INREACH Supports Privacy Policy
1. Our Commitment to Privacy
INREACH Supports is committed to protecting the privacy and personal information of our clients, participants, and stakeholders. We manage personal information in accordance with the Privacy Act 1988 (Cth), the 13 Australian Privacy Principles (APPs), the NDIS Practice Standards, and the Notifiable Data Breaches (NDB) scheme.
By engaging with INREACH Supports, you agree to the terms outlined in this Privacy Policy.
2. What Personal Information We Collect
We may collect and hold the following types of information:
- Name, date of birth, and contact details
- NDIS participant numbers and plan details
- Health and medical information (including disability-related data)
- Emergency contact or authorised representative details
- Service preferences and care plans
- Records of service delivery and progress notes
Sensitive information is only collected with your consent or where required by law.
3. How We Collect Your Information
We may collect personal information:
- When you complete our service agreements and intake forms
- During support delivery or communications with you or your representatives
- From allied health professionals, Support Coordinators, or third parties (with your consent)
- Through our systems, including Shiftcare, Microsoft 365, and Dropbox
4. Why We Collect and Use Your Information
We collect your information to:
- Provide disability and community support services
- Coordinate care with health professionals and external providers
- Meet legal and regulatory obligations under the NDIS
- Record and monitor your wellbeing and service outcomes
- Respond to incidents, feedback, or complaints
- Improve service quality
5. Disclosure of Personal Information
We may disclose personal information:
- To health professionals and stakeholders involved in your care
- To third-party service providers under confidentiality agreements (e.g., IT platforms, auditors)
- Where required by law or the NDIS Act
- To prevent serious threats to life, health, or public safety
- In compliance with mandatory reporting obligations
We will inform you of disclosures where lawful and practical.
6. Cross-Border Data Storage
Some of our systems (e.g., Microsoft 365, Dropbox, Shiftcare) may store or process data overseas. INREACH Supports ensures these providers comply with privacy safeguards equivalent to the Australian Privacy Principles.
By engaging our services, you consent to your information being securely stored in such environments.
7. How We Keep Your Information Secure
We protect your information using:
- Secure cloud-based systems with role-based access controls
- Password-protected access for authorised staff only
- Physical safeguards for any printed records
- Regular monitoring and updates to our security systems
8. Data Breach Notification
In the event of a serious data breach likely to cause harm, we will act in line with the NDB scheme by:
- Containing the breach
- Assessing the scope and risk
- Notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required
9. Data Retention
We retain personal information in accordance with legal and best-practice standards:
- Clients: 7 years from last contact
- Minors: Until the individual turns 25
- Aboriginal and Torres Strait Islander clients: May be retained longer for cultural/historical purposes
10. Your Rights
You have the right to:
- Access your personal information held by us
- Request corrections to inaccurate or outdated information
- Withdraw or amend your consent (noting this may affect service delivery)
11. Privacy Complaints
If you have concerns about how we manage your information, please contact us:
INREACH Supports Privacy Contact
โ๏ธ info@inreachsupports.com.au
๐ 1800 975 313
If you're not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
12. Policy Updates
This policy is reviewed annually and updated as needed. The latest version will always be available on our website or upon request.