VendorLink Credentialing Pty Ltd Privacy Policy

1. Policy scope and updates

VendorLink Credentialing Pty Ltd trading as AirVendor ('AirVendor', 'we', 'us', 'our') is committed to protecting the privacy of individuals with whom it deals and it handles personal information it collects and holds in accordance with these privacy laws:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in the Privacy Act; and
  • the Health Records Act 2001 (Vic) and the Health Privacy Principles (HPPs) set out in the Health Records Act.

AirVendor provides services through its website and mobile app platform to identify, evaluate, and vet the credentials of employees and sub-contractors of service providers (vendors) who attend and engage in work at healthcare facilities (vendor representatives).  This Privacy Policy explains:

What types of personal information we collect and hold?

How do we collect your personal information?

Our use of cookies

Can you choose to remain anonymous or use a pseudonym when dealing with us?

Why do we collect and use your personal information?

Who do we disclose your personal information to, including overseas?

How do we hold and keep your personal information secure?

How can you seek access to and correction of your personal information?

How can you make a privacy complaint?

How do you contact AirVendor?

We may amend or update this Privacy Policy from time to time if our practices or legal requirements change. The latest version of this Policy will appear on AirVendor's website at, AirVendor's web app and AirVendor's mobile app.

This Policy does not apply to the information contained in AirVendor employee records or to the information handling practices of any other AirVendor entities.

2. What types of personal information do we collect and hold?

The types of personal information AirVendor collects about you depends upon who you are, the nature of our relationship with you and your dealings with us. In the course of its operations and providing its services, AirVendor generally collects personal information from vendor representatives and staff at healthcare facilities with whom it deals and who access its databases.

Personal information is any information or opinion we collect and hold about an identified individual, or an individual who is reasonably identifiable to us and includes sensitive information such as information about your health, race or ethnic origin, membership of a professional or trade organisation and criminal record. We will only collect sensitive information about you with your consent (which may be expressed or inferred from your conduct) unless otherwise required or authorised by law.

If you are a vendor representative you need to complete an online registration form to set up a user account on our platform and the personal information we may collect about you could include (depending upon the specific healthcare facilities request):

  • your personal and professional contact details (such as title, name, employer, phone number, mobile phone number, email address).
  • your training and education records
  • the healthcare facilities you visit, who you see there and the date and time of each visit
  • evidence of your employment with a vendor
  • government related identifiers (including your driver’s licence, visa and residency information)
  • information about a complaint or any feedback you submit
  • your online user account password and login details
  • your GPS location
  • your API token
  • your health information such as immunisation certificates or evidence thereof
  • results of working with children checks and police checks
  • other sensitive information about you that a healthcare facility may request for credentialing purposes
  • details of payments you make: we do not collect your credit card details as payments are processed by a third-party service provider

If you are a member of staff at healthcare facility the personal information we collect about you may include your name, employer, title and contact details, your password and login details for access to our database.

If you apply for a job with us, the personal information we collect about you may include your name, and contact details, employment and professional history and education, references.

3. How do we collect your personal information?

Wherever possible, we will collect your personal information directly from you, such as when you register for a user account with us, when you contact us or, apply for a job with us. However, we may also collect personal information about you from others such as:

  • a healthcare facility you may visit
  • a government agency to verify certain credential requirements; and
  • job referees if we are deciding to offer you a job

4. Our use of cookies

Information about your visit (session and log in) to our website will be automatically collected through the use of cookies, unless cookies are disabled, and by viewing our website you accept the use of cookies. A cookie is a small piece of data shared between a web server and a user's browser that the website uses to give the server information about a user's identity and website visiting patterns and preferences.  We cannot identify you individually through cookies.

The use of cookies is standard and most websites use them. Most internet browsers are pre-set to accept cookies. If you prefer not to receive cookies, you can adjust your internet browser to refuse cookies or to warn you when cookies are being used.  However, if you disable cookies, this may affect the functionality of our website for you.

5. Can you choose to remain anonymous or use a pseudonym when dealing with us?

You may elect not to identify yourself or you may use a pseudonym in your dealings with us, except where it is impracticable or would be unlawful for us to deal with you on this basis.

