- Agreeing to these terms (use constitutes acceptance)
- What is personal information?
- Why do we collect personal information?
- When do we collect personal information?
- How do we use your personal information?
- When will we disclose your personal information?
- Security of your personal information
- Data quality
- Cross border data transfer
- What if there is a data breach?
- Accessing and correcting your information
- On-line transactions
- Security measures for online payments
- Links to other websites
- Effective date and updates
- More Information
National Disability Services Limited (“we” or “us”) value your privacy. We take reasonable steps to protect your personal information. We abide by the requirements of the Privacy Act 1988 (Cth) (“Act”) in relation to the collection, use and disclosure of your personal information and comply with other applicable laws protecting privacy including State and Territory health information legislation.
Personal information is any information that can be used to identify you or your clients. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you or your client, or you are reasonably identifiable from it, the information will be considered personal information.
We collect personal information that is necessary for us to undertake and provide our services and activities. Due to the nature of our services, this may include sensitive information, including health information.
We also collect personal information so that we can improve and perform our business activities and functions, to provide you with any products or services you may request, or to respond to any query or complaint that you may have.
De-identified information may also be used for reporting, benchmarking and academic or industry research
Examples of personal information we may collect, and when we may collect it, include (but is not limited to) the following:
- Providing services to members, distributing publications and direct marketing – NDS collects and stores personal information on our publication or direct marketing list (which may include name, address, email address, and mobile phone number) in order to distribute newsletters and other communications in print and electronic form from time to time. We will only use sensitive information (such as health information) for direct marketing purposes with express prior consent (as the case may be). You may opt-out of receiving direct marketing by contacting our Privacy Officer (contact details below), or opting out by the mechanism provided.
- Assisting with queries – members and non-members may choose to provide us with their name or other contact details when they call us by phone or write to us so that we can respond to the requests for information about our services or operations. If individuals choose to remain anonymous we may not be able to provide the full range, or any, services.
- Conducting our general business activities - we collect personal information about individuals for our general business operations. From time to time, we may collect, use and disclose personal information for quality assurance, risk management, billing and administrative purposes.
- Research - If individuals agree to be contacted about research opportunities, we may place name and contact details onto our internal research database. Individuals can opt-out of participation in research activities at any time by contacting our Privacy Officer (contact details below).
- Sensitive Information: we may collect sensitive information if it is relevant to the provision of our services. That information will be treated in accordance with requirements of the Privacy Act and any state and territory health information legislation.
How do we collect your personal information?
In addition to the means of collection set out above, we may also collect personal information:
- When information is provided through our website;
- From third parties such as from credit reporting bodies;
- From any of our related companies;
- From publicly available sources of information;
- From third parties, where it is reasonably necessary or normal business practice, so that we can continue to provide you with our services.
- Server address;
- Top level domain name (for example .com, .gov, .au, etc.);
- The date and time of the visit to the site;
- The pages accessed and documents downloaded;
- The previous site visited;
- If the individual has visited our site before; and
- The type of browser used.
- These statistics will not identify you as an individual.
We use and disclose personal information we collect:
- To provide and improve our services to our members and others, including to Identify and provide services required including those offered by third parties;
- Assess the adequacy of, and our members' level of satisfaction with, our services;
- To verify the identity of whom we interact with;
- To communicate with members and others, distributing our publications, conducting events and raising awareness about our services;
- To undertake our general business activities, including interacting with contractors, government agencies, billing and administration;
- To administer and manage our services including charging and billing for products (as applicable);
- To conduct appropriate checks for fraud;
- To update our records and keep contact details up to date;
- Maintain and develop our business systems and infrastructure, including testing and upgrading of these systems; and/or
- For other purposes with your consent or as permitted by law.
We will not share any personal information with third parties without consent except in accordance with this Policy and:
- If we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including insurers) or court order;
- If the disclosure of the information will prevent or lessen a serious and imminent threat to somebody's life or health;
- To our contractors only to the extent necessary for them to perform their duties to us;
- To our related companies;
- To our professional advisers, including our accountants, auditors and lawyers;
- To any governmental or semi-governmental organisation who requests it (including but not limited to as part of any application for a grant or other benefit under the NDIS);
- If you are not able to provide us with consent, we may use and disclose your personal information with the consent of a responsible person (as defined under the Privacy Act)
- As otherwise permitted by law.
If we retain any sensitive information, that information will not be used, shared or disclosed without express or implied consent that is current, voluntarily given and obtained in accordance with the Privacy Principles. If the individual is unable to give consent then we may use and disclose personal and sensitive information with the consent of a responsible person (as defined under the Privacy Act).
It should be noted, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information provided to us via electronic means.
We take all reasonable steps to ensure that the personal information we collect is accurate, up to date, concise and complete. This includes maintaining and updating personal information when we are advised it has changed and at other times as necessary.
We operate only within Australia and will not provide your information to parties in any other country. We do from time to time, however, use web-based programs for particular activities such as email broadcast which may be hosted offshore, or cloud service providers but only when the supplier agrees with us to be bound by privacy laws or where the jurisdiction in which the data is located has laws that are equal to or better than Australian privacy laws.
We take all reasonable steps to prevent data breaches. However, if we suspect that a data breach has occurred, we will undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. If so, we will:
- Take all reasonable steps to contain the breach;
- Where possible, taking action to remediate any risk of harm;
- Notify individuals and the Commissioner where an individual is likely to suffer serious harm (or if otherwise required by law); and
- Review the incident and consider what actions can be taken to prevent future breaches.
You are entitled to view the information we hold about you and reasonable requests for access and correction will be responded to as quickly as possible. Access to a large amount of information or information from various sources within the organisation may take time before we can respond. If you wish to view the information we hold about you, please contact the Privacy Officer using the contact detailed set out below. If we refuse to give you access to your personal information or to correct your personal information, we will give a reason for this decision. Generally, if requested, we will amend any personal information which you demonstrate is inaccurate, incomplete or not current, and will remove any information that is not relevant. If we disagree with your view on these matters we will keep a note on the file setting out your view of the information held.
Our website may be enabled for online transactions using a certified secure payment gateway. However, despite the security on the site, you should be aware that there are inherent risks in transferring information across the internet and we cannot accept liability for any breaches. When an internet payment is made, your credit card number is used only to make a debit and not retained by us.
Payments made online on our website are processed in real-time using a secure payment gateway. Payments are processed in Australia (and for all other countries) in Australian Dollars. Our website has security measures designed to protect against the loss, misuse and/or alteration to your personal information under our control.
If you wish to make a complaint about a possible breach of privacy, please provide full details of your complaint in writing, and send it to the Privacy Officer (see contact details below).
If your complaint relates to our failure to provide access to or to correct any personal information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see the Office of the Australian Information Commissioner website).
If your complaint does not relate to these matters, you must first lodge a complaint with us in writing and provide us with details of the incident so that we can investigate. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the relevant privacy legislation, if applicable).
Individuals enquiring about their rights and remedies for breaches of privacy, can access detailed information at the Office of the Australian Information Commissioner
Alternatively, additional information on the Australian Privacy Principles can be obtained from the Office of the Australian Information Commissioner website
V2 August 2020