Privacy Policy
Effective Date: [to be confirmed on finalisation] | Last Reviewed: 22 June 2026 | Version: 3.0 (draft) | Entity: TheatreLink Pty Ltd (ABN 16 697 444 349)
At a glance
This Privacy Policy explains how TheatreLink Pty Ltd collects, uses, discloses, stores, and protects personal information and health information when you (or your hospital) use the TheatreLink platform.
TheatreLink Pty Ltd ABN 16 697 444 349 (“TheatreLink”, “we”, “us”, “our”) is committed to protecting the privacy of personal and health information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable legislation. This policy explains how we collect, use, store, and disclose personal information, including health information and health records, through our operating theatre management platform.
We take our privacy obligations seriously. We may change this Privacy Policy from time to time by posting an updated version on our website. The “Last Reviewed” date above indicates when this policy was last updated. We encourage you to check the policy regularly so you are aware of our most current practices.
1. About TheatreLink
TheatreLink is an Australian operating theatre scheduling, coordination, and admissions platform designed for hospitals, surgeons, anaesthetists, practice managers, theatre managers, and admissions officers. The platform facilitates theatre bookings, session scheduling, equipment coordination, workforce management, and — for hospitals that have enabled the optional Admissions & Consent module — digital patient admissions and procedure consent workflows.
TheatreLink is not an electronic health record (EHR) system, is not a system of record for clinical care, and does not participate in or connect to the Australian Government’s My Health Record system. The hospital’s patient administration system (PAS) remains the source of truth for patient care records. TheatreLink captures booking and admissions data at the point of origin and supports the hospital’s existing workflows.
2. Information We Collect
The types of information we may collect include:
Account information
- Identifying details and contact information, such as full name, email address, and mobile phone number
- Professional role (e.g. surgeon, anaesthetist, theatre manager, practice manager, admissions officer)
- AHPRA registration number (for practitioner verification purposes only)
- Hospital affiliations and departmental associations
Authentication and security data
- Hashed passwords (never stored in plaintext)
- Multi-factor authentication (MFA) secrets
- WebAuthn / biometric credential identifiers
- Device trust tokens
- Login timestamps and session data
Operational data
- Theatre booking details (procedure descriptions, scheduling, equipment requirements)
- Session and roster information
- Uploaded accreditation documents
- Communication preferences and notification settings
- Records of communications we may have with you
- Audit logs of significant actions performed by users in the platform
Patient personal and health information (where applicable)
Where a hospital has enabled the Admissions & Consent module, or where the “Allow Confidential Patient Information” setting has been activated, TheatreLink may collect and process the following categories of patient information on behalf of the hospital:
- Demographic details: patient name, date of birth, residential address, suburb, state, postcode, mobile phone, email
- Identifiers: hospital-issued Medical Record Number (MRN), Medicare number and (where applicable) the Individual Reference Number (IRN), and private-health-fund member number
- Clinical information collected via the admissions booklet: medical history, current medications, allergies, anaesthetic history, social history (smoking, alcohol, occupation), and similar information requested by the hospital’s admission template
- Family / next of kin: name, relationship, contact number
- Procedure consent artifacts: typed name, canvas-drawn signature, ticked checkbox responses, witness details where required, and the resulting signed consent PDF
- Audit and integrity metadata: IP address, browser user agent, device fingerprint hash, and RFC 3161 timestamp tokens collected solely to evidence the validity of the signing event
Cookies, analytics, and technical information
When you visit our website or use the platform, we may automatically collect technical information including your IP address, geo-location information (at the country / state level), device identity and type, browser type and version, operating system, page-view statistics, referring URLs, and standard web log information.
We use cookies and similar tracking technologies on our website and within the authenticated platform to keep you signed in, remember your preferences, secure your session, and understand aggregated usage. Cookies are small files that store information on your device. Strictly necessary cookies (for authentication and security) cannot be disabled without affecting platform functionality. You can disable other cookies through your web browser settings; doing so may affect your experience.
