Connect Plan Management is committed to protecting privacy and the rights of individuals. This policy sets out how we collect and manage personal and sensitive information about individuals and contains our privacy collection statement.
1. What is personal information?
Personal information is defined in the Privacy Act 1988 (Cth). Generally, it is information or an opinion from which your identity is apparent or can be reasonably ascertained. This may include your name, address, telephone number, email address, profession or occupation. With respect to the National Disability Insurance Scheme (NDIS) it may include your NDIS Number and relevant information about your supports.
2. Type of personal information we collect
The types of personal information we may collect include:
- information about your identity (e.g. date of birth, country of birth, drivers’ licence);
- name, address (e.g. residential and mailing address) and contact details (e.g. phone, email and fax);
- information about your personal circumstances (e.g. age, gender, marital status and occupation);
- information about your financial affairs (e.g. payment details and bank account details);
- government identifiers (e.g. NDIS Number and copies of your NDIS plan);
- business information (e.g. your ABN, name and address of your business and business related contact information)
- other information as required by the Anti-Money Laundering Counter-Terrorism Financing Act 2006 (Cth)
We may also collect or hold a range of sensitive information about you including:
- health information (including information about your medical history and any disability or injury you may have). We may also receive information about you from your providers for the purposes of managing your NDIS plan.
3. Why we collect your personal and sensitive information
We will only collect sensitive information if you consent and it is necessary to provide our plan management services under the NDIS.
We may collect, hold, use and disclose your information for the purposes of the administration of your NDIS plan, co-ordination of your disability supports and liaising with your support providers and with the National Disability Insurance Agency (NDIA).
4. How we collect your personal and sensitive information
Where it is reasonable and practical to do so, we will always collect personal and sensitive information directly from you.
Some participants may have a representative (e.g. a partner, parent, brother, sister or someone with legal authority to act on your behalf) or their NDIS Support Coordinator provide information to us on their behalf. Connect Plan Management may engage with your Representative and / or Support Coordinator to collect personal and sensitive information.
5. Disclosing your personal and sensitive information
We will not give your personal information to government agencies, private sector organisations, your service providers or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order;
- formally requested by regulatory bodies, government agencies and law enforcement bodies, including the Department of Human Services and the NDIA;
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety; and
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary for us to take appropriate action in relation to the matter.
In the unlikely event that the assets and operations of our business are sold to another party, our records of personal and sensitive information will be transferred to that party.
6. What if we can’t collect your information?
If you do not provide us with the personal or sensitive information described above we may be unable to provide NDIS plan management services to you.
7. Protection of your personal and sensitive information
We safeguard our IT systems against unauthorised access and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to our staff who need to have access to do their work.
Connect Plan Management may store some information overseas in secure cloud-based environments. Connect Plan Management will take all reasonable steps to guarantee the security of that information.
If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner’s Data breach notification process (Appendix A). We will aim to provide timely advice to you to ensure you are able to manage any potential harm or loss, financial or otherwise, that could result from the breach.
8. Accessing or correcting your information
You have a right to access personal information we hold about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
We will respond to your complaint or request promptly if you provide your contact details. We take all complaints seriously and are committed to a quick and fair resolution. We will not take the fact that you have made a complaint into consideration when we perform any of our other functions or activities.
You may also make a complaint to the Office of the Australian Information Commissioner (OAIC). If you do so, the OAIC may recommend that you try to resolve your complaint directly with us in the first instance. The OAIC can be contacted on 1300 363 992 or via the Office of the Australian Information Commissioner website (Appendix A). The website also contains further information about making complaints relating to privacy.
We will aim to answer your questions or concerns in a timely and satisfactory manner. If we cannot resolve the matter at the point of first contact, our designated complaints manager will be in contact within a reasonable time to advise:
- who will be handling your enquiry; and
- how our investigations are progressing.
Our contact details are:
Office of the Australian Information Commissioner’s Data breach notification process: www.oaic.gov.au/agencies-and-organisations/guides/data-breach-preparation-and-response