Loading

Talk with us: 0478304115 admin@empss.com.au
E&S Service > Privacy Policy

Privacy Policy

Policy Statement
Empower & Support Services Pty Ltd respects the privacy and dignity of all individuals associated with its services, including participants, employees, volunteers, contractors, and business partners. The organization is committed to safeguarding personal information in compliance with relevant state and commonwealth legislation, as well as associated regulations as per company’s “PRIVACY AND DIGNITY POLICY AND PROCEDURE”

Scope
This policy applies to all employees, contractors, volunteers, and management personnel engaged by Empower & Support Services Pty Ltd.

Policy Outline

1. Collection of Personal Information
Empower & Support Services Pty Ltd will only collect personal information with the written consent of the individual or participant, except in circumstances required or permitted by law or emergencies where the information is necessary to preserve life or health.

Personal information is collected only when necessary to:

Facilitate administrative processes;
Provide services or supports to participants;
Meet the requirements of government agencies such as the NDIS Commission.
Personal information collected may include:

General details: Name, date of birth, gender, nationality, contact details, banking and taxation information, and qualifications.
Employment information: Employment history, reference checks, police checks, and professional registrations.
Health-related information: Medical history, disability details, medications, and emergency contact information.
For participants, additional data such as NDIS plans, behavioral support plans, and health information may be collected to ensure safe and effective service delivery.

Participants and their representatives will be informed about the purpose of data collection and provided with conditions governing the use and release of personal information. Any suspected or actual data breaches will be reported to the individual and the Office of the Australian Information Commissioner (OAIC).

2. Use and Disclosure of Personal Information
Personal information will not be disclosed without prior written consent, except where:

Required or authorized by law;
Necessary to prevent or mitigate a serious threat to life or health;
Subject to a subpoena or other legal mandate;
Necessary for law enforcement or public protection.
Sensitive information, such as medical or behavioral records, will only be disclosed with authorization from senior management, and reasons for such decisions will be documented.

Access to participant information is restricted to:

The participant or their authorized representative (with non-relevant information de-identified).
Support staff, who require specific information to deliver services aligned with the participant’s NDIS Plan and Person-Centered Plan.

3. Security of Personal Information
Personal information is stored securely in both electronic and physical formats to protect against unauthorized access, misuse, or loss.

Information is archived and retained in compliance with relevant procedures, and when no longer required, it will be securely destroyed or de-identified.

4. Access to Personal Information
Individuals have the right to access and request corrections to their personal information, except in cases where:

Access is unlawful;
Denying access is required by law.
Requests for access can be directed to senior management, who will provide the information in a clear and understandable format.

5. Maintaining Information Quality
Efforts will be made to ensure all personal information is accurate, up-to-date, and relevant. Participants or their representatives are encouraged to report any changes to personal details promptly.

Where updates are made, third parties who have received prior disclosures will be notified unless it is impractical or unlawful to do so.

6. Breaches of Privacy and Confidentiality
Disciplinary or legal action may be taken against individuals who breach this policy. Participants who suspect a breach of their privacy may lodge a complaint through the organization’s Complaints Management Process.

7. Notification of Data Breaches
Empower & Support Services Pty Ltd will notify the OAIC and affected individuals of any data breach likely to result in serious harm.

Associated Legislation and Standards
This policy complies with:

Privacy Act 1988 (Cth)
Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
National Disability Insurance Scheme Act 2013
Information Privacy Act 2009 (Qld)
Relevant NDIS Quality and Safeguards Commission rules
Linked Documents

Privacy and Dignity Policy
Complaints Management Policy
Archiving, Retention, and Disposal Procedure
IT Security Policy
This policy is reviewed annually to ensure compliance with best practices and evolving legislative requirements.