PRIVACY POLICY
1. Introduction:
​
EVRCARE SUPPORT SERVICES (“we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of the personal information of our National Disability Insurance Scheme (NDIS) participants, their representatives, our employees, contractors, and other stakeholders. This Privacy Policy outlines how we collect, use, disclose, and store your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the National Disability Insurance Scheme Act 2013 (Cth).
​
2. What is Personal Information?
​
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. This includes sensitive information, such as health information.
​
3. Types of Personal Information We Collect:
​
We may collect the following types of personal information:
​
Participant Information:
â—¦ Name, address, date of birth, contact details (phone number, email address).
â—¦ NDIS Participant Number.
â—¦ NDIS Plan details, including goals, funding, and supports.
â—¦ Health information relevant to the provision of supports (e.g., medical history, diagnoses, medications, allergies).
â—¦ Information about abilities, needs, and preferences.
â—¦ Information about family, carers, and representatives.
â—¦ Reports from other service providers and assessments.
â—¦ Feedback and complaints.
Employee and Contractor Information:
â—¦ Name, address, date of birth, contact details.
â—¦ Employment history, qualifications, and professional registrations.
â—¦ Criminal history checks and other background checks.
â—¦ Bank account details for payroll purposes.
â—¦ Performance information.
Other Stakeholder Information:
â—¦ Name, contact details, and organisation details (for referrers, support coordinators, etc.).
â—¦ Communication records.
​
4. How We Collect Personal Information:
​
We collect personal information in various ways, including:
​
â—¦ Directly from you: Through application forms, service agreements, assessments, conversations, emails, and phone calls.
â—¦ From your representative: With your consent, from your family members, carers, guardians, or authorised representatives.
â—¦ From your NDIS Plan: Through information provided by the National Disability Insurance Agency (NDIA) with your consent.
â—¦ From other service providers: With your consent, from other organisations involved in your care and support.
â—¦ Through our website and online platforms: Through forms you complete or information you provide.
â—¦ In the course of providing services: Through observations, progress notes, and incident reports.
â—¦ From employee and contractor applications and during their engagement.
5. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information:
​
We collect, hold, use, and disclose your personal information for the following purposes:
​
â—¦ Providing NDIS supports and services: To assess your needs, develop support plans, deliver services, and achieve your goals.
â—¦ Managing your NDIS Plan: To process payments, liaise with the NDIA, and manage your funding.
â—¦ Communicating with you and your representatives: To provide information about our services, schedule appointments, and address your queries and concerns.
â—¦ Monitoring and improving our services: To evaluate the effectiveness of our supports, identify areas for improvement, and ensure quality service delivery.
â—¦ Training and supervising our staff: To ensure our staff have the necessary skills and knowledge to provide appropriate support.
â—¦ Managing our employees and contractors: For recruitment, payroll, performance management, and compliance purposes.
â—¦ Complying with legal and regulatory obligations: Including reporting requirements under the NDIS Act and other relevant legislation.
â—¦ Responding to complaints and resolving disputes.
â—¦ For administrative and business operations.
6. Disclosure of Personal Information:
​
We may disclose your personal information to:
​
â—¦ The National Disability Insurance Agency (NDIA): As required for the management of your NDIS Plan and our registration as a provider.
â—¦ Your authorised representatives: Such as family members, carers, guardians, or advocates, with your consent.
â—¦ Other service providers: Involved in your care and support, with your consent.
â—¦ Health professionals: Such as doctors, therapists, and specialists, with your consent.
â—¦ Our employees and contractors: Who need the information to provide services and perform their duties.
â—¦ External auditors and quality assurance bodies: For the purpose of accreditation and quality improvement.
â—¦ Legal and regulatory authorities: As required by law.
â—¦ Third-party service providers: Who assist us with our business operations (e.g., IT support, data storage, payment processing), under strict confidentiality agreements.
​
We will only disclose your personal information for the purposes for which it was collected or for a directly related purpose that you would reasonably expect, or as required or authorised by law. We will obtain your explicit consent before disclosing your personal information to other parties for purposes outside of those described in this policy, unless an exception under the APPs applies.
7. Storage and Security of Personal Information:
​
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:
​
â—¦ Secure storage: Both electronic and physical records are stored securely.
â—¦ Access controls: Limiting access to personal information to authorised personnel who need it to perform their duties.
â—¦ Data encryption: Using encryption technologies to protect electronic data during transmission and storage where appropriate.
â—¦ Regular security assessments: Conducting regular reviews of our security measures to identify and address potential risks.
â—¦ Staff training: Educating our staff on their obligations regarding the handling of personal information.
We will retain your personal information only for as long as it is necessary for the purposes for which it was collected, or as required by law. When your personal information is no longer needed, we will take reasonable steps to securely destroy or de-identify it.
8. Access to and Correction of Your Personal Information:
​
You have the right to request access to the personal information we hold about you and to request corrections if you believe it is inaccurate, incomplete, out-of-date, or misleading.
​
To request access or correction, please contact us via email straight away. We will respond to your request within a reasonable timeframe, usually within 30 days. We may require you to verify your identity before providing access to or correcting your personal information.
​
In some circumstances, we may refuse to grant you access to your personal information, as permitted by the APPs. If we refuse your request, we will provide you with written reasons for the refusal and information about how you can make a complaint.
​
9. Complaints:
​
If you have any concerns or complaints about how we have handled your personal information, please contact us through email in the first instance. We will investigate your complaint and aim to resolve it in a timely and fair manner.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
​
â—¦ Website: www.oaic.gov.au
â—¦ Phone: 1300 363 992
â—¦ Mail: GPO Box 5288, Sydney NSW 2001
10. Updates to this Privacy Policy:
​
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the APPs. Any changes will be posted on our website and will be effective from the date of posting. We encourage you to review this policy periodically.