Privacy Policy

ATLAS Medicorp Pty Limited ABN 15 676 928 233 (Atlas Medicorp, we or us) provides technology-enabled medico-legal support services to clients and specialist practitioners. We facilitate access to independent medico-legal specialists, manage bookings for assessments and examinations, streamline report production through quality assurance, and offer secure, transparent billing and administrative support.

To work with Atlas Medicorp, or to use our platform and services, we will need to collect certain information about you. We understand that some of this information may relate to your health, medical administration or medico-legal matters, and we take the protection of all personal information seriously.

We believe in being transparent about how we handle personal information. This policy sets out how we collect, use, store and protect your personal information, and reflects our commitment to treating your data with care and respect.

1. How we engage with you

The types of personal information we collect, how we collect it, and why we collect, use and disclose it depend on how you interact with us. Our key interactions with individuals include:

Clients: Employees or representatives of our corporate clients (such as insurers, government agencies, scheme agents and law firms) who use our platform to book assessments, access specialist availability, manage medico-legal matters, and track report progress.

Examinees: People who are referred for Independent Medical Examinations, Impairment Assessments or other medico-legal assessments arranged through our platform.

Specialists: Independent medical specialists who work with us, or may work with us, to conduct assessments, examinations and medico-legal reporting, and who rely on our administrative, booking, billing and AI-assisted quality assurance services.

Employees and Contractors: Individuals who are, or may be, employed or engaged by us (including employees and contractors), as well as individuals at organisations that supply or support our business operations, for example, technology providers, administrative service providers and other professional service partners.

2. Your choice

It’s always your choice whether to share personal information with us. Further, where practical and possible (and in accordance with relevant laws), we will allow you to interact with us anonymously or by using a pseudonym.

However, if you choose not to provide certain details or remain anonymous or use a pseudonym, we may not be able to deliver some of our services or communicate with you effectively.

For example, we may be unable to process a booking, coordinate an assessment, generate or quality-assure a medico-legal report, or engage you as a specialist, employee or contractor without the information we require to perform those functions.

If you have any concerns about the information we request, please contact us on the details set out in section 14 of this policy to discuss your options.

3. What personal information we collect

 We aim to collect only what we reasonably need to deliver our services and operate our business. Types of personal information that we may collect about you include:

	*Client*	*Examinee*	*Specialist*	*Our Team*
Identity Data – such as your name, job title, organisation, date of birth (if applicable) or identification details.
Contact Data – such as your email address, phone number and postal address.
Professional & Work History Data – e.g. qualifications, CV information, relevant experience, AHPRA details, licences, employment or engagement history (team only), police and other employment checks.
Assessment & Medical Administration Data – e.g. referral information, appointment details, supporting documentation, assessment outcomes and medico-legal report information
Booking & Case Management Data – e.g. booking details, availability, instructions from clients, report-tracking, communications relating to assessments.
Financial & Billing Data – e.g. bank account details, payment instructions, billing records, payroll information (team only).
Technical & Usage Data – e.g. IP address, device details, login activity, authentication data, platform usage statistics.
Interaction Data – e.g. information provided through forms, documents, enquiries, emails, uploads or other communications.
Marketing & Communication Preferences – such as your preferences for receiving updates, newsletters or promotional communications.

For examinees, specialists and employees and contractors, the above personal information may include sensitive information. Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. We only collect sensitive information where you have provided your consent, or where we are required or authorised to do so under law.

4. How we collect your information

We may collect personal information about you from a range of different sources. These include:

	How we collect directly from you	How we collect indirectly
Clients	When you create an account or log in, make bookings, upload documents, communicate with us by email or phone, use our website or platform (including any technical and usage data captured) or opt in to receive updates, newsletters or marketing communications.	From your employer or organisation, from other authorised users at your organisation, and from service providers that support our identity, billing or technology functions.
Examinees	N/A	From the referring client, from the specialist who conducts your assessment, and from other authorised third parties involved in your matter.
Specialists	When you register with us, provide professional details, submit reports, engage with our quality assurance process, communicate with us by email or phone, or use our website or platform (including any technical and usage data captured).	From clients, from publicly available sources (such as AHPRA registers and professional websites), and from service providers that support our billing, quality assurance or technology systems.
Employees and Contractors	During recruitment and onboarding, and when you provide HR, payroll, qualification or work-history information or use our internal systems (such as email, timesheets or training tools).	From referees and recruitment agencies, from background-check providers (where applicable), from your employer or contracting organisation, and from service providers that support our HR, payroll or IT systems.

