The App is intended to be used as a tool to help users identify their goals, needs and support requirements, and develop a NDIS draft plan. We therefore collect a broad range of personal information, including health information, about our users.
Information we may collect about you
Personal information generally means any information about an individual from which that person can be identified. It does not include data where the identity has been removed and it is not possible to connect the data to the individual. We may collect and use different kinds of personal information related to our business activities and when it is necessary and relevant to our relationship with you.
Our business functions and activities primarily involve operating the App. If you sign up to use our App, or ask us to provide other products or services (such as plan management services), we may collect the following information about you:
- your name and email address;
- your NDIS number (if applicable);
- information you input into the App, including your individual responses to prompt questions regarding your goals, needs, preferred supports, personal evaluation of progress against goals;
- information about the support and health services you use, and information about your NDIS plan, and any other associated information we need to provide plan management services to you;
- other information and material you provide to us through the App, or that we reasonably need to collect to administer our business, such as contact and billing information including your address and telephone number; and
- data we collect automatically about how you use and interact with the App and our websites.
Some of the above information may include ‘sensitive information’ about you. ‘Sensitive Information’ is a subset of personal information under the Privacy Act and incudes information about your health, ethnic origin, sexual orientation and religious beliefs. We generally only collect sensitive information that you provide to us directly, such as:
- when you enter that information into the App; or
- if we are engaged to provide plan management services, when you provide us with an invoice for health services you have received.
We will only ever handle your sensitive information for the purposes you have given it to us, or otherwise in accordance with the Privacy Act.
How we collect information about you
Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect the personal information you directly give us through some of the following means:
- when you enter personal information directly into the App;
- when you send us invoices from service providers, and provide us with any other personal information required to enable us to provide plan management services for you; and
- when you communicate with us, such as when you contact us by telephone or email, or send an enquiry through our website.
In certain cases we may collect personal information from publicly available sources and third parties, such as from your service providers where we have your permission to do so.
Do I have to provide you with my personal information?
You can deal with us anonymously (without giving us your name and contact details) or by using a pseudonym in some circumstances. If you contact us through social media or other means and ask to remain anonymous, you may do so and we will try to answer your request without seeking identifying details. However, if you choose to deal with us anonymously, there are some things we cannot do. For example, you will not be able to register for an account on our App, or engage us to provide plan management services for you.
To register for an account, and access the features of our App you will need to provide us with certain personal information including your name and email address.
Purpose for handling your personal information
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances. We collect, hold, use and disclose personal information to:
- provide the App and its functionality to you and other users;
- provide you with the goods and services you have purchased from us, and administer our dealing with you, including sending you invoices and receipts;
- communicate with you and provide you with relevant information, including marketing information (unless you have requested not to receive marketing information from us);
- assess your needs and preferences so that we can refer you to relevant products and services;
- improve our service and product offerings, and evaluate trends in self-planning practice;
- comply with legal and regulatory obligations; and
- otherwise manage our business.
We may use your personal information for activities in support of our primary business functions such as processing payments, administration, employment, management, marketing, contracting, IT, legal, and customer support.
Disclosure of personal information to third parties
We may disclose your personal information to the third parties set out below for any of the purposes set out above. The types of third parties with whom we disclose personal information include:
- our service providers, including providers of campaign, promotion, accounting, auditing, legal, banking, payment, delivery, data processing, data analysis, document management, research, investigation, technology services, retailers and training providers;
- government agencies for reporting and compliance purposes;
- various third party suppliers and partners, which provide services and support for our programs and operations;
- persons who you authorise us to share your personal information with, including NDIS services providers; and
- to a third party organisation in the event we sell or transfer all or a portion of our business or assets.
Protection of your personal information
We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers. We maintain appropriate physical, procedural and technical security for our office and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information do their job, and we will destroy or de-identify your personal information once it is no longer needed for a valid purpose or required to be kept by law.
Like most businesses, marketing is important to our continued success. We may use your personal information (such as your contact details) to provide you with information and newsletters about our products and services (including those of third parties) that we consider may be of interest to you. We will not disclose your personal information to third parties for marketing purposes without your consent.
You may opt out at any time if you no longer wish to receive marketing information from us. You can do this by contacting our Privacy Officer or by using the ‘unsubscribe’ function included in our marketing emails.
Accessing and correcting your personal information
You may contact our Privacy Officer using the contact details below to request access to, or a correction of, the personal information that we hold about you. We will deal with your request within a reasonable time. On the rare occasion that we refuse access, we will provide you with a written notice setting out the reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. We will also provide you with avenues to complain about our refusal to provide you with access to the information.
We are not obliged to correct any of your personal information if we do not agree that it requires correction. If we refuse a correction request, we will provide you with a written notice with our reasons for refusing. We may recover reasonable costs in relation to a request for access to personal information.
Resolving personal information concerns
We take all complaints seriously, and will respond to your complaint within a reasonable period. You may also lodge a complaint with the Office of the Australian Information Commissioner by telephone: 1300 363 992 or email: firstname.lastname@example.org.