What is ABAlink?
ABAlink Early Intervention Services Pty Ltd (ABAlink, we, our) is responsible for delivering Early Intervention Services, including under the National Disability Insurance Scheme (NDIS), other government schemes, and directly to families or carers of a child with autism.
You can learn more about ABAlink by:
- visiting the ABAlink website ABAlink.com.au
- calling us on +61 2 9411 4618
- emailing any questions to us via privacy@ABAlink.com.au
What are ABAlink’s privacy obligations?
Personal information is information or an opinion about an individual whose identity is reasonably identifiable. Examples of personal information include a person’s name, address, date of birth and details about their health or disabilities.
Privacy laws do not apply to the information of corporate entities, such as providers. However, the personal information of individuals connected with those entities (such as employees) will be protected by privacy laws.
In dealing with personal information, we abide by the obligations imposed on us under federal law, including the Privacy Act 1988 (Cth) (Privacy Act) and the National Disability Insurance Scheme Act 2013 Cth) (NDIS Act).
Part B – Our personal information handling practices
What kinds of personal information does ABAlink collect and hold?
The kinds of information we collect and hold includes (but is not limited to) personal information about participants and other users of our services, and about our employees, contractors and providers.
Examples of personal information that we may collect includes:
- name, contact details, date of birth and age
- gender, details about participants’ physical or mental health, including disabilities
- information about participants’ service/support requirements
- needs and circumstances (such as living or financial circumstances)
- details of guardians and representatives/nominees, including names, addresses and identity verification and contact details including emails address and phone numbers
- NDIS Plan Number
- payment information in connection with a service
- details of feedback or complaints about services provided by us
- bank account details
- employee records
Some of the personal information we collect is ‘sensitive information’ or ‘health information’, as described in the Privacy Act, and we will deal with that information only as required or permitted by law.
Do I have to give my name?
We will, if practicable, allow you to choose not to give your name or identify yourself (unless this is against the law).
In some cases, if you do not provide us with certain personal information, we may not be able to provide you with products, services, or information. This may affect whether you can become or continue to be a client of ABAlink.
How will the ABAlink collect and hold personal information?
We often collect personal information from people directly or from people who are authorised to represent them. While you do not have to provide us with all information requested, not providing this information to us may mean that:
- we may not be able to decide whether you can become a client or employee;
- decisions may be delayed while we seek further information; and
- we may not be able to provide services requiring a Service Agreement
We sometimes collect personal information from a third party if you have consented, been told of this practice, or would reasonably expect us to collect the information in this way. An example of this is collecting information from a healthcare expert, such as a paediatrician, who is managing a participant’s diagnosis.
We, or third parties acting on our behalf, may also collect personal information from third party disability support providers, state and territory governments and other Commonwealth government entities (for example, the Department of Human Services) where this collection is authorised under law. The information collected is usually about participants, prospective participants, registered providers or persons with a disability who may wish to access the NDIS.
We, or third parties acting on our behalf, may contact you by phone, for example, to facilitate your access to the NDIS. In the event we do ask for certain personal information over the phone, we will only request this information once explaining the purpose for asking for this information and seeking your consent to proceed.
We may otherwise collect personal information from you via agreements, applications, or consent forms you provide, or other means of communication like via email, or our website.
If you are ever unsure about whether a person calling you is from ABAlink, or calling on behalf of us, before you give them any information, you should ask the person to verify their identity, take their name and number and call us back at our office on 02 9411 4618.
We collect personal information about employees and prospective employees to conduct employment and employment-related activities such as payroll services, recruitment and selection, performance management, reporting, NDIS Worker Compliance and work health and safety. Our collection, use, storage, and disclosure of personal information about employees and prospective employees is in accordance with the Privacy Act and Fair Work Act 2009.
How do we use and disclose personal information?
We collect, hold, use and disclose personal information for the purpose of providing services, including under the NDIS, conducting our operations, communicating with participants and health service providers, conducting research and evaluation on and improving and promoting our services, and complying with our legal obligations. By providing personal information to us, you consent to us using your information for those purposes, and for any related purpose, or any purpose that could reasonably be expected at the time your personal information was collected or to which you otherwise consent.
We make a record or note of some phone calls to help us in ensuring that the service we provide meets the highest standards. We may use your information to seek feedback from you regarding your level of satisfaction with our services.
Email addresses provided through website queries will only be used for the purpose of responding to those queries and may be added to our mailing lists (unless that person has elected to unsubscribe to our mailing list).
If we need to disclose personal information outside ABAlink, we will de-identify the information prior to disclosure, wherever it is practicable to do so. We will not normally disclose a person’s personal information to anyone outside ABAlink except where we refer participants to external providers of in-kind supports under an approved NDIS plan; where that person consents; or where the disclosure is permitted or required under law.
Some examples of when we may disclose personal information include:
- in delivering ABAlink services and our other functions (for example, quality assurance purposes, training and the purpose of improving our services);
- this is required or authorised by law, including under the NDIS Act;
- it will prevent or lessen a serious and imminent threat to someone’s life or health or a threat to public health or safety;
- it is a necessary part of an internal investigation following a complaint; or
- we use a contractor to provide some ABAlink services and the contractor needs personal information of certain participants, providers, carers or other persons to perform that service.
Users of ABAlink’s computer systems may at times be able to see a person’s name (if the person is a participant, provider of supports, nominee or other person known to ABAlink) when performing duties either as an ABAlink employee or on behalf of the ABAlink, but are only permitted to record, use or disclose that information if it is directly related to performing those duties.
A state or territory government official may also have access to personal information as part of the intergovernmental arrangements.
We will not sell or rent your information to anyone and will not disclose your information overseas unless you agree to this (though you acknowledge and agree that your information may be stored on servers based overseas).
When we use third parties, such as contractors, to perform certain functions, we will take reasonable steps to ensure that the third party will also be required to treat personal information they may see or handle with care and confidentiality.
In the case of child participants, or participants who do not have the capacity to make decisions for themselves, we liaise with the people (such as a parent, guardian, representative or nominee) who are responsible for their welfare, rather than them directly.
We may also use and disclose personal information of participants, providers and community partners to ensure the integrity of the NDIS and comply with our obligations as a provider, which includes identifying and responding to any fraudulent activities or misuse of NDIS funds.
How does ABAlink deal with Tax File Numbers?
If a person gives us their Tax File Number (TFN), we keep that information secure.
Due to legal restraints on the disclosure of TFNs, if a person asks us for their TFN, we will not be able to provide it to them. If a person wants to obtain their TFN, or the TFN of a family member, they will need to obtain this from the Australian Taxation Office directly.
In limited circumstances, the Australian Taxation Commissioner can be required by law to provide a person’s TFN to us.
How does ABAlink protect personal information?
We take steps to ensure that no one outside ABAlink can access information we hold about someone without that person’s consent, unless that access is authorised or required under law.
We have systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:
- paper records are held securely;
- access to personal information is on a need-to-know basis, by authorised personnel;
- our premises have secure access; and
- storage and data systems and protections are regularly updated and audited.
When no longer required, personal information is destroyed in a secure manner, or archived or deleted in accordance with our obligations under federal law.
ABAlink’s web-based services
We provide secure web-based services. However, users are advised that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. You can communicate with us, or provide documents to us, by a range of means, including in person or by post, as well as electronically (via email or through our website).
A “cookie” is a small file supplied by ABAlink and stored by the web browser software on a person’s computer when they access our website. (An explanation of cookies can be found at the website of the Australian Information Commissioner (external).)
We use a session cookie for maintaining contact with a user throughout a web browsing session. At the end of the session, the user may choose to manually logoff and the cookie is immediately deleted. If a person does not logoff at the end of the session, we will automatically log that person off after about 20 minutes. This will ensure that no other person has access to this information. In order to use certain features which personalise our website, users must use a browser which is enabled to accept cookies.
We analyse non-identifiable website traffic data (including by third-party service providers) to improve our services and for statistical purposes. No attempt will be made to identify anonymous users or their browsing activities.
External links to third party websites
Our website contains external links and widgets operated by certain third parties, such as Facebook, YouTube, Instagram, Twitter, LinkedIn and Google. These external third parties may not be subject to the Privacy Act. We are not responsible for the privacy practices of these third parties, or the accuracy, content or security of their websites. You should examine each website’s privacy policies and use your own discretion regarding use of their site.
How can a person access or update the information ABAlink holds about them?
We aim to ensure that the information we hold about a person is accurate, up to date, complete and relevant before acting on it. If a person learns that personal information we hold about them is inaccurate, outdated, incomplete, irrelevant or misleading, that person should contact us so that their information can be updated.
Where a person requests us to correct personal information we hold about them, we will action this request promptly. A person can also request that we notify that change to any other agencies or organisations that we have previously disclosed the personal information to.
If we do not agree to correct our records as requested, we will give written notice of the decision, setting out our reasons for refusing the request and how that person can lodge a complaint about our decision. Where a person’s own information can be provided to them, we will provide this information as soon as possible (and by no later than 30 days of the request).
If we do not agree to a request for access to personal information, we will take reasonable steps to give the person access to the information in an alternative form. We will also provide the person with a written notice setting out the reasons for refusal, and how they can lodge a complaint about the decision.
Withdrawing or amending your prior consent
If you wish to withdraw or amend consent you have previously given, please make this request in writing so that we can action your request.
What if I have a complaint?
If you would like to leave feedback or complain about the service you have received from us, or if you think we have breached your privacy obligations, please contact us via email , or call us on 02 9411 4618.
We will manage complaints in a way that is timely and transparent. Sometimes this may mean we have to speak to other ABAlink staff members who are handling your matter. In all cases, we will inform you of the progress of your complaint.
If you are not satisfied with our response or how we handled your complaint, you may complain to the Office of the Australian Information Commissioner through oaic.gov.au.
How can you contact us regarding privacy matters?