NDIS Provider Privacy Policy (Policy) and Privacy Notice (Notice)
Thank you for accessing our Policy and this Notice. You can download a PDF copy of this Privacy Policy here
Your privacy is important to us
We are committed to protecting your privacy in your dealings with us. Through this Policy and Notice, we would like to tell you about:
· what kinds of personal information we collect from you; and
· how we collect, hold, use, and disclose your personal information,
in the in the course of providing services to you and in the context of our business.
We are Puggles Speech Therapy of 1/21 Short Street, Port Macquarie, NSW, 2444. Australian business number 29 689 204 116 (we, us, our). We are an unregistered National Disability Insurance Scheme (NDIS) provider.
Privacy and the National Disability Insurance Scheme
Privacy is a human right, and we respect the privacy of people with a disability. People with a disability have a right to privacy, including in relation to the collection, use and disclosure of information concerning them and the services they receive.
As an NDIS provider, we are subject to the NDIS Code of Conduct (2019) (the NDIS Code). Amongst other things, this means we must:
· respect and protect the privacy of everyone that receives supports and services from us and our workers;
· manage health information about any people we support and our workers in accordance with privacy laws related to the management of health information; and
· have this Policy and provide you with this Notice about our privacy policy and procedures to help ensure we (and our workers) understand our obligations.
We are committed to treating you in a dignified way that maintains your personal privacy
Privacy is about more than simply meeting our legal obligations. It is also about the way we deliver our services to people with a disability. We will work hard to be aware of your privacy needs and preferences and will deliver our services in a way that maintains your personal dignity. Without limiting what we mean by this commitment, we will:
· explain and request your permission to perform procedures that involve physical touch or the invasion of your personal space;
· provide services in a timely manner to prevent your embarrassment and discomfort, e.g. such as toilet breaks; and
· consider your everyday personal needs, such as being able to shower or dress in a private or comfortable space.
What, specifically, are this Policy and Notice about?
In this Policy and Notice, we explain:
· the kinds of personal information that we collect and hold, including recorded audio and visual materials;
· why we hold this information;
· who will have access to this information;
· how we ensure that information is secure;
· how we use the information;
· how you can access and amend information held about you; and
· how to make a complaint if you feel that we have breached our privacy obligations to you.
We have several obligations to you under the Privacy Act 1988 (Cth) (including the Australian Privacy Principles) (the Privacy Laws). This Policy and Notice are intended to reflect our obligations under the Privacy Laws as well as under the NDIS Code.
Hard copies of this Policy and Notice are available for free in our clinic, and you may request a portable document format (pdf) copy, again at no charge, by way of email to our Privacy Officer.
When we refer to “clients” or "you" below, we mean both former and current clients, as well as people who make inquiries about our products and services (i.e. potential clients).
What kinds of personal information do we collect and hold?
In this Policy and Notice, “personal information” means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained. To provide our services to clients, we need to know personal information about them and others, including:
• names, ages, dates of birth, genders, and other identifying information;
• Medicare and health fund details (including Medicare numbers and health fund insurers and the extent of their coverage);
• developmental, medical, ethnic, language, cultural and social histories (including medications, diagnoses, surgeries, and allergies);
• details about disabilities, impairments, challenges, barriers and facilitators;
• family histories, to the extent they may be relevant to our services;
• education history;
• hobbies, motivations, interests, and activities in which clients and their families like to participate;
• financial information concerning the ability of clients to pay for our products and services;
• details related to the NDIS, including details of negotiations, assessments, plans and packages; and
• call records, wireless locations, and unique web browser details (when you use our products and services, including online services).
For sensitive information – such as information about your health that is reasonably necessary for us to provide you with services or products – we will seek your informed consent.
How do we collect personal information?
We may collect personal information about you in several ways, including:
· by telephone (e.g. when you or someone else call us);
· via our website when you use our networks, products and services, including our online services;
· via pages on our social media sites;
· through our client questionnaires;
· by written letters, reports and other documents (e.g. through reports you provide to us);
· through emails, SMS and other forms of electronic communication;
· in interviews and other interactions with you (including face-to-face interviews and interviews conducted electronically, such as by way of Microsoft Teams, Zoom, or other means); and
· by taking notes and making recordings of our interactions with you (including audio and visual recordings).
When we ask for your consent to use your personal information, we will ensure that consent is opt-in, affirmative and freely given. At any time, you have the ability to withdraw consent by contacting us to tell us that you are withdrawing your consent.
Who do we collect personal information from?
We collect personal information from clients or someone authorised to act on the behalf of clients (e.g. their parents, carers or guardians). Wherever practicable, we will ask for the information directly. However, we may need to contact others when relevant to a client’s circumstances (e.g. when working with clients who cannot communicate their needs without the assistance of others). In these cases, we will, when practicable, make you aware of the fact that we have collected this information and the circumstances of the collection.
When you give us information about other people, we rely on you to have obtained their prior consent and tell them of the types of third parties we may provide the information to and why.
Why do we collect personal information?
We collect personal information to deliver, review and improve the products and services that we provide. Generally, these services and products relate to Speech Pathology services. If we didn’t collect this information, we wouldn’t be able to carry out our business or provide our products and services to you in accordance with the standards required by law, the NDIS Code, or our professional ethics requirements. If you do not provide the personal information that we request, we would not be able to carry out our business and provide our products or services to you.
More specifically, we need personal information (including health information) to provide clients with assessment, diagnosis and treatment services, communication with relevant stakeholders and providing care. We also need this information:
• for administrative purposes of managing our business;
• when necessary, to fulfil our obligations under law, regulation, the NDIS Code and/or our professional ethics rules;
• for billing management (either directly or through insurers or other compensation agencies);
• for discussions between workers related to the care of clients;
• for discussions and other communications, e.g. with your doctors, other health professionals, and others related to your care;
• for discussions with insurers (including the NDIS and its agents);
• for any insurance or compensation or other claims or litigation (including threatened litigation); and
• for security and workplace safety purposes, e.g. to monitor the safety of participants, workers and others.
From time to time, we may use personal information (but not sensitive health information) to provide you with news or offers about our products or services that may be of interest to you. We will ensure that your consent to receive this type of communication from us is opt-in, affirmative and freely given. These products and services will be related to our services described above and will be products and services that we believe will be relevant to you.
You have a right, at any time, to tell us that you don’t want to receive this type of material.
Can people access our products and services anonymously?
No. Due to the nature of our services and products, we cannot offer them to people who wish to be anonymous, wish to use a pseudonym or who do not provide us with enough information to properly identify them for the purposes of providing services and products.
Who will see or have access to your personal information?
Your information may be seen or used by people working for or on behalf of us and other service providers including (without limitation):
• our directors and owners;
• our professional workers (employed or contracted);
• our administrative staff (employed or contracted);
• our third-party professional advisors and service providers, including (without limitation) our lawyers, book-keepers, accountants, auditors, tax consultants, actuaries, management consultants and IT service providers (including software-as-a-service providers);
• Medicare, private health insurance providers, our insurers and reinsurers; and
• the National Disability Insurance Agency and its agents.
• the Department of Communities and Justice if required by the Children and Young Persons (Care and Protection) Act 1998 (the Care Act).
We will not rent, sell, trade or otherwise disclose to any other third parties any personal information about you without your consent, or unless we are required to by law (including pursuant to a court or tribunal order), or where a permitted general situation (including a permitted health situation) exists within the meaning of the Privacy Act 1988 (Cth), or if we reasonably believe disclosure is necessary for enforcement-related activities.
Security of your personal information and data retention
We know that you are concerned about your personal information – especially your health information. We will use reasonable endeavours to prevent unauthorised access to, modification of, disclosure, misuse, or loss of that information, except as required by law (e.g. under mandatory reporting laws, and our obligations to report incidences of violence, exploitation, neglect and abuse, and sexual misconduct to the NDIS Quality and Safeguards Commission and the police).
Our directors and staff have reviewed the requirements of the Privacy Laws and our third-party service providers are aware that they are required to comply with the requirements of the Privacy Act 1988 (Cth).
We have data protection measures in place (including password-locked computers and online information management system). We keep any paper records of your personal information in a locked filing cabinet in the clinic space. Health records are only accessible to Puggles Speech Therapy staff and all efforts are made to ensure if this information is shared with third parties (as outlined in the above section) that we will notify you.
If we no longer need personal information about you for any purpose described above, then we will take reasonable steps to destroy the information or to ensure that such information is de-identified. This obligation is subject to an important exception – we may be required to retain some information (e.g. health, financial or tax records) to comply with our statutory and other legal obligations.
Access to and accuracy of your personal information
We take reasonable steps to ensure that personal information we collect about or from you is accurate, complete, up-to-date and relevant whenever it is used, collected or disclosed.
Subject to the recognised exceptions to access for organisations contained in the Australian Privacy Principles (APP12.3), you have a right to access your information if you wish (subject to any privilege or legal restrictions); and, if it is reasonable and practicable to do so, we will give you access to the information in the manner requested by you. By law, we may charge you a reasonable fee to cover the cost of retrieving and processing the information.
If you believe personal information that we hold about you is inaccurate, out-of-date, incomplete or misleading, we will, on receipt of your request, take steps that are reasonable in the circumstances to correct the information.
What happens if personal information is disclosed outside Australia?
Given the increasing globalisation of electronic information systems and the businesses of service providers, it is likely that personal information may be disclosed to a person or entity outside Australia (e.g. to a third-party technology-related service provider managed outside Australia). For the same reason, it is not practicable to specify the countries in which such recipients may be located.
If your personal information is disclosed by us to an overseas recipient (e.g. to an insurer or IT-service provider), we will take reasonable steps in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Information about newsletters and updates
If you have signed up or otherwise agreed to receive newsletters, emails, or other update services from us, we will use you contact data (including your name and email) to provide those services to you. We tailor information provided to you, we will look at user statistics and preferences. These activities are for marketing and business development purposes.
Information about webinars, seminars and courses
We may offer webinars, seminars and training courses on a range of topics to you and others in the course of our business relationship with them. These are part of our business and business development efforts. If you sign up to a seminar, webinar, or course, we will process your registration data (including your name and email address) to administer access and to prepare and present the webinar, seminar or course (as the case may be). We will also use your registration data for the purposes of our business development.
Information about social media plug-ins
To improve the quality of our services to clients, our website includes social media plug-ins of the large social media networks, including Instagram, Facebook and LinkedIn. Upon opening a website on which a social media plug-in is embedded, the social network provider will collect and process information on your visit to our website for its own business purposes. This is not initiated or controlled by us, but is a built-in feature of most social media plug-ins. For further information about these plug-ins and privacy, refer to the social media platform’s privacy policy.
Information about cookies
Our websites use cookies to enable, optimise and analyse site operations, as well as to provide content and to allow you to connect to social media. Cookies are small text files that are stored on your computer’s browser directory or program data subfolders when you visit our website. They are stored on your computer for the duration of your visit or for when you re-visit our website at a later time. They allow our website to store or access information from your browser about you, your settings, or your device. They are uses mainly to ensure our website works well and, as a rule, do not contain information that could identity you directly. You can find out more about cookies via: www.allaboutcookies.org.
Complaints and asserting your privacy rights
If you believe your privacy has been prejudiced by something we have done or failed to do, you have a legal right to lodge a complaint. If you make a complaint to us, our Privacy Officer will treat it very seriously, and will apply our Complaints Policy.
Our Privacy Officer is Katia Ringbauer, who can be contacted by phone at 0490 861 345, email at katiaSLP@outlook.com, and in writing via 1/21 Short Street, Port Macquarie, NSW, 2444.
In any event, we will respond to you in writing within 15 days of receiving your complaint. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner, who is the competent supervisory authority.
A breach of your privacy may constitute a breach of the NDIS Code. In this situation, you or anyone can make a complaint to us, or to the NDIS. As suggested in the NDIS Code, we encourage you to contact us first, to see if we can resolve the matter directly. A breach of privacy by a professional who works for us (e.g. a health care worker) may also be a breach of their professional code of conduct or code of ethics.
As noted above, you have several statutory rights under privacy laws, including rights to information, access, rectification and the withdrawal of your consent to the collection and use of personal information. If you wish to assert any of these rights, please contact our Privacy Officer using the contact details included above.
Want more information?
If you have any questions about this Policy or this Notice, or have any concerns about the personal information you or others have given us about you, please contact us using the contact details below.
More information on the Privacy Act 1988 (Cth) can be found on the website of the Office of the Australian Information Commissioner: https://www.oaic.gov.au/
This Policy and Notice are in addition to, and do not relieve, remove or replace our rights and responsibilities under applicable laws. If there is a conflict between this Policy and this Notice, on the one hand, and an applicable law, on the other hand, the law shall prevail to the extent of any conflict.