change. HYRE UP PTY LTD recommends seeking independent legal advice to ensure this policy meets your specific circumstances and complies with all applicable laws.
MedHireHub provides staffing and recruitment services only and is not a registered NDIS provider, aged care provider, or healthcare service provider. Any references to NDIS, aged care, or healthcare services in this policy relate solely to our role as a staffing agency.