Privacy Policy

Information We Collect

Personal Information

We may collect the following types of personal information:

• Contact Information: Name, address, phone number, email address
• NDIS Information: NDIS participant number, plan details, funding information
• Health Information: Disability information, support needs, medical reports, assessments
• Support Information: Goals, preferences, family/carer details
• Service Information: Support plans, progress notes, incident reports
• Financial Information: Payment details, invoicing information
• Emergency Contacts: Details of nominated emergency contacts

Website Information

When you visit our website, we automatically collect:

• IP address and browser type
• Pages visited and time spent on site
• Referring website information
• Device and operating system information
• Cookies and similar technologies (see our Cookie section below)

How We Collect Information

We collect personal information through:

• Direct Collection: Forms, applications, consultations, phone calls, emails
• NDIS Referrals: Information provided by NDIS, support coordinators, or other providers
• Family/Carers: Information provided by authorized representatives
• Healthcare Providers: Medical reports, assessments, and recommendations
• Government Agencies: NDIS, Centrelink, or other relevant agencies
• Website Interactions: Contact forms, enquiry submissions, newsletter signups
• Third-Party Systems: NDIS portal, plan management systems

How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

• Providing NDIS disability support services
• Developing and implementing support plans
• Coordinating services with other providers
• Managing appointments and scheduling
• Monitoring progress and outcomes
• Ensuring safety and risk management

Administrative Purposes

• Processing applications and referrals
• Billing and payment processing
• Maintaining accurate records
• Quality assurance and improvement
• Compliance with legal and regulatory requirements
• Incident reporting and management

Communication

• Responding to enquiries and providing information
• Sending service updates and notifications
• Newsletter and educational content (with consent)
• Emergency communications

How We Share Information

We may share your personal information with:

With Your Consent

• Other NDIS service providers involved in your care
• Healthcare professionals (doctors, therapists, specialists)
• Family members or carers you have authorized
• Support coordinators or plan managers

Legal Requirements

• NDIS Quality and Safeguards Commission: For compliance, complaints, or incidents
• Government Agencies: When required by law or court order
• Emergency Services: In cases of immediate risk to health or safety
• Child Protection: When mandatory reporting obligations apply

Service Providers

• IT support and data storage providers (with strict confidentiality agreements)
• Accounting and legal service providers
• Quality assurance auditors
• Insurance providers (when necessary for claims)

Important: We never sell your personal information to third parties for marketing purposes.

How We Protect Your Information

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

• Secure, encrypted data storage systems
• SSL encryption for all website communications
• Regular security updates and patches
• Secure backup systems with encryption
• Multi-factor authentication for staff access
• Regular security audits and penetration testing

Physical Safeguards

• Locked filing cabinets for paper records
• Secure office premises with access controls
• Clean desk policy for confidential information
• Secure disposal of confidential documents

Administrative Safeguards

• Staff privacy and confidentiality training
• Access controls based on job requirements
• Regular policy reviews and updates
• Incident response procedures
• Background checks for all staff

Your Privacy Rights

Under Australian Privacy Laws, you have the following rights:

How to Exercise Your Rights

To exercise your privacy rights, contact us using the details in the Contact section below. We will:

• Respond to your request within 30 days
• Verify your identity before providing access
• Provide information in an accessible format
• Explain any limitations or restrictions

Note: Some requests may be subject to exceptions under privacy laws, particularly where they would interfere with law enforcement or pose risks to health and safety.

Data Retention

We retain your personal information for different periods depending on the type of information and legal requirements:

After retention periods expire, we securely destroy or anonymize information in accordance with Australian Privacy Principles.

Cookies and Website Technologies

Our website uses cookies and similar technologies to improve your browsing experience:

Types of Cookies We Use

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand website usage and improve performance
• Functional Cookies: Remember your preferences and settings
• Security Cookies: Protect against fraudulent activity

Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. For more information about cookies and how to manage them, visit aboutcookies.org.

Third-Party Services

Our website may contain links to third-party websites or use third-party services. This Privacy Policy does not apply to these external services.

Third-Party Services We Use

• Google Fonts: Typography services (subject to Google Privacy Policy)
• Form Processing: Secure form submission services
• Analytics: Website performance monitoring (anonymized data)

We recommend reviewing the privacy policies of any third-party websites you visit.

Children and Young People

We provide services to children and young people under 18 years of age. Special considerations apply:

• Parental Consent: We obtain consent from parents/guardians for children under 16
• Mature Minors: Young people aged 16-17 may provide their own consent for some services
• Best Interests: All decisions consider the child's best interests and wellbeing
• Child Protection: We comply with mandatory reporting requirements
• Access Rights: Both young people and parents may have access rights to information

Our approach to children's privacy balances their developing autonomy with appropriate protection and parental involvement.

Overseas Disclosure

We generally keep your personal information within Australia. However, some information may be disclosed overseas in limited circumstances:

• Cloud Storage: Some data may be stored on servers located overseas (with equivalent privacy protections)
• IT Support: Some technical support services may be provided from overseas
• Emergency Situations: If you travel overseas and require emergency support

Any overseas disclosure will comply with Australian Privacy Principles and include appropriate safeguards to protect your information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

• Australian privacy laws and regulations
• NDIS requirements and standards
• Our services and business practices
• Technology and security measures

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have provided your email address
• Post a notice on our website homepage
• Provide at least 30 days' notice of material changes

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact us: