Privacy Policy

Good Doer Community support Services Privacy Policy & Terms and Conditions NDIS Registered Provider  |  Effective Date: 27 April 2026
NDIS Reg. No.Good Doer Community Support Services
ABN66654175961
AddressWestern Suburbs Lara, Little River, Balliang, Werribee, Truganina, Tarneit,
Email [email protected]
Phone0437 603 216
0400 888 104
Websitehttps://gooddoers.com.au/
Effective Date27 April 2026
Review Date27 April 2027
This document constitutes the legally binding Privacy Policy and Terms and Conditions of Good Doer Community support Services as an NDIS Registered Provider. By accessing our website or engaging our services you agree to these terms.   Governing legislation includes but is not limited to:   •  Privacy Act 1988 (Cth) – Australian Privacy Principles (APPs 1–13)   •  National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act)   •  NDIS (Provider Registration and Practice Standards) Rules 2018   •  NDIS Code of Conduct (s 73ZW NDIS Act)   •  Disability Discrimination Act 1992 (Cth)   •  Competition and Consumer Act 2010 (Cth) – Australian Consumer Law (ACL)   •  Health Records Acts (state/territory applicable law)   •  Notifiable Data Breaches (NDB) scheme – Part IIIC, Privacy Act 1988

Part 1 – Privacy Policy

1.1  Introduction and Commitment

Good Doer Community support Services 66654175961NDIS Registration No. [Insert Number]) is committed to protecting the privacy, dignity, and confidentiality of all participants, families, carers, and stakeholders.

This Privacy Policy applies to all personal information we collect, hold, use, and disclose in the course of providing NDIS supports and operating this website. It has been prepared in accordance with:

  • Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)
  • National Disability Insurance Scheme Act 2013 (Cth), particularly Chapter 3A
  • NDIS (Provider Registration and Practice Standards) Rules 2018
  • NDIS Practice Standard – Rights and Responsibilities (Module 1)
  • NDIS Quality and Safeguarding Framework 2016
  • Relevant state/territory health records legislation

1.2  What Personal Information We Collect

1.2.1  Participant and Support Information

We may collect the following categories of personal information as necessary for the delivery of NDIS supports:

  • Full name, date of birth, gender, and residential address
  • NDIS participant number, plan details, and funding categories
  • Health, medical, disability, and support-needs information (sensitive information under APP 3)
  • Mental health, cultural background, and religious/spiritual preferences where relevant to supports
  • Emergency contact details and information about nominees, guardians, or plan managers
  • Service delivery records, progress notes, incident reports, and risk assessments
  • Financial and billing information for processing NDIS claims and invoices
  • Communication records (email, phone logs, correspondence)

1.2.2  Website Visitors

When you visit our website we may automatically collect:

  • IP address, browser type, and operating system
  • Pages visited, time on page, and referring URLs (via analytics cookies)
  • Information submitted through contact or enquiry forms

See Section 1.12 (Cookie Policy) for full details of website data collection.

1.3  Sensitive Information

Health, disability, and mental-health information is classified as sensitive information under APP 3.3. We will only collect sensitive information:

  • With the participant’s express written consent, or that of their authorised representative; or
  • Where required or authorised by law (e.g., mandatory NDIS incident reporting obligations under s 73Z of the NDIS Act and the NDIS (Incident Management and Reportable Incidents) Rules 2018).

1.4  Why We Collect Personal Information

We collect personal information for the following primary purposes:

  • Delivering safe, effective, and individualised NDIS supports
  • Developing, reviewing, and implementing participant support plans
  • Meeting legal and regulatory obligations under the NDIS Act and NDIS Practice Standards
  • Submitting NDIS payment requests to the National Disability Insurance Agency (NDIA)
  • Communicating with participants, authorised representatives, plan managers, and support coordinators
  • Managing risk, safety, and mandatory incident reporting
  • Conducting staff training, quality assurance, and service-improvement activities
  • Complying with the Aged Care Quality and Safety Commission or other oversight bodies where applicable

We will not use or disclose personal information for a secondary purpose unless it is directly related to the primary purpose, or unless the participant has consented, or unless required by law (APPs 6.1 and 6.2).

1.5  How We Collect Information

We collect information through:

  • Intake, assessment, and registration forms (paper and digital)
  • Service agreements and participant consent forms
  • Direct communication – in person, telephone, email, and video conferencing
  • Support workers’ case notes, progress reports, and incident documentation
  • Referrals from allied health professionals, healthcare providers, or families (with consent)
  • Secure digital platforms, case management systems, and client portals
  • Automated collection via website cookies and analytics tools

We will take reasonable steps to collect personal information directly from the individual where practicable (APP 3.6).

1.6  Use and Disclosure of Information

1.6.1  When We May Disclose

We may disclose personal information only when necessary and in accordance with the APPs, including to:

  • The NDIA for plan management, payment claims, and regulatory audits
  • Plan managers, support coordinators, and nominee representatives
  • Allied health professionals, medical practitioners, and other support providers involved in the participant’s care (with consent)
  • The NDIS Quality and Safeguards Commission for registration, audit, and complaints purposes
  • Law enforcement or courts where required or authorised by Australian law
  • Emergency services or health professionals in situations involving risk to life, health, or safety (APP 6.1(e))

1.6.2  Cross-Border Disclosure

If we transfer personal information to an overseas recipient (e.g., cloud hosting services), we will comply with APP 8 and take reasonable steps to ensure the overseas recipient upholds the APPs. We will seek participant consent or confirm a binding agreement is in place before any such transfer.

1.6.3  What We Will Not Do

We will NEVER:

  • Sell, rent, or trade personal information to third parties
  • Use personal information for direct marketing without express consent (APP 7)
  • Disclose participant information to family members or carers without the participant’s consent, unless legally required

1.7  Storage and Security

We implement robust technical and organisational security measures consistent with APP 11 and the NDIS Practice Standards, including:

  • Encryption of electronic records in transit and at rest
  • Secure, password-protected case management systems with role-based access controls
  • Physical security for paper-based records (locked filing cabinets, restricted areas)
  • Regular security assessments and staff privacy training
  • Automatic session timeouts and audit logging on digital systems

Access to personal information is restricted to authorised staff and contractors who require it to fulfil their role.

1.8  Notifiable Data Breaches (NDB Scheme)

We are bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach – one that is likely to result in serious harm – we will:

  • Contain the breach and assess the risk of harm
  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware

We maintain an internal Data Breach Response Plan and conduct regular reviews to prevent and respond to incidents.

1.9  Retention and Disposal of Records

We retain personal information in accordance with:

  • NDIS (Provider Registration and Practice Standards) Rules 2018 – minimum 7 years for adult records
  • Children’s records – retained until the participant turns 25 years of age, or for 7 years from the date of last entry, whichever is later
  • State/territory health records legislation where applicable

When records are no longer required, they are securely destroyed by cross-cut shredding (physical) or certified digital deletion. De-identified records may be retained for quality and statistical purposes.

1.10  Access and Correction Rights

Under APP 12, you have the right to access personal information we hold about you. Under APP 13, you may request correction of inaccurate, outdated, or incomplete information.

To make an access or correction request, contact our Privacy Officer (see Section 1.14). We will respond within 30 days. We may decline access in limited circumstances permitted by the Privacy Act (e.g., if access would pose a serious threat to another person’s safety) and will provide written reasons for any refusal.

1.11  Privacy Complaints

If you believe we have breached the APPs or mishandled your personal information, you may:

  • Contact our Privacy Officer directly (see Section 1.14) – we will acknowledge within 5 business days and resolve within 30 days
  • Contact the NDIS Quality and Safeguards Commission: 1800 035 544 or www.ndiscommission.gov.au
  • Lodge a complaint with the OAIC: 1300 363 992 or www.oaic.gov.au
  • Seek review from the Administrative Appeals Tribunal (AAT) if unsatisfied with an OAIC decision

1.12  Cookie Policy (Website Visitors)

Our website uses cookies and similar tracking technologies. By continuing to use this website you consent to our use of cookies in accordance with this Policy.

Types of Cookies We Use

Essential Cookies – Required for the website to function (cannot be disabled). Analytics Cookies – Help us understand how visitors interact with our site (e.g., Google Analytics). Preference Cookies – Remember your settings and preferences. Marketing Cookies – We do NOT use marketing or advertising tracking cookies.

You may disable cookies through your browser settings; however, this may affect the functionality of the website. Our analytics data is aggregated and de-identified wherever possible.

1.13  Third-Party Links

Our website may contain links to external websites (e.g., NDIS.gov.au, OAIC, or health service providers). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

1.14  Privacy Officer Contact

Privacy Officer: MD Anwer Hossain Organisation: Good Doer Community support Services Email: [email protected] Phone:  0437 603 216 Postal Address: Western Suburbs Lara, Little River, Balliang, Werribee, Truganina, Tarneit, Website: https://gooddoers.com.au/   Office of the Australian Information Commissioner (OAIC): 1300 363 992 | www.oaic.gov.au NDIS Quality and Safeguards Commission: 1800 035 544 | www.ndiscommission.gov.au

1.15  Policy Review

This Privacy Policy is reviewed annually or following any significant change to law, regulation, or organisational practice. The current version is published on our website and available on request. Previous versions are retained for record-keeping purposes.

Part 2 – Terms and Conditions

These Terms and Conditions (Terms) govern the provision of NDIS supports and use of our website. They form part of the Service Agreement entered into between Good Doer Community support Services  and the Participant. By signing a Service Agreement or receiving services you acknowledge you have read and agree to these Terms.

2.1  Parties and Definitions

‘Provider’ means Good Doer Community Support Services 66654175961 NDIS Registration No. [Insert Number]).

‘Participant’ means the NDIS participant receiving supports, and includes an authorised representative, nominee, plan manager, or support coordinator acting on their behalf.

‘Service Agreement’ means the written agreement between the Provider and Participant setting out the supports to be delivered, the associated costs, and agreed scheduling.

‘NDIS Price Guide’ means the NDIS Pricing Arrangements and Price Limits document published by the NDIA, as updated from time to time.

‘NDIS Act’ means the National Disability Insurance Scheme Act 2013 (Cth) and any subordinate legislation made under it.

2.2 Legal Framework

These Terms are governed by and must be read in conjunction with:

  • National Disability Insurance Scheme Act 2013 (Cth)
  • NDIS (Provider Registration and Practice Standards) Rules 2018
  • NDIS Code of Conduct (Registered Provider obligations under s 73ZW NDIS Act)
  • Disability Discrimination Act 1992 (Cth)
  • Competition and Consumer Act 2010 (Cth) – Australian Consumer Law (ACL), Schedule 2
  • Fair Work Act 2009 (Cth) (in relation to worker entitlements)
  • Work Health and Safety Act 2011 (Cth) or applicable state/territory WHS legislation
  • Applicable state or territory law, including equal opportunity and anti-discrimination legislation

2.3 Eligibility for Services

Services are available to:

  • NDIS participants with an approved NDIS plan that includes funding for the supports requested
  • Individuals under a trial of supports, or those on a self-managed or plan-managed basis where prior written agreement has been reached

The Provider reserves the right to decline services where provision would not be consistent with the NDIS Code of Conduct, Practice Standards, or where a conflict of interest exists.

2.4 Service Delivery

2.4.1  Agreed Supports

The Provider will deliver supports as specified in the Service Agreement, consistent with the Participant’s NDIS plan goals and in accordance with the NDIS Practice Standards Module 1 (Rights and Responsibilities) and Module 2 (Supported Decision-Making).

2.4.2  Supported Decision-Making

We uphold the rights of participants under the Convention on the Rights of Persons with Disabilities (CRPD) and the NDIS Act to make their own decisions about the supports they receive. The Provider will take all reasonable steps to facilitate informed decision-making.

2.4.3  Quality and Safety

All supports will be delivered by workers who hold the required qualifications, clearances, and training, including:

  • Valid NDIS Worker Screening Check (or state/territory equivalent)
  • Working with Children Check (where applicable)
  • NDIS Worker Orientation Module ‘Quality, Safety and You’ (completion certificate)
  • First Aid and CPR certification (where applicable to the support type)

2.5  Participant Rights and Responsibilities

2.5.1  Rights

Participants have the right to:

  • Receive supports free from abuse, neglect, exploitation, and violence (NDIS Code of Conduct)
  • Be treated with dignity, respect, and without discrimination
  • Make complaints without fear of reprisal
  • Access an advocate or support person at any time
  • Receive information in an accessible format
  • End a Service Agreement in accordance with these Terms

2.5.2  Responsibilities

Participants agree to:

  • Provide accurate, complete, and up-to-date information relevant to service delivery
  • Treat all staff and contractors with respect and dignity, consistent with WHS obligations
  • Notify the Provider of any changes to support needs, living circumstances, or NDIS plan at least 7 days in advance where practicable
  • Maintain a safe home environment for visiting workers, including disclosing known risks
  • Honour agreed scheduling or provide notice of cancellations in accordance with Section 2.7

2.6  Fees, Charges, and Payments

2.6.1  NDIS Pricing

All fees are charged at or below the applicable rates in the current NDIS Pricing Arrangements and Price Limits (Price Guide), published by the NDIA and updated annually (or mid-year where the NDIA determines). Current rates are available at www.ndis.gov.au.

2.6.2  Payment Methods

Payment may be processed through:

  • NDIA-managed (Agency-managed) funding – Provider claims directly via the NDIS portal
  • Plan-managed funding – Provider invoices the Participant’s registered plan manager
  • Self-managed funding – Provider invoices the Participant directly; payment due within 14 days of invoice

2.6.3  Non-Payment

Invoices unpaid after 30 days may accrue interest at the Reserve Bank of Australia’s cash rate plus 2%, and the matter may be referred to a debt collection agency or NCAT/court as appropriate. The Provider may suspend services for sustained non-payment after providing 14 days’ written notice.

2.6.4  GST

Most NDIS supports are GST-free under the A New Tax System (Goods and Services Tax) Act 1999 (Cth). Where GST is applicable, it will be clearly itemised on the invoice.

2.7  Cancellations and No-Shows

The Provider’s cancellation policy aligns with the NDIS Pricing Arrangements and Price Limits:

  • Cancellations with less than 2 business days’ notice (for supports under 8 hours): Provider may charge up to 100% of the agreed fee.
  • Cancellations with less than 5 business days’ notice (for supports of 8 hours or longer, or overnight): Provider may charge up to 100% of the agreed fee.
  • No-shows (Participant absent at agreed time): Provider may charge up to 100% of the agreed fee.
  • Provider-initiated cancellations: No charge applies; the Provider will endeavour to provide reasonable advance notice.

Repeated late cancellations may be grounds for review or termination of the Service Agreement (see Section 2.9).

2.8  Incident Reporting and Complaints

2.8.1  Mandatory Incident Reporting

The Provider is obligated to report Reportable Incidents to the NDIS Quality and Safeguards Commission under the NDIS (Incident Management and Reportable Incidents) Rules 2018 within the following timeframes:

  • Immediately notifiable incidents (e.g., death of participant, abuse, neglect) – within 24 hours
  • Other reportable incidents – within 5 business days

2.8.2  Complaints Procedure

To make a complaint:

  • Step 1: Contact our Complaints Officer directly (see Part 1, Section 1.14)
  • Step 2: If unresolved within 30 days, contact the NDIS Quality and Safeguards Commission on 1800 035 544
  • Step 3: Further escalation to the OAIC, AHRC, or relevant state/territory tribunal as appropriate

We are committed to a no-blame, open-disclosure culture and will not penalise any participant or worker for raising a concern in good faith.

2.9  Termination of Services

2.9.1  Participant-Initiated Termination

A Participant may terminate the Service Agreement by providing 14 days’ written notice. Services will cease at the end of the notice period, or earlier by mutual agreement. Any funded supports delivered prior to termination will be invoiced.

2.9.2  Provider-Initiated Termination

The Provider may terminate the Service Agreement by providing 14 days’ written notice in all ordinary circumstances, or with immediate effect (subject to notifying the NDIS Commission as required) where:

  • A participant or third party poses an unacceptable risk to worker health or safety under the Work Health and Safety Act 2011 (Cth) or applicable state/territory WHS law
  • There is evidence or reasonable suspicion of abuse, fraud, or misconduct
  • The participant’s NDIS funding is exhausted or the plan has ended without renewal
  • Sustained non-payment of invoices after written notice

Where possible, the Provider will assist the Participant in transitioning to an alternative provider and will provide a copy of relevant support records upon request.

2.10  Work Health and Safety

The Provider has a duty of care to workers under the Work Health and Safety Act 2011 (Cth) and relevant state/territory legislation. Participants agree to:

  • Disclose any known hazards in the home or community environment prior to service commencement
  • Cooperate with any reasonable risk assessment or safe work method statement
  • Not request workers to perform tasks outside their agreed scope or that create unreasonable risks

The Provider may refuse to commence or continue a support if the environment poses an unacceptable safety risk, and will document and report the decision in accordance with internal incident management procedures.

2.11  Conflict of Interest

Staff and contractors must declare any actual, potential, or perceived conflicts of interest in accordance with the Provider’s Conflict of Interest Policy and the NDIS Practice Standards. The Provider will not engage in any financial or personal relationship with participants that constitutes exploitation or an inappropriate conflict of interest.

2.12  Insurance

The Provider maintains the following minimum insurance coverage:

  • Public Liability Insurance – $20 million per occurrence
  • Professional Indemnity Insurance – $10 million per occurrence
  • Workers’ Compensation Insurance – as required by state/territory law
  • Cyber Liability Insurance – covering data breaches and privacy incidents

Certificates of currency are available on request.

2.13  Australian Consumer Law (ACL) Guarantees

The ACL (Schedule 2, Competition and Consumer Act 2010 (Cth)) provides automatic consumer guarantees. Our services are provided with:

  • Acceptable care and skill (s 60 ACL)
  • Fitness for purpose – supplies are reasonably fit for the purpose the consumer made known (s 61 ACL)
  • Delivery within a reasonable time (s 62 ACL)

Nothing in these Terms excludes, restricts, or modifies any guarantee, right, or remedy under the ACL or any other applicable legislation that cannot lawfully be excluded.

2.14  Limitation of Liability

Subject to the ACL and any other non-excludable statutory rights:

  • The Provider’s liability for any loss or damage arising from the provision of services is limited, to the extent permitted by law, to the re-supply of the relevant service or the cost of having the service supplied again
  • The Provider is not liable for indirect, consequential, special, or punitive damages

This limitation does not apply to loss or damage caused by the Provider’s fraud, wilful misconduct, or gross negligence, or to personal injury or death caused by the Provider’s negligence.

2.15  Intellectual Property

All training resources, assessment tools, care plans, and other documents created by the Provider remain the intellectual property of Good Doer Community support Services  unless otherwise agreed in writing. Participants may retain copies of their own support plans and case notes as part of their right of access under APP 12.

2.16  Amendments to These Terms

The Provider may update these Terms to reflect changes in NDIS legislation, pricing, or operational practice. Participants will receive at least 14 days’ written notice before any material change takes effect. The current version is published on our website. Continued receipt of services after the effective date of any update constitutes acceptance of the revised Terms.

2.17  Governing Law and Jurisdiction

These Terms are governed by the laws of the Commonwealth of Australia and the state or territory in which the services are primarily delivered. Any disputes not resolved through the Provider’s complaints procedure may be referred to the relevant tribunal, court, or alternative dispute resolution body.

Part 3 – Acknowledgement and Acceptance

By signing a Service Agreement or accessing and using our services, you acknowledge that you have read, understood, and agree to both the Privacy Policy (Part 1) and the Terms and Conditions (Part 2) of this document.

If you are signing on behalf of a participant as an authorised representative, guardian, or nominee, you confirm that you have authority to do so.

Participant / Authorised Representative Full Name: ___________________________ Signature: ___________________________ Date:          ___________________________ Relationship to Participant (if applicable): ___________________________ Provider Representative Full Name: ___________________________ Signature: ___________________________ Date:          ___________________________ Position: ___________________________  
Provider Details (for official records): Provider Name: Good Doer Community support Services NDIS Registration Number: [Insert Number] ABN: [Insert ABN] Address: [Insert Address] Contact: [Insert Email / Phone] Website: [Insert Website URL]   This document was prepared in accordance with Australian law and NDIS regulatory requirements. Version 1.0  |  Effective 27 April 2026  |  Next Review: 27 April 2027
[Your Business Name] Privacy Policy & Terms and Conditions NDIS Registered Provider  |  Effective Date: 27 April 2026
NDIS Reg. No.[Insert Number]
ABN[Insert ABN]
Address[Your Address]
Email[Your Email]
Phone[Your Phone]
Website[Your Website URL]
Effective Date27 April 2026
Review Date27 April 2027
This document constitutes the legally binding Privacy Policy and Terms and Conditions of [Your Business Name] as an NDIS Registered Provider. By accessing our website or engaging our services you agree to these terms.   Governing legislation includes but is not limited to:   •  Privacy Act 1988 (Cth) – Australian Privacy Principles (APPs 1–13)   •  National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act)   •  NDIS (Provider Registration and Practice Standards) Rules 2018   •  NDIS Code of Conduct (s 73ZW NDIS Act)   •  Disability Discrimination Act 1992 (Cth)   •  Competition and Consumer Act 2010 (Cth) – Australian Consumer Law (ACL)   •  Health Records Acts (state/territory applicable law)   •  Notifiable Data Breaches (NDB) scheme – Part IIIC, Privacy Act 1988

Part 1 – Privacy Policy

1.1  Introduction and Commitment

[Your Business Name] (ABN [Insert ABN], NDIS Registration No. [Insert Number]) is committed to protecting the privacy, dignity, and confidentiality of all participants, families, carers, and stakeholders.

This Privacy Policy applies to all personal information we collect, hold, use, and disclose in the course of providing NDIS supports and operating this website. It has been prepared in accordance with:

  • Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)
  • National Disability Insurance Scheme Act 2013 (Cth), particularly Chapter 3A
  • NDIS (Provider Registration and Practice Standards) Rules 2018
  • NDIS Practice Standard – Rights and Responsibilities (Module 1)
  • NDIS Quality and Safeguarding Framework 2016
  • Relevant state/territory health records legislation

1.2  What Personal Information We Collect

1.2.1  Participant and Support Information

We may collect the following categories of personal information as necessary for the delivery of NDIS supports:

  • Full name, date of birth, gender, and residential address
  • NDIS participant number, plan details, and funding categories
  • Health, medical, disability, and support-needs information (sensitive information under APP 3)
  • Mental health, cultural background, and religious/spiritual preferences where relevant to supports
  • Emergency contact details and information about nominees, guardians, or plan managers
  • Service delivery records, progress notes, incident reports, and risk assessments
  • Financial and billing information for processing NDIS claims and invoices
  • Communication records (email, phone logs, correspondence)

1.2.2  Website Visitors

When you visit our website we may automatically collect:

  • IP address, browser type, and operating system
  • Pages visited, time on page, and referring URLs (via analytics cookies)
  • Information submitted through contact or enquiry forms

See Section 1.12 (Cookie Policy) for full details of website data collection.

1.3  Sensitive Information

Health, disability, and mental-health information is classified as sensitive information under APP 3.3. We will only collect sensitive information:

  • With the participant’s express written consent, or that of their authorised representative; or
  • Where required or authorised by law (e.g., mandatory NDIS incident reporting obligations under s 73Z of the NDIS Act and the NDIS (Incident Management and Reportable Incidents) Rules 2018).

1.4  Why We Collect Personal Information

We collect personal information for the following primary purposes:

  • Delivering safe, effective, and individualised NDIS supports
  • Developing, reviewing, and implementing participant support plans
  • Meeting legal and regulatory obligations under the NDIS Act and NDIS Practice Standards
  • Submitting NDIS payment requests to the National Disability Insurance Agency (NDIA)
  • Communicating with participants, authorised representatives, plan managers, and support coordinators
  • Managing risk, safety, and mandatory incident reporting
  • Conducting staff training, quality assurance, and service-improvement activities
  • Complying with the Aged Care Quality and Safety Commission or other oversight bodies where applicable

We will not use or disclose personal information for a secondary purpose unless it is directly related to the primary purpose, or unless the participant has consented, or unless required by law (APPs 6.1 and 6.2).

1.5  How We Collect Information

We collect information through:

  • Intake, assessment, and registration forms (paper and digital)
  • Service agreements and participant consent forms
  • Direct communication – in person, telephone, email, and video conferencing
  • Support workers’ case notes, progress reports, and incident documentation
  • Referrals from allied health professionals, healthcare providers, or families (with consent)
  • Secure digital platforms, case management systems, and client portals
  • Automated collection via website cookies and analytics tools

We will take reasonable steps to collect personal information directly from the individual where practicable (APP 3.6).

1.6  Use and Disclosure of Information

1.6.1  When We May Disclose

We may disclose personal information only when necessary and in accordance with the APPs, including to:

  • The NDIA for plan management, payment claims, and regulatory audits
  • Plan managers, support coordinators, and nominee representatives
  • Allied health professionals, medical practitioners, and other support providers involved in the participant’s care (with consent)
  • The NDIS Quality and Safeguards Commission for registration, audit, and complaints purposes
  • Law enforcement or courts where required or authorised by Australian law
  • Emergency services or health professionals in situations involving risk to life, health, or safety (APP 6.1(e))

1.6.2  Cross-Border Disclosure

If we transfer personal information to an overseas recipient (e.g., cloud hosting services), we will comply with APP 8 and take reasonable steps to ensure the overseas recipient upholds the APPs. We will seek participant consent or confirm a binding agreement is in place before any such transfer.

1.6.3  What We Will Not Do

We will NEVER:

  • Sell, rent, or trade personal information to third parties
  • Use personal information for direct marketing without express consent (APP 7)
  • Disclose participant information to family members or carers without the participant’s consent, unless legally required

1.7  Storage and Security

We implement robust technical and organisational security measures consistent with APP 11 and the NDIS Practice Standards, including:

  • Encryption of electronic records in transit and at rest
  • Secure, password-protected case management systems with role-based access controls
  • Physical security for paper-based records (locked filing cabinets, restricted areas)
  • Regular security assessments and staff privacy training
  • Automatic session timeouts and audit logging on digital systems

Access to personal information is restricted to authorised staff and contractors who require it to fulfil their role.

1.8  Notifiable Data Breaches (NDB Scheme)

We are bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach – one that is likely to result in serious harm – we will:

  • Contain the breach and assess the risk of harm
  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware

We maintain an internal Data Breach Response Plan and conduct regular reviews to prevent and respond to incidents.

1.9  Retention and Disposal of Records

We retain personal information in accordance with:

  • NDIS (Provider Registration and Practice Standards) Rules 2018 – minimum 7 years for adult records
  • Children’s records – retained until the participant turns 25 years of age, or for 7 years from the date of last entry, whichever is later
  • State/territory health records legislation where applicable

When records are no longer required, they are securely destroyed by cross-cut shredding (physical) or certified digital deletion. De-identified records may be retained for quality and statistical purposes.

1.10  Access and Correction Rights

Under APP 12, you have the right to access personal information we hold about you. Under APP 13, you may request correction of inaccurate, outdated, or incomplete information.

To make an access or correction request, contact our Privacy Officer (see Section 1.14). We will respond within 30 days. We may decline access in limited circumstances permitted by the Privacy Act (e.g., if access would pose a serious threat to another person’s safety) and will provide written reasons for any refusal.

1.11  Privacy Complaints

If you believe we have breached the APPs or mishandled your personal information, you may:

  • Contact our Privacy Officer directly (see Section 1.14) – we will acknowledge within 5 business days and resolve within 30 days
  • Contact the NDIS Quality and Safeguards Commission: 1800 035 544 or www.ndiscommission.gov.au
  • Lodge a complaint with the OAIC: 1300 363 992 or www.oaic.gov.au
  • Seek review from the Administrative Appeals Tribunal (AAT) if unsatisfied with an OAIC decision

1.12  Cookie Policy (Website Visitors)

Our website uses cookies and similar tracking technologies. By continuing to use this website you consent to our use of cookies in accordance with this Policy.

Types of Cookies We Use

Essential Cookies – Required for the website to function (cannot be disabled). Analytics Cookies – Help us understand how visitors interact with our site (e.g., Google Analytics). Preference Cookies – Remember your settings and preferences. Marketing Cookies – We do NOT use marketing or advertising tracking cookies.

You may disable cookies through your browser settings; however, this may affect the functionality of the website. Our analytics data is aggregated and de-identified wherever possible.

1.13  Third-Party Links

Our website may contain links to external websites (e.g., NDIS.gov.au, OAIC, or health service providers). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

1.14  Privacy Officer Contact

Privacy Officer: [Full Name / Title] Organisation: [Your Business Name] Email: [Your Privacy Email] Phone: [Your Phone Number] Postal Address: [Your Address] Website: [Your Website URL]   Office of the Australian Information Commissioner (OAIC): 1300 363 992 | www.oaic.gov.au NDIS Quality and Safeguards Commission: 1800 035 544 | www.ndiscommission.gov.au

1.15  Policy Review

This Privacy Policy is reviewed annually or following any significant change to law, regulation, or organisational practice. The current version is published on our website and available on request. Previous versions are retained for record-keeping purposes.

Part 2 – Terms and Conditions

These Terms and Conditions (Terms) govern the provision of NDIS supports and use of our website. They form part of the Service Agreement entered into between [Your Business Name] and the Participant. By signing a Service Agreement or receiving services you acknowledge you have read and agree to these Terms.

2.1  Parties and Definitions

‘Provider’ means [Your Business Name] (ABN [Insert ABN], NDIS Registration No. [Insert Number]).

‘Participant’ means the NDIS participant receiving supports, and includes an authorised representative, nominee, plan manager, or support coordinator acting on their behalf.

‘Service Agreement’ means the written agreement between the Provider and Participant setting out the supports to be delivered, the associated costs, and agreed scheduling.

‘NDIS Price Guide’ means the NDIS Pricing Arrangements and Price Limits document published by the NDIA, as updated from time to time.

‘NDIS Act’ means the National Disability Insurance Scheme Act 2013 (Cth) and any subordinate legislation made under it.