5. Why we collect your information

We collect, use and disclose personal information for purposes that are reasonably necessary for our functions and activities. These purposes differ depending on your relationship with us.

Clients

verify your identity and authority to act
set up and manage user accounts
process and manage bookings
communicate about assessments
provide access to our platform
administer billing and payments
respond to enquiries
maintain the security and performance of our systems
send service updates, educational material, newsletters or marketing communications that may be relevant to your organisation, in accordance with your communication preferences

Examinees

arrange and manage assessments
provide necessary assessment information to specialists
support specialists in preparing medico-legal reports
track and administer bookings
communicate about appointments
deliver completed reports to the referring client

Specialists

verify your identity, qualifications and suitability to provide medico-legal services
manage your availability and bookings
support you in preparing assessment reports (including through our quality assurance tools)
facilitate billing and payments
maintain the security and performance of our systems
maintain communication with you including to send information about medico-legal opportunities, service updates, professional development resources or marketing communications, in accordance with your communication preferences

Employees and Contractors

manage recruitment, onboarding and engagement
administer payroll and HR processes
verify qualifications and work history (e.g background checks)
support performance and compliance
manage access to systems and facilities
ensure workplace health and safety
operate our business effectively through internal systems and service providers

Other business purposes

We may also collect, use and disclose personal information for purposes such as:

complying with legal, regulatory, professional and insurance requirements;
responding to communications, complaints, claims or investigations;
conducting audits, quality assurance and business improvement activities; and
maintaining appropriate business and accounting records.

Secondary purposes

We’ll only use or disclose your personal information for a different purpose (other than why we originally collected it) if:

you’ve given your consent, or
the new purpose is related to the original reason we collected it, and you would reasonably expect us to use it in that way.

For sensitive information, we’ll only use or disclose it for a different purpose if:

you’ve given your express consent, or
the new purpose is directly related to the original reason we collected it, and you would reasonably expect us to use it in that way, or
we are required or authorised to do so by law.

6. Who we share your personal information with

We may share your personal information with trusted third parties when it’s necessary to deliver our services, operate our business, or meet legal obligations. This may include:

Clients – we may share assessment outcomes, medico-legal reports and other relevant information with the referring client who engaged us to coordinate the assessment.
Specialists – we may share relevant examinee and booking information with specialists who conduct assessments, and we may share limited client user information where needed to arrange or clarify an assessment.
Our employees, contractors and professional advisers – we share personal information with our employees, contractors and authorised personnel from supplier organisations who help us deliver our services, support our platform, provide administrative and billing functions, or assist with quality assurance.
External service providers – we use a range of third-party providers who assist us with technology, data hosting, artificial intelligence, communications, payment processing, identity verification and background checks, human resources, security and quality assurance. These providers may access personal information only to the extent required to perform their functions for us.
Analytics providers – such as Google Analytics that support our service delivery, always with appropriate safeguards in place.
Government agencies, regulators, courts or law enforcement bodies – Where required or permitted by law, we may disclose personal information to regulators, courts, law-enforcement bodies or other government agencies.
Other third parties – We may share personal information with other parties where you have authorised the disclosure, where it is necessary to manage a claim or assessment, or where it is required to protect the safety, rights or property of individuals or the public.

We do not sell or rent your personal information to anyone. We only disclose it where reasonably necessary to provide our services, manage our operations or comply with our legal obligations.

Disclosure of Personal Information Outside Australia

Some of our trusted service providers may store or process personal information overseas or access personal information from overseas, particularly where we use cloud or analytics platforms to support our operations. These providers are mainly located in the United States of America and Sri Lanka.

When we share information with overseas providers, we take reasonable steps to ensure your information is handled securely and in accordance with this Privacy Policy.

