iCare4U Support Services (ABN: 64 479 668 035) (referred to as “we”, “us”, or “our”) is committed to protecting the privacy of our clients, participants, staff, contractors, and website visitors. This Privacy Policy explains how we collect, use, hold, and disclose personal information (including sensitive information) in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and in a manner that supports our obligations under the NDIS Practice Standards (where applicable).

This Privacy Policy applies to our services, including NDIS support, aged care/Home Care Package (HCP) services, personal care, community access, respite, and domestic assistance.

1. What Personal Information We Collect

We collect personal information that is reasonably necessary for our functions and activities, including providing supports and services and meeting our legal and regulatory obligations.

1.1 Personal information

We may collect: name; address; phone number; email address; date of birth; emergency contacts and relationship details; and details of authorised representatives (e.g., nominee, guardian, family contact).

1.2 NDIS, Medicare and DVA information (where relevant)

We may collect: NDIS number and plan details (including funding management type); plan manager details and invoicing contacts; and Medicare and/or DVA details (where relevant to services or coordination).

1.3 Sensitive information (health and disability information)

Because of the nature of our services, we may collect sensitive information, such as:

• health information (e.g., medical conditions, medications, allergies, mobility needs);
• disability information and support needs;
• assessments, care plans, and risk information; and
• incident records and service-related records.

We generally collect sensitive information with your consent (or the consent of your authorised representative), unless an exception under the Privacy Act 1988 (Cth) applies.

1.4 Care records and service notes

We may collect and create records such as care notes, progress notes, observations and shift/service notes recorded by workers or staff; and quality and safety records (e.g., feedback and incident management documentation).

1.5 Payment and billing information

We may collect payment details for Direct Debit, Credit Card or Bank Transfer (as applicable); invoices, receipts and transaction records; and information required for billing and claiming.

1.6 Photos and videos (with consent)

We may collect photos/videos only with your consent (or the consent of your authorised representative), for example for care documentation, progress updates, or quality and safety purposes.

1.7 Website and communications information

When you visit our website or contact us, we may collect information you submit via forms, phone, or email, and limited technical information (such as IP address and browser type) where used for website operation and improvement.

2. How We Collect Personal Information

We collect personal information via website forms (including enquiries and referrals); phone calls; emails; in-person meetings/visits; paper-based forms; and information recorded by our workers and staff during service delivery.

We may also collect personal information from third parties where appropriate and permitted, including plan managers; support coordinators; the NDIA; family members, carers, guardians, or other authorised representatives; and relevant health professionals involved in your care.

3. Why We Collect, Hold and Use Personal Information

• Service delivery: providing NDIS supports, aged care/HCP services, personal care, community access, respite, and domestic assistance;
• Billing and payments: administering accounts, issuing invoices, and processing payments;
• NDIS reporting and compliance: meeting reporting, audit, incident management, and other regulatory obligations;
• Quality improvement: monitoring service quality, managing feedback and complaints, and improving our systems and training; and
• Communication: contacting you (and your authorised representatives) about services, scheduling, changes, and enquiries.

4. Disclosure of Personal Information

We do not sell or rent personal information.

4.1 Disclosure with consent

With your consent (or the consent of your authorised representative), we may disclose personal information to our support workers, staff, and contractors (on a need-to-know basis); plan managers and support coordinators; the NDIA; the NDIS Quality and Safeguards Commission (where relevant); health professionals involved in your care; and nominated family members or representatives.

4.2 Disclosure without consent where required or authorised by law

We may disclose personal information without consent where required or authorised by law, including for mandatory reporting obligations; child protection and safety requirements; and reporting and responding to serious incidents (including reportable incidents) and responding to lawful requests from regulators or authorities.

5. Storage, Security and Secure Disposal

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification, or disclosure.

5.1 Systems we use

We may store and manage personal information using systems and providers including ShiftCare (CRM/client management and rostering); Xero (accounting and invoicing); Microsoft Office Suite (email and documents); and Zoom (online meetings, where used).

5.2 Security measures

• access controls and role-based permissions;
• encrypted systems and secure transmission methods where available;
• password protection and multi-factor authentication where supported;
• confidentiality obligations for staff and contractors; and
• secure physical storage for paper records.

5.3 Secure disposal

When information is no longer required, we take reasonable steps to securely destroy or de-identify it (including secure disposal of paper records and secure deletion of electronic records), subject to legal retention requirements.

6. Access and Correction

You may request access to personal information we hold about you and request corrections if it is inaccurate, incomplete, out of date, irrelevant, or misleading. To make a request, contact us using the details in Section 13. We may need to verify your identity before providing access or making corrections. In some circumstances permitted by law, we may refuse access and will explain why.

7. Anonymity and Pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym (for example, for general enquiries). However, for service delivery (including NDIS and aged care/HCP services), we generally need to identify you to provide supports safely, manage risks, and comply with funding and legal obligations.

8. Cookies and Third-Party Links

Our website may use cookies to help monitor traffic and improve performance. You can disable cookies in your browser settings, however this may affect website functionality. Our website may contain links to third-party sites. We are not responsible for the privacy practices of external websites.

9. Data Breach Response (Notifiable Data Breaches)

If we suspect or become aware of a data breach, we will take steps to contain the breach and reduce the risk of harm; assess whether the breach is an “eligible data breach” under the Notifiable Data Breaches scheme; and notify affected individuals and the OAIC where required, and take corrective action to prevent recurrence.

10. Complaints and Feedback

If you believe we have breached your privacy rights, you can lodge a complaint with us. We will acknowledge and investigate privacy complaints and respond within a reasonable timeframe.

Internal privacy complaints contact:
General Manager: Dihan Dewage
Email: info@icare4u.com.au
Phone: 1300 422 730

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au); and/or the NDIS Quality and Safeguards Commission (www.ndiscommission.gov.au) (where relevant).

11. Overseas Disclosure

We do not disclose personal information to recipients outside Australia.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be published on our website and will apply from the updated effective date.

13. Contact Us

For questions about this Privacy Policy, to request access or correction, or to make a complaint, please contact:

iCare4U Support Services (ABN: 64 479 668 035)
Attention: Dihan Dewage (General Manager)
Email: info@icare4u.com.au
Phone: 1300 422 730
Address: 10 Thonemans Road, Hoddles Creek VIC 3139

This Privacy Policy is provided for general informational purposes only and does not constitute legal advice.