2.2  Legal Framework

These Terms are governed by and must be read in conjunction with:

  • National Disability Insurance Scheme Act 2013 (Cth)
  • NDIS (Provider Registration and Practice Standards) Rules 2018
  • NDIS Code of Conduct (Registered Provider obligations under s 73ZW NDIS Act)
  • Disability Discrimination Act 1992 (Cth)
  • Competition and Consumer Act 2010 (Cth) – Australian Consumer Law (ACL), Schedule 2
  • Fair Work Act 2009 (Cth) (in relation to worker entitlements)
  • Work Health and Safety Act 2011 (Cth) or applicable state/territory WHS legislation
  • Applicable state or territory law, including equal opportunity and anti-discrimination legislation

2.3  Eligibility for Services

Services are available to:

  • NDIS participants with an approved NDIS plan that includes funding for the supports requested
  • Individuals under a trial of supports, or those on a self-managed or plan-managed basis where prior written agreement has been reached

The Provider reserves the right to decline services where provision would not be consistent with the NDIS Code of Conduct, Practice Standards, or where a conflict of interest exists.

2.4  Service Delivery

2.4.1  Agreed Supports

The Provider will deliver supports as specified in the Service Agreement, consistent with the Participant’s NDIS plan goals and in accordance with the NDIS Practice Standards Module 1 (Rights and Responsibilities) and Module 2 (Supported Decision-Making).

2.4.2  Supported Decision-Making

We uphold the rights of participants under the Convention on the Rights of Persons with Disabilities (CRPD) and the NDIS Act to make their own decisions about the supports they receive. The Provider will take all reasonable steps to facilitate informed decision-making.

2.4.3  Quality and Safety

All supports will be delivered by workers who hold the required qualifications, clearances, and training, including:

  • Valid NDIS Worker Screening Check (or state/territory equivalent)
  • Working with Children Check (where applicable)
  • NDIS Worker Orientation Module ‘Quality, Safety and You’ (completion certificate)
  • First Aid and CPR certification (where applicable to the support type)

2.5  Participant Rights and Responsibilities

2.5.1  Rights

Participants have the right to:

  • Receive supports free from abuse, neglect, exploitation, and violence (NDIS Code of Conduct)
  • Be treated with dignity, respect, and without discrimination
  • Make complaints without fear of reprisal
  • Access an advocate or support person at any time
  • Receive information in an accessible format
  • End a Service Agreement in accordance with these Terms

2.5.2  Responsibilities

Participants agree to:

  • Provide accurate, complete, and up-to-date information relevant to service delivery
  • Treat all staff and contractors with respect and dignity, consistent with WHS obligations
  • Notify the Provider of any changes to support needs, living circumstances, or NDIS plan at least 7 days in advance where practicable
  • Maintain a safe home environment for visiting workers, including disclosing known risks
  • Honour agreed scheduling or provide notice of cancellations in accordance with Section 2.7

2.6  Fees, Charges, and Payments

2.6.1  NDIS Pricing

All fees are charged at or below the applicable rates in the current NDIS Pricing Arrangements and Price Limits (Price Guide), published by the NDIA and updated annually (or mid-year where the NDIA determines). Current rates are available at www.ndis.gov.au.

2.6.2  Payment Methods

Payment may be processed through:

  • NDIA-managed (Agency-managed) funding – Provider claims directly via the NDIS portal
  • Plan-managed funding – Provider invoices the Participant’s registered plan manager
  • Self-managed funding – Provider invoices the Participant directly; payment due within 14 days of invoice

2.6.3  Non-Payment

Invoices unpaid after 30 days may accrue interest at the Reserve Bank of Australia’s cash rate plus 2%, and the matter may be referred to a debt collection agency or NCAT/court as appropriate. The Provider may suspend services for sustained non-payment after providing 14 days’ written notice.

2.6.4  GST

Most NDIS supports are GST-free under the A New Tax System (Goods and Services Tax) Act 1999 (Cth). Where GST is applicable, it will be clearly itemised on the invoice.

2.7  Cancellations and No-Shows

The Provider’s cancellation policy aligns with the NDIS Pricing Arrangements and Price Limits:

  • Cancellations with less than 2 business days’ notice (for supports under 8 hours): Provider may charge up to 100% of the agreed fee.
  • Cancellations with less than 5 business days’ notice (for supports of 8 hours or longer, or overnight): Provider may charge up to 100% of the agreed fee.
  • No-shows (Participant absent at agreed time): Provider may charge up to 100% of the agreed fee.
  • Provider-initiated cancellations: No charge applies; the Provider will endeavour to provide reasonable advance notice.

Repeated late cancellations may be grounds for review or termination of the Service Agreement (see Section 2.9).

2.8  Incident Reporting and Complaints

2.8.1  Mandatory Incident Reporting

The Provider is obligated to report Reportable Incidents to the NDIS Quality and Safeguards Commission under the NDIS (Incident Management and Reportable Incidents) Rules 2018 within the following timeframes:

  • Immediately notifiable incidents (e.g., death of participant, abuse, neglect) – within 24 hours
  • Other reportable incidents – within 5 business days

2.8.2  Complaints Procedure

To make a complaint:

  • Step 1: Contact our Complaints Officer directly (see Part 1, Section 1.14)
  • Step 2: If unresolved within 30 days, contact the NDIS Quality and Safeguards Commission on 1800 035 544
  • Step 3: Further escalation to the OAIC, AHRC, or relevant state/territory tribunal as appropriate

We are committed to a no-blame, open-disclosure culture and will not penalise any participant or worker for raising a concern in good faith.