It will not always be possible for AirVendor to interact with you anonymously.  This includes if you are a vendor representative as you will need to be verified and registered with us and can be identified via you API token.

6. Why do we collect and use your personal information?

AirVendor collects personal information to carry out its operations and provides its services, including to:

  • provide our services to healthcare facilities through our website and mobile app platform
  • identify, evaluate, and verify the vendor representatives for healthcare facilities
  • allow healthcare facilities to monitor vendor visits and to impose and enforce credential requirements to enable access to their facilities;
  • process job applications

 We do not currently use or disclose your personal information for direct marketing purposes.

7. Who do we disclose your personal information to, including overseas?

AirVendor may disclose your personal information (including, in certain limited circumstances, your sensitive information) to:

  • healthcare facilities we provide our services to confirm your credentialing status
  • our third-party service providers, agents and contractors who provide financial, legal, administrative or other services in connection with the operation of AirVendor's business, including, emailing, credit card payment processor, software developers, IT maintenance providers and lawyers
  • our related companies and affiliates

AirVendor does not disclose personal information it collects overseas. It uses web services of Amazon to support its platform whose servers are located in Australia.

8. How do we hold and keep your personal information secure?

AirVendor holds your personal information in electronic files on its platform and databases. We may combine personal information we receive about you with other information we hold about you.  This includes information received from third parties.

AirVendor takes all reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss, and unauthorised access, modification or disclosure through various methods, including password and authorisation protection, secure storage, SSL certificates and data encryption.

When your personal information is held or accessed by a third-party provider, such as a webservice or email provider we require them to keep it secure and only use or disclose it for the purpose for which it was provided.

If your account expires and you cease to be a registered user, your details will remain in our database and you will be unable to log in. Users details are stored securely and will not be used for any marketing purposes.

Please contact us immediately if you believe that there has been any unauthorised access, modification, interference or disclosure of your personal information that we may hold.

9. How can you seek access to and correction of your personal information including deletion?

You may request access to or correction of your personal information by writing to us or contacting us at any time at the details below. You will not be charged for making a request.

We will need to verify your identity before we can correct it or give you access.  We will promptly acknowledge receipt, and we will endeavour to respond to your request within a reasonable time.

Vendor representatives can at any time access their personal information held on our application platform through their user account provided that they have paid their annual credentialing fee. We may charge you a fee to provide you with your information not held on the application platform to cover our administrative costs which we will advise you of when you make your request.

AirVendor may refuse access to some or all of your personal information if required or permitted by law, such as where providing access would have an unreasonable impact upon the privacy of other individuals or would reveal commercially sensitive information.  If we do, we will explain in writing why and how to complain if you are not satisfied with our decision.

It is the responsibility of vendor representatives to keep their account details up to date. They may do this by logging into their account at any time and updating their facility credential data or other personal details under the "your settings" section. If a vendor representative's account has lapsed or become inactive we will send email alerts to them at least 45 days before their credentials are to expire.

You may also ask us to correct any of your personal information you believe is inaccurate, incomplete, out-of-date or irrelevant.  We will take reasonable steps to correct it unless we disagree with your reasons.  If we refuse your request we will explain why in writing and how to complain if you are not satisfied with our decision. You can also ask us to associate a statement about your request with the information.

Data Deletion Policy - if you would like us to delete your data, documentation and personal information held within our servers we will need this request in writing and will respond and confirm the request in writing as well.

10. How do you make a privacy complaint?

If you believe that AirVendor has handled your personal information inconsistently with this Policy or its privacy obligations, you can make a complaint using the contact details below or the contact form on our website.

We will acknowledge receipt of your complaint promptly and may need to verify your identity and ask you to provide further information to enable us to investigate your complaint.

We will investigate your complaint and notify you of our decision and offer any resolution that we consider appropriate within a reasonable time.

If you are not satisfied with our resolution of your complaint, you can contact the Office of the Australian Information Commissioner at:

GPO Box 5218 Sydney NSW 2001

Telephone: 1300 363 992


11. How do you contact AirVendor?

If you have any questions or comments about this Privacy Policy or wish to request access to or correction of your personal information or you wish to make a complaint, please contact:

Privacy Officer