7. You Marketing Choices

We may send marketing or promotional communications to client users and specialists, depending on your communication preferences. You can opt out of receiving these communications at any time by using the unsubscribe link in our emails or by contacting us directly. We do not send marketing communications to examinees.

8. How we store your personal information

We’re committed to keeping your personal information safe.

Your information is primarily stored in the following secure cloud environments:

Microsoft Azure (https://learn.microsoft.com/en-us/microsoft-365/security/?view=o365-worldwide)
Bubble.io (https://bubble.io/security)
AWS (https://aws.amazon.com/security/)

Information on the technical security controls in place for each product are set out at the websites above.

Except for Bubble.io, our systems are hosted on Australian infrastructure. Bubble.io is hosted in the United States of America. No sensitive information is stored or disclosed outside of Australia.

We apply a combination of technical and organisational measures to protect personal information from misuse, interference, unauthorised access, modification, or disclosure. These include:

restricting access to personal information on a need-to-know basis;
monitoring and logging system access;
encryption of data in transit and at rest;
using secure work environments;
identity and access controls (including use of IP address allow listing and Cloudflare)
enforcing strong access controls and endpoint protections; and
reviewing and updating our security practices.

We also maintain secure backups of our data in separate cloud-based systems. Access to backup data is restricted to authorised personnel only, and we apply the same security and confidentiality safeguards that apply to our live systems.

While we take reasonable steps to protect your information, no system or transmission over the internet is completely secure. Once we receive your information, we take active steps to safeguard it.

9. How long we retain your personal information

We keep personal information only for as long as necessary to fulfil the purposes for which it was collected. In most cases, this means retaining it for the duration of your relationship with us and for up to seven years.

We may retain information for longer if required by law, regulation, or a court or government directive.

When personal information is no longer needed and we are not legally required to keep it, we take reasonable steps to securely destroy or de-identify it.

10. How to access and update your personal information

If you would like to see or update the personal information we hold about you, please contact us using the details in section 14 of this policy.

We’ll take reasonable steps to verify your identity and respond within a reasonable timeframe. If we update your information, we can also take steps to notify any third parties we’ve shared the original information with, where appropriate.

If we’re unable to provide access or make the changes you request, we’ll explain why and outline any available options to address your concerns.

11. Privacy and data breaches

If you become aware of, or suspect, any unauthorised access to, misuse of, or loss of personal information in connection with Atlas Medicorp, please contact us immediately.

If we have reasonable grounds to believe that a data breach involving personal information has occurred, we will act promptly. We are committed to protecting your personal information and responding to incidents with transparency and care.  

12. Cookies, Pixels and Tracking Technologies

When you visit our website, we may collect certain information automatically using cookies, pixels, and similar technologies. These tools help us understand how visitors use our site, improve functionality, and deliver relevant content or marketing.

They may collect details such as your browser type, device information, pages viewed, time spent on the site, referring websites, and general location data. This information usually does not identify you personally but may be linked with other details if you’ve interacted with us in other ways.

You can manage or block cookies through your browser settings, although some features of our website may not work properly if you do.

13. Third party websites and content

Our website may contain links to websites operated by third parties. These links are provided for your convenience, but we don’t control and are not responsible for the content, privacy practices, or security of those third-party sites.

We make no representations or warranties about how third parties handle your personal information. If you follow a link to another site, we recommend reviewing that site’s privacy policy before providing any personal information.

14. Questions or complaints

If you have any questions about this Privacy Policy or are concerned about how we’ve handled your personal information, please contact us at:

Privacy Contact

Email: privacy@atlasmedicorp.com

Phone: 03 7038 3838

If you’re making a complaint, please include details of your concern and any supporting information. We may ask for proof of identity to ensure we’re responding to the right person.

We take privacy concerns seriously and aim to acknowledge and respond within 30 days of receiving your complaint.

If you’re not satisfied with our response, you may wish to raise your concern with the Office of the Australian Information Commissioner.

15. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, practices, or business operations. The most current version will always be available on our website.

We encourage you to check our website periodically to stay informed of any updates. If we make a material change to how we handle personal information, we will highlight it on our website or notify you directly where appropriate.

This Policy was last updated on: 12 December 2025