Privacy Policy
Collection of Personal and Health Information
Use of Personal and Health Information
We use your personal and health information to:
* Provide you with our services
* Assess your needs and develop support plans
* Communicate with you about your services
* Manage our business operations
* Comply with our legal obligations
Disclosure of Personal and Health Information
We may disclose your personal and health information to:
* Your authorised representative or nominee
* Other service providers involved in your care and support
* The NDIS Quality and Safeguards Commission
* Your NDIS Plan Manager or Support Coordinator
* Allied health professionals and specialists as required
* Government agencies as required by law
* Our insurers, legal advisors, or auditors where necessary
We will only disclose your information with your informed consent, or where we are required or authorised to do so by law. Where possible, we will inform you before any disclosure is made.
Storage of Personal and Health Information
We store your personal and health information securely using a combination of electronic and paper-based systems. We take all reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
Our data security measures include:
* Secure, password-protected electronic systems with restricted access controls
* Encryption of sensitive data during storage and transmission
* Regular security updates and monitoring of our IT systems
* Physical security measures for paper-based records, including locked storage
* Staff training on privacy, confidentiality, and data security obligations
* Regular audits and reviews of our data security practices
Access to personal and health information is restricted to authorised staff who require it to perform their duties.
Access And Correction Rights
Under the Australian Privacy Principles and the Health Records Act 2001 (Vic), you have the right to:
* Request access to the personal and health information we hold about you
* Request corrections to any information that is inaccurate, incomplete, or out of date
* Be informed about how your information is being used and disclosed
* Withdraw your consent to the use or disclosure of your information at any time (noting this may affect our ability to provide services)
To request access to or correction of your personal information, please contact our Privacy Officer in writing. We will respond to your request within 30 days. In some circumstances, we may refuse access or correction in accordance with the law, and we will provide you with written reasons for any refusal.
There is no charge for making a request, however we may charge a reasonable fee for providing access to your information if it requires significant effort to locate and compile.
Data Retention And Destruction
We retain your personal and health information only for as long as it is needed to fulfil the purposes for which it was collected, or as required by law.
Our retention practices include:
* NDIS participant records are retained for a minimum of 7 years after the last service was provided, in accordance with the NDIS Practice Standards and the Health Records Act 2001 (Vic)
* Financial and billing records are retained for a minimum of 7 years as required by tax legislation
* Employment and contractor records are retained as required by the Fair Work Act and other applicable legislation
* Incident reports and complaints records are retained for a minimum of 7 years
When personal information is no longer required, we will take reasonable steps to securely destroy or permanently de-identify it. Electronic records are securely deleted, and paper records are shredded or placed in secure destruction bins.
Applicable Legislation
This Privacy Policy is governed by and complies with the following legislation and frameworks:
* Privacy Act 1988 (Cth) — including the Australian Privacy Principles (APPs), which regulate how organisations collect, use, disclose, and store personal information
* Health Records Act 2001 (Vic) — which sets out the Health Privacy Principles (HPPs) governing the handling of health information in Victoria
* National Disability Insurance Scheme Act 2013 (Cth) — including the NDIS Practice Standards and Quality Indicators, which set expectations for the management of participant information
* NDIS (Provider Registration and Practice Standards) Rules 2018 — which outline governance and recordkeeping obligations for registered NDIS providers
As a registered NDIS provider operating in Victoria, Abilitive is bound by both the Australian Privacy Principles and the Victorian Health Privacy Principles. Where there is any inconsistency, the standard that provides the greater protection to the individual will apply.
Complaints About Privacy
If you have any concerns about how we have handled your personal or health information, please contact our Privacy Officer. We will investigate your complaint and respond to you within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the following external bodies:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Health Complaints Commissioner (Victoria)
Website: www.hcc.vic.gov.au
Phone: 1300 582 113
NDIS Quality and Safeguards Commission
Website: www.ndiscommission.gov.au
Phone: 1800 035 544
Contact Information
If you have any questions about this Privacy Policy or our handling of your personal and health information, please contact our Privacy Officer at:
Privacy Officer
Abilitive
27 Advantage Road, Highett VIC 3190
0421 420 838
admin@abilitive.com.au
Policy Review
We regularly review and update this Privacy Policy to ensure it is consistent with current laws and best practices. This Privacy Policy was last updated on 20 June 2025.