Privacy Policy for Disability Support | VISPA PTY LTD

Purpose

This policy outlines how VISPA PTY LTD manages personal, sensitive, and health information of both clients (participants) and staff. It ensures compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the NDIS Code of Conduct.

Our commitment is to protect confidentiality, safeguard information, and ensure transparency in the way personal data is collected, stored, used, and disclosed.

Scope

This policy applies to:

All staff, contractors, and volunteers of VISPA PTY LTD.

All participants (clients), their families, carers, and advocates; including persons who contact us

Policy Statement

Personal and sensitive information will only be collected when necessary for service delivery, employment, or

business operations.

Information will be stored securely and protected from loss, misuse, or unauthorised access.

Information will not be shared without consent, except where required by law or in situations where safety is at risk.

Clients and staff have the right to access and correct their personal information.

Procedures

1. Collection of Information

Information is collected directly from clients, their authorised representatives, or staff.

For clients, this may include health, disability, and support needs information.

For staff, this may include employment records, qualifications, and police checks.

Consent will be obtained before collecting sensitive information unless required by law.

2. Use and Disclosure

Information will only be used for the purpose it was collected (e.g., delivering services, managing employment).

Disclosure will only occur with written consent or when required by law (e.g., mandatory reporting, court orders, serious risk of harm).

3. Storage and Security

Information is stored in secure systems (electronic and/or physical).

Access is restricted to authorised personnel only.

Files are password-protected, and physical records are stored in locked cabinets.

4. Staff Responsibilities

Staff must maintain confidentiality at all times.

Staff must not share personal information about clients or other staff outside of approved work purposes.

Breaches of confidentiality may result in disciplinary action.

5. Participant and Staff Rights

Individuals may request access to their personal information.

Individuals may request correction of inaccurate information.

Requests should be made in writing to the Privacy Officer.

6. Complaints

Complaints about privacy or confidentiality breaches should be directed to the Chief Executive Office, or Senior Team Leader.

If unresolved, complaints can be escalated to the Office of the Australian Information Commissioner (OAIC) or the NDIS Quality and Safeguards Commission.

Roles and Responsibilities

Privacy Officer/Manager: Ensures compliance, manages access requests, investigates breaches.

All Staff: Follow policy, maintain confidentiality, complete privacy training/ new staff onboarding

Management: Ensure systems and resources are in place to protect information.

Review

This policy will be reviewed every 12 months or sooner if legislative or organisational changes occur.

We're looking forward to meeting you!

Business Hours

Disability Support Hours