Privacy Policy
Privacy Statement
Early Leaps Therapy is committed to providing high-quality services. We respect and protect clients’ rights to privacy and confidentiality in all aspects of their contact with us. We recognise our ongoing obligations to clients and comply with the requirements of the Privacy Act 1988, National Disability Insurance Scheme Act 2013, Disability Act 2006, Equal Opportunity Act 2010, Privacy and Data Protection Act 2014, and Health Records Act 2001 in the collection, management, and disclosure of personal, health, and sensitive information as a necessary part of our business functions to deliver services. All Early Leaps Therapy staff are provided with training on privacy, data security, and data quality requirements, and learn how the Information and Health Privacy Principles apply to their day-to-day work.
This Privacy Policy sets out how we collect, use, disclose, and otherwise manage your personal information. Under the Privacy Act, ‘personal information’ is defined as any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.
Purpose
This policy outlines Early Leaps Therapy's procedures for protecting the privacy of our participants/clients and ensuring compliance with our legal obligations and relevant legislation.
Scope
This policy applies to all employees, contractors, volunteers, and students on placement responsible for collecting, storing, using, or disclosing individuals’ information on behalf of Early Leaps Therapy.
Responsibilities
The Director is responsible for keeping up to date with the legislation regarding privacy and updating this policy. All staff are responsible for implementing this policy and procedure. All clients of Early Leaps Therapy are required to review and sign that they have read this policy prior to commencing services.
Procedures
Collection
Types of Information
We may collect and hold personal information about you, that is, information that can identify you and is relevant to providing you with the services you are seeking. The types of information we typically collect include:
-
Name, gender, address, phone number, email address, credit card details, place and type of business, or other information relevant to providing services.
-
Health information, cultural and religious beliefs, and other sensitive information, with your consent.
Method of Collection
Personal information will generally be collected directly from you through the use of our standard forms, via email, in face-to-face meetings, or through telephone conversations. We may also collect personal information from third parties acting on your behalf, such as other healthcare providers or NDIS staff. In some cases, personal information may be collected indirectly when it is unreasonable or impractical to collect it directly from you. In such cases, we will notify you as soon as reasonably practicable after the information has been collected.
Purpose of Collection
We collect, use, and hold your personal information for the following purposes:
-
Assessing your or your child’s needs and providing relevant services.
-
Responding to queries and managing bookings.
-
Providing information about other services that may be of interest to you.
-
Facilitating internal business operations, including invoicing and meeting legal requirements.
-
Improving our services based on feedback and analysis of customer needs.
-
Conducting quality assurance and training activities.
Failure to Provide Information
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else, with the services you seek.
Internet Users
When you access our website, we may collect additional personal information such as your IP address or domain name. Our website may contain links to other websites, which are not covered by this Privacy Policy. Early Leaps Therapy is not responsible for the privacy practices of external websites. Our website uses cookies to monitor usage and improve your experience. You may disable cookies through your browser settings, but this may affect your user experience on our website.
Use and Disclosure
We only use or disclose personal information for the purpose for which it was collected, unless otherwise authorized or required by law. With your consent, we may disclose personal information to:
-
Referrers and other healthcare professionals involved in your care (e.g., reports, service plans, treatment summaries).
-
Members of your team (e.g., educators, support workers) you have authorized us to share information with.
-
Trusted third-party service providers who assist us in operating our business, such as technology vendors and administrative support.
-
External agencies, including the NDIA, education departments, private health funds, Medicare, TAC, or the Department of Veterans' Affairs.
-
For purposes such as quality assurance, audits, feedback and surveys, invoicing, and appointment reminders.
In some cases, we may disclose personal information without your consent where required or permitted by law. Sensitive information will not be disclosed without your explicit consent, except in circumstances where permitted by law.
Security
We store your personal information in both paper and electronic form. We use Splose Practice Management Software with integrations for Xero, Stripe, Square, Tyro and Mailchimp. We take reasonable measures, including electronic and physical security measures, to protect your personal information from misuse, loss, unauthorized access, interference, modification, or disclosure. Our Information Management and Digital Security Policy, guided by advice from the Australian Cyber Security Centre, ensures that we follow best practices regarding digital security.
Mandatory Breach Reporting
We aim to comply with the Commonwealth Privacy Act 1988 and take reasonable steps to mitigate the risk of a privacy breach. If a breach occurs, we will take reasonable steps to manage the situation, including notifying you and the Office of the Australian Information Commissioner where necessary.
Access to and Correction of Personal Information
You may request access to the personal information we hold about you by submitting a written request. We will respond to your request within a reasonable period and may charge a fee for processing your request (but not for making the request).
If you believe the personal information, we hold is inaccurate, incomplete, or outdated, please notify us immediately. We will take reasonable steps to correct the information. If we refuse to correct the information, we will provide a written notice with the reasons for refusal.
Complaints and Feedback
If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles, health records legislation, or any other privacy-related issue, please contact us as follows:
-
Contact the Director, Nicole Henderson:
-
Address: 1-3 Thames Boulevard, Werribee 3030
-
-
Complete a Feedback Form available on our website.
-
Speak with your child’s OT, who will follow the complaints procedure.
-
Contact the NDIS Commission Feedback and Complaints Team:
-
Phone: 1800 035 544
We take all complaints seriously and will respond promptly. If you are not satisfied with our response, you may lodge a complaint directly with the Australian Privacy Commissioner.
Updated 19/11/2024