At Ability Connect, handling personal and sensitive information is an important part of our daily operations. We regularly review, discuss, store, and manage such information to support our clients, employees, families, and service providers.

This Privacy and Confidentiality Policy explains how Ability Connect collects, stores, uses, protects, and shares personal and confidential information.

Objective

This policy aims to:

• Clearly explain how Ability Connect collects, stores, manages, and handles information of clients, customers, and employees.
• Ensure transparency by making this policy available to all stakeholders.
• Support internal quality systems and procedures related to privacy management.

Document Responsibility

The Director of Ability Connect is responsible for ensuring this policy and any referenced documents are accurate, current, and aligned with industry best practices and quality standards.

Commitment to Privacy

Ability Connect is committed to protecting personal information collected, held, and managed by the organisation. This includes information relating to clients, employees, and other stakeholders.

Personal information will not be disclosed to unauthorised third parties without the consent of the individual, unless required by law.

All personal and sensitive information is managed in accordance with:

• Privacy Act 1988 (Cth)
• Australian Privacy Principles (APPs)
• National Disability Service Standards
• Article 22 of the United Nations Convention on the Rights of Persons with Disabilities

Your Rights

As a client or employee of Ability Connect, you have the right to have your information handled lawfully, securely, and respectfully.

Ability Connect will ensure that:

• Your personal information is kept private and secure in any format.
• Only necessary information is collected for service delivery or business operations.
• Your consent is obtained before sharing information with third parties.
• You can request access to your information, with responses within 5 working days.
• Written or verbal explanations are provided if information cannot be disclosed.
• Incorrect, incomplete, outdated, or irrelevant information is corrected within 1 working day of notification.

No Personal Gain

Personal information must never be used for personal benefit by staff or workers.

All employees must follow this policy and cannot release personal information without proper authorisation.

Breaches of this policy may result in disciplinary action, including termination of employment or legal consequences.

Information Covered by this Policy

This policy explains:

• Types of personal information collected and retained
• How information is kept secure
• How information is collected
• Why information is collected, used, and disclosed
• How individuals can access or correct information
• Complaint processes for privacy concerns

Definitions

Personal Information

Any information or opinion that identifies, or could reasonably identify, an individual.

Examples include: Name, Address, Date of birth, Phone number, Identification documents, Employment details, Bank account information.

Sensitive Information

Includes information such as: Health details, Ethnic background, Political opinions, Religious beliefs, Sexual orientation, Criminal history.

De-identified Information

Information where identifying details have been removed so the individual cannot reasonably be identified.

Government Identifier

A number, symbol, or code used by government agencies to identify a person.

Collection of Information

Ability Connect only collects information reasonably necessary for business functions or service delivery.

Information may be collected:

• Directly from you via forms, phone, email, feedback, or applications
• From authorised family members, guardians, or representatives
• Where required or authorised by law

Sensitive information is only collected with consent or when legally permitted.

Why We Collect Information

We collect information to:

• Respond to enquiries
• Provide services and support
• Manage business operations
• Meet legal obligations such as record keeping

Disclosure of Information

Information will only be disclosed when:

• You give consent
• Required or authorised by law
• Necessary for the purpose it was collected

Sensitive information will only be used for agreed or directly related purposes.

Direct Marketing

Ability Connect will only use personal information for direct marketing where permitted by law and usually with your consent.

You may request marketing communications to stop at any time, and we will act within 7 days.

Overseas Disclosure

Information will only be sent overseas where reasonable steps are taken to ensure the receiving party handles it consistently with Australian Privacy Principles.

Security of Information

Ability Connect takes reasonable steps to protect personal information from:

• Misuse, Loss, Unauthorised access, Modification, Disclosure, Cyber threats

Security measures include:

• Restricted staff access based on role
• Secure case management systems
• Need-to-know sharing only
• Staff privacy training
• Regular review of data practices

Storage and Retention

Information is retained only as long as required by law, contracts, or service obligations.

Where no longer required, information will be securely destroyed or permanently de-identified.

Some records may be deactivated rather than deleted where retention laws apply.

Access and Correction

Individuals may request access to their personal information.

Requests may be refused in limited situations, such as where disclosure would:

• Risk safety
• Impact another person’s privacy
• Affect legal proceedings
• Be unlawful
• Prejudice enforcement activities

Corrections will be made where information is inaccurate, incomplete, outdated, or misleading.

No fee is charged for access or correction requests.

Complaints

If you believe Ability Connect has breached your privacy, you may complain:

• Directly to Ability Connect through the Complaints and Feedback Procedure.
• To the Office of the Australian Information Commissioner (OAIC).

Corporate Confidentiality

Confidential business information includes:

• Client and worker records, Business plans and financial data, Internal manuals and policies, Supplier information and pricing, Training materials, Research and service development, Databases and systems, Marketing plans, Intellectual property

Employees must keep all corporate information confidential and may only disclose it with written approval from the Director.

Staff Responsibilities

All employees receive this policy during induction.

Employees must acknowledge that they: Have read the policy, Understand the policy, Can apply the policy in practice.

Staff who cannot demonstrate understanding must complete additional training before handling any confidential information.