INREACH Supports Privacy Policy

1. Our Commitment to Privacy

INREACH Supports is committed to protecting the privacy and personal information of our clients, participants, and stakeholders. We manage personal information in accordance with the Privacy Act 1988 (Cth), the 13 Australian Privacy Principles (APPs), the NDIS Practice Standards, and the Notifiable Data Breaches (NDB) scheme.

By engaging with INREACH Supports, you agree to the terms outlined in this Privacy Policy.

2. What Personal Information We Collect

We may collect and hold the following types of information:

• Name, date of birth, and contact details
• NDIS participant numbers and plan details
• Health and medical information (including disability-related data)
• Emergency contact or authorised representative details
• Service preferences and care plans
• Records of service delivery and progress notes

Sensitive information is only collected with your consent or where required by law.

3. How We Collect Your Information

We may collect personal information:

• When you complete our service agreements and intake forms
• During support delivery or communications with you or your representatives
• From allied health professionals, Support Coordinators, or third parties (with your consent)
• Through our systems, including Shiftcare, Microsoft 365, and Dropbox

4. Why We Collect and Use Your Information

We collect your information to:

• Provide disability and community support services
• Coordinate care with health professionals and external providers
• Meet legal and regulatory obligations under the NDIS
• Record and monitor your wellbeing and service outcomes
• Respond to incidents, feedback, or complaints
• Improve service quality

5. Disclosure of Personal Information

We may disclose personal information:

• To health professionals and stakeholders involved in your care
• To third-party service providers under confidentiality agreements (e.g., IT platforms, auditors)
• Where required by law or the NDIS Act
• To prevent serious threats to life, health, or public safety
• In compliance with mandatory reporting obligations

We will inform you of disclosures where lawful and practical.

6. Cross-Border Data Storage

Some of our systems (e.g., Microsoft 365, Dropbox, Shiftcare) may store or process data overseas. INREACH Supports ensures these providers comply with privacy safeguards equivalent to the Australian Privacy Principles.

By engaging our services, you consent to your information being securely stored in such environments.

7. How We Keep Your Information Secure

We protect your information using:

• Secure cloud-based systems with role-based access controls
• Password-protected access for authorised staff only
• Physical safeguards for any printed records
• Regular monitoring and updates to our security systems

8. Data Breach Notification

In the event of a serious data breach likely to cause harm, we will act in line with the NDB scheme by:

• Containing the breach
• Assessing the scope and risk
• Notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required

9. Data Retention

We retain personal information in accordance with legal and best-practice standards:

• Clients: 7 years from last contact
• Minors: Until the individual turns 25
• Aboriginal and Torres Strait Islander clients: May be retained longer for cultural/historical purposes

10. Your Rights

You have the right to:

• Access your personal information held by us
• Request corrections to inaccurate or outdated information
• Withdraw or amend your consent (noting this may affect service delivery)

11. Privacy Complaints

If you have concerns about how we manage your information, please contact us:

If you're not satisfied with our response, you may contact:

12. Policy Updates

This policy is reviewed annually and updated as needed. The latest version will always be available on our website or upon request.