Privacy Policy

Fambulcare Disability Support is a registered NDIS service provider operating in Wyndham Vale, Werribee, Tarneit, Hoppers Crossing, and surrounding Melbourne West areas. We provide person-centred disability support services to self-managed and plan-managed NDIS participants.

As an APP entity under the Privacy Act 1988 (Cth), we are bound by the 13 Australian Privacy Principles (APPs) and handle all personal information accordingly.

We collect personal information that is reasonably necessary to provide our services. This may include:

• Full name, date of birth, and gender
• Contact details including address, phone number, and email address
• NDIS participant number and plan details
• Health and medical information relevant to the support we provide
• Disability-related information and support needs
• Emergency contact details and next-of-kin information
• Financial information for billing and invoicing purposes
• Cultural background and language preferences
• Information about your goals, preferences, and lifestyle
• Feedback, complaints, and incident reports

We only collect personal information that is necessary for one or more of our functions or activities. We will not collect information that is excessive or irrelevant to the services we provide.

Wherever practicable, we collect personal information directly from you. We may collect information in the following ways:

• Directly from you when you contact us by phone, email, or through our website
• Through intake and registration forms when you commence services
• From your NDIS plan, support coordinator, or plan manager
• From healthcare professionals, allied health providers, or other support workers (with your consent)
• From your authorised representative, guardian, or family member
• Through the delivery of our services, including support notes and progress records
• Via our website through contact forms and enquiry submissions

If we collect your personal information from a third party, we will take reasonable steps to notify you of this collection unless it is impracticable or unreasonable to do so.

We collect, hold, use, and disclose personal information for the following primary purposes:

• To assess your support needs and develop a personalised support plan
• To deliver safe, high-quality, and person-centred disability support services
• To communicate with you regarding your services, appointments, and support
• To comply with our obligations as a registered NDIS provider
• To process invoices and manage payments through the NDIS portal
• To meet our legal, regulatory, and reporting obligations
• To respond to enquiries, feedback, and complaints
• To improve the quality and safety of our services
• To conduct staff screening, training, and supervision

We will not use or disclose your personal information for any secondary purpose unless you have consented, or unless an exception under the Privacy Act applies (for example, where required by law or to prevent a serious threat to health or safety).

We may disclose your personal information to third parties where necessary to deliver our services or meet our legal obligations. These may include:

• The National Disability Insurance Agency (NDIA) for NDIS plan management and compliance
• Your support coordinator or plan manager, as authorised by you
• Healthcare professionals and allied health providers involved in your care
• Our support workers and staff who are directly involved in your services
• Government agencies and regulators where required by law (e.g., NDIS Quality and Safeguards Commission)
• Emergency services in the event of a health or safety emergency
• Our professional advisors, including legal, accounting, and insurance providers, under confidentiality obligations

We will not sell, rent, or trade your personal information to any third party for marketing or commercial purposes.

As a disability support provider, we necessarily handle sensitive information as defined under the Privacy Act. This includes health information, disability information, and in some cases, information about your racial or ethnic origin, religious beliefs, or criminal record (where relevant to worker screening).

We will only collect sensitive information about you with your consent, or where permitted or required by law. Sensitive information is subject to a higher level of protection and will only be used or disclosed for the purpose for which it was collected, or a directly related secondary purpose, unless you consent otherwise or an exception applies.

We take additional precautions to protect sensitive information, including restricting access to authorised staff only and applying enhanced security measures to records containing this type of information.

Fambulcare does not routinely disclose personal information to overseas recipients. In the unlikely event that we need to disclose your information to an overseas recipient (for example, through the use of cloud-based software hosted internationally), we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your information.

Where we use third-party software or cloud services that may store data outside Australia, we select providers that comply with internationally recognised privacy and data protection standards.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and from unauthorised access, modification, or disclosure. Our security measures include:

• Secure storage of physical records in locked facilities with restricted access
• Password protection and access controls for electronic records
• Use of encrypted and secure communication channels
• Staff training on privacy obligations and confidentiality
• Regular review of our security practices and procedures

We retain personal information only for as long as it is needed for the purpose for which it was collected, or as required by law. When information is no longer required, we will take reasonable steps to destroy or de-identify it securely.

Under the NDIS Act 2013 and related legislation, certain records may be required to be retained for a minimum period. We comply with all applicable record-keeping obligations.

Under APP 12 and APP 13, you have the right to request access to the personal information we hold about you, and to request that we correct any information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make an access or correction request, please contact us in writing using the details provided in Section 14. We will respond to your request within a reasonable timeframe (generally within 30 days).

We may decline an access request in limited circumstances permitted by the Privacy Act, such as where providing access would pose a serious threat to the health or safety of another person, or where the request is frivolous or vexatious. If we decline your request, we will provide written reasons.

There is no charge for making an access or correction request. However, we may charge a reasonable fee to cover the cost of retrieving and providing access to information in some circumstances.

If you believe we have breached your privacy or the Australian Privacy Principles, you have the right to make a complaint. We take all privacy complaints seriously and will investigate your concern promptly and fairly.

Step 1 — Contact us directly: Please submit your complaint in writing to [email protected]. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

Step 2 — External complaint: If you are not satisfied with our response, or if we have not responded within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

You may also contact the NDIS Quality and Safeguards Commission if your complaint relates to the delivery of NDIS supports:

When you visit our website at fambulcare.com.au, we may collect certain technical information automatically, including your IP address, browser type, operating system, referring URLs, and pages visited. This information is used for website analytics and to improve the user experience.

Our website may use cookies — small text files stored on your device — to improve functionality and analyse website traffic. You may disable cookies through your browser settings; however, this may affect the functionality of certain parts of our website.

We do not use cookies to collect personally identifiable information without your knowledge, and we do not link cookie data to your personal information unless you have submitted a form or made an enquiry through our website.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we provide. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our services following any changes constitutes your acceptance of the updated policy.

For any privacy-related enquiries, requests, or complaints, please contact our Privacy Officer: