Privacy Policy

This Privacy Policy explains how Al Amira Disability Services collects, uses, stores and discloses personal information in connection with the supports and services we provide under the National Disability Insurance Scheme (NDIS).

Important: This document is a general template only. It does not constitute legal advice. Please ask your legal advisor or NDIS compliance specialist to review and adapt it so it meets Australian privacy law, NDIS Practice Standards and your specific business needs.

Organisation: Al Amira Disability Services Applies to: Participants, families, staff, contractors & visitors Last updated: December 2025

1. Purpose & scope

Al Amira Disability Services is committed to protecting the privacy and confidentiality of NDIS participants, families, staff, contractors and visitors. We manage personal information in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the requirements of the NDIS Quality and Safeguards Commission and NDIS Practice Standards.

This policy applies to:

All supports and services we provide under the NDIS;
All staff, contractors, volunteers and students engaged by Al Amira Disability Services;
Participants, their families, guardians and nominees;
Visitors to our website, social media and premises.

2. What information we collect

We only collect personal information that is reasonably necessary for us to provide safe, high-quality services, meet our legal obligations or operate our business.

2.1 Personal information

Depending on your relationship with us, we may collect:

Contact details (name, address, phone number, email).
Date of birth, gender and preferred language.
Emergency contact details and nominated representatives.
NDIS participant details (NDIS number, plan dates, goals, funding categories).
Cultural and religious information where relevant to your care and preferences.
Records of communications with you (emails, call notes, meeting notes).

2.2 Sensitive and health information

In order to provide supports safely, we may need to collect sensitive information, including:

Health and disability information (diagnoses, mobility needs, behaviour support needs).
Support plans, risk assessments and behaviour support plans.
Medication information and administration records, where relevant.
Information about communication needs, dietary requirements, cultural or religious practices that impact your support.
Incident reports, safeguarding information and complaint records.

We only collect sensitive information with your consent, or where authorised or required by law (for example, where there is a serious threat to life, health or safety).

2.3 Information about staff, contractors and applicants

For people who work with us, we may collect:

Employment and referee details, qualifications and professional registrations.
NDIS Worker Screening Check details and other required clearances.
Training, supervision and performance records.
Payroll and HR information necessary to manage employment.

2.4 Information about website visitors

When you visit our website or interact with us online, we may collect limited analytics information such as pages visited, time on site and device/browser type. This is usually collected in a de-identified form to help us improve our website and services.

3. How we collect information

We collect personal information in a variety of ways, including:

Directly from you in person, over the phone, in writing or via email and online forms.
From your authorised representative, guardian, nominee or family member.
From other providers or professionals involved in your support (such as support coordinators, therapists, doctors or schools), with your consent where required.
From government agencies such as the NDIA, where lawful and relevant.
Through feedback, incident and complaint forms.
Through CCTV or security systems at our sites, if installed, for safety and security purposes. Where CCTV is used, we display signage.

Wherever practicable, we will collect information directly from you and explain why we are collecting it and how it will be used.

4. How we use & disclose personal information

4.1 Main purposes

We use personal information to:

Plan, deliver and review the NDIS supports and services you receive from us.
Communicate with you, your representative and other providers involved in your care.
Manage risks, incidents, quality and safeguarding obligations.
Train and supervise staff so they can provide safe, person-centred support.
Meet legal, contractual, funding and reporting obligations.
Improve our services through audits, feedback and quality reviews.

4.2 Who we may share information with

We only share information on a need-to-know basis and in line with privacy law and NDIS requirements. Depending on your circumstances, we may disclose information to:

You, and any person you have authorised us to share information with.
Your guardian, nominee, support coordinator or plan manager.
Other service providers or health professionals involved in your supports (for example therapists, GPs, hospitals, schools), where appropriate and with consent where required.
Government agencies, including the NDIA and the NDIS Quality and Safeguards Commission, where we are required to do so.
Regulators, insurers, auditors, legal advisors or emergency services where necessary to manage risk, comply with the law or respond to serious incidents.
Third-party IT providers who host or support our software and data systems. These providers are required to protect your information and only use it for the purpose of providing their service to us.

4.3 Overseas disclosure

Our core participant records are stored in Australia wherever possible. If we need to use cloud services or other providers who store data overseas, we will take reasonable steps to ensure they protect your information in line with Australian privacy standards.

4.4 Direct marketing

We do not sell your information or use it for unrelated marketing. We may occasionally send you updates about our services, events or resources that may interest you. You can opt out of these communications at any time.

5. Storage, security & retention

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes:

Storing records in secure electronic systems and/or locked physical storage.
Role-based access controls so only authorised staff can see relevant information.
Staff training on privacy, confidentiality and information security.
Secure disposal or de-identification of information when it is no longer required.

We keep records for the periods required by law, NDIS Practice Standards, funding agreements and our internal policies. After that time, information is securely destroyed or de-identified wherever practicable.

6. Access to & correction of your information

You have the right to request access to the personal information we hold about you, and to ask for corrections if you believe it is inaccurate, out of date or incomplete.

To request access or correction, please contact us using the details below. We will:

Ask you to verify your identity (or authority, if you are a representative);
Respond within a reasonable time frame; and
Explain if there is a reason we cannot provide access to some or all of the information (for example, to protect another person’s privacy).

7. Website, cookies & online services

Our website and online services are designed to provide information about our supports and to make it easier to contact us.

When you submit an enquiry form, we collect the information you provide so we can respond to your request.
We may use basic website analytics tools to understand how our site is used and to improve its accessibility and performance. Analytics data is usually de-identified.
Cookies may be used by your browser to remember preferences (for example, accessibility settings). You can adjust your browser settings if you prefer not to accept cookies, but this may affect some website functions.
Our website may contain links to external sites. We are not responsible for the privacy practices of other websites and encourage you to read their privacy policies.

8. Questions & complaints

If you have any questions about this policy, or if you are concerned about how your personal information has been handled, please contact us first so we can work with you to resolve the issue.

You can also make a complaint to:

Office of the Australian Information Commissioner (OAIC) – for concerns about how privacy law has been applied; and/or
NDIS Quality and Safeguards Commission – for concerns about NDIS providers and the safety and quality of NDIS supports and services.

9. Changes to this policy

We may update this Privacy Policy from time to time, for example, to reflect changes in law, NDIS requirements or our services. The current version will always be available on our website. We can provide a copy in alternative formats on request.

10. How to contact us

To request access to your information, ask a question or make a complaint about privacy, please contact us using the details on our Contact page. If you need help to communicate with us, we can support you to use an interpreter or other communication aids.