Loading

Mon - Fri 9:00 AM - 5:00PM enquiries@harmonysupport.com.au
Servicing 24x7
HarmonySupportAustralia > Privacy Policy

Privacy Policy

1.3 Privacy Policy

  • Purpose
  • Scope
  • Policy
    • What is personal information
    • How information is collected
    • How information is stored
    • How information is this shared
    • How information can be accessed or changed
    • Privacy complaints and incidents
  • Responsibility
  • Related Documents

Purpose

We are committed to respecting privacy. This sets out how we do it.

Scope

This policy applies to all:

  • organisation managed sites
  • staff, including management, contractors and volunteers
  • NDIS participants and the support networks they choose.

Policy

The organisation respects privacy. Staff work in line with privacy laws.

The organisation collects information about:

  • participants
  • chosen support networks
  • staff
  • people who make enquiries
  • other organisations.

Staff explain the Privacy Policy at intake. It covers:

  • collection
  • storage
  • sharing
  • access
  • complaints or incidents.

What is personal information

Personal information can identify a person. It can also include sensitive information. This can only be collected:

  • with consent
  • if needed to provide services.

Personal information can identify a person. It can also include sensitive information. Consent is needed to collect personal information.

Participant information includes:

  • contacts
  • support planning
  • service records
  • complaints and incidents.

Staff information includes:

  • proof of identity
  • screening checks
  • qualifications
  • employment records.

How information is collected

Information can be in writing and audio-visual format, like photos or videos. It is important it is accurate.

The organisation documents enquiries and support. This includes information about staff employment, resources and the website.

How information is stored

Personal information is stored securely. Hard copies are locked when stored or transported. Electronic devices are passworded. Work information cannot be stored on personal devices. Information is destroyed when it is not needed.

How information is this shared

Staff need consent to share personal information. Staff document consent at intake, and check at review.

Staff can only access to information needed to do their job. They discuss personal information in privacy.

NDIS providers are audited. This is to check they are meeting the standards. Auditors must respect confidentiality.

They:

  • look at participant and staff files
  • review complaints, incidents and risks
  • talk to participants or their representatives.

Participants can opt-out of the audit. Staff will document this, and check when an audit is scheduled.

In addition:

  • The NDIA may need information about the services provided.
  • Incidents, behaviour support plans, audit findings and some complaints are reported to the NDIS Quality and Safeguards Commission.

Privacy is different when there is a serious safety concern. Staff have a legal responsibility to act. Reporting a safety concern does not require consent.

For more details about information sharing, visit Sharing participant information.

How information can be accessed or changed

People have a right to access their personal information. This may be to review or update information.

Requests must be written to management. They must state what information is requested. The organisation will respond to requests within 14 working days.

Privacy complaints and incidents

Refer to the 2.5 Complaints Management Policy and Procedure Policy for making a complaint. Complaints can be made to the Office of the Australian Information Commissioner (OAIC).

Phone: 1300 363 992 Web: http://www.oaic.gov.au Email: enquiries@oaic.gov.au Mail: GPO Box 5218, Sydney NSW 2001

If personal information is lost or stolen, it is an incident. Management will inform people. Refer to the Incident Management Policy and Procedure and the https://www.oaic.gov.au/privacy/notifiable-data-breaches/about-the-notifiable-data-breaches- scheme/#:~:text=About%20the%20Notifiable%20Data%20Breaches%20scheme,whose%20pers onal%20information%20is%20involved

Responsibility

Management is responsible for:

  • information security
  • training
  • checking this policy is followed
  • responding to concerns.

Staff are responsible for:

  • following this policy and the NDIS Code of Conduct
  • raising any concerns.

Participants and their support networks are responsible for:

  • respecting the privacy of other people
  • raising any concerns.

Related Documents

Legal and Evaluation of Compliance Register Consent to Share Information Form 2.4 Information Management Policy and Procedure 2.5 Complaints Management Policy and Procedure Incident Management Policy and Procedure Onboarding Policy and Procedure

DMS Information

Document Type: Policy 

Status: CURRENT 

NDIS Reference: 1.3 Privacy and Dignity

2
Untitled (300 x 150 px)

Core Services

  • Supported Independent Living
  • In-Home Support
  • Assist Personal Activities High
  • Community Participation
  • Household Tasks
  • MTA/STA

Quick Links

Resources

  • Blog
  • NDIS
  • Fair Work
  • WHS

Contact

  • (07) 2113 2833
  • After Hours (0403 395 711)
  • enquiries@harmonysupport.com.au
  • 661 Oxley Rd,
    Corinda QLD 4075, Australia
  • PO Box 150

    Corinda, QLD 4075, Australia

ABN - 81 652 438 125

© 2025 Harmony Support Australia.  All Rights Reserved.