Privacy Policy

Purpose
This Policy sets out the guidelines for Richer Support regarding the protection of individual privacy and the management of personal information collected in the course of our business operations. Richer Support is committed to ensuring that this policy aligns with Australian law (The Commonwealth Privacy Act 1988, Privacy Amendment Enhancing Privacy Protection Act 2012) and the National Disability Insurance Scheme (NDIS) Practice Standards and Quality Indicators 2021.

Scope
This Policy applies to all individuals associated with Richer Support, including clients, staff, other healthcare professionals, and other individuals who are not clients of Richer Support (for instance, somebody who completes the website referral form, a client’s chosen emergency contact, or information taken from relevant family history).

Definitions
Collection: The process of gathering, acquiring, or obtaining personal information from any source and by any means. This includes cases where personal information is unintentionally acquired or obtained without explicit requests.

Personal Information: Any data that can be used to identify an individual.

Consent: Voluntary agreement to an act, practice, or purpose, comprising two elements - knowledge of the matter agreed to and voluntary agreement.

Contractors: The Privacy Act treats the actions and practices of employees (and those 'in the service of' an organisation) in the performance of their employment duties as those of the organisation.

Disclosure: Generally, an organisation discloses personal information when it releases it to external parties, excluding providing individuals with their own information (e.g., sending a behaviour support plan to a client’s treating psychiatrist).

Use: The handling of personal information within an organisation.

Policy
Richer Support is dedicated to safeguarding privacy and personal information and is obligated to adhere to the 13 Australian Privacy Principles (APPs) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988. This policy may undergo revisions, and the most up-to-date version will always be accessible on our website at www.richersupport.com.

You can request a copy of this Policy at any time by contacting us at 0413 213 810 or emailing contact@richersupport.com. We will ensure that when updates to the privacy policy occur, updates will be brought to our client’s attention. New staff will receive this as part of their induction, and their awareness will be confirmed with their signature indicating their willingness to be bound by it. For clients, this will be accomplished by sending clients a copy of Richer Support’s privacy policy once a service agreement has been signed.

Procedure
Dealing with us anonymously: Wherever it is both lawful and practical, you may request to engage with us anonymously or under a pseudonym.

Collection of Personal & Sensitive Information
Richer Support collects and retains personal information from various sources, including clients, their families, formal and informal supports, and other healthcare individuals. The collected information may encompass details such as the name, address, email address, phone number, and payment information clients (e.g., NDIS plan details, Fund Management Details, or personal payment details).

Given the nature of behaviour support, it will also likely include sensitive information pertaining to a client’s personal history and presenting concerns through clinical interview and collection of existing reports, as well as seeking details of relevant formal and informal supports. If unsolicited personal information is received, we will make efforts to confirm our ability to store this information with the individual. We ensure that the information is collected lawfully, only to the extent necessary for our business operations.

Purposes of Collecting Personal Information

  • Providing behaviour support services

  • Processing payment

  • Responding to referrals, feedback, and complaints

  • Recruiting and managing staff, contractors, and volunteers

Disclosure of Personal Information
Richer Support will not sell or provide personal information to third parties unless it is with proper consent, or if required by law. We collaborate with various service providers and contractors to support our behaviour support assessment and implementation process, and as such, other organisations and individuals may access and use the personal information we hold. This information is only shared with your consent.

Mandatory Reporting
As Behaviour Support Practitioners, it is important to note that we are mandatory reporters, which means that if we become aware of any information related to the safety or well-being of a child, vulnerable adult, or any potential harm to yourself or others, we are obligated by law to report such concerns to the appropriate authorities.


Restrictive Practices Reporting
In the course of our work as Behavior Support Practitioners in Australia, it is important to address the use of restrictive practices in certain situations. In accordance with the NDIS Quality and Safeguards Commission Regulated Restrictive Practices Guide (2020), we have an obligation to notify the Commission in the event an unauthorised restrictive practice is identified.

