Australian Therapy Hub values the trust you place in us when you share your personal data. This Privacy Policy outlines how we handle your personal and sensitive information and the procedures we follow to ensure that your privacy is respected. Our aim is to comply with both Australian laws and NDIS standards to ensure that we manage your information responsibly and with the utmost care. This policy covers how we collect, store, share, and protect your information as you interact with our services

We want to ensure that you are informed about the types of data we collect, how we use it, and your rights regarding your personal information.

We collect both personal and sensitive information to deliver our services, meet our legal obligations, and ensure the quality of care provided to NDIS participants.

1. 2.1 Personal Information
   1. Identity Details: We collect basic personal details such as your full name, address, phone number, email address, and date of birth for identification and service provision.
   2. Contact Information: This includes phone numbers, email addresses, and any other relevant contact details you provide to communicate with us.
   3. Account Information: If you create an account with us, we store your login details, password, and preferences.
   4. Transactional Data: Information related to your payment details, billing address, and other transaction-related information needed to provide services.
2. 
   2.2 Sensitive Information
   1. Health and Disability Information: As an NDIS service provider, we collect detailed health information, including diagnoses, treatment history, therapy plans, and other health-related data necessary for providing care and planning NDIS services.
   2. NDIS Participant Information: This includes data related to your NDIS plan, including goals, funding, support needs, and progress reviews.
   3. Emergency Contact Information: In case of an emergency, we may collect contact details of a family member, guardian, or carer.
3. 
   2.3 Technical and Usage Data
   1. Device and Browser Information: When accessing our online services, we may collect technical data about your device, browser type, and IP address.
   2. Cookies and Analytics: We use cookies to improve your user experience and collect analytics data about how you interact with our website and services.

We take data security very seriously and have implemented physical, administrative, and technical measures to ensure your personal information is stored safely.

1. 3.1 Data Security
   We implement a range of security protocols to protect your data:
   1. Encryption: Your personal data is encrypted when transmitted across the internet or stored on our systems, ensuring it is protected from unauthorized access.
   2. Access Control: Only authorized personnel with a need to access personal data are allowed to do so, and they are subject to strict controls.
   3. Regular Audits: We regularly review and audit our data management processes to ensure compliance with security standards.
2. 
   3.2 Data Retention
   We only keep your information for as long as necessary:
   1. NDIS Records: We will retain your records for a minimum of 5 years, as required by the NDIS Quality and Safeguards Commission.
   2. Data Deletion: If we no longer need your information, or if you request that it be deleted, we will securely destroy it in accordance with privacy laws.
3. 
   3.3 Cross-Border Data Transfers
   

   If we transfer your data outside Australia (for example, for cloud storage services), we ensure compliance with Australian Privacy Principles and take steps to ensure that your data is adequately protected in the foreign jurisdiction.

We use the personal and sensitive data we collect to provide you with high-quality care and services, comply with our legal obligations, and improve our offerings.

1. 4.1 Service Delivery:
   We use your data to:
   1. Provide Therapy and NDIS Services: We use health and NDIS plan information to offer you the most appropriate services.
   2. Service Management: We track your service delivery, goals, and progress within your NDIS plan.
   3. Support Coordination: Your information helps us coordinate with other service providers or support workers to deliver comprehensive care.
2. 
   4.2 Legal Obligations
   We may use your data to meet our obligations under the law:
   1. Compliance with NDIS Standards: We use your data to ensure compliance with NDIS quality and safeguarding requirements.
   2. Health and Safety Laws: We may use your data for reporting obligations to government bodies and in response to any legal or regulatory investigations.
3. 
   4.3 Communication and Marketing
   With your consent, we may use your contact details to:
   1. Send Updates: We may provide updates about our services, new offerings, and changes to policies.
   2. Marketing Communications: We may use your contact details to send newsletters or promotional material, but you can opt-out at any time.
4. 
   4.4 Improving Services
   

   We use aggregated data to improve our services and assess how well we are meeting the needs of our clients.

Your personal information will only be disclosed to third parties under specific circumstances and in compliance with privacy laws.

1. 5.1 Disclosure to Third Parties
   We will share your personal information only with third parties under the following conditions:
   1. With Your Consent: We may share your data with your permission, for instance, with other healthcare professionals or service providers involved in your NDIS plan.
   2. To Meet Legal and Regulatory Requirements: We may disclose information to government agencies, regulatory bodies, or law enforcement when required by law.
2. 
   5.2 Third-Party Service Providers
   

   We may share your data with trusted third-party service providers who assist us in operating our services, such as IT and cloud service providers. These providers are required to follow stringent data security measures.

3. 
   5.3 NDIS-Related Disclosure
   We may disclose your personal information to:
   1. NDIS Commission: As part of our obligations as a registered NDIS provider.
   2. Other NDIS Providers: To coordinate services and ensure that your NDIS plan is implemented effectively.

You have certain rights regarding the personal information we hold about you. These include the right to access, correct, and delete your data, as well as to opt-out of certain uses.

1. 6.1 Access and Correction
   

   You can request a copy of the personal data we hold about you and request corrections if the data is inaccurate, incomplete, or out of date.

2. 
   6.2 Deletion of Data
   

   You can request that your personal data be deleted, subject to legal requirements for data retention.

3. 
   6.3 Opt-Out of Marketing Communications
   

   You can choose not to receive marketing communications from us. Simply contact us or use the unsubscribe option in any email communication.

4. 
   6.4 Complaint Handling
   

   If you believe your privacy rights have been violated, please contact us at privacy@austherapyhub.com.au . You also have the right to lodge a complaint with the NDIS Commission or the Office of the Australian Information Commissioner (OAIC).

We may update this Privacy Policy from time to time to reflect changes in laws, technology, or our services. Any significant changes will be communicated via email or posted on our website. The updated Privacy Policy will be effective from the date it is posted.

We take extensive steps to protect your personal data from unauthorized access, misuse, and loss.

1. 8.1 Security Measures
   

   We use industry-standard encryption, firewalls, and secure storage systems to protect your data. All data transmitted between our services and your device is encrypted.

2. 
   8.2 Data Access Control
   

   Access to personal information is restricted to authorized personnel only, and their access is monitored and audited regularly.

3. 
   8.3 Incident Response Plan
   

   In the event of a data breach, we have a robust incident response plan in place to notify affected individuals, conduct investigations, and prevent further unauthorized access.

As an NDIS provider, we ensure that participants are fully aware of their privacy rights under the NDIS Code of Conduct and the Privacy Act.

1. 9.1 Right to Control Personal Information
   

   You have the right to control who has access to your personal information, and you can request modifications or corrections to that information at any time.

2. 
   9.2 Right to Lodge a Complaint
   

   If you feel that your privacy rights are being violated, you may lodge a complaint with us directly or with the NDIS Commission.

As an NDIS service provider, we ensure that all workers undergo necessary checks and screenings to safeguard participants’ privacy and safety.

We take extra precautions when handling the data of children or vulnerable adults, ensuring that consent is obtained from a legal guardian or parent.

We only retain your data for as long as necessary to provide services, comply with legal obligations, or resolve disputes.

If you have any questions, concerns, or requests regarding your privacy, please contact us at: Email:privacy@austherapyhub.com.au