healthdirect australia logo

Privacy Policy for employees and stakeholders

This part of our Privacy Policy applies when you engage with our services in a corporate capacity as an employee, a job applicant, contractor, stakeholder, such as a representative of a service provider, consultant, shareholder or director of our organisation.

You can also visit our privacy hub or read these frequently asked questions (FAQs).

About this Privacy Policy

Effective as of 7 May 2024

This is the Privacy Policy of Healthdirect Australia Ltd (ABN 28 118 291 044) (Healthdirect) (also variously described as us, we or our throughout this Policy). The Policy covers the following services in our portfolio, except My Aged Care and Medicare Mental Health, which are governed by their own Privacy Policies:

  • Helpline services
    • healthdirect helpline (also known as NURSE-ON-CALL in Victoria)
    • healthdirect GP helpline
    • Pregnancy, Birth and Baby
    • health alert lines
  • Digital services
    • healthdirect website
    • healthdirect mobile app
    • Pregnancy, Birth and Baby website
  • Digital products (available in some of our digital services)
    • User account
    • Symptom Checker
    • Service Finder
    • Risk Checker
    • Question Builder
    • BMI calculator
  • National digital infrastructure
    • National Health Services Directory (NHSD)

In this Policy, we describe the kinds of personal and sensitive information (including health information and other types of sensitive information that you provide) we collect, why we collect this information, and how we use, disclose, and protect the information that we hold.

When we use 'you' or ‘your' in this policy, we are referring to the individual reader of this Policy. You may be a member of the public who has used our health services, a health practitioner or integrator, or someone who has engaged with our corporate functions.

For other privacy-related definitions, please see our privacy FAQs.

Healthdirect complies with Commonwealth privacy laws (including the Privacy Act 1988 (Cth)) and for some services, State and/or Territory privacy laws (where appropriate). We also adopt careful and ethical data practices, and embed privacy considerations into the design of our services.

This part of our Privacy Policy applies when you engage with our services in a corporate capacity as an employee, a job applicant, contractor, stakeholder, such as a representative of a service provider, consultant, shareholder or director of our organisation, when you engage or interact with us about the day-to-day operations of the organisation.

If you use our services as a member of the public, please go here.

If you are a health practitioner, please go here.

Please see below for information about how we manage your personal and sensitive information, or read these frequently asked questions (FAQs).

The operations and running of the Healthdirect business involves and includes a range of employees, contractors and other stakeholders.

What personal and sensitive information do we collect?

Healthdirect collects your personal and sensitive information for the purpose of managing the day-to-day operations of the organisation.

For contractors and other stakeholders, this may include but is not limited to:

  • identifying information, such as your name and date of birth, and related identity verification information, such as drivers licences;
  • demographic information, such as your age and sex, and postcode (where required);
  • contact details, such as your address, email address and phone number;
  • banking and finance information (where required); and
  • information provided for the purposes of managing perceived or potential conflicts of interest.

Employee records

The Privacy Act 1988 (Cth) currently exempts ‘employee records’ from the Australian Privacy Principles (APPs). An ‘employee record’ is defined to mean a record of personal information relating to the employment of the employee.

If it is not part of your ‘employee record’, your personal and/or sensitive information Healthdirect collects will be managed in accordance with Healthdirect’s privacy obligations under the APPs.

Why do we collect and use your personal and sensitive information?

If you are employed by Healthdirect, or you are applying to be employed by Healthdirect, then we collect information to administer and manage your employment or potential employment with Healthdirect.

In our corporate functions, we collect personal information to run the Healthdirect business. Predominantly, this involves collecting personal information to enable communication and management of our products and services.

How do we collect your personal information?

We collect your personal and sensitive information through your interaction with Healthdirect, including when you provide information to us either in person, over the phone or by email.

How do we use or disclose your personal and sensitive information?

As an employee or potential employee, Healthdirect will generally use the information that you have provided in connection with your employment or potential employment — subject to any requirements to retain information for your employee record.