2.9  Termination of Services

2.9.1  Participant-Initiated Termination

A Participant may terminate the Service Agreement by providing 14 days’ written notice. Services will cease at the end of the notice period, or earlier by mutual agreement. Any funded supports delivered prior to termination will be invoiced.

2.9.2  Provider-Initiated Termination

The Provider may terminate the Service Agreement by providing 14 days’ written notice in all ordinary circumstances, or with immediate effect (subject to notifying the NDIS Commission as required) where:

  • A participant or third party poses an unacceptable risk to worker health or safety under the Work Health and Safety Act 2011 (Cth) or applicable state/territory WHS law
  • There is evidence or reasonable suspicion of abuse, fraud, or misconduct
  • The participant’s NDIS funding is exhausted or the plan has ended without renewal
  • Sustained non-payment of invoices after written notice

Where possible, the Provider will assist the Participant in transitioning to an alternative provider and will provide a copy of relevant support records upon request.

2.10  Work Health and Safety

The Provider has a duty of care to workers under the Work Health and Safety Act 2011 (Cth) and relevant state/territory legislation. Participants agree to:

  • Disclose any known hazards in the home or community environment prior to service commencement
  • Cooperate with any reasonable risk assessment or safe work method statement
  • Not request workers to perform tasks outside their agreed scope or that create unreasonable risks

The Provider may refuse to commence or continue a support if the environment poses an unacceptable safety risk, and will document and report the decision in accordance with internal incident management procedures.

2.11  Conflict of Interest

Staff and contractors must declare any actual, potential, or perceived conflicts of interest in accordance with the Provider’s Conflict of Interest Policy and the NDIS Practice Standards. The Provider will not engage in any financial or personal relationship with participants that constitutes exploitation or an inappropriate conflict of interest.

2.12  Insurance

The Provider maintains the following minimum insurance coverage:

  • Public Liability Insurance – $20 million per occurrence
  • Professional Indemnity Insurance – $10 million per occurrence
  • Workers’ Compensation Insurance – as required by state/territory law
  • Cyber Liability Insurance – covering data breaches and privacy incidents

Certificates of currency are available on request.

2.13  Australian Consumer Law (ACL) Guarantees

The ACL (Schedule 2, Competition and Consumer Act 2010 (Cth)) provides automatic consumer guarantees. Our services are provided with:

  • Acceptable care and skill (s 60 ACL)
  • Fitness for purpose – supplies are reasonably fit for the purpose the consumer made known (s 61 ACL)
  • Delivery within a reasonable time (s 62 ACL)

Nothing in these Terms excludes, restricts, or modifies any guarantee, right, or remedy under the ACL or any other applicable legislation that cannot lawfully be excluded.

2.14  Limitation of Liability

Subject to the ACL and any other non-excludable statutory rights:

  • The Provider’s liability for any loss or damage arising from the provision of services is limited, to the extent permitted by law, to the re-supply of the relevant service or the cost of having the service supplied again
  • The Provider is not liable for indirect, consequential, special, or punitive damages

This limitation does not apply to loss or damage caused by the Provider’s fraud, wilful misconduct, or gross negligence, or to personal injury or death caused by the Provider’s negligence.

2.15  Intellectual Property

All training resources, assessment tools, care plans, and other documents created by the Provider remain the intellectual property of [Your Business Name] unless otherwise agreed in writing. Participants may retain copies of their own support plans and case notes as part of their right of access under APP 12.

2.16  Amendments to These Terms

The Provider may update these Terms to reflect changes in NDIS legislation, pricing, or operational practice. Participants will receive at least 14 days’ written notice before any material change takes effect. The current version is published on our website. Continued receipt of services after the effective date of any update constitutes acceptance of the revised Terms.

2.17  Governing Law and Jurisdiction

These Terms are governed by the laws of the Commonwealth of Australia and the state or territory in which the services are primarily delivered. Any disputes not resolved through the Provider’s complaints procedure may be referred to the relevant tribunal, court, or alternative dispute resolution body.

Part 3 – Acknowledgement and Acceptance

By signing a Service Agreement or accessing and using our services, you acknowledge that you have read, understood, and agree to both the Privacy Policy (Part 1) and the Terms and Conditions (Part 2) of this document.

If you are signing on behalf of a participant as an authorised representative, guardian, or nominee, you confirm that you have authority to do so.

Participant / Authorised Representative Full Name: ___________________________ Signature: ___________________________ Date:          ___________________________ Relationship to Participant (if applicable): ___________________________ Provider Representative Full Name: ___________________________ Signature: ___________________________ Date:          ___________________________ Position: ___________________________  
Provider Details (for official records): Provider Name: [Your Business Name] NDIS Registration Number: [Insert Number] ABN: [Insert ABN] Address: [Insert Address] Contact: [Insert Email / Phone] Website: [Insert Website URL]   This document was prepared in accordance with Australian law and NDIS regulatory requirements. Version 1.0  |  Effective 27 April 2026  |  Next Review: 27 April 2027