Privacy Policy
privacy policy
- About You Consulting Pty Ltd (ACN: 73642379520) are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services
- we are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements
- we provide all individuals with access to information about the privacy of their personal information
- each individual has the right to opt out of consenting to and providing their personal details if they wish
- individuals have the right to request access to their personal records by requesting this with their contact person
- where we are required to report to government funding bodies, information provided is non-identifiable and related to services and support hours provided, age, disability, language, and nationality
- personal information will only be used by us and will not be shared outside the organisation without your permission unless required by law (e.g. reporting assault, abuse, neglect, or where a court order is issued)
- images or video footage of participants will not be used without their consent
- participants have the option of being involved in external NDIS audits if they wish.
Security of information
- we take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.
- personal information is accessible to the participant and is able for use by relevant workers
- security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access
- personal information no longer required is securely destroyed or de-identified.
what kinds of personal information we may collect and store
- Name, address, date of birth, gender, and contact information (phone, email), NDIS number
- Details about the participant’s disability, including medical or psychological reports, assessments, and diagnosis history.
- Information about the participant’s goals, support needs, and service agreements with the provider.
- Medical conditions, medications, healthcare providers, treatment plans, and emergency contacts
- Notes about the services provided, frequency of support, and any progress updates.
- financial reports, and funding management details.
- Any reports related to incidents, complaints, or feedback involving the participant.
how we may collect personal information and where it is stored
- Information would be collected – directly from the participant (in meetings), online forms, emails, phone conversations, from third parties (healthcare providers, family and support networks etc), digital platforms (e.g. surveys)
- Information would be stored in – digital cloud-based systems, paper files. NDIS portal, emails and communication systems
the reasons why we need to collect personal information
- To understand the participant’s disability, support needs, and goals, enabling the provider to design and deliver appropriate services.
- To create participant-centered support documentation
- To meet legal and regulatory requirements.
- To manage NDIS funding.
- To manage risks.
- To track progress and create reports
how we’ll use and disclose personal information
- A provider may use personal information to – deliver agreed supports, develop and manage supports, manage payments, contact participants, meet legal obligations, undertake quality control.
- We can only disclose personal information on an ‘as-needed basis’ and with participant consent for the purposes of key operational activities such as – service delivery, legal compliance and during an emergency.
how you can access your personal information, or ask for a correction
- A provider can give participant access to their information by doing the following steps:
- Receive access request (by phone, email, in person)
- Verify identity
- Explain information to participant, if required.
- Provide access in the post appropriate way e.g. Electronically- by sending the participant a digital copy of their personal information via secure email or a client portal.
- Work with participant to make change/correction.
- Confirm change/correction.
how to lodge a complaint if you think your information has mishandled, and how they’ll handle your complaint
- If you have any queries or complaints about our Privacy Policy please contact us at:
ATTN: Operations Manager
Post: PO Box 7041
Redland Bay, 4165
Email: info@ayc.net.au
Phone: 0412 850 541
- Contacting the NDIS provider directly: the participant can raise their concern directly with the NDIS provider. This can be done verbally (in person or over the phone) or in writing (via email or a formal complaint letter). Most providers will have a complaints process outlined in their privacy policy or service agreement. The participant should clearly describe the nature of the privacy breach or mishandling of their information, including relevant dates, the type of information involved, and how they believe it was mishandled.
- Making a complaint to the NDIS comission: If the participant is not satisfied with the provider’s response or prefers not to raise the issue with them, they can lodge a complaint with the NDIS Quality and Safeguards Commission. The provider must cooperate with the comissios through all stages of investigation related to the complaint.
- Making a complaint to the Office of the Australian Information Commissioner (OAIC): If the complaint relates specifically to the misuse or mishandling of personal information, participants can escalate the issue to the Office of the Australian Information Commissioner (OAIC). This office deals with privacy complaints and breaches under the Privacy Act 1988.
Overseas disclosure
- We do not provide data overseas.