In the operation of Healthdirect’s day-to-day business with contractors and other stakeholders, Healthdirect generally uses the personal information collected to:

  • communicate with you or your organisation;
  • deal with enquiries in relation to our services;
  • facilitate the day-to-day running of Healthdirect, including where we may be dealing with current, former, and future employees.

Whether you are an employee, prospective employee, contractor or stakeholder, your personal information may be disclosed to the following:

  • third party suppliers to assist in the processing of your job application and reference checks;
  • other contractors and/or third-party suppliers that support our business operations;
  • government agencies and regulatory bodies that are permitted by law to obtain your information such as the Australian Taxation Office, Police etc.

Such information will only be disclosed where it is relevant to Healthdirect’s business activities, and Healthdirect has processes and controls in place to monitor access to this information.

How long do we retain your personal and sensitive information?

Corporate and employee data is stored within Healthdirect’s internal systems and technology within Australia. Healthdirect is obliged under various State, Territory and Commonwealth employee records legislation to retain records for up to 7 years from the date of commencement of your employment with Healthdirect. Healthdirect only retains corporate partner and consultant information for the period of engagement or as otherwise required. If the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will securely destroy or de-identify it.

How do we protect your personal and sensitive information?

Healthdirect has an obligation to ensure that the personal and sensitive information that you provide is appropriately protected from misuse, interference and loss, and from unauthorised access, modification, and disclosure.

Healthdirect aligns with the Australian Cyber Security Centre (ACSC) Essential Eight as our baseline for security standards. The Essential Eight is a prescribed list of technical strategies that aim to mitigate threats within our system and networks. More information about these security standards can be found here: Essential Eight (cyber.gov.au)

Healthdirect complements this approach with:

  • requirements for data encryption, including personal information, encrypted at rest and in transit; and
  • continuous monitoring of our systems and applications, including our website and various databases; and
  • data storage, which conforms to Australian privacy requirements; and
  • authenticating users, including members of the public, helpline agents and employees to ensure that all points of access to data are protected from inappropriate access, use or disclosure.

How to manage your personal or sensitive information

Accessing or correcting your information

You have a right to request access to the information that we hold about you. You may also request that Healthdirect corrects personal and sensitive information that it holds about you.

Given the sensitivity of the information that we hold, we will require you to confirm your identity before access can be provided.

Click here to access the Healthdirect Personal Records Access or Change Request Form. If we refuse to provide you with access to your personal and sensitive information, or refuse to provide you with access to your personal information in the way you have requested, we will provide you with a written notice outlining our reasons for refusal.

Deleting your information

While we consider requests for deletion, the Privacy Act does not currently give individuals the right to ‘delete’ or ‘erase’ their information.

Healthdirect has legal obligations to keep records of different types of interactions, such as employee records. We balance these obligations before determining whether we can delete your information.

Click here to access the Healthdirect Personal Records Access or Change Request Form.

Complaints

If you have a privacy complaint or concern regarding how we have handled your personal information, please contact Healthdirect. We will investigate your complaint or concern and endeavour to respond to you within 10 working days.

If you feel we have not adequately resolved your complaint or concern, you may contact the Office of the Australian Information Commissioner at Privacy complaints (oaic.gov.au).

How to contact us

You can contact our Privacy Officer as follows:

Email: privacy@healthdirect.org.au

Postal address:

Privacy Officer
Healthdirect Australia
PO Box K411
Haymarket NSW 1240
Australia

Scope of and updates to this Privacy Policy

From time to time, we will update this Privacy Policy. The current version is always displayed on our website and supersedes previous versions.

Need more information?

Visit our privacy hub or read these frequently asked questions (FAQs).

healthdirect australia logo

Proudly supported by our Government partners.

Quick links
CareersContact usTerms of usePrivacyPublicationsStakeholder reporting login

Follow us

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Healthdirect Australia acknowledges the Traditional Owners of Country throughout Australia and their continuing connection to land, sea and community. We pay our respects to the Traditional Owners and to Elders both past and present.

© 2026 Healthdirect Australia Limited