Privacy Policy

Other Policies and Documents

Privacy Policy

Aridyn respects every person’s right to privacy, dignity and confidentiality and operates in accordance with the Australian Privacy Principles under the Commonwealth Privacy Act (1988). This Privacy policy provides information about how Aridyn collects and handles information; and how Aridyn’s stakeholders can enquire or provide feedback on how personal information is being used.

Types of information collected

Aridyn collects personal information that is necessary for our work and helps us to engage with each stakeholder. If you do not wish to provide some or all of the personal information requested, Aridyn may not be able to do what was intended by collecting your personal information, for example, we may not be able to manage or provide you with supports/services, progress your employment application or respond to your queries.

How information is collected

Aridyn collects personal information from you by various methods including (but not limited to) the following:

  • through your interactions with our staff;

  • when you access and use our website;

  • when you contact us by telephone, letter, fax or email;

  • by contracting with us or completing in-take forms;

  • when you make payments via our payment gateway;

  • by completing surveys, providing feedback or complaints to us;

 

Where reasonable and practical Aridyn will collect your personal information only directly from you. However, Aridyn will also collect information about you from third parties including but not limited to other individuals and companies, services, health professionals and the government, with your consent or as legally required.

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us, as Aridyn may collect, use, and disclose that information as outlined in this policy.

Why information is collected and how it is used

Aridyn uses the personal information provided to Aridyn in a variety of ways. Uses of the information may include, but are not limited to:

  • communications;

  • service delivery and procurement;

  •  marketing activities;

  • the administration of Aridyn’s business operations;

  • research;

  • government funding requirements and legal obligations;

  • employment processes;

  • membership processes;

  • partnerships;

  • fees and transactions;

  • website management;

  • updating our records and keeping your contact details up to date;

  • processing and responding to any feedback or complaint made by you; and

  • complying with any legal requirements.

 

Storage and protection of information and data

Aridyn takes all reasonable steps to protect all of the personal information Aridyn and third party service providers store from misuse, interference and loss, and from unauthorised access, modification or disclosure.  Personal information is stored for the required timeframes in accordance with the applicable legislative requirements, and when the information is no longer needed for any purpose for which the information may be used or disclosed, it will be destroyed or permanently de-identified.

Aridyn may store your data in:

  • electronic information management systems;

  • web or cloud based platforms;

  • internal server storage;

  • hard-copy files in locked cabinets;

  • external server data storage used by Aridyn approved software systems;

  • contracted third party database storage or cloud hosting services in Australia or overseas.

We engage third party data storage and cloud based application providers that may transfer personal information outside Australia to countries whose privacy laws may not provide the same level of protection as Australia’s privacy laws. When engaging third party offshore data storage or cloud based application providers, Aridyn will take reasonable steps through our contract and agreement arrangements to try and make sure they are compliant with Australian Privacy Principles and the Australian Privacy Act. By providing Aridyn with your personal information, you give consent to us disclosing your information to entities located outside Australia and, when permitted by law, to do so.

Hard copy information is stored in our offices when not in active use for the delivery of a service, which are secured to prevent entry by unauthorised people.

Purchases or payments made to Aridyn using our online system are secured by encryption.

Disclosure of information and data relating to the people we support

At the commencement of a service or a support with Aridyn we will ask for consent to release information to the relevant funding bodies, government or partnering organisations as detailed in the relevant Aridyn procedure.

In the course of providing our services, we may disclose your personal information to:

  • companies and contractors retained to provide services for us, such as IT developers, lawyers, consultants and auditors, who will need to have access to your personal information to provide those services; and

  • other individuals or companies consented to by you.

This consent will be updated whenever the intended use of the information needs to change. Consent to disclose information can be changed or revoked at any time by notifying Aridyn in writing.

Aridyn may disclose de-identified data to meet regulatory obligations or for other purposes (for example statutory reporting, research, or quality assurance).

On occasion, Aridyn is required or authorised by law to disclose your personal information. For example:

  • the service user has a notifiable disease or there is some statutory notification requirement (for example, notification of a case of abuse);

  • a court or other agency authorised by statute has issued a subpoena for specific information; or

  • Aridyn is seeking information or has been requested to provide information under State or National legislation.

 

Managing actual or potential privacy breaches

Aridyn regularly reviews its data security systems and those of any engaged third party providers to ensure that all data is kept secure and confidential according to the Australian Privacy Principles. 

In the unlikely event of a breach of Aridyn’s data security, Aridyn works promptly to reduce the risk of exposure to your information and inform the relevant stakeholders who provided the information as to the potential or actual breach.  Aridyn reports privacy and data breaches to the relevant regulatory bodies, including the Office of the Australian Information Commissioner for Notifiable Data Breaches, as required by the type of service and location the service is provided. 

Accessing and correcting information, or lodging a query or complaint about privacy and data management

We take reasonable steps to ensure that the quality of the information we hold about you is accurate, up-to-date, complete, and relevant. You should contact us if you think your personal information is wrong. We will take reasonable steps to verify your identity before granting access or making any corrections to your information.

If you would like to access or correct your personal information, have a query or complaint about how we manage your personal information, or would like to know more, please contact the manager of the service. Alternatively, you can contact at any time:

  • Aridyn