Privacy Policy
How we collect, use and protect your personal information under the Australian Privacy Act 1988.
Last Updated: February 2026 | Version 2.0
Open Care Connect ("we", "us", "our") is an NDIS registered provider committed to protecting the privacy of all individuals whose personal information we hold. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the thirteen Australian Privacy Principles (APPs), the NDIS (Privacy and Related Matters) Act 2014, and NDIS Practice Standards.
1. Types of Personal Information We Collect
We may collect the following categories of personal information:
Identification & Contact: Name, address, telephone number, email address, date of birth, gender.
NDIS-Specific Information: NDIS participant number, plan details, funded support categories, plan management information.
Health & Disability Information (Sensitive Information): Disability diagnoses, health conditions, medical history, functional capacity assessments, support needs. This is sensitive information under the Privacy Act and is handled with the highest level of care and only collected with your explicit consent.
Emergency & Advocate Contacts: Names and contact details of emergency contacts, guardians, advocates, or support persons.
Employment Information (Staff): For staff members, we collect information required by employment law including tax file numbers, superannuation details, Working with Children Check numbers, and NDIS Worker Screening Check clearances.
Website Usage (Digital): With your consent, we collect anonymised data on how you use our website via Google Analytics. This may include your approximate location (city level), pages visited, and device type. No personally identifiable information is collected through analytics without your explicit consent. See our Cookies section below.
2. How We Collect Personal Information
We collect personal information directly from you where possible, including through our website contact and referral forms, telephone conversations, in-person meetings, and service agreements. We may also collect information from your family members, support coordinator, GP, or other service providers, but only with your consent or where required or authorised by law.
You can withdraw consent at any time by contacting us, though this may affect our ability to deliver services.
3. Why We Collect Your Information
We collect personal information to: assess your eligibility for and deliver NDIS supports; develop and review individualised service agreements and support plans; communicate with you, your family, or your nominated advocate; comply with legal and regulatory obligations including NDIS registration requirements; investigate complaints and feedback; and improve the quality of our services.
We will not use your personal information for direct marketing without your explicit consent.
4. Disclosure of Personal Information
We may disclose your personal information to: NDIS partner agencies for plan implementation or auditing purposes; healthcare providers, allied health professionals, or other support organisations involved in your care (with consent); the NDIS Quality and Safeguards Commission as required by law; government agencies where required by law or court order; and legal or financial advisors where necessary to protect our legal interests.
We do not sell, rent, or trade your personal information to any third party.
Overseas disclosure: We will not disclose your personal information to overseas recipients without your explicit consent, except where required by Australian law. Our website is hosted by Netlify (USA). Netlify processes technical data (IP addresses, access logs) as per their Privacy Policy. Form submission data is transmitted securely via HTTPS and stored on Netlify's infrastructure. We use Google Analytics (with your consent), which may transfer anonymised usage data to Google's servers. If you have concerns about overseas transfers, please contact us.
5. Data Storage & Security
We take all reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. Personal information is stored in secure electronic systems with access controls limited to authorised staff only. Hard copy records are kept in locked, secure premises. Electronic records are protected by password policies and encryption where appropriate.
Data Retention
We retain participant records for a minimum of 7 years following the end of service delivery, in accordance with NDIS Practice Standards and Victorian record-keeping obligations. Website enquiry data (contact and complaint form submissions) is retained for 2 years. You may request access to or deletion of your personal information at any time by contacting admin@opencareconnect.com.au.
Job applications: 12 months from submission date, unless you have asked to be on our "future opportunities" list (we keep these for up to 2 years)
When personal information is no longer required, we securely destroy it in accordance with our Record Retention Policy and applicable law.
8. Job Applications
When you apply for a role with us, we collect your resume and contact details. We use this information only to assess your suitability for the role and to contact you about opportunities. We keep applications for 12 months then delete them, unless you have explicitly asked to be on our "future opportunities" list (in which case we keep them for up to 2 years).
Your data is stored in Australia on secure, password-protected devices and cloud services.
6. Cookies & Website Analytics
Our website uses cookies — small text files stored on your device. We only activate non-essential cookies (including Google Analytics) after you explicitly consent via our cookie consent banner.
Essential cookies: Required for the website to function (e.g., accessibility preferences you set). These are always active.
Analytics cookies (consent required): We use Google Analytics 4 to understand how visitors use our site. Analytics data is anonymised (IP addresses are masked) and used only to improve the website. You can withdraw consent at any time by declining in the cookie banner or clearing your browser data.
You can also control cookies through your browser settings. Note that disabling cookies may affect some website functionality.
7. Your Rights
Under the Privacy Act 1988, you have the right to access personal information we hold about you and to request corrections if it is inaccurate, incomplete, or outdated. To make an access or correction request, contact us at admin@opencareconnect.com.au. We will respond within 7 business days. You may need to verify your identity before we can process your request.
8. Notifiable Data Breaches
We are subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act. If we become aware of an eligible data breach — one that is likely to result in serious harm — we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law, and as soon as practicable. We will also notify the NDIS Quality and Safeguards Commission as required by our registration obligations.
9. Children's Privacy
We take special care when handling personal information relating to children and young people. Where a participant is under 18, we collect consent from a parent or legal guardian, and access to that information is restricted to directly involved staff only.
10. Privacy Complaints
If you believe we have breached your privacy, please contact us in the first instance. We take all privacy complaints seriously and will respond within 10 business days.
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify participants of material changes. The current version is always available on this website with its "Last Updated" date.
12. Contact Us
Open Care Connect
32 Ranfurlie Circuit, Melton West, VIC 3337
Email: admin@opencareconnect.com.au
Phone: 0435 335 444