Privacy Policy

Our Privacy and confidentiality at CaptainK are bound by the Privacy Act 1988 (Cth) that complies with the 13 Australian Privacy Principles (APPs)

This Act governs and regulates the way personal information is handled from collection to use and disclosure, storage, accessibility, and disposal.

We keep updating our policy as we grow and as per need arises from time to time. A current copy is available on our website and can also be obtained from our Privacy Officer on request.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au

is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. By providing personal information to us, you consent to our storage, maintenance, use and disclosing of personal information in accordance with this privacy policy.

What type of personal information we collect?

We collect information such as:

• Name, age, date of birth, gender, address (postal and mailing), Email address and Telephone number.
• Guardians, Public Trustee and /plan nominee details including their names, addresses and contact details.
• NDIS plan details like your unique NDIS number and type of support requirements by a participant including the plan budget details.
• Mainstream support information like Centrelink CRN (customer reference number), health information details like your disability, Physical or mental health, doctors, or other health care services you have received or are currently receiving.
• Any community support connections like the services you receive from therapists, consumables product suppliers, Assistive technology providers, support workers and any other supports that are considered necessary and part and parcel of your NDIS plan journey and other support needs as required to be accessed by us to be able to assist you with connecting, navigating, and supporting you with your NDIS plan implementation.
• Your Accommodation details like type of housing you are living in e.g., public housing, private homes, Group homes, aged care facilities, rehabilitation centres etc as required from time to time including the service providers and carers involved with your supports and their contact details if necessary and consented appropriately.
• We may need to collect some of Your sensitive information like:
  • Your cultural background.
  • Your religious beliefs.
  • Your sexual orientation.
  • Your health.
• Your bank account details are normally not required by a Support Coordinator including any authority of accessing your personal bank details or making any changes to its operation including updating any address details. This authority should be only given to your most trusted source and if possible, to the Public Trustee if they are your primary Decision makers other than yourself.

How do we collect and hold personal information?

We often collect personal information from people directly or from people who are authorised to represent them. While you do not have to provide us with all information requested, not providing some of this information to us may mean that:

• We may not be able to assist you with navigating your plan in true sense with our 100% effort and dedication.
• We may not be able to connect with your important support connections necessary to be contacted in relation with your NDIS journey and goal achievement. An example of this is collecting information from a healthcare service, such as a residential care facility, which is managing a participant’s care.

We normally collect your personal information either directly from you or from third parties when you:

• Sign up our service agreements and onboarding documents.
• Sign up NDIS consent forms and Third-party consent forms.
• Submit our website online sign-up referral forms.
• Use our services like contacting us through our website, email, telephone, SMS, or social media like Facebook, LinkedIn, Instagram, twitter, or any such online promoting network that we may be connected to with.
• Fill our feedback and complaints forms.
• Take part in our surveys or business advertising or events and exhibitions.

We may also collect your information when you browse our website through use of cookies or other tracking technologies that allow us to track and analyse your website usage. If you do not wish information to be stored as a cookie, you can disable cookies in your web browser.

How do we use and disclose personal information?

We may use your information to seek feedback from you regarding your level of satisfaction with our services.

Some examples of when we may disclose personal information include:

• To navigate your NDIS plan through support connection.
• For record keeping and administrative purposes.
• To Provide our Support coordination services to you.
• Make referrals to external providers of supports for NDIS participants, or sharing information with support workers or providers where this is required for services included in an approved NDIS plan
• Your information is a necessary part of an internal investigation following a complaint and assists us with complaint management.
• Data sharing or data integration with other agencies, including but not limited to Centrelink, Department of social services, GP’s etc.
• We always liaise with a participant directly, unless they have a nominee appointed, or they request us to liaise with an authorised representative. In the case of child participants, we liaise with their child representatives (who are usually their parents, or legal guardians), rather than with them directly.
• We may also use personal information of participants, providers, and community partners to ensure the integrity of the NDIS, which includes identifying and responding to any fraudulent activities or misuse of NDIS funds and in end protect you as the foremost priority.

Disclosure of your information:

We may disclose your personal information to cloud-providers, contractors and other third parties located inside or outside of Australia in a manner consistent with how we deal with it and as consented by you or your legal representative.

We may need to share your personal information with third parties, including your service providers that we work with to provide you with our services. Your consent to the sharing of your personal and sensitive information with these third parties is required to provide you with the services. You however have the right to withdraw any consent at any given time and we will make sure we wont disclose any of your information with the relevant party.

How do we protect your personal information?

We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access including loss. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal information due to online threats that are unfortunately unavoidable in extreme cases, but this rarely occurs and if it does, we have the process in place to rectify the situation as quickly and as promptly as we can to protect our client’s data.

• We use Secure VPN and server systems with double coding and double password protection to protect our client’s sensitive information.
• We keep your records safe under lock and key.
• We regularly update and audit our storage and data security systems.
• We have secured a safe LPO business address to protect clients’ sensitive mails and data from being accessed by anyone on the road in the general mailbox.
• We only allow accessing personal information by authorised personnel.
• We store our client’s data in cloud-based servers and protect it with strict security access.
• We destroy your personal information when we no longer need it in the safest way.
• We only keep your information if we need it.

We will only collect this sensitive information where you consent and provide us with this information. If you consent, your sensitive information may only be used and disclosed for purposes relating to providing you with our services and and/or referring you to medical or health service providers in circumstances where we cannot obtain your consent.

We comply with the Privacy Act in handling privacy breaches and will notify affected individuals and the OAIC of serious data breaches where appropriate. The OAIC (Office of Australian Information Commissioner) is independent of the NDIA and has the power to investigate complaints about possible interferences with a person’s privacy. It is usually best to contact us first about any privacy concerns. This is because the OAIC will generally ask us to investigate the matter first and provide it with our findings concerning the matter to further take it ahead.

What if I have a complaint?

If you would like to leave feedback or complain about the service you have received from us, or if you think we have breached your privacy obligations, please contact us through the Feedback and complaints page.

We will promptly investigate and resolve your complaint and respond to you as soon as possible. In all cases, we will inform you of the progress of your complaint.

If after receiving our response, you are unsatisfied with the resolution of the matter, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). See the OAIC website for information regarding how to make a complaint.

If you have complaints or concerns about the way an NDIS providers treats its workers, you can contact the Fair Work Commission.

More information:

• How to make a complaint
• Make a complaint (Complaint Contact Form)
• NDIS Complaints Management and Resolution; Rules 2018
• How to make a complaint about a provider
• Compliance and Enforcement Policy V2.0 – June 2019
• NDIS Complaints management

Zero Tolerance Policy