Privacy Policy

Delta Community Support (ABN as registered) ("we", "us", "our") is committed to protecting the privacy of all individuals whose personal information we collect and hold. This includes NDIS participants, their families and carers, our employees, contractors, referrers and visitors to our website.

This Privacy Policy sets out how we collect, use, store, disclose and protect personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a registered NDIS provider, we also comply with the privacy and information management requirements of the NDIS Act 2013, the NDIS Quality and Safeguards Commission and applicable state and territory legislation in Queensland and Victoria.

By using our services or accessing our website, you consent to the collection and use of your personal information as described in this policy.

We may collect the following types of personal information, depending on your relationship with us:

NDIS Participants and their Representatives:

• Full name, date of birth, gender and contact details (address, phone, email)
• NDIS number, plan details, funding information and service agreements
• Health and medical information relevant to the delivery of support services
• Disability-related information, support needs and goals
• Emergency contact details and next of kin information
• Cultural background, language preferences and communication needs
• Incident reports, progress notes and support plans
• Photographs or images (only with your explicit consent)

Support Coordinators, Plan Managers and Referrers:

• Full name, role, organisation and contact details
• Professional registration or accreditation details

Employees and Contractors:

• Full name, date of birth, contact details and emergency contacts
• Tax file number, superannuation details and bank account information
• NDIS Worker Screening Check, Working With Children Check and other clearances
• Qualifications, training records and professional certifications

Website Visitors:

• Information submitted through forms (name, email, phone, message content)
• IP address, browser type, device information and browsing behaviour via cookies and analytics tools

We collect and use personal information for the following purposes:

• To deliver, manage and improve our NDIS disability support services
• To develop, implement and review individualised support plans
• To process referrals and manage service agreements
• To communicate with participants, families, support coordinators and plan managers
• To meet our legal and regulatory obligations, including NDIS reporting, incident reporting and worker screening requirements
• To process payroll, manage employment relationships and maintain staff records
• To respond to enquiries, complaints and feedback
• To improve our website, services and communications
• To protect the safety and wellbeing of participants, staff and the community

As a registered NDIS provider, we handle sensitive participant information with the highest level of care. This includes:

• Participant records: Support plans, progress notes, goal tracking and daily case notes are securely stored and accessible only to authorised personnel directly involved in the participant's care.
• Incident reports: Records of incidents, near-misses and reportable incidents are maintained in accordance with the NDIS Quality and Safeguards Commission requirements and stored securely with restricted access.
• Support plans: Individualised plans are developed in consultation with participants, reviewed regularly and stored in secure digital systems with role-based access controls.
• NDIS funding information: Details of NDIS plan funding, service bookings and invoicing are stored securely and shared only with authorised parties such as the NDIA, plan managers or support coordinators as required for service delivery.

We do not use participant information for any purpose other than the delivery, management and improvement of NDIS support services unless we have your explicit consent or are required to do so by law.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Our security measures include:

• Secure, encrypted digital storage systems with role-based access controls
• Password protection and multi-factor authentication for all staff accounts
• Regular security reviews and updates to our systems and procedures
• Staff training on privacy obligations and information security practices
• Physical security measures for any paper-based records
• Secure disposal of personal information when it is no longer required

Personal information is stored in Australia on servers located within Australian data centres. We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. NDIS participant records are retained for a minimum of seven years after the last service was provided, or longer where required by legislation.

We may share your personal information with the following parties, only to the extent necessary for the purposes described in this policy:

• The National Disability Insurance Agency (NDIA) and NDIS Quality and Safeguards Commission, as required for compliance and reporting
• Support Coordinators and Plan Managers involved in the participant's NDIS plan
• Allied health professionals and other service providers involved in the participant's care (with consent)
• Government agencies, as required by law (e.g., mandatory reporting obligations)
• Our professional advisors, including legal and accounting professionals, under strict confidentiality obligations
• Technology service providers who assist us in delivering our services (e.g., software platforms), under data processing agreements

We will not sell, rent or trade your personal information to any third party. We do not disclose personal information to overseas recipients unless required by law or with your explicit consent.

Under the Australian Privacy Principles, you have the right to:

• Access your personal information held by us and request a copy
• Correct any personal information that is inaccurate, incomplete or out of date
• Withdraw consent for uses of your information that are based on your consent (note: this may affect our ability to provide certain services)
• Make a complaint if you believe your privacy has been breached

To exercise any of these rights, please contact us using the details at the bottom of this page. We will respond to access and correction requests within 30 days. If we refuse a request, we will provide written reasons for the refusal.

Our website uses cookies and Google Analytics (GA4) to understand how visitors use our site and to improve the user experience. This data is collected anonymously and does not personally identify you.

Cookies are small text files stored on your device that help us analyse website traffic and remember your preferences. You can manage your cookie preferences through your browser settings. Disabling cookies may affect some functionality of our website.

Google Analytics collects information such as the pages you visit, the time you spend on our site, your approximate geographic location and the device and browser you use. This data is processed by Google in accordance with their privacy policy. We do not combine analytics data with any personally identifiable information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational needs. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of our services or website after any changes to this policy constitutes your acceptance of the updated terms.

If you have any questions, concerns or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC):