ABAlink Privacy Policy

This privacy policy applies to the handling and management of your personal information (Your Information) by or on behalf of ABAlink Early Intervention Services Pty Ltd, ABN 35 008 741 557, trading as ABAlink Early Intervention Services (ABAlink, we, us, our).

What is ABAlink?

ABAlink is responsible for delivering Early Intervention Services, including under the National Disability Insurance Scheme (NDIS), other government schemes, and directly to families or carers of a child with a disability.

You can learn more about ABAlink by:

  • visiting the ABAlink website abalink.com.au (this Privacy Policy can be found at abalink.com.au/privacy-policy/)
  • calling us on +61 2 9411 4618
  • emailing any questions to us via privacy@ABAlink.com.au

Why do we have this policy?

We have created this privacy policy in order to demonstrate our commitment to the Privacy Act 1988 Cth (Privacy Act), the Australian Privacy Principles (APPs), and relevant State based health privacy legislation that applies to the handling of health information by private sector health service providers (together, the Australian Privacy Laws). This policy sets out the kinds of personal information we, and others for us, collect and hold, how and why we collect and hold that information and how we use or disclose Your Information. It also tells you how you can access and amend Your Information and how you may make a complaint if you think that we have breached our privacy obligations. Where applicable Australian Privacy Laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.

In this policy, personal information has the meaning under the Australian Privacy Laws, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise.

What personal information do we collect and hold?

The kinds of information we collect and hold includes (but is not limited to):

  • name;
  • contact details, including phone number, email address and mailing address;
  • date of birth;
  • gender;
  • details about your physical or mental health, including disabilities;
  • family relationships and next of kin;
  • information about your service/support requirements;
  • needs and circumstances (such as living or financial circumstances);
  • details of your guardians and representatives/nominees;
  • NDIS plan number;
  • payment information in connection with a service;
  • details of feedback or complaints about services provided by us;
  • bank account details;
  • employee records; and
  • Medicare and private medical insurance provider details.

If we enter contracts with you, or you request or receive services from us or have any other commercial dealings with us, we may collect your financial details including bank or credit card details for payment, billing information and your signature. Some of Your Information may also be considered sensitive information as defined under Australian Privacy Laws, such as your “health information” (which includes information about your physical health and disabilities), and other personal information collected for the purpose of providing our services to you (e.g. considering whether you can attain funding in order to obtain goods and services in connection with your NDIS plan).

We only collect sensitive information with your consent, or otherwise in accordance with the Australian Privacy Laws.  If you do provide sensitive information to us for any reason, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as otherwise permitted by Australian Privacy Laws.

You may elect not to provide us with Your Information. However, where you choose not to provide us with Your Information, we may not be able to provide you with the full range of services.

Do I have to disclose my name?

We will, if practicable, allow you to choose not to give your name or identify yourself (unless this is against the law), however we may not be able to provide you with services on that basis.

How do we collect and hold Your Information?

We usually collect Your Information directly from you or from people who are authorised to represent you. This includes when you provide Your Information to us in person through consultations and appointments and through some of the following means:

  • when you contact us via a nominated representative;
  • when you contact us via phone, teleconference, or email;
  • when you make an enquiry or booking with us, including through our website (via webform or otherwise) located at https://www.abalink.com.au/;
  • when you fill in referral, assessment, registration, and / or other forms (including where you provide these details to a third party who intends to provide them to us on your behalf);
  • when you upload content or interact with us on our website or via our social media pages;
  • in administering and performing any contracts with our service providers; and
  • as otherwise required to manage our business.

From time to time we may also collect Your Information from a third party if you have consented, or would reasonably expect us to collect the information in this way. An example of this is collecting information from a healthcare expert, such as a Paediatrician, who is managing a participant’s diagnosis, or from your parent or guardian if you are under 18 years of age or suffer from a disability which requires ongoing guardianship.

We, or third parties acting on our behalf, may also collect Your Information from third party disability support providers, state and territory governments and other Commonwealth government entities (for example, the Department of Human Services) where this collection is authorised under law. The information collected is usually about participants, prospective participants, registered providers or persons with a disability who may wish to access the NDIS.

To the extent that any additional obligations arising under the Australian Privacy Laws apply to our collection of your sensitive information, we also comply with those obligations and we will only collect health information from you directly unless it is not reasonable or practical to do so.

We, or third parties acting on our behalf, may contact you by phone, for example, to facilitate your access to the NDIS. In the event that we ask for certain personal information over the phone, we will only request this information upon explaining the purpose for asking for this information and seeking your consent to proceed. If you are ever unsure about whether a person calling you is from ABAlink, or calling on behalf of us, before you give them any information, you should ask the person to verify their identity, take their name and number and call us back at our office on 02 9411 4618.

Employees

We collect personal information about employees and prospective employees in order to conduct employment and employment-related activities such as payroll services, recruitment, performance management, reporting, and so as to ensure we meet are compliant with the NDIS worker compliance standards and also aligned with the applicable workplace health and safety requirements. Our collection, use, storage, and disclosure of personal information about employees and prospective employees is conducted in accordance with the Australian Privacy Laws and the Fair Work Act 2009 (Cth).

How do we use and disclose personal information?
We need Your Information to provide you with our services (Main Purpose), including early behavioural intervention therapy and related services.

We only collect, use, hold and disclose Your Information where it is reasonably necessary for our functions, activities, or operations.  In particular, we may collect, use, hold and disclose Your Information:

  • to service, connect and communicate with participants and relevant persons and entities (including health service providers), including in connection with your NDIS Plan;
  • for record keeping purposes;
  • to conduct research and evaluation on, and improve, our services;
  • to contact you in relation to customer surveys and feedback;
  • to administer our relationship with you by responding to your enquiries and to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner; and
  • for any purpose related to the Main Purpose or the purposes listed above that could be reasonably anticipated at the time Your Information was collected as being necessary, or for other purposes to which you have consented.

We make a record or note of some phone calls to help us in ensuring that the service we provide meets the highest standards. We may use your information to seek feedback from you regarding your level of satisfaction with our services.

Email addresses provided through website queries will only be used for the purpose of responding to those queries and may be added to our mailing lists (unless that person has elected to unsubscribe to our mailing list).

Who do we share Your Information with?

By submitting Your Information to us, you consent to us disclosing Your Information in connection with the purposes described in this privacy policy.  This may include disclosing Your Information to third parties including: our suppliers, contractors, and organisations that provide us with services; our accountants, insurers, lawyers, auditors and other professional advisers; any other third parties you have directed us to disclose Your Information to or third parties that we are authorised to disclose to at law; and if we or our assets are acquired or considered for acquisition by a third party, that third party and its advisors.

If we need to disclose Your Information outside of our organisation, we will de-identify the information prior to disclosure, wherever it is practicable to do so. Exceptions include where we refer participants to external providers of in-kind supports under an approved NDIS plan; where that person consents; or where the disclosure is permitted or required under law. Some other examples of when we may disclose Your Information include:

  • in delivering our services and our other functions (for example, quality assurance purposes, training and the purpose of improving our services);
  • where disclosure is required or authorised by law, including under the NDIS Act 2013 Cth;
  • to prevent or lessen a serious and imminent threat to someone’s life or health or a threat to public health or safety;
  • as a necessary part of an internal investigation following a complaint; or
  • where we use a contractor to provide some ABAlink services and the contractor needs personal information of certain participants, providers, carers or other persons in order to perform the relevant services.

Users of ABAlink’s computer systems may at times be able to see a person’s name (if the person is a participant, provider of supports, nominee or other person known to ABAlink) when performing duties either as an ABAlink employee or on behalf of the ABAlink, but are only permitted to record, use or disclose that information if it is directly related to performing those duties.

A state or territory government official may also have access to personal information as part of the intergovernmental arrangements.

Disclosure outside Australia

We may disclose Your Information to third parties (including subcontractors) located outside Australia in order to assist us in providing services to you at your direction. We may also engage overseas service providers to provide services to us (like cloud storage services or other types of network or electronic systems) from time to time which may not necessarily always involve a disclosure of Your Information to that overseas service provider.

By providing us with Your Information, you consent to Your Information being used, stored and disclosed to overseas recipients for the purposes necessary to operate our business. We will endeavour to only deal with reputable recipients subject to comparable privacy obligations. However,  you acknowledge that such overseas recipients may not be required to comply with the Australian Privacy Laws and in the event that an overseas recipient breaches the Australian Privacy Laws, that entity may not be bound by and you may not be able to seek redress under, the Australian Privacy Laws.

When we use third parties, such as contractors, to perform certain functions, we will take reasonable steps to ensure that the third parties are required to treat Your Information with care and confidentiality.

In the case of child participants, or participants who do not have the capacity to make decisions for themselves, we liaise with the people (such as a parent, guardian, representative or nominee) who are responsible for their welfare. We may also use and disclose Your Information to ensure the integrity of the NDIS and comply with our obligations as a provider, which includes identifying and responding to any fraudulent activities or misuse of NDIS funds.

How do we deal with Tax File Numbers?
If you give us your Tax File Number (TFN), we will keep the TFN secure.

Due to legal restraints on the disclosure of TFNs, if a person asks us for your TFN, we will not be able to provide it to them. If you want to obtain another person’s TFN, or the TFN of a family member, you will need to obtain this from the Australian Taxation Office directly.

In limited circumstances, the Australian Taxation Commissioner can be required by law to provide a person’s TFN to us.

How do we  protect personal information?
We endeavour to ensure that nobody outside ABAlink can access Your Information, unless that access is authorised or required under law or this policy. We have systems and procedures in place to protect Your Information from misuse and loss, as well as from unauthorised access, modification or disclosure. These systems and procedures include:

  • secure storage of paper records;
  • access to Your Information is provided only to authorised personnel on a need-to-know basis;
  • secure access to our premises; and
  • regular updates and audits of storage and data systems and protections.

When no longer required, Your Information is destroyed in a secure manner, or archived or deleted in accordance with our obligations under the Australian Privacy Laws.

ABAlink’s web-based services

We provide secure web-based services. However, users are advised that there are inherent risks in transmitting information online, noting that information sent to or from a website may be intercepted, corrupted or modified by third parties.

Does ABAlink use cookies?

Cookies are small data files sent by a website or application and stored on a user’s computer or device at the request of that site or app for a pre-defined period. Session cookies are server-specific cookies that cannot be passed to any machine other than the one that generated the cookie. We may from time-to-time use cookies, session cookies and other similar technologies to collect information about your use of our website.

We rely upon session cookies to maintain contact with users via web browsing sessions. At the end of a given session, the user may choose to manually log-off and the session cookie is immediately deleted. If a person does not logoff at the end of the session, we will automatically log that person off after about 20 minutes. This will ensure that no other person has access to the relevant information. In order to use certain features, users must use a browser which is enabled to accept cookies.

We analyse non-identifiable website traffic data (including through the use of third-party service providers) to improve our services and for statistical purposes. No attempt will be made to identify anonymous users or their browsing activities.

External links to third party websites

Our website contains external links and widgets that are operated by third parties. These third parties may not be subject to the Australian Privacy Laws. We are not responsible for the privacy practices of these third parties, or the accuracy, content or security of their websites. You should examine each website’s privacy policies and use your own discretion regarding use of their website.

How can a person access or update the information ABAlink holds about them?

We take reasonable steps to ensure that Your Information that we collect is accurate, up to date, complete and relevant. If you learn that Your Information is inaccurate, outdated or incomplete, you should contact us so that your information can be updated.

To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or in making corrections to Your Information.  We will provide access to Your Information in accordance with the Australian Privacy Laws, subject to certain exemptions which may apply.

Where you request us to amend Your Information that we hold about you, we will action this request promptly. You can also request that we notify the change to any other agencies or organisations that we have previously disclosed Your Information to. If we do not agree to correct our records as requested, we will give you written notice of the decision, setting out our reasons for refusing the request and how you can lodge a complaint about our decision. Where Your Information can be provided to you, we will provide this information as soon as possible, and by no later than 30 days after the initial request.

If we do not agree to a request for access to Your Information, we will take reasonable steps to give you access to the information in an alternative form. We will also provide you with a written notice setting out the reasons for refusal, and how you can lodge a complaint about the decision.

What if you have a complaint?
We will manage complaints in a way that is timely and transparent. Sometimes this may mean speaking with other ABAlink staff members about your matter. In all cases, we will inform you of the progress of your complaint. If you are not satisfied with our response or how we handled your complaint, you may complain to the Office of the Australian Information Commissioner via www.oaic.gov.au.

How can you contact us regarding privacy matters?

If you would like to leave feedback or complain about our privacy policy or how we handle Your Information, please contact us via  email at privacy@abalink.com.au or calling us on 02 9411 4618.