Menu
  • Legal

Privacy Policy

How Rebalance Community Care collects, uses, and protects your personal information.

  • Last updated: June 2026 · Version 1.0

About This Policy

Rebalance Community Care Pty Ltd (ABN 91 697 578 395) is committed to protecting your privacy. This policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and our obligations as a registered NDIS provider under the NDIS Quality and Safeguards Commission Act 2018 (Cth).

It applies to personal information collected through our website, referral forms, and in delivering NDIS-funded supports.

For NDIS participants: more detailed information about your privacy rights is provided in your Service Agreement and Participant Welcome Pack.

What We Collect and Why

We collect only the information we need for the purpose it is collected:

  • Referral form submissions — referrer and participant details, NDIS plan information, support needs, and any documents you attach (e.g. NDIS plan, functional assessment). Purpose: to assess eligibility and arrange supports.
  • General contact enquiries — name, email, phone, and your message. Purpose: to respond to your enquiry.
  • Careers applications — name, contact details, and information about your experience. Purpose: to assess your application.
  • Active NDIS participants — personal details, health and disability information, support plan, progress notes, and service records. Purpose: to deliver safe, person-centred supports and meet our NDIS regulatory obligations.
  • Website visitors — anonymous analytics data (pages visited, device type) via Google Analytics. Purpose: to improve our website.

Sensitive information — such as health and disability information — is only collected with your consent, or where required by law. When you submit a referral on behalf of a participant, you confirm you have their consent to share their information with us.

Who We Share Information With

We do not sell, rent, or trade your personal information. We may share it with:

  • NDIS Quality and Safeguards Commission — as required by law (audits, reportable incidents)
  • Allied health providers — with participant consent, to support clinical care
  • Support coordinators and plan managers — with participant consent, for service coordination
  • Our Consultant Nurse Practitioner — for clinical governance and care planning
  • Technology service providers — cloud storage, practice management software, and website hosting. These providers are bound by confidentiality obligations and cannot use your information for their own purposes.
  • Emergency services — in a medical emergency, to protect participant safety
  • Regulators and law enforcement — where required by law or court order

Storage, Security and Retention

All personal information is stored securely with password protection and role-based access controls. Staff can only access information relevant to their role. Access is reviewed quarterly and removed immediately when employment ends.

Our website uses HTTPS encryption. We use two-factor authentication for all administrative system access. All staff complete mandatory privacy training before accessing any participant information.

How long we keep information: NDIS participant records are retained for a minimum of 7 years after the last service (or until age 25 for participants who were minors). Staff records and financial records are retained for at least 7 years. Website enquiry data is retained only as long as reasonably necessary.

Records are securely destroyed (shredded or permanently deleted) when no longer required.

Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of information that is inaccurate, incomplete, or out of date

To make an access or correction request, contact us in writing using the details below. We will respond within 30 days at no charge.

Cookies

Our website uses Google Analytics 4 (anonymous, aggregated data only) and standard WordPress and WPForms cookies for site functionality. No personally identifying information is collected through cookies. You can disable cookies in your browser settings.

Privacy Complaints

If you believe we have handled your information incorrectly, please contact us first — we will acknowledge your complaint within 5 business days and respond within 30 days. If you are not satisfied, you may escalate to:

Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.au  ·  1300 363 992

NDIS Quality and Safeguards Commission (for NDIS-related privacy concerns)
www.ndiscommission.gov.au  ·  1800 035 544

We review this policy at least annually. Material changes will be notified to active participants and referrers by email.

Privacy Complaints

We review this policy at least annually. Material changes will be notified to active participants and referrers by email.

Privacy Officer

John Venning — Director

Phone

0483 792 751

Email

info@rebalancecommunitycare.com.au

Post

PO Box 2336, Chermside Centre QLD 4032