Information we collect
We collect personal information that is reasonably necessary to deliver safe, high‑quality supports and to meet our legal and regulatory obligations. Depending on your relationship with us, this may include your name, date of birth and contact details; NDIS participant number and plan information; health, disability and support needs; emergency contact, family, guardian or nominee details; and information about the supports and services we provide to you. For workers and job applicants, we may also collect employment history, qualifications, references, and screening and clearance information.
How we collect information
We collect personal information in a number of ways. Much of the information we collect is gathered through online forms hosted on Google Forms, including our participant intake forms, feedback and complaints forms, incident report forms, and worker onboarding forms. We also collect information directly from you during phone calls, emails, meetings, and the day‑to‑day delivery of supports, as well as from people you authorise to act on your behalf, such as family members, guardians, nominees, support coordinators or other service providers.
How we use your information
We use personal information to deliver and coordinate your supports, communicate with you and your support network, manage our services, meet our obligations under the NDIS and other laws, respond to incidents and complaints, and continuously improve the quality and safety of our services. We only use information for the purpose for which it was collected, or for a directly related purpose you would reasonably expect, unless you consent to another use or the law requires or permits it.
Systems and third‑party service providers
We use trusted third‑party platforms to operate our business and manage information securely. Personal information collected through Google Forms is stored within Google Workspace, which we use for email, documents and file storage. Our website is hosted on Squarespace, and we use secure, reputable cloud‑based tools to support our day‑to‑day operations. These providers may store data on secure servers located in Australia or overseas, and we take reasonable steps to ensure they handle personal information in line with appropriate privacy and security standards.
Participant confidentiality
We treat all information about the people we support as strictly confidential. Access to participant information is limited to workers who need it to provide or coordinate supports, and our workers are trained in their privacy and confidentiality responsibilities. We will not discuss or share a participant's information with anyone outside their authorised support network unless we have consent or are required or permitted to do so by law.
NDIS obligations
As a provider applying for registration with the NDIS Quality and Safeguards Commission, we handle personal information in line with the NDIS Code of Conduct and the NDIS Practice Standards. This includes meeting our obligations to report certain incidents, to support participants to exercise choice and control over their information, and to keep accurate and secure records relating to the supports we deliver.
Disclosure to third parties
We do not sell personal information. We may disclose personal information to the NDIS Quality and Safeguards Commission or the National Disability Insurance Agency where required; to other support providers, health practitioners or services involved in your care, with your consent; to emergency services where there is a serious threat to a person's life, health or safety; and to our service providers who help us operate our business. We may also disclose information where we are required or authorised to do so by law.
Data security
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include access controls, secure cloud‑based storage, password protection, and limiting access to information on a need‑to‑know basis. While we work hard to safeguard your information, no method of electronic storage or transmission is completely secure.
Accessing and correcting your information
You have the right to ask for access to the personal information we hold about you and to request that we correct it if it is inaccurate, out of date or incomplete. To make a request, please contact us using the details below. We may need to verify your identity before providing access, and we will respond to your request within a reasonable time.
Making a privacy complaint
If you believe we have mishandled your personal information or breached the Australian Privacy Principles, you can make a complaint by contacting us using the details below. We take all privacy complaints seriously and will acknowledge your complaint, investigate it, and respond to you within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on our website, with the date of the most recent update shown at the top of this page.
Contact us
If you have any questions about this Privacy Policy, or would like to access, correct or make a complaint about your personal information, please get in touch:
✉ [email protected]