Where we use third-party analytics, those services are configured to exclude identifiable patient information from analytics payloads. We do not use re-identification, advertising, or behavioural tracking cookies.
3. How We Collect Information
We may collect personal information either directly from you or, where appropriate, from third parties (such as your hospital administrator, or a Verification Service used to verify your professional registration), including where you:
- Register for a TheatreLink account (or are registered by your hospital administrator)
- Update your profile or account settings
- Upload documents (e.g. accreditation certificates)
- Create or modify theatre bookings and sessions
- Contact us via our website, email, telephone, or support channels
- Interact with our website (including via cookies and similar technologies)
We do not collect personal information from third parties for marketing or profiling purposes.
4. How We Use Your Information
We use personal information for the following purposes:
- Platform operation. Managing user accounts, authenticating access, and providing the theatre scheduling service.
- Communication. Sending booking confirmations, session notifications, schedule changes, and system alerts via email and SMS.
- Security. Monitoring for unauthorised access, enforcing rate limits, and maintaining audit logs.
- Professional verification. Verifying practitioner credentials using AHPRA registration numbers.
- Admissions & Consent (where the module is enabled by a hospital). Receiving completed patient admissions booklets, producing the resulting PDF artifact for the hospital’s admissions officer, capturing patient (and where required, witness) procedure consent, and producing the signed consent envelope.
- Audit and integrity. Producing tamper-evident hash-chained audit trails of admissions and consent events, anchored quarterly to an external RFC 3161 timestamp authority.
- Platform improvement. Analysing aggregated, de-identified usage data to improve platform features and performance. Patient health information is excluded from analytics payloads.
- Legal compliance. Meeting obligations under the Privacy Act 1988, applicable state-based health record and privacy legislation, and other applicable laws.
Direct marketing
We do not currently use personal information for direct marketing. All communications you receive from us are operational and directly related to your use of the platform. If we ever introduce optional product update or research-invitation communications, we will rely on consent (or another lawful basis under applicable law) and will provide a clear opt-out facility (e.g. an unsubscribe link or in-product setting).
5. Disclosure of Information
We do not sell, rent, or trade personal information. We may disclose personal information in the following limited circumstances:
- Within your hospital network. Theatre managers can see booking details for their hospital. Surgeons and practice managers can see their own bookings and relevant scheduling information.
- Service providers. We use trusted third-party services to operate the platform (see Section 7 — Cross-Border Disclosure).
- Legal requirements. Where required or authorised by Australian law, a court order, or to prevent a serious threat to life, health, or safety.
Access within the platform is controlled by role-based access controls — users can only view information relevant to their role and hospital affiliation.
6. How We Hold Your Information
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access or disclosure. Our security measures include various measures depending on the relevant system and information, including encryption, audit trails, access controls, multi-factor authentication and monitoring as appropriate.
7. Cross-Border Disclosure & Third-Party Services
TheatreLink uses the following third-party service providers to operate the platform. Some of these providers may process your personal information outside of Australia:
| Service | Purpose | Data Location |
|---|---|---|
| Vercel | Application hosting and deployment | Sydney, Australia |
| Neon (PostgreSQL) | Primary database | Sydney, Australia |
| Vercel Blob | Encrypted document storage | Sydney, Australia |
| Resend | Transactional email delivery | United States |
| Twilio | SMS notifications | United States |
| Pusher | Real-time WebSocket connections | Sydney, Australia |
| Sentry | Error monitoring (PII scrubbed) | United States |
| Anthropic | AI-powered document parsing | United States |
| Stripe | Subscription billing | Australia and United States |
Where your personal information is processed overseas, we take reasonable steps to ensure the recipient handles information in accordance with the APPs and other applicable law. All connections to third-party services use encrypted channels. We do not disclose identifiable patient information to any third party except as expressly described in this policy.
8. Government Identifiers
TheatreLink collects the following government-related identifiers:
- AHPRA registration numbers for the sole purpose of verifying healthcare practitioner credentials.
- Medicare numbers (and the Individual Reference Number where applicable) where the Admissions & Consent module is enabled, for the purpose of identifying the patient in connection with their admission and procedure, and to enable the hospital to fulfil its obligations to Medicare Australia, a private health fund, or the relevant State health authority in connection with the patient’s admission, procedure, and any associated claim.
- In accordance with applicable laws, we do not adopt any government-related identifier (including Medicare number, AHPRA number, or any future Individual Healthcare Identifier) as our own identifier of an individual. Internal database keys are TheatreLink-generated and are independent of any government-related identifier.
- We use government-related identifiers only for the limited purposes described above, and otherwise as permitted by applicable law.
- We do not disclose Medicare numbers or AHPRA numbers to other Users except where directly relevant to the workflow (for example, where the hospital’s admissions officer or theatre coordinator is viewing the patient’s admission record or processing a related claim).
- We do not currently collect Individual Healthcare Identifiers (IHI). If we introduce IHI handling in future via the hospital’s PAS integration, we will update this policy and rely on lawful authority under the Healthcare Identifiers Act 2010 (Cth) and patient consent.
9. Data Quality & Retention
We take reasonable steps to ensure personal information is accurate, up-to-date, and complete. Users can update their profile information at any time through their account settings. Where the Admissions & Consent module is in use, the patient enters their own demographic and medical history information directly; the hospital’s admissions officer is responsible for verifying and, where necessary, correcting that information at the time of admission.
We retain personal information for as long as it is needed for the purposes described in this policy or as required by law.
10. Accessing Your Information
You have the right to request access to the personal information we hold about you. You can:
- Self-service. View and update your profile information, notification preferences, and uploaded documents through your TheatreLink account.
- Formal request. Submit a written request to our Privacy Officer to receive a copy of all personal information held about you. We may need to verify your identity before providing access.
If you are a patient seeking access to admissions or consent information held about you, the hospital where you received care is the primary point of contact and the data custodian for those records. We will support the hospital’s response to your request. You may also contact our Privacy Officer directly using the details below.
We will respond to access requests within a reasonable timeframe (usually 30 days, or within such time required by applicable law). In limited circumstances, we may refuse access where permitted by applicable law (for example, where providing access would unreasonably impact the privacy of other individuals). Where this occurs, we will explain why.
11. Correcting Your Information
If you believe any personal information we hold about you is inaccurate, out-of-date, incomplete, or misleading, you may:
- Update your own profile details through your account settings
- Contact your hospital administrator to correct booking or scheduling records
- Submit a formal correction request to our Privacy Officer
If we correct information that was previously disclosed to a third party, we will take reasonable steps to notify them of the correction.
12. Anonymity & Pseudonymity
Under the Privacy Act and equivalent state-based legislation, individuals have the right to deal with organisations anonymously or using a pseudonym where practicable. Due to the nature of TheatreLink as a healthcare coordination platform, identification is required for:
- Patient safety and clinical accountability in surgical scheduling, admissions, and consent
- Professional credential verification (AHPRA)
- Hospital access control and accreditation compliance
- The legal validity of an electronically-signed procedure consent under the Electronic Transactions Act 1999 (Cth) and equivalent laws
13. Complaints
If you believe we have breached the Australian Privacy Principles, applicable Health Privacy Principles or otherwise handled your information inappropriately, you may lodge a complaint with us using the contact details set out below.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
Alternatively, in some instances, you may lodge a complaint with the following regulatory bodies:
- Victorian Health Services Commissioner — Phone: 1300 582 113
- Information and Privacy Commission (NSW) — Email: ipcinfo@ipc.nsw.gov.au; Phone: 1800 472 679
14. Links to Other Websites
Our website and platform may contain links to other websites and services operated by third parties. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.
15. Contact Us
If you have any questions about this Privacy Policy, wish to make an access or correction request, or want to lodge a complaint, please contact:
Privacy Officer
TheatreLink Pty Ltd
ABN 16 697 444 349
ACN 697 444 349
Email: privacy@theatrelink.com.au
Website: www.theatrelink.com.au
theatrelink.com.au | support@theatrelink.com.au