How we collect, store, protect, and manage your personal information.
We are committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, how we store and protect it, and your rights in relation to that information. This policy applies to all participants, families, support coordinators, and workers whose information we hold.
We collect personal information that is necessary to deliver NDIS supports to you. This includes your name, contact details, date of birth, NDIS number, support plan details, health and medical information relevant to your supports, emergency contact details, and cultural and communication preferences. We collect this information directly from you, your nominee, or your support coordinator. We do not collect more information than we need.
We collect your personal information to deliver the supports in your NDIS plan, to communicate with you and your support team, to meet our obligations as a registered NDIS provider, to investigate complaints or incidents, and to improve the quality of our services. We do not collect your information for marketing purposes.
Your information is stored in a secure, password-protected system hosted on Australian servers. Access is restricted to staff who need it to deliver your supports. Paper records are stored in locked cabinets. We train all staff on their privacy obligations before they begin working with participants. We conduct regular reviews of our information security practices.
We do not share your personal information without your consent, except where we are required to by law. We may share information with other members of your support team — such as your support coordinator or allied health providers — with your consent. We may be required to share information with the NDIS Quality and Safeguards Commission in the event of a reportable incident. We will always tell you when this occurs unless we are legally prevented from doing so.
We retain participant records for a minimum of seven years after the last service delivery, or until you turn 25 years of age if you were a minor when you received supports — whichever is later. After this period, records are securely destroyed. Financial records are retained for seven years as required by Australian tax law.
You have the right to access the personal information we hold about you at any time. You have the right to ask us to correct information that is inaccurate. You have the right to make a privacy complaint — to us directly, or to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
If you have a question about this policy or want to access your information, contact us by phone at 1800 227 337, by email at hello@carefirst.com.au, or in writing to 123 Care Street, Campbelltown NSW 2560. We will respond within five business days.
Legal basis: Privacy Act 1988 (Cth), Australian Privacy Principles. NDIS Practice Standards v4, Outcome 1.3 — Privacy and Dignity.