Privacy Policy

1. Introduction

Ineed Care Ltd ("we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our NDIS Plan Management services.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Full name, date of birth, and contact details (address, phone, email)
• NDIS participant number and plan details
• Medicare number and healthcare identifiers
• Financial information (bank account details for reimbursements)
• Disability and health information relevant to your NDIS plan
• Service provider details and invoices
• Communication records and correspondence

2.2 Technical Information

When you use our portal or website, we collect:

• IP address and device information
• Browser type and version
• Usage data and analytics
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your personal information for:

• Providing NDIS Plan Management services
• Processing invoices and payments to service providers
• Managing your NDIS funding and budget tracking
• Communicating with you about your plan
• Complying with NDIS Quality and Safeguards Commission requirements
• Reporting to the NDIA as required
• Improving our services and customer experience
• Meeting legal and regulatory obligations

4. Information Sharing and Disclosure

4.1 When We Share Information

We may share your information with:

• NDIA: As required for plan management reporting and compliance
• Service Providers: Your registered NDIS providers for payment processing
• NDIS Quality and Safeguards Commission: When legally required
• Professional Advisors: Accountants, lawyers, and auditors
• Your Nominated Representatives: With your explicit consent
• Third-Party Service Providers: Payment processors, IT services (under strict confidentiality agreements)

4.2 We Will Never

• Sell or rent your personal information to third parties
• Share your information for marketing purposes without consent
• Disclose sensitive information without proper authorization

5. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for data transmission
• Encrypted data storage and secure servers
• Access controls and authentication requirements
• Regular security audits and vulnerability assessments
• Staff training on privacy and data protection
• Secure physical storage of paper records
• Regular backups with encrypted storage

6. Your Rights

Under the Australian Privacy Principles (APPs), you have the right to:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your information (subject to legal requirements)
• Withdrawal: Withdraw consent for certain data processing activities
• Complaint: Lodge a complaint about our privacy practices
• Portability: Request a copy of your data in a portable format

To exercise these rights, contact our Privacy Officer at enquiries@ineedcare.org.au or call (02) 8406 2889.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• NDIS plan management records: 7 years after service completion (as per NDIA requirements)
• Financial records: 7 years (as per Australian taxation law)
• Health information: 7 years from last service (as per health records legislation)
• Marketing communications: Until you unsubscribe

8. Cookies and Tracking

Our website and participant portal use cookies to improve your experience. Cookies help us:

• Remember your login credentials
• Analyze website traffic and usage patterns
• Personalize your experience
• Improve our services and portal functionality

You can control cookies through your browser settings. Note that disabling cookies may affect portal functionality.

9. Third-Party Links

Our website may contain links to third-party websites (e.g., NDIS, myGov). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

When providing services to NDIS participants under 18, we work with parents, guardians, or nominated representatives. We handle children's information with additional care and in compliance with relevant child protection legislation.

11. NDIS-Specific Privacy Obligations

As a registered NDIS provider, we comply with:

• NDIS (Practice Standards—Provider and Worker Screening) Rules 2018
• NDIS Quality and Safeguards Commission requirements
• NDIS Code of Conduct
• Privacy Act 1988 (Cth) and Australian Privacy Principles
• Health Records and Information Privacy Act 2002 (NSW)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our portal. The "Last Updated" date at the top indicates when the policy was last revised.

13. Privacy Complaints

If you have a privacy complaint:

1. Contact our Privacy Officer at enquiries@ineedcare.org.au or (02) 8406 2889
2. We will acknowledge your complaint within 5 business days
3. We will investigate and respond within 30 days
4. If you're not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC)