Privacy Policy

1. About This Policy

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information when you:

• Use our services as an NDIS participant, family member, or nominee
• Visit our website at www.perpetualcare.com.au
• Contact us via phone, email, or our online enquiry forms
• Interact with us in person or through third parties

2. What Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact details: Name, address, phone number, email address
• Identification: Date of birth, NDIS participant number, and other identification details reasonably required to provide services
• Financial information: Banking details for plan management services, invoice records
• Emergency contacts: Names and contact details of nominated persons

2.2 Sensitive Information

With your explicit consent, we collect sensitive information necessary to provide disability support services, including:

• Health information and medical history
• Disability type and support needs
• NDIS plan details and funding categories
• Mental health information relevant to support delivery
• Information about family circumstances and living arrangements
• Cultural, religious or linguistic background (where relevant to service delivery)

2.3 Website and Technical Information

When you visit our website, we may collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our site
• Referring website information
• Cookies and similar tracking technologies

3. How We Collect Your Information

We collect information through:

• Directly from you: When you complete intake forms, contact us, or engage our services
• From your representatives: Family members, guardians, nominees, or support coordinators acting on your behalf
• From the NDIA: NDIS plan information and funding details
• From other service providers: With your consent, from healthcare professionals, allied health providers, or other disability support providers
• From our website: Through contact forms, enquiries, and automated tracking

4. Why We Collect and Use Your Information

We collect and use your personal information to:

• Provide disability support services tailored to your needs and goals
• Deliver support coordination and plan management services
• Communicate with you about your services, appointments, and support plans
• Process invoices and manage payments under your NDIS plan
• Comply with legal obligations including NDIS Quality and Safeguards Commission requirements
• Manage incidents, complaints, and feedback
• Improve our services and participant outcomes
• Meet reporting requirements to the NDIS Commission and other regulatory bodies
• Respond to your enquiries and provide customer support
• Maintain records as required by law and NDIS Practice Standards

5. Who We Share Your Information With

5.1 Disclosure With Your Consent

We will only share your information with third parties when you have provided consent or where required by law. This may include:

• NDIS: NDIA and the NDIS Quality and Safeguards Commission for claim processing, reporting, and compliance
• Healthcare providers: Your doctors, allied health professionals, or specialists involved in your care
• Other service providers: Support coordinators, plan managers, or disability service providers working with you
• Your representatives: Family members, guardians, or nominees you have authorized
• Service delivery partners: Contractors or employees providing direct support services

5.2 Disclosure Without Consent (Legal Obligations)

We may disclose information without your consent where:

• Required or authorized by law (e.g., court orders, subpoenas)
• Necessary to prevent serious threat to life, health, or safety
• Required for reportable incidents under NDIS Commission requirements
• Necessary to investigate suspected unlawful activity or serious misconduct
• Required to enforce our legal rights or defend legal claims

5.3 Third-Party Service Providers

We engage trusted third-party providers to help deliver our services, including:

• Cloud storage and data hosting services (Australian-based servers)
• Accounting and plan management software providers
• IT support and cybersecurity services
• Professional advisors (lawyers, accountants, auditors)

These providers are contractually bound to protect your information and use it only for authorized purposes.

6. How We Protect Your Information

We take data security seriously and implement measures including:

• Secure, encrypted storage systems for digital records
• Locked filing cabinets for physical documents with restricted access
• Password-protected systems and regular password updates
• Staff training on privacy obligations and confidentiality
• Confidentiality agreements with all employees and contractors
• Regular security audits and software updates
• Secure disposal of information when no longer required

7. How Long We Keep Your Information

We retain your information for as long as necessary to:

• Provide ongoing services to you
• Comply with legal and regulatory requirements
• Meet NDIS record-keeping obligations (minimum 7 years)
• Resolve disputes and enforce our agreements

After the required retention period, we securely destroy or de-identify your information in accordance with our Document Retention and Destruction Policy.

8. Your Privacy Rights

Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to:

8.1 Access Your Information

You can request access to the personal information we hold about you. We will provide access within 30 days unless an exception applies.

8.2 Correct Your Information

If you believe any information we hold is inaccurate, incomplete, or out of date, you can request correction. We will respond within 30 days.

8.3 Request Deletion

You can request deletion of your information, subject to legal and regulatory retention requirements.

8.4 Withdraw Consent

Where we rely on your consent to process information, you can withdraw consent at any time. This may affect our ability to provide certain services.

8.5 Lodge a Complaint

If you have concerns about how we handle your information, you can lodge a complaint with us or directly with the Office of the Australian Information Commissioner (OAIC).

9. Cookies and Website Tracking

Our website uses cookies to:

• Improve website functionality and user experience
• Analyze website traffic and visitor behavior
• Remember your preferences for future visits

You can disable cookies through your browser settings, though this may affect website functionality.

10. Third-Party Websites

Our website may contain links to external websites (e.g., NDIS portal, myGov). We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies.

11. Children and Young People

When providing services to children under 18, we collect information from parents, guardians, or legal representatives. We ensure age-appropriate communication and obtain consent from authorized decision-makers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The current version will always be available on our website with the last updated date clearly displayed.

13. Contact Us About Privacy

14. Complaints Process

If you are not satisfied with how we have handled your privacy concern:

1. Contact us first: Email or call our Privacy Officer using the details above
2. We will investigate: We will acknowledge your complaint within 2 business days and investigate thoroughly
3. We will respond: You will receive a written response within 30 days outlining our findings and any actions taken
4. External complaint: If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner

15. NDIS-Specific Privacy Commitments

As a registered NDIS provider, we commit to:

• Treating all participant information with the highest level of confidentiality
• Only accessing participant information necessary for service delivery
• Ensuring all staff understand and comply with privacy obligations under the NDIS Code of Conduct
• Responding promptly to participant requests regarding their information
• Maintaining accurate, up-to-date records as required by NDIS Practice Standards
• Reporting privacy breaches to the NDIS Commission as required