Skip to content
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: March 2026

About Us

This Privacy Policy outlines how Professional Support Services & Solutions Pty Ltd ("we", "us", "our") collects, uses, stores, discloses, and protects your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the National Disability Insurance Scheme Act 2013 (Cth).

We are an NDIS service provider based in Canberra, ACT, Australia. For privacy enquiries, please contact us using the details at the bottom of this page.

We are committed to protecting the privacy and confidentiality of all personal information entrusted to us by NDIS participants, their families, carers, and anyone who interacts with our services.

Anonymity and Pseudonymity

Due to the nature of the disability support services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of care, to comply with our legal and professional obligations under applicable health and disability legislation, and to meet the requirements of the NDIS.

Information We Collect

We may collect the following types of personal information:

  • Name, address, phone number, and email address
  • Date of birth and gender
  • NDIS participant number and plan details
  • Health information relevant to the provision of support services
  • Emergency contact details
  • Carer, guardian, or nominee information
  • Service preferences, goals, and support plan documentation
  • Feedback, complaint, and incident records
  • Website usage data (cookies, analytics) when you visit our website

How We Collect Information

We collect personal information:

  • Directly from you or your authorised representative during consultations and service delivery
  • Through our website contact forms and enquiry submissions
  • From the NDIA, Local Area Coordinators, or support coordinators with your consent
  • From other service providers involved in your care, with your consent
  • From referral sources such as hospitals, allied health professionals, or community organisations
  • Through cookies and analytics tools when you browse our website

How We Use Your Information

We use your personal information to:

  • Provide, coordinate, and manage NDIS support services
  • Develop, review, and update your individualised support plan
  • Communicate with you about your services, schedules, and progress
  • Process invoices and manage NDIS funding claims
  • Match you with appropriate support workers based on your needs and preferences
  • Meet our legal, regulatory, and reporting obligations
  • Improve our services, respond to feedback, and resolve complaints
  • Comply with NDIS Quality and Safeguards Commission requirements

NDIS-Specific Data Handling

As an NDIS service provider, we handle participant information in accordance with the NDIS Act 2013, NDIS Practice Standards, and the NDIS Code of Conduct. This includes:

  • Maintaining accurate, complete, and up-to-date participant records
  • Storing NDIS-related information securely with appropriate access controls
  • Only sharing participant information with authorised parties and with your informed consent
  • Reporting incidents, complaints, and reportable events as required by the NDIS Quality and Safeguards Commission
  • Retaining records for the minimum period required by NDIS regulations (7 years after the last service, or longer for minors)

Disclosure of Information

We may disclose your personal information to:

  • The NDIA and NDIS Quality and Safeguards Commission as required
  • Other service providers involved in your care (with your consent)
  • Plan managers and support coordinators managing your NDIS funding
  • Government agencies as required by law
  • Our professional advisors (accountants, lawyers, insurers) under confidentiality obligations
  • Emergency services where there is a serious and imminent threat to life or safety

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

Overseas Disclosure

Some of our service providers, such as cloud storage, email, and website analytics platforms, may store data on servers located outside Australia. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure they handle your information in accordance with the Australian Privacy Principles. Countries where data may be processed include the United States (cloud hosting and analytics providers).

Unsolicited Information

From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If it is not, we will destroy or de-identify the information as soon as practicable, provided it is lawful to do so.

Cookies and Website Analytics

Our website may use cookies and third-party analytics tools (such as Google Analytics) to understand how visitors use our site. This data is collected anonymously and helps us improve the website experience. You can disable cookies through your browser settings at any time.

Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • Secure electronic storage systems with role-based access controls
  • Encryption of sensitive data in transit and at rest
  • Mandatory staff training on privacy, confidentiality, and data handling obligations
  • Regular review and audit of our data security practices
  • Secure disposal of personal information that is no longer required
  • Physical security measures for any paper-based records

Data Retention

We retain personal information for as long as it is needed to fulfil the purposes for which it was collected, or as required by law. NDIS participant records are retained for a minimum of 7 years after the last service was provided, or until the participant turns 25 (whichever is later), in line with NDIS Practice Standards.

Your Rights

You have the right to:

  • Access your personal information held by us
  • Request correction of any inaccurate or outdated information
  • Withdraw consent for the collection or use of your information (where consent was the basis for collection)
  • Request deletion of your personal information, subject to legal retention requirements
  • Opt out of marketing communications at any time

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you can lodge a complaint by contacting us directly. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may contact:

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published on this page with a revised "last updated" date. We encourage you to review this policy periodically.

Contact

For privacy-related enquiries or to exercise your rights under this policy, please contact us: