Safe Hands - Newcastle, NSW
Privacy Policy
This policy governs how Safe Hands collects, uses, stores, and discloses personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Purpose
Safe Hands (ABN 31 315 518 918) is committed to protecting the privacy and confidentiality of personal information held about participants, their families, workers, and other individuals we interact with. This policy explains:
- What personal information we collect and why
- How we store, use, and disclose that information
- How individuals can access or correct their information
- How to make a privacy complaint
This policy applies to all personal information collected by Safe Hands in connection with the delivery of NDIS supports and organisational activities.
2. Scope
This policy applies to:
- All employees, contractors, volunteers, and students on placement
- All participants receiving services and their authorised representatives
- Families, carers, and emergency contacts of participants
- Job applicants, referrers, and third-party service providers
3. Legislative Framework
Safe Hands operates in accordance with:
- Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles
- National Disability Insurance Scheme Act 2013 (Cth)
- NDIS (Provider Registration and Practice Standards) Rules 2018
- Health Records and Information Privacy Act 2002 (NSW)
- My Health Records Act 2012 (Cth) where applicable
4. What Personal Information We Collect
4.1 Participant Information
When a person becomes a participant, we may collect:
- Full name, date of birth, and gender
- Contact details (address, phone, email)
- NDIS participant number and plan details
- Health and disability-related information relevant to supports
- Emergency contact details
- Cultural and linguistic background (where relevant to service delivery)
- Financial information for billing and NDIS claims
- Progress notes, assessments, and support plans
- Incident and complaint records
4.2 Worker Information
For employees and contractors, we collect:
- Identity and contact details
- Tax file number and payroll information
- NDIS Worker Screening Check clearance details
- Qualifications, training records, and Working with Children Check
- Emergency contacts
- Bank account details for payroll
4.3 Website and Digital Information
When you visit our website we may collect:
- IP address and browser type (collected automatically)
- Contact form submissions (name, email, message)
- Referral form submissions
5. How We Collect Personal Information
We collect personal information:
- Directly from participants during intake and assessment
- From authorised representatives (family members, guardians, or support coordinators) where participants consent or are unable to provide it themselves
- From referrers (GPs, hospitals, other service providers) with participant consent
- From the NDIS Commission or NDIA in relation to plan details
- Through our website contact and referral forms
We will always tell you why we are collecting your information at the time we collect it, and we will not collect more than is reasonably necessary for our purposes.
6. How We Use Personal Information
We use personal information for the primary purpose for which it was collected and for directly related secondary purposes, including:
- Delivering NDIS supports and developing individual support plans
- Communicating with participants, families, and carers about services
- NDIS claims, billing, and financial administration
- Mandatory reporting to the NDIS Quality and Safeguards Commission (reportable incidents)
- Quality assurance, service improvement, and accreditation activities
- Worker recruitment, screening, and management
- Meeting our legal, regulatory, and contractual obligations
We will not use personal information for any other purpose without your prior consent.
7. Disclosure of Personal Information
Safe Hands will only disclose personal information:
- With the participant's (or authorised representative's) consent
- To the NDIS Commission or NDIA as required by law (e.g. reportable incidents)
- To other service providers involved in the participant's care with their consent
- To law enforcement or government agencies where required or authorised by law
- Where there is a serious threat to the life, health, or safety of any person and consent cannot reasonably be obtained
We do not sell, rent, or trade personal information to third parties for commercial purposes.
7.1 Overseas Disclosure
We do not disclose personal information to overseas entities unless we have received consent or are required to do so by law.
8. Storage and Security
Safe Hands takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:
- Password-protected electronic records with role-based access controls
- Locked physical storage for paper records
- Encrypted data transmission where information is sent electronically
- Staff training on privacy obligations and information handling
- Regular review of our data security practices
8.1 Retention and Disposal
We retain records in accordance with legal requirements:
- Participant records: 7 years from last service date (or until a child turns 25, whichever is later)
- Worker records: 7 years from employment end date
- Financial records: 7 years (as required by taxation law)
Records are securely destroyed (shredded or permanently deleted) at the end of the retention period.
9. Access to and Correction of Personal Information
You have the right to request access to personal information we hold about you, and to request correction of information that is inaccurate, incomplete, or out-of-date.
To make an access or correction request:
- Contact our Privacy Officer in writing (letter or email)
- Provide enough detail to identify the information you are requesting
- We will respond within 30 days of receiving your request
- Access is free unless the request involves significant resources, in which case we will notify you of any fee before proceeding
We may decline access in limited circumstances permitted by the Privacy Act (e.g. where it would harm the rights of another person). If we decline, we will explain why in writing and outline your options for review.
10. Privacy Complaints
If you believe we have breached your privacy, you may make a complaint by:
- Phone: 0485 553 397
- Email: [email protected]
- In writing: Safe Hands, Newcastle NSW 2300
We will acknowledge your complaint within 5 business days and aim to resolve it within 21 days. If you are not satisfied with our response, you may escalate to:
- NDIS Quality and Safeguards Commission: 1800 035 544 or ndiscommission.gov.au
- Office of the Australian Information Commissioner: 1300 363 992 or oaic.gov.au
11. Sensitive Information
Health and disability-related information is classified as sensitive information under the Privacy Act and attracts a higher level of protection. We will only collect, use, or disclose sensitive information:
- With your explicit consent, or
- Where required or authorised by law, or
- Where necessary to prevent a serious threat to life, health, or safety
12. Data Breach Notification
Safe Hands is covered by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). The NDB scheme requires us to assess any suspected or confirmed data breach and, where the breach is likely to result in serious harm to any affected individual and we cannot prevent that harm, notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC).
12.1 Our Data Breach Response Process
- Contain: Immediately take steps to contain the breach, prevent further unauthorised access or loss, and preserve evidence
- Assess: Within 30 days of becoming aware of a suspected breach, conduct a reasonable and expeditious assessment to determine whether it is an “eligible data breach” likely to result in serious harm
- Notify: If the breach is assessed as an eligible data breach, notify the OAIC and the affected individuals as soon as practicable. Notification will include the nature of the breach, the kinds of information involved, and the recommended steps individuals should take in response
- Review: Investigate the root cause of the breach, implement corrective actions, and update our security practices to prevent recurrence
12.2 Reporting a Suspected Breach
If you suspect that your personal information held by Safe Hands has been lost, accessed, or disclosed without authorisation, please contact our Privacy Officer immediately on 0485 553 397 or [email protected]. We will treat your concern as a priority and respond within 2 business days.
You may also contact the OAIC directly on 1300 363 992 or at oaic.gov.au.
13. Website Privacy
Our website (safehandsdisability.com.au) may use cookies or similar technology to improve user experience. Cookies do not identify you personally. You can disable cookies through your browser settings.
Contact forms submitted through our website are transmitted securely and handled in accordance with this policy.
14. Policy Review
This policy is reviewed annually or when there is a significant change in legislation, business practice, or NDIS requirements. The current version is published on our website and available at our office.
15. Contact - Privacy Officer
| Name | Role | Contact |
|---|---|---|
| Rujal S | Privacy Officer / Director / CEO | [email protected] | 0485 553 397 |
This policy has been approved by the Director/CEO of Safe Hands and is effective from 1 January 2026.
Approved by (Director/CEO)
Name: Rujal S - Director / CEO, Safe Hands
Date Approved
1 January 2026
Date: 1 January 2026 (Effective date)
Document ID: POL-PRV-001 | © 2026 Safe Hands Disability | ABN 31 315 518 918