Access to Personal Information
Richer Support will make every effort to ensure that the personal information we collect, hold, use, or disclose is accurate, up-to-date, complete, relevant, and not misleading. At any time, you can contact us at 0413 213 810 or email contact@richersupport.com and request access or corrections to your personal information. We will verify the identity of anyone requesting information and aim to respond to requests within 30 days. However, we may deny access to information under the exceptions outlined in APP 12, and if we do so, we will provide a written notice.

Storage and security of Personal Information
We maintain stringent measures to safeguard your personal information. Your data is securely stored online, and we employ industry-standard encryption and access controls to protect it from unauthorised use, access, or disclosure. The company follows a strict policy of not keeping hard copies of personal information on their computer hardware.

However, please note that any unencrypted information exchanged via the Internet may be accessed and used by unintended recipients, so sending personal information by email is at the sender's risk. In compliance with document retention laws, we will securely destroy or de-identify information that is no longer needed or disclosed once it has served its purpose.


Data Retention
Richer Support's commitment to data protection extends to careful data retention and disposal practices. We understand the importance of securely managing personal information throughout its lifecycle. To ensure compliance with document retention laws and best practices, we have established specific retention periods for various types of data and outlined clear criteria for the secure destruction or de-identification of information that is no longer required, safeguarding the privacy of individuals. In accordance with AHPRA guidelines and established data management best practices, Richer Support retains healthcare data for the duration of seven years from the last date of service provision, or for any longer period as may be required by specific regulations.


Notifiable Data Breaches
A data breach takes place when an organisation or agency loses control of, or experiences unauthorised access or disclosure of, the personal information it holds. This can happen in various scenarios, such as:

  • The loss or theft of a device containing a customer's personal information.

  • Unauthorised access to a database containing personal information through hacking.

  • Accidental disclosure of personal information to an unintended recipient.

Data Breach Response Plan
Our Privacy Policy adheres to Australian privacy laws, specifically the Privacy Act 1988 and the Privacy Amendment (Notifiable Data Breaches) Act 2017. It designates Boudicea Hodgson as the Privacy Officer responsible for coordinating responses to data breaches, ensuring transparency, and reporting to relevant authorities. The policy outlines procedures for breach detection, containment, mitigation, notification to affected parties, investigations, data recovery, security enhancements, documentation, and regular compliance reviews.


Contacting our Privacy Officer
Richer Support has appointed a designated Privacy Officer who is responsible for addressing any complaints or concerns about our protection of privacy. The Privacy Officer also oversees staff training programs and promotes compliance with this policy and relevant privacy laws. If any issues concerning our privacy practices come to our attention, we take them seriously and work to resolve them. Complaints should be directed to The Privacy Officer at Richer Support, 0413 213 810 or emailing contact@richersupport.com


How are changes to the Privacy Policy made?
Our privacy policy is subject to periodic review and revision. Any changes or updates to this policy will be made available and accessible on this website.


Complaints
Clients are entitled to voice their concerns about the management of their personal information. If you have any reservations regarding the personal information we've requested, please don't hesitate to bring them to our attention directly. Complaints may be lodged with Richer Support through using the form on the ‘Complaints’ tab of this website, via phone on 0413 213 810, or via email at contact@richersupport.com. We are dedicated to addressing valid complaints promptly and appropriately, typically within 24 hours of receiving the email.

If you are not satisfied with our response to a complaint regarding privacy, or would like to make an external complaint about the services you have received, you can do so at any time by directly contacting the NDIS Commission.

The NDIS Quality and Safeguard Commission is an independent agency established to ensure the NDIS Providers are doing the right thing.
Phone: 1800 035 544
Email: contactcentre@ndiscommission.gov.au
Website: NDIS Commission
Postal: NDIS Commission, PO Box 210, Penrith NSW 2750
National Disability Insurance Scheme (Complaints Management and Resolution) Rules 2018


Relevant Documents

Richer Support Privacy Policy
Richer Support Privacy Policy - Easy Read
The Commonwealth Privacy Act 1988
Privacy Amendment Enhancing Privacy Protection Act 2012
NDIS Practice Standards and Quality Indicators November 2021
NDIS Quality and Safeguards Commission Regulated Restrictive Practice Guide (2020)
Easy-Read Restrictive Practice Guide
Notifiable Data Breach Scheme