Call Now

New to NDIS?  Download our easy-guide & talk with us.

1. Introduction

HACC is committed to protecting the privacy of participants, their families, careers, authorised representatives and other stakeholders who engage with our disability services under the National Disability Insurance Scheme (NDIS). This Privacy Policy explains how we collect, hold, use, disclose and secure personal and sensitive information, and how you may access and correct that information.

2. Scope

This policy applies to all personal information we handle in the course of providing supports and services under the NDIS, including information about participants, families, carers, employees, contractors and service providers. It complements our obligations under the Privacy Act 1988 (Cth) (including the Australian Privacy Principles) and the specific privacy and secrecy provisions of the NDIS Act and related regulations. NDIS Quality and Safeguards Commission+2NDIS+2

3. What kinds of personal information we collect

We may collect information including (but not limited to):

  • Contact details (name, address, phone number, email)
  • Date of birth, gender, identification information
  • Emergency contact, carer or authorised representative details
  • Disability or health information, support needs, sensory/communication requirements
  • Service plans, goals, outcomes, incident or feedback records
  • Payment, billing or NDIS plan allocation information
  • For employees/contractors: employment history, qualifications, referee details, performance records
    Some information we collect may be “sensitive information” (for example health or disability information) which requires higher protection. NDIS Quality and Safeguards Commission+1

4. How we collect information

We will usually collect your personal information from you directly (e.g., when you fill in forms or engage with us). We may also collect information from third parties including other service providers, government agencies, authorised representatives, where you have consented or where permitted by law.
Where reasonable and practicable, we will notify you of the collection and the purpose at or before collection.

5. Use and disclosure of personal information

We will use and disclose your personal information for the primary purpose for which it was collected (for example to deliver NDIS supports, manage service delivery, billing), and may use or disclose it for related secondary purposes where you would reasonably expect it or you have consented, or where required or authorised by law. We may disclose information to:

  • Our contracted service providers, allied professionals
  • Government agencies or regulatory bodies (as required under the NDIS Act or other law)
  • Organisations who assist us in administration (e.g., IT or cloud providers)
  • Overseas recipients (for example cloud servers) only when the conditions of the Australian Privacy Principles are met.

6. Anonymity and pseudonymity

Where it is lawful and practicable, you may deal with us anonymously or under a pseudonym (for example where you wish to raise a complaint or enquire) unless it is impracticable because of the nature of the service we provide.

7. How we store and secure your information

We store information in a combination of secure physical storage and encrypted electronic records. We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure. This includes limiting access to authorised personnel, monitoring access, secure facilities, and due diligence of third-party service providers.


If personal information is no longer needed, we will securely destroy or de-identify it, in accordance with record-keeping and retention obligations.

8. Data breaches

Where we suspect that a data breach has occurred (for example unauthorised access, disclosure, loss or modification of personal information), we will assess whether it is an “eligible data breach” under the Privacy Act and, if so, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with our Data Breach Response Plan.

9. Cookies, website and social media usage

When you visit our website we may collect technical information (such as IP address, browser type, page views) for analytics and service improvement. We may use cookies to help maintain your session and remember preferences. We do not collect personal information through website analytics unless you provide it. We are not responsible for the privacy practices of third-party websites to which we link or external social media platforms.

10. Access, correction and complaints

You have the right to access the personal information we hold about you and request corrections if you believe it is inaccurate, incomplete, or out-of-date. We may decline access in limited circumstances permitted by law (for example where disclosure would breach another person’s privacy or compromise an investigation).
If you wish to make a complaint about how we have handled your personal information, please contact us (see below). We will respond to your complaint promptly, fairly and without reprisal. If you are dissatisfied with our handling of your complaint, you may refer the matter to the OAIC.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The revised policy will be made available on our website.

12. Contact details

If you have any questions about this Privacy Policy, wish to access or correct your information, or make a privacy complaint, please contact:

Home & Community Care – NDIS Disability Services
Melbourne Australia
+61 468 849 415
info@homecommunitycare.com.au

This is a staging environment