Privacy Policy
Effective & last updated: 26 June 2026 · Version 2.0
Asina Disability Support (“Asina”, “we”, “us”, “our”) ABN 67 987 432 560 is committed to protecting your privacy and handling your personal information openly, lawfully and securely. This policy explains what we collect, why, how we use and protect it, who we share it with, and your rights, in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the NDIS Code of Conduct and NDIS Practice Standards. It applies to participants, their families/nominees and advocates, our workers and job applicants, and visitors to our website and app.
1. The kinds of information we collect
Personal information: name, date of birth, contact details, address, emergency contacts, and (for workers) employment, qualification and banking details.
Sensitive information (collected only with your consent, or where otherwise permitted by law): as a disability support provider we collect health information and other sensitive information needed to provide safe, appropriate supports, including disability and diagnosis information, support and care needs, behaviour support and restrictive‑practice information, medication and clinical information, allied‑health reports, cultural, language and religious information, and incident records.
Government‑related identifiers: your NDIS number, and where required Medicare, Centrelink/CRN, and (for workers) Tax File Number. We use these only as required to deliver services, claim funding or meet tax/payroll obligations, and never as our own identifier.
Worker/applicant information: work history, references, NDIS Worker Screening Check, Working With Children Check, police checks, qualifications and right‑to‑work documents.
Technical information: log, device and usage data needed to operate, secure and improve the service. We collect directly from you wherever practicable, and sometimes from third parties you've authorised (e.g. the NDIA, support coordinators, plan managers, nominees, referrers or your treating practitioners).
2. Anonymity and pseudonymity
You may deal with us anonymously or by a pseudonym for general enquiries where it is lawful and practicable. We cannot deliver NDIS‑funded supports anonymously, as we must identify participants for service delivery, funding claims and safeguarding.
3. How and why we use your information
We use your information to: assess eligibility, plan, deliver and coordinate your supports; roster workers and record shifts and shift notes; claim and reconcile NDIS funding and process invoices and payroll; meet safeguarding, incident‑reporting, restrictive‑practice and quality obligations; communicate with you, your nominees and (with consent) other providers; and comply with our legal, NDIS, work‑health‑safety and tax obligations. We only use your information for the purpose it was collected, a directly related purpose you'd reasonably expect, or where you've consented or the law requires/permits it.
4. Who we share it with
We may disclose your information to your support team; your nominated people (family, guardians, nominees or advocates you've authorised); the NDIA and the NDIS Quality and Safeguards Commission; other providers and practitioners involved in your care, with your consent; our technology service providers (under contract and confidentiality); and government or regulators where required or authorised by law. We do not sell your personal information. Our service providers include our cloud database/hosting and authentication provider, transactional email provider, accounting/payroll provider, document‑processing provider and push‑notification services; a current list is available on request.
5. Where your information is stored and overseas disclosure
Our primary database, authentication and file storage are hosted in Australia (Sydney). Some ancillary service providers, for example our email‑delivery, accounting/payroll and document‑processing providers, may store or process limited information outside Australia (including the United States and other countries). Where information is disclosed overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs and our contractual safeguards. For specifics, contact our Privacy Officer.
6. Direct marketing
We only send marketing where you'd reasonably expect it or you've consented, and every message includes an easy way to opt out. We do not use sensitive information for marketing.
7. Keeping your information accurate
We take reasonable steps to ensure the information we hold is accurate, up to date and complete. Please tell us if your details change.
8. How we protect your information
We use administrative, physical and technical safeguards, including role‑based access controls enforced at the database level (row‑level security) and scoped to your provider organisation; encryption in transit, and encryption at rest for highly sensitive fields (e.g. Tax File Numbers are stored encrypted in a secure key vault); audit logging of access to sensitive records; secure authentication including protection against known‑compromised passwords; and regular review of access, security configuration and our service providers. No system is completely secure, but we work to continually strengthen our protections.
9. Data breaches
If we experience a data breach likely to result in serious harm, we will, in line with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988), contain and assess the breach, notify affected individuals, and notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
10. Retention and destruction
We keep your information only as long as needed for the purposes above and to meet our legal and NDIS record‑keeping obligations (for example, certain participant and incident records must be retained for seven (7) years, and some employment and clinical records for longer). When no longer required, we securely destroy or de‑identify it.
11. Accessing and correcting your information
You can ask to access the personal information we hold about you and to correct anything inaccurate, out of date or incomplete. Contact our Privacy Officer (below); we'll respond within a reasonable period (generally 30 days). We may need to verify your identity, and in limited circumstances permitted by law we may decline access. If so, we'll explain why and how to seek review.
12. Consent and withdrawing consent
Where we rely on your consent (including to collect sensitive/health information or to share with other providers), you may withdraw it at any time by contacting us. Withdrawing consent may affect our ability to provide some supports, and we'll explain any impact.
13. Complaints and contact
For any question or privacy complaint, contact our Privacy Officer:
Email: contact@asinadisability.com.au
Phone: (02) 8320 1292
Post: 14 Shambrook Avenue, Armidale NSW 2350
We'll acknowledge your complaint and aim to resolve it promptly and fairly. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC), www.oaic.gov.au · 1300 363 992. Concerns about your NDIS supports can also be raised with the NDIS Quality and Safeguards Commission, www.ndiscommission.gov.au · 1800 035 544.
14. Changes to this policy
We may update this policy from time to time. The current version is always available on our website, with the “last updated” date shown above.