Privacy Policy

How we collect, use, and protect your personal information in accordance with Australian Privacy Principles and healthcare regulations.

Last Updated

July 2025

We review our privacy policy regularly and will notify you of any significant changes.

Overview

Central Coast Care Pty Ltd (ABN 92 630 799 030) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and disclose your personal information in accordance with the Privacy Act 1988 (Cth), Australian Privacy Principles, and relevant healthcare regulations.

As a registered NDIS provider and aged care service provider, we handle sensitive personal and health information. We understand the importance of maintaining your privacy and confidentiality, and we are committed to transparent and responsible information handling practices.

Key Points

  • We only collect information necessary to provide our services
  • Your health information is protected under strict confidentiality requirements
  • You have rights to access, correct, and control your personal information
  • We never sell your personal information to third parties
  • We comply with NDIS and aged care privacy requirements

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Name, address, phone number, email address
  • Date of birth, age, gender
  • Emergency contact details
  • NDIS participant number and plan details
  • Aged care assessment information
  • Financial information for billing purposes
  • Employment information (for job applicants and staff)

Health Information

As a healthcare service provider, we collect sensitive health information including:

  • Medical diagnoses and health conditions
  • Disability and support needs assessments
  • Mental health information
  • Medication details and management needs
  • Allied health reports and recommendations
  • Behaviour support plans and incident reports
  • Progress notes and service delivery records

How We Collect Information

We collect information through:

  • Initial assessments and intake processes
  • Service delivery and progress monitoring
  • Communication with you, your family, or advocates
  • Healthcare professionals and referral sources
  • NDIS plans and aged care assessments
  • Our website forms and enquiries
  • Employment applications and background checks

How We Use Your Information

We use your personal and health information for the following purposes:

Primary Purposes

  • Service Delivery: Providing NDIS supports, aged care services, and individualised living options
  • Care Planning: Developing and implementing your support plans and goals
  • Safety & Wellbeing: Ensuring your safety and responding to emergencies
  • Coordination: Liaising with other healthcare providers and support services
  • Compliance: Meeting NDIS, aged care, and regulatory requirements

Secondary Purposes

  • Billing and payment processing
  • Quality improvement and service evaluation
  • Staff training and professional development
  • Research and de-identified data analysis (with consent)
  • Legal compliance and incident management

Sharing & Disclosure

We may share your information with:

We Never Sell Your Information

Central Coast Care does not sell, rent, or trade your personal information to third parties for marketing or commercial purposes.

Security & Storage

How We Protect Your Information

  • Physical Security: Locked filing cabinets and secure office premises
  • Digital Security: Encrypted databases and password-protected systems
  • Access Controls: Staff only access information needed for their role
  • Training: Regular privacy and confidentiality training for all staff
  • Policies: Comprehensive data handling and breach response procedures

Storage & Retention

We store your information:

  • In Australia, using secure local and cloud-based systems
  • For the minimum time required by law and professional standards
  • NDIS records: 7 years after service completion
  • Health records: As required by relevant state/territory legislation
  • Employment records: 7 years after employment ends

Data Breach Response

If a data breach occurs that is likely to result in serious harm, we will:

  • Notify the Office of the Australian Information Commissioner within 72 hours
  • Notify affected individuals as soon as practicable
  • Take immediate steps to contain and remedy the breach
  • Provide support and assistance to affected individuals

Your Rights

Under Australian privacy law, you have the following rights:

Access

You can request access to your personal information we hold. We will provide this within 30 days, unless an exception applies.

Correction

You can request correction of inaccurate or incomplete information. We will correct information or note your request if we disagree.

Complaints

You can complain about our handling of your information. We will investigate and respond within 30 days.

Restrict Processing

You can ask us to limit how we use your information, though this may affect service delivery.

How to Exercise Your Rights

To access, correct, or make a complaint about your personal information:

We may need to verify your identity before providing access to your information.

External Complaints

If you're not satisfied with our response, you can contact:

  • Office of the Australian Information Commissioner: oaic.gov.au or 1300 363 992
  • NDIS Quality and Safeguards Commission: ndiscommission.gov.au or 1800 035 544
  • Aged Care Quality and Safety Commission: agedcarequality.gov.au or 1800 951 822

Website, Cookies & Online Privacy

Website Information Collection

Our website may collect:

  • Information you provide through contact forms
  • Technical information like IP address and browser type
  • Usage data to improve our website and services

Cookies

We use cookies to:

  • Remember your preferences and improve your experience
  • Understand how our website is used
  • Ensure website security and functionality

You can disable cookies through your browser settings, though this may affect website functionality.

Third-Party Services

Our website may use third-party services (like Google Analytics) that have their own privacy policies. We encourage you to review these policies.

Privacy Contact Information

Privacy Officer

For all privacy-related enquiries, complaints, or requests:

Phone: 0431 004 553
Post: Privacy Officer, Central Coast Care Pty Ltd
PO Box [Number], Gosford NSW 2250

Response Times

  • Access requests: Within 30 days
  • Correction requests: Within 30 days
  • Privacy complaints: Acknowledgment within 7 days, resolution within 30 days
  • General enquiries: Within 5 business days

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post updates on our website and notify you of significant changes. The current version is always available at centralcoastcare.com.au/privacy-policy.

Current Version: July 2025
Previous Review: January 2025
Next Scheduled Review: January 2026