Embrace Care Pty Ltd (ABN: 95 660 003 118) (‘Embrace Care’, ‘we’, ‘us’, ‘our’) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and manage your personal information when you visit our website, use our services, or otherwise interact with us.

Embrace Care is an NDIS-registered support services provider based in Queensland, Australia. We provide personalised disability support including personal care, community participation, capacity building, and related services to NDIS participants and their families.

We are required to comply with the NDIS Quality and Safeguards Commission’s practice standards, which inform how we handle sensitive participant information.

2.1 Information You Provide to Us

We may collect the following types of personal information:

• Contact details: name, address, phone number, email address
• NDIS participant details: NDIS number, plan information, support needs, and goals
• Health and disability information: diagnoses, care requirements, and medical history (where relevant to service delivery)
• Emergency contact details
• Financial information: bank account details for billing and payment purposes
• Identity documents: where required for identity verification

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and browser type
• Pages visited and time spent on our site
• Referring website or search terms used to find our site
• Device type and operating system

This information is collected using cookies and similar technologies. You can manage cookie preferences through your browser settings.

We use your personal information to:

Provide, manage, and improve our disability support services

• Communicate with you about your supports, appointments, and service agreements
• Process payments and manage billing
• Comply with our obligations under the NDIS Act 2013, the Privacy Act 1988, and other applicable laws
• Maintain records as required by the NDIS Quality and Safeguards Commission Respond to your enquiries and feedback
• Send service-related communications and, where you have consented, marketing information
• Improve our website and services through analytics

We handle health and disability-related information as ‘sensitive information’ under the Privacy Act. We will only collect, use, or disclose sensitive information with your consent, or where required or authorised by law.

We take additional steps to protect sensitive information, including restricting staff access to only those who require it for service delivery.

We do not sell your personal information. We may disclose your information to:

• Our support workers and staff directly involved in your care
• NDIS plan managers or support coordinators, with your consent
• The National Disability Insurance Agency (NDIA) and the NDIS Quality and Safeguards Commission as required
• Healthcare professionals and allied health providers involved in your support
• Third-party service providers who assist us in operating our business (e.g. software platforms, cloud storage), under strict confidentiality agreements
• Law enforcement or government agencies where required or authorised by law

We require all third parties to handle your information securely and in accordance with the Australian Privacy Principles.

We store your personal information securely using industry-standard measures including encrypted digital storage, password-protected systems, and restricted staff access.

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. NDIS service records are generally retained for a minimum of 7 years (or longer for records relating to children).

While we take all reasonable steps to protect your information, no system is completely secure. If you become aware of any potential security issue, please contact us immediately.

You have the right to request access to the personal information we hold about you, and to request corrections if it is inaccurate, incomplete, or out of date.

To make a request, please contact our Privacy Officer using the details below. We will respond within 30 days. In some circumstances, we may be unable to provide access (for example, where it would unreasonably impact the privacy of others), and we will explain why.

We do not charge a fee for making an access request, though we may charge a reasonable fee for the cost of providing access.

If you believe we have breached your privacy rights, we encourage you to contact us first so we can attempt to resolve your concern.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. The current version will always be available on our website, and we will update the ‘Last updated’ date accordingly. For material changes, we will notify you directly where practicable.

For any privacy-related enquiries, requests, or complaints, please contact us.