Privacy Policy

Background

(A) Swell Service Pty Ltd’s policy is to respect and protect the privacy of all people connected with the National Disability Insurance Scheme (NDIS), including participants, providers, employees, and contractors. Swell Service Pty Ltd abides by obligations under federal law, including the Privacy Act 1988 (Cth) and the National Disability Insurance Scheme Act 2013 (Cth).

(B) The Privacy Act 1988 (Cth) authorises the collection of personal information when necessary to facilitate access to NDIS services. The National Disability Insurance Scheme Act 2013 (Cth) sets confidentiality provisions that limit how Swell Service Pty Ltd collects, uses, and discloses personal information.

1. Information collected and stored

(a) What we collect

Swell Service Pty Ltd collects information reasonably necessary to carry out our role as service providers. This includes, but is not limited to, personal information (as defined under the Privacy Act 1988 (Cth)) about participants, service users, employees, contractors, and providers.

(b) Types of personal information collected

We may collect the following types of personal information:

  • Identity information, such as full name and date of birth.
  • Contact details, such as email and phone number.
  • Government identifiers, such as your NDIS participant number (if applicable).
  • NDIS plan details, where provided.
  • Documents uploaded to the Swell Service Pty Ltd platform.
  • Interactions and activity logs on our platform.
  • Information provided via free-text inputs on our platform.
  • Occupation details.
  • Preferences and relationship information with other Swell Service Pty Ltd users.
  • Third-party information, where consent has been provided (e.g. information from the National Disability Insurance Agency).
  • Financial information, such as bank account details or credit card information, when necessary for processing payments or reimbursements.

(c) Health information

Swell Service Pty Ltd may also collect ‘health information’ as defined under the Privacy Act 1988 (Cth), including:

  • Details of health conditions or disabilities.
  • Information about doctors or healthcare professionals consulted.
  • Records of health services received.

2. Sensitive information

(a) Definition of sensitive information

Under the Privacy Act 1988 (Cth), sensitive information includes details about an individual’s:

  • Racial or ethnic origin.
  • Political opinions or memberships.
  • Religious or philosophical beliefs.
  • Trade union or professional association memberships.
  • Sexual orientation or practices.
  • Criminal records.
  • Health information.

(b) Collection of sensitive information

We will not collect sensitive information without your explicit consent, except where required by law or necessary for legal claims. If consent is required, we will:

  1. Clearly identify the sensitive information being collected.
  2. Provide options to consent through written, electronic, or verbal means, with proper record-keeping.
  3. Maintain a register of given and withdrawn consents.
  4. Allow individuals to modify or withdraw their consent at any time.

3. Purpose of collecting and storing information

Swell Service Pty Ltd will only use and disclose personal information where consent has been provided for purposes such as:

  • Providing and improving our services to clients and their families.
  • Processing payments, invoices, and donations.
  • Communicating with clients, families, and supporters (via phone, email, or other electronic means).
  • Responding to enquiries and complaints.
  • Internal business operations, including:
  • Engaging contractors and service providers.
  • Administrative functions such as billing and reporting.
  • Evaluating service performance and fundraising activities.

(b) When we may share personal information

We will not share personal information with third parties without consent, except:

  • Where required by law, such as responding to law enforcement, government requests, or court orders.
  • To prevent or lessen serious threats to life or health.
  • To contractors or service providers, strictly for fulfilling their duties to us.
  • In the event of a business merger or sale, where personal information may be transferred.
  • Where disclosure is necessary to comply with legal or regulatory obligations.

We ensure that any third party receiving personal information maintains equivalent privacy protections and complies with Australian data protection laws.

4. Collection and storage processes

Swell Service Pty Ltd has systems in place to protect personal information from misuse, loss, unauthorised access, modification, or disclosure.

(a) Security measures

We take the following steps to safeguard personal information:

  • Secure paper-based records.
  • Limited access to personal data on a need-to-know basis.
  • Regular system updates and security audits.
  • Encryption of sensitive data during transmission and storage.
  • Continuous security monitoring and penetration testing.

(b) Retention and disposal

  • Personal information is retained for [YEARS] years from the last service date (unless legally required for longer).
  • Physical records are securely shredded.
  • Digital records are permanently erased using industry-standard deletion methods.
  • A destruction register is maintained for all disposed records.

5. Accessing and correcting personal information

(a) Keeping information accurate

Swell Service Pty Ltd aims to ensure all personal information is accurate, up to date, complete, and relevant.

(b) Requesting corrections

Individuals may request corrections to their personal data by contacting us. If we do not agree to a requested correction, we will provide a written explanation and information on how to lodge a complaint.

(c) Response time

  • We will respond to access or correction requests within 30 days.
  • If an extension is needed, we will notify you.

6. Making a complaint

(a) How to lodge a complaint

If you believe Swell Service Pty Ltd has breached your privacy rights, you may lodge a complaint by contacting us via email, mail, or phone (see Section 7 for contact details).

(b) Our complaint handling process

  • We aim to resolve complaints within 7 days.
  • If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC).
  • If dissatisfied, you may request an internal review within [DAYS] days, conducted by a senior officer.

(c) Contacting the OAIC

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner:

7. Contact information

If you have feedback or concerns regarding your privacy, you may contact us via:

  • Phone: 08 6372 1296
  • Email: admin@swellservice.com
  • Postal Address: 7/30 Hasler Road, Osborne Park, Western Australia, 6017

For further information about privacy rights, visit: