top of page
Banner

Legal & Compliance

Privacy Policy
Inclusive Connection Care

We respect your privacy and are committed to protecting your personal information. This policy explains how we collect, use, store, and disclose information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Effective Date: 1 January 2024

NDIS Practice Standards Aligned

Australian Privacy Act 1988 Compliant

01

About This Policy

Inclusive Connection Care (referred to in this policy as "ICC", "we", "us" or "our") is an Australian-registered NDIS provider operating across Brisbane and Moreton Bay, Queensland. We are committed to protecting the privacy and confidentiality of every person who interacts with our organisation.

This Privacy Policy describes how ICC collects, holds, uses, and discloses personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NDIS Act 2013, and the NDIS Practice Standards.

Who this policy applies to: This policy applies to NDIS participants, their families and guardians, support workers, job applicants, website visitors, referral partners, and any other individual whose personal information we hold.

By using our services or website, you consent to the collection and use of your information as described in this policy. If you do not agree with any part of this policy, please contact us before engaging our services.

02

Personal Information We Collect

ICC collects only the personal information that is necessary for us to deliver high-quality support services, comply with our legal obligations, and communicate with you effectively. The types of personal information we may collect include:

For NDIS Participants and Their Families

  • Full name, date of birth, gender, and contact details (phone, email, address)

  • NDIS participant number and NDIS plan details

  • Health information, disability details, and medical history relevant to care

  • Communication preferences and cultural or language needs

  • Emergency contact information

  • Incident reports and progress notes

  • Financial information related to NDIS plan management and billing

 

For Support Workers and Job Applicants

  • Name, contact details, and employment history

  • Police check, NDIS Worker Screening Check, and Working With Children Check results

  • Qualifications, certifications, and referee details

  • Tax file number and superannuation details (employees only)

  • Workplace health and safety information

 

For Website Visitors

  • Name and contact details submitted via enquiry forms

  • IP address and browser information collected automatically

  • Enquiry content and communication history

03

How We Collect Your Information

We collect personal information in a number of ways, always in a lawful and fair manner. Wherever it is practicable and reasonable, we collect information directly from you.

  • Directly from you when you contact us by phone, email, or through our website contact form

  • Through intake and service agreement documentation at the start of our relationship

  • From your NDIS Support Coordinator, plan manager, or the NDIA where authorised

  • From healthcare professionals, allied health providers, or other service providers with your consent

  • Through our secure participant management and scheduling systems

  • Automatically through our website via cookies and similar technologies (see Section 9)

  • From third parties such as police check providers and referee checks for employment screening

When we collect information from third parties, we take reasonable steps to notify you of this collection unless doing so would be impractical or contrary to law.

04

How We Use Your Personal Information

ICC uses personal information only for the purposes for which it was collected, or for directly related purposes that you would reasonably expect. Primary uses include:

  • Delivering NDIS support services in line with your plan and goals

  • Developing, implementing, and reviewing your personalised care plan

  • Communicating with you about your supports, appointments, and plan reviews

  • Billing and claim submission to the NDIA, plan managers, or self-managers

  • Complying with our legal, regulatory, and NDIS Practice Standards obligations

  • Responding to enquiries, complaints, and feedback

  • Recruiting, screening, and managing support workers

  • Improving the quality and safety of our services

  • Conducting internal training and quality assurance activities

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your information will never be used for commercial advertising without your explicit consent.

05

Disclosure to Third Parties

ICC may disclose your personal information to third parties in the following circumstances:

  • The National Disability Insurance Agency (NDIA) for the purposes of funding claims, audits, or participant support

  • NDIS-registered plan managers and support coordinators involved in your care

  • Allied health professionals, medical practitioners, or other service providers involved in your support team, with your consent

  • Government agencies or regulatory bodies, including the NDIS Quality and Safeguards Commission, where required by law

  • Police, emergency services, or child protection authorities where there is a risk to safety

  • Our technology and cloud service providers (operating under strict confidentiality and data security obligations)

  • Professional advisers such as accountants, legal counsel, and insurers, subject to confidentiality obligations

ICC does not disclose personal information to overseas recipients except where required by law or expressly agreed to by you. Where technology providers may store data in overseas data centres, we ensure appropriate contractual safeguards are in place.

06

Storage and Security of Your Information

ICC takes the security of your personal information seriously. We implement physical, administrative, and technical safeguards to protect your information from misuse, loss, unauthorised access, modification, and disclosure.

Our security measures include:

  • Secure, password-protected participant management systems with role-based access controls

  • Encryption of data in transit and at rest where applicable

  • Regular staff training on privacy obligations and data handling

  • Confidentiality obligations in all staff and contractor agreements

  • Secure physical storage and disposal of paper records

  • Regular review and audit of data security practices

Retention of Records

We retain personal information for as long as it is needed for the purposes described in this policy, or as required by law. Under NDIS Practice Standards, participant records are generally retained for a minimum of 7 years after the last service delivery, or until a minor participant turns 25, whichever is the longer period.

When information is no longer required, it is securely destroyed or permanently de-identified.

07

Sensitive Information

In the course of delivering disability support services, ICC necessarily collects and handles sensitive information. Under the Privacy Act 1988, sensitive information includes health information, disability information, racial or ethnic origin, and criminal history information.

We will only collect sensitive information:

  • With your explicit consent, or

  • Where required or authorised by law, or

  • Where it is reasonably necessary to prevent or lessen a serious and imminent threat to life or health

Your health and disability information is treated with the highest level of confidentiality. Access is strictly limited to staff and contractors who require it to deliver or coordinate your supports.

All staff who handle sensitive information receive specific training on their obligations and are bound by confidentiality agreements. Any breach of these obligations is treated as a serious disciplinary matter.

08

Storage and Security of Your Information

Under the Australian Privacy Principles, you have the right to access the personal information ICC holds about you, and to request corrections if that information is inaccurate, incomplete, or out of date.

How to request access or correction:

To make a request, contact our Privacy Officer using the contact details in Section 11. We will acknowledge your request within 5 business days and respond substantively within 30 days. We may ask you to verify your identity before releasing information.

There is no fee for making an access or correction request, though in limited cases we may charge a reasonable administrative fee for retrieval and copying of large volumes of records. We will notify you of any such fee before proceeding.

When we may decline access:

In limited circumstances, we may decline to provide access to information, for example where disclosure would pose a serious threat to health or safety, would unreasonably impact another person's privacy, or where we are legally prevented from doing so. We will always explain our reasons in writing and advise you of how to escalate your concern.

09

Website Use and Cookies

The Inclusive Connection Care website at inclusiveconnectioncare.com.au may collect certain information automatically when you visit, including your IP address, browser type, pages visited, and time of visit. This information is used in aggregate form to improve the website experience and is not linked to any individual.

Cookies

Our website may use cookies, which are small text files placed on your device. Cookies help us understand how visitors use our site so we can improve it. We use:

  • Essential cookies required for the website to function correctly

  • Analytics cookies (such as Google Analytics) to understand traffic patterns and popular pages — this data is anonymised and not personally identifiable

You can disable cookies through your browser settings at any time, though this may affect the functionality of some website features. By continuing to use our website, you consent to our use of cookies as described above.

Third-Party Links

Our website may contain links to external websites, including NDIS.gov.au, government services, and community organisations. ICC is not responsible for the privacy practices of those sites and encourages you to review their privacy policies independently.

10

NDIS-Specific Privacy Requirements

As a registered NDIS provider, ICC is bound by the NDIS Practice Standards and the NDIS Act 2013, which impose specific obligations in relation to the collection, use, and management of participant information. These requirements complement and in some respects strengthen the protections in the Privacy Act 1988.

Our NDIS-specific privacy commitments include:

  • Collecting only the information necessary to deliver the supports described in your service agreement

  • Obtaining your informed consent before sharing your information with other providers or family members where there is no legal obligation to do so

  • Maintaining accurate, up-to-date participant records and providing you access on request

  • Reporting notifiable incidents to the NDIS Quality and Safeguards Commission as required, including any privacy breach that affects a participant

  • Supporting your right to have a representative, guardian, or advocate involved in decisions about your information

You can find more information about your rights as an NDIS participant at ndis.gov.au or by contacting the NDIS Quality and Safeguards Commission on 1800 035 544.

11

Privacy Complaints and Contact

If you have a concern about how ICC has handled your personal information, we encourage you to contact us directly in the first instance. We take all privacy complaints seriously and are committed to resolving them promptly and fairly.

To raise a privacy concern, submit a correction request, or ask a question about this policy, please contact our Privacy Officer:

Privacy Officer — Inclusive Connection Care

Email: privacy@iccsupports.com.au
Phone: 1300 471 330
Post: Inclusive Connection Care, Brisbane & Moreton Bay, QLD, Australia

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

Escalating to the Privacy Regulator

If you are not satisfied with our response to your privacy complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website:oaic.gov.au

  • Phone: 1300 363 992

  • GPO Box 5218, Sydney NSW 2001

For NDIS-specific concerns, you may also contact the NDIS Quality and Safeguards Commission on 1800 035 544 or at ndiscommission.gov.au.

This Privacy Policy was last reviewed and updated on 1 January 2026. We may update this policy from time to time. Any changes will be published on this page and, where appropriate, communicated directly to our clients.

bottom of page