Privacy Statement

Pink Comfort Pty Ltd (“Pink Comfort”, “we”, “us”, “our”) is committed to providing quality services and respecting your rights. Your right to privacy and confidentiality will be recognised, respected and protected in all aspects of your contact with us.

This Privacy Statement explains how we collect, use, disclose and protect your personal information, including health and other sensitive information, in accordance with:

‍Privacy Act 1988 (Cth) and the Australian Privacy Principles‍
National Disability Insurance Scheme Act 2013 (Cth)
Privacy and Personal Information Protection Act 1998 (NSW)
Health Records and Information Privacy Act 2002 (NSW). Pink Comfort

What is Personal Information and why do we collect it?

“Personal Information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable. It includes “Health Information”, which is information about the physical or mental health or disability of an individual.

Examples of Personal Information we collect includes:

name, date of birth and contact details
address and emergency contact details
NDIS number and plan details
information about your disability, health, and support needs
information about your supports, services and goals
information about your next of kin, guardian or nominee
billing and payment information (for example, to process invoices).

We only collect Personal Information that is reasonably necessary for our functions and activities, including to:

assess your eligibility for support
plan, deliver and monitor safe and responsive supports
communicate with you, your family, carers and representatives
manage and administer our services (including rostering and invoicing)
fulfil contractual, reporting and quality assurance requirements
provide de-identified statistics and reports to funding bodies and regulators where required by law. Pink Comfort

When we collect personal information, we will explain where practicable:

what information we are collecting
why we are collecting it
how we intend to use and disclose it.

How we collect Personal Information

We may collect Personal Information in a variety of ways, including:

directly from you (for example, through interviews, forms, emails, phone calls, SMS or our website)
from your family members, carers, guardians, nominees or other representatives
from other disability or aged care providers, health practitioners and allied health professionals, where you have consented or where authorised or required by law
from government agencies and funding bodies (for example, the NDIA)
from publicly available sources where appropriate.

Where reasonable and practicable, we will collect Personal Information directly from you.

Third parties

In some circumstances we may receive Personal Information about you from third parties (for example, other support providers, medical professionals or government agencies). When this occurs, we take reasonable steps to ensure you are made aware of the information provided to us, and of this Privacy Statement. Pink Comfort

Disclosure of Personal Information

We will only disclose your Personal Information for the purposes described in this Privacy Statement, or as otherwise permitted or required by law. This may include disclosure to:

you, your guardian, nominee or authorised representative
your family members and carers, where you have agreed or where permitted by law
health professionals, therapists, behaviour support practitioners and other support providers involved in your care
the National Disability Insurance Agency (NDIA), NDIS Quality and Safeguards Commission and other government agencies or funding bodies
plan managers and other parties involved in processing payments and invoices
our professional advisers (for example, auditors, lawyers, accountants and insurers)
our information technology, software and data hosting providers
carefully selected administrative staff or contractors who perform back-office tasks such as invoice processing and data entry; and
any other person you authorise or as required or authorised by law (for example, mandatory reporting obligations, or where there is a serious threat to life, health or safety). Pink Comfort

Some of our administrative staff are based outside Australia, where they help us with tasks such as invoice processing and data entry, and where certain cloud services store or process data. These staff and providers do not deliver supports directly to participants and only have access to the minimum information needed for their role (for example, billing and invoicing details). Data will not be stored outside Australia.

We take reasonable steps to ensure such recipients handle personal information in line with Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This includes using reputable service providers, limiting access through role-based permissions, using passwords and multi-factor authentication, requiring confidentiality and data security commitments, and periodically reviewing these arrangements.

By engaging with us and providing your personal information, you consent to it being handled in this way. If you have any concerns, please contact us using the details below.

We will not sell your Personal Information.

Security and destruction of Personal Information

We take reasonable steps to protect your Personal and Health Information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes:

secure physical storage and restricted access to paper records
secure electronic systems with passwords, user permissions and (where available) multi-factor authentication
staff and contractor training on privacy, confidentiality and information security
policies and procedures covering the collection, use, storage and disclosure of Personal Information.

When your Personal and Health Information is no longer needed for the purposes for which it was collected, and we are not required by law to retain it, we will take reasonable steps to destroy or permanently de-identify it. We will retain and dispose of Personal and Health Information in accordance with our Privacy and Confidentiality Policy and Procedure.

Access to and correction of your Personal Information

You may request access to the Personal or Health Information we hold about you, and you may request that we correct any information that you believe is inaccurate, incomplete or out of date.

To request access or correction, please contact a staff member or use the contact details below. To protect your privacy, we may need to verify your identity before we provide access or make corrections.

We aim to respond to all requests for access or correction within a reasonable time (usually within 7 days). We will not charge a fee for making a request, but we may charge a reasonable administrative fee for providing copies of your information.

In some cases, we may lawfully refuse a request for access or correction (for example, where providing access would unreasonably impact the privacy of others, prejudice an investigation, or pose a serious threat to health or safety, or where we are permitted or required by law to refuse access). If we refuse your request, we will provide you with reasons for our decision.

Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is accurate, complete and up to date. We take reasonable steps to ensure that the information we hold is correct.

If you believe that any information we hold about you is inaccurate, incomplete or out of date, please let us know as soon as possible so we can update our records and continue to provide quality services.

Complaints and Enquiries

If you have any questions about this Privacy Statement, or if you wish to make a complaint about how we have handled your Personal Information, you can:

speak directly with a staff member
complete a Feedback, Compliments and Complaints Form
email us at: info@pinkcomfort.com.au
call us on: (02) 9098 9990. Pink Comfort

We will acknowledge and investigate your complaint and aim to respond within a reasonable time.

If you are not satisfied with our response, you may be able to lodge a complaint with:

the Office of the Australian Information Commissioner (OAIC) in relation to privacy and the Privacy Act 1988 (Cth); and/or
relevant state or territory regulators.