Privacy Policy

Effective date: [Insert date]
Business name: AES Healthcare / [Insert legal entity name]
Contact email: [Insert email]
Contact phone: [Insert phone]
Contact address: [Insert address, if used]

1. Purpose

This Privacy Policy explains how AES Healthcare collects, holds, uses, discloses and protects personal information when you use our website, create a portal account, submit information, upload documents, communicate with us, or otherwise interact with us.

AES Healthcare uses online systems, including Softr, Airtable and Make, to manage portal access, user information, document collection, onboarding, compliance review, workflows, automation and related administration.

2. What information we collect

We may collect personal information including:

  • Name

  • Email address

  • Phone number

  • Address

  • Account login and portal access information

  • Australian Business Number (ABN), where relevant

  • Information submitted through online forms

  • Bank account name, BSB and account number

  • Compliance documents, including qualifications, certificates, training records, insurance records, police checks, screening documents, vaccination records, resumes and related records

  • Identity documents submitted for identity verification

  • Document dates, such as expiry dates, issue dates or dates received

  • Communications with us

  • Technical information such as IP address, browser type, device information, portal activity, security logs and form-submission information

Some information we collect may be sensitive information, depending on the document or record provided. This may include information contained in police checks, screening checks, health or vaccination records, identity documents, or other compliance material.

We do not currently request tax file numbers through the portal.

3. How we collect information

We may collect personal information:

  • Directly from you when you create an account, complete forms, upload documents, update your profile, or contact us

  • Through the AES Healthcare portal

  • Through our website

  • From documents you submit

  • From third-party service providers that help us operate our website, portal, database, forms, security features, workflows, automation or related systems

  • From referees, training providers, screening bodies, clients, coordinators or other parties where you authorise this or where it is reasonably necessary for onboarding, compliance or administration

4. Why we collect and use information

We collect, hold, use and disclose personal information for purposes including:

  • Creating and managing portal accounts

  • Confirming user identity

  • Managing onboarding

  • Reviewing compliance documents

  • Assessing whether required documents have been submitted

  • Sighting, verifying and deleting identity documents

  • Maintaining a record that identity verification has occurred

  • Recording ABN details where relevant for onboarding, administration, payment, invoicing or related business purposes

  • Administering payment details

  • Communicating with you about your account, documents, onboarding, compliance status or related matters

  • Supporting matching, coordination, administration or service-related processes

  • Managing workflows, reminders, records and administrative automations

  • Maintaining records for business, legal, compliance, insurance and audit purposes

  • Protecting the security and integrity of our website, portal and systems

  • Complying with legal, regulatory, contractual, insurance or safety obligations

We do not sell personal information.

5. Identity documents

Where identity documents are required, AES Healthcare uses a sight, verify and delete process.

This means identity documents may be temporarily collected or uploaded for verification. Once the relevant document has been sighted and the identity check has been completed, the uploaded copy will be deleted unless we identify a specific lawful reason to retain it.

We may retain a limited verification record, such as:

  • The user linked to the check

  • The type of identity document sighted

  • The points value attributed to the document

  • Whether the document was sighted

  • Whether the uploaded copy was deleted

  • The date of verification

  • Relevant internal notes

This process is intended to reduce unnecessary storage of identity documents.

6. Compliance documents

Compliance documents may be collected and stored where reasonably necessary for onboarding, administration, compliance review, audit, safety, insurance, or related business purposes.

Examples may include:

  • Education or qualification records

  • CPR certificates

  • First aid certificates

  • Police checks

  • NDIS worker screening checks

  • Insurance documents

  • Vaccination records

  • Resumes

  • Other documents reasonably required for onboarding or compliance review

Some compliance documents may include expiry dates, issue dates or dates received. You are responsible for ensuring the information and documents you provide are accurate, current and complete.

7. Payment and business details

We may collect payment and business details such as:

  • Account name

  • BSB

  • Account number

  • Australian Business Number (ABN), where relevant

These details are collected for payment administration, onboarding, invoicing, record keeping and related business purposes. We do not ask for tax file numbers through the portal.

8. Technology providers

We may use third-party technology providers to operate our website, portal, forms, database, security features, address autocomplete, document upload processes, workflow automation and related administration.

These providers may include:

  • Softr

  • Airtable

  • Make

  • Google Maps / Google Places

  • Google reCAPTCHA

  • Email, hosting, storage, analytics, automation or security service providers

These providers may collect, store or process information on our behalf.

9. Disclosure of information

We may disclose personal information to:

  • Technology service providers that help operate our website, portal, database, forms, hosting, communications, storage, automation or security systems

  • Professional advisers, insurers, auditors and consultants

  • Clients, coordinators, independent care professionals or related service participants where reasonably necessary for onboarding, coordination, compliance or administration

  • Screening, verification, training, regulatory or government bodies where required or authorised

  • Courts, tribunals, regulators, law enforcement agencies or other authorities where required or authorised by law

We will only disclose personal information where reasonably necessary for the purposes described in this policy, where you have consented, or where required or authorised by law.

10. Overseas disclosure and cloud storage

Some of our technology providers may store or process information outside Australia.

Where personal information is disclosed to an overseas recipient, we will take reasonable steps required by applicable privacy laws to ensure appropriate handling of that information.

11. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

These steps may include:

  • Restricting access to information

  • Using password-protected systems

  • Limiting access to administrative users

  • Using cloud service providers with security controls

  • Deleting identity documents after sighting and verification where they are no longer needed

  • Maintaining separate records for general user information, compliance documents, payment details and identity verification

No online system, transmission method or cloud platform can be guaranteed to be completely secure.

12. Retention and deletion

We retain personal information for as long as reasonably necessary for the purposes described in this policy, or as required or permitted by law.

Identity documents collected for verification will generally be deleted after they have been sighted and verified, unless there is a specific lawful reason to retain them.

Compliance, payment, business and account records may be retained for as long as reasonably necessary for onboarding, administration, payment, audit, compliance, insurance, dispute resolution, safety, or legal purposes.

When personal information is no longer needed and we are not required or permitted to retain it, we will take reasonable steps to destroy or de-identify it.

13. Access and correction

You may request access to the personal information we hold about you.

You may also request correction if you believe the information is inaccurate, out of date, incomplete, irrelevant or misleading.

To request access or correction, contact us using the details at the end of this policy.

14. Complaints

If you have a privacy complaint, please contact us in writing using the details below.

We will consider your complaint and respond within a reasonable period.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

15. Cookies, analytics and security tools

Our website and portal may use cookies, analytics tools, security tools and related technologies to:

  • Operate the website and portal

  • Maintain login sessions

  • Protect forms from spam or abuse

  • Support address autocomplete

  • Understand website or portal usage

  • Improve functionality and reliability

This may involve services such as Google Maps, Google reCAPTCHA, Make or other technology providers.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be made available on our website or portal.

17. Contact

For privacy enquiries, access requests, correction requests or complaints, contact:

AES Healthcare / [Insert legal entity name]
Email: [Insert email]
Phone: [Insert phone]
Address: [Insert address]