Privacy Policy

Last updated: 5 April 2026

1. Introduction

DiverseAccessCare ("we", "us", "our") is committed to protecting the privacy of the personal information we collect and hold. We are bound by the Australian Privacy Act 1988 (Cth) ("Privacy Act"), including the thirteen Australian Privacy Principles ("APPs"), and the Privacy (Tax File Number) Rule 2015, where applicable. As a registered provider under the National Disability Insurance Scheme ("NDIS"), we also comply with the privacy and confidentiality requirements of the National Disability Insurance Scheme Act 2013 (Cth) and associated Rules and Regulations.

This Privacy Policy explains how we collect, hold, use, and disclose your personal information, and how you can access or correct the information we hold about you. By engaging with our services, visiting our website, or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

The types of personal information we collect depend on the nature of your engagement with us. We may collect the following categories of information:

2.1 Personal Identification Information

Full name, date of birth, gender, residential address, postal address, telephone number(s), email address, emergency contact details, and photographic identification where required for verification purposes.

2.2 NDIS-Specific Information

NDIS participant number, NDIS plan details (including plan dates, funding categories, and budget allocations), plan manager and support coordinator contact details, service agreements, progress notes, incident reports, support worker shift records, and participant goal documentation.

2.3 Sensitive Information

In accordance with the Privacy Act, we recognise that some information we collect is classified as "sensitive information." This includes health and medical information (such as disability diagnoses, medication details, behavioural support plans, and allied health reports), racial or ethnic origin, religious beliefs or affiliations, and information about criminal history (where relevant to worker screening). We only collect sensitive information where it is reasonably necessary for the provision of disability support services, and with your express or implied consent, or as otherwise authorised by law.

2.4 Website and Digital Information

When you visit our website, we may collect information such as your IP address, browser type and version, operating system, referring website, pages visited, time and duration of visits, and interactions with website features (such as form submissions). We use cookies and similar technologies to enhance your browsing experience and for analytical purposes.

3. How We Collect Information

We collect personal information directly from you wherever possible. This may occur when you:

• Contact us via telephone, email, our website, or in person
• Submit a contact form, referral form, or enquiry through our website
• Enter into a service agreement with us
• Participate in intake assessments, reviews, or feedback processes
• Apply for employment or engage with us as a support worker

In some circumstances, we may collect personal information from third parties, including support coordinators, plan managers, allied health professionals, other NDIS providers, government agencies (such as the NDIA and the NDIS Quality and Safeguards Commission), and family members or nominees who are authorised to act on your behalf.

4. How We Use Your Information

We use personal information for purposes that are directly related to the provision of our NDIS support services and for purposes you would reasonably expect. These include:

• Delivering personalised disability support services under the NDIS
• Assessing and processing referrals and service requests
• Developing, implementing, and reviewing participant support plans and goals
• Managing service agreements, scheduling, and rostering
• Communicating with participants, families, support coordinators, and plan managers about service delivery
• Invoicing, claiming, and financial administration under the NDIS
• Meeting our obligations under the NDIS Act, NDIS Practice Standards, and the NDIS Code of Conduct
• Reporting incidents, complaints, and feedback as required by the NDIS Quality and Safeguards Commission
• Internal quality assurance, staff training, and service improvement
• Complying with our legal and regulatory obligations, including workplace health and safety laws
• Responding to your enquiries and providing customer support

5. NDIS-Specific Data Handling

As a registered NDIS provider, we are subject to specific obligations regarding the handling of participant data. We adhere to the following principles in relation to NDIS data:

• Purpose limitation: NDIS participant data is used solely for the purpose of delivering and administering NDIS-funded supports and services, and for meeting our regulatory and legal obligations.
• Minimum necessary: We collect only the personal information that is reasonably necessary to deliver effective supports and comply with NDIS requirements.
• Participant control: Participants (or their nominees) retain the right to determine who can access their NDIS-related information, subject to any overriding legal obligations.
• Secure transmission: NDIS participant data is transmitted securely using encrypted channels when shared with the NDIA, plan managers, or other authorised parties.
• Record retention: We retain NDIS participant records for a minimum of seven years from the date of the last service provision, in accordance with NDIS record-keeping requirements and applicable legislation.

6. Disclosure of Your Information

We may disclose your personal information to the following categories of third parties, where it is necessary and appropriate:

• NDIA and NDIS Quality and Safeguards Commission: For the purpose of claims processing, incident reporting, compliance audits, and regulatory obligations.
• Plan managers: For invoicing and financial management of your NDIS plan.
• Support coordinators: To facilitate coordination of your NDIS supports and service delivery.
• Allied health professionals: Where necessary for developing or implementing your support plan.
• Emergency services: Where there is a serious threat to life, health, or safety.
• Professional advisors: Including legal, accounting, and insurance advisors, as required for the operation of our business.
• Technology service providers: Third-party platforms that assist with data storage, communication, rostering, and business operations, subject to strict data processing agreements.
• Government authorities: Where required by law, regulation, or court order.

We do not sell, rent, or trade your personal information to any third party for marketing purposes. We do not disclose your personal information to recipients outside of Australia without your consent, unless permitted by the APPs.

7. Data Security

We take the security of your personal information seriously and implement reasonable technical, administrative, and physical safeguards to protect it from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of sensitive data in transit and at rest
• Secure password policies and multi-factor authentication for staff systems
• Role-based access controls limiting information access to authorised personnel only
• Regular security assessments and vulnerability testing
• Staff training on privacy obligations, data handling, and cybersecurity awareness
• Secure disposal of physical documents through confidential shredding
• Incident response procedures for managing data breaches, including compliance with the Notifiable Data Breaches scheme under the Privacy Act

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. In the event of a data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner ("OAIC") in accordance with the Notifiable Data Breaches scheme.

8. Access and Correction

Under the APPs, you have the right to request access to the personal information we hold about you, and to request that we correct any information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make an access or correction request, please contact our Privacy Officer using the details provided at the end of this policy. We will respond to your request within a reasonable period (generally within 30 days). We may need to verify your identity before processing your request.

In certain circumstances, we may refuse access or decline to make a correction, as permitted by the Privacy Act. If we refuse, we will provide you with a written explanation of the reasons for the refusal and the mechanisms available to you to make a complaint.

9. Complaints

If you believe that we have breached the APPs, or that we have not handled your personal information in accordance with this Privacy Policy, you have the right to make a complaint. We encourage you to contact us first so we can attempt to resolve the matter directly.

To lodge a privacy complaint, please contact our Privacy Officer (details below). We will acknowledge your complaint within five business days and investigate the matter thoroughly. We aim to resolve all complaints within 30 days.

If you are not satisfied with our response, you may escalate your complaint to:

• Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | Phone: 1300 363 992
• NDIS Quality and Safeguards Commission: www.ndiscommission.gov.au | Phone: 1800 035 544

10. Australian Privacy Principles Compliance

We are committed to full compliance with the thirteen Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988. These principles govern how we manage personal information throughout its lifecycle, from collection through to use, disclosure, storage, and destruction. We regularly review our practices, policies, and procedures to ensure ongoing compliance.

Our staff receive regular training on their privacy obligations, and we maintain internal policies and procedures that reflect the requirements of the APPs. We conduct periodic privacy impact assessments when implementing new services, systems, or processes that involve the handling of personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. We will publish the updated policy on our website and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your personal information.

12. Contact Our Privacy Officer

If you have any questions about this Privacy Policy, wish to make an access or correction request, or would like to lodge a privacy complaint, please contact us: