Jon & Jon Consulting Pty Ltd respects and protects the privacy of individuals whose personal information we collect. We only collect information that is reasonably necessary for the proper performance of our activities as a specialist medical recruitment agency.

We do not collect information simply because it may be useful in the future, nor do we collect, use, or disclose personal information for unlawful purposes such as discrimination. If you provide unsolicited personal information that is not required for our services, we will take reasonable steps to delete or de-identify it.

You may choose to remain anonymous or use a pseudonym when dealing with us, where practicable and lawful. We will not use government-related identifiers for identifying you unless required by law.

Commitment to Privacy

The type of information we collect depends on whether you are a candidate, client, or referee.

We may collect:

• Personal details: name, date of birth, gender, contact details, address
• Professional details: qualifications, skills, career history, work preferences, entitlement to work, performance information
• Compliance information: police checks, Working with Children Checks, vaccination and immunisation records, health declarations, AHPRA registration, Medicare provider numbers, visa status (VEVO)
• Workplace details: incidents, feedback, absence records, complaints
• Financial details: bank account information (for payroll), TFN/ABN, tax details
• Client information: hiring authority, role descriptions, team structures, relationship information, financial/credit information
• Referee details: contact information, authority to provide reference, opinions and factual statements about a candidate’s performance

Sensitive information (such as health or criminal history) is only collected with your consent and where necessary for placements, compliance with legislation, or contractual obligations with healthcare providers.

What Information We Collect

We collect information directly from you when you:

• Submit an application, CV, compliance pack, or enquiry
• Communicate with us via phone, email, or in person
• Register on our website or job boards
• Participate in interviews, assessments, or testing

We may also collect information:

• From referees, clients, professional associations, regulatory and registration bodies (including AHPRA and Medicare)
• From immigration and visa checks (VEVO)
• From police and security screening agencies
• From publicly available sources (e.g. LinkedIn, online directories, social media)
• Via electronic means, including our website, ATS/CRM system, emails, or cookies

How We Collect Information

Your personal information will only be used or disclosed for purposes related to medical recruitment and employment services, including:

• Assessing suitability for roles and placements
• Recruitment operations and workforce management
• Compliance with healthcare client requirements
• Verification with AHPRA, Medicare, or other regulatory bodies
• Visa and immigration processes
• Payroll and payment purposes
• Workplace health and safety obligations
• Risk management and insurance
• Client and business relationship management
• Marketing services (where consented or lawful)
• Reporting, analytics, and statutory compliance

We may disclose your information to:

• Hospitals, health services, and medical practices seeking candidates
• Referees, for verification purposes
• Professional and regulatory bodies (e.g. AHPRA, Medicare, state health departments)
• Immigration advisors or lawyers (with consent)
• Contractors and service providers (e.g. IT, legal, screening, marketing)

Some information may be disclosed to overseas recipients where necessary (e.g. immigration or regulatory bodies in New Zealand, UK, Singapore, or other jurisdictions relevant to your placement). In such cases, we take steps to ensure those recipients protect your privacy.

How We Use and Disclose Information

We store personal information in a secure, cloud-based recruitment database (Salesforce). Access is strictly limited to authorised Jon & Jon Consulting staff for recruitment and compliance purposes. Salesforce is protected by password controls, encryption, and other enterprise-level security measures.

We also apply internal safeguards including:

• Staff privacy training
• “Clean desk” and document handling protocols
• Need-to-know access procedures
• Secure shredding of hard copy records
• System monitoring and restricted access after hours

We retain information for as long as necessary to meet legal, contractual, and compliance obligations. For example:

• Financial records are held for seven (7) years under Australian law
• Compliance records (e.g. immunisations, AHPRA registrations, police checks) may be retained longer where required for audit or healthcare client purposes

When no longer required, information is securely destroyed or de-identified.

Information Storage and Security

Direct Marketing

We may use your contact details for direct marketing (email, SMS, phone, or print). You may opt out at any time by contacting us or using the unsubscribe feature provided.



Testimonials or feedback provided to us may be used in marketing with your consent.

You have the right under the Privacy Act 1988 (Cth) and, where relevant, the EU General Data Protection Regulation (GDPR) to:

• Access: Request a copy of your personal information (subject to legal exceptions, such as reference confidentiality).
• Correction: Request that we correct or update information that is inaccurate, incomplete, or outdated.
• Deletion (“Right to be Forgotten”): Request deletion of your personal information, unless we are legally required to retain it.
• Restriction & Objection (GDPR): Request that we limit or stop certain processing activities.
• Data Portability (GDPR): Request transfer of your data in a structured, machine-readable format.

Requests should be made to our Privacy Officer at info@jonandjon.com. We will respond within five (5) business days. If access or correction is refused, we will provide written reasons and information on complaint mechanisms.

Access, Correction, and Deletion

If you believe your privacy has been interfered with, you may lodge a complaint by contacting our Privacy Officer at info@jonandjon.com.

We will:

• Confirm and acknowledge receipt of your complaint
• Investigate and respond within a reasonable timeframe (usually within 30 days)
• Suggest remedies where appropriate
• If unresolved, advise you of your right to refer the matter to the Office of the Australian Information Commissioner (OAIC) or the relevant supervisory authority in the EU.

Complaints

This policy may be updated to reflect changes in law, technology, or business practices. Updated versions will be published on our website.

Changes to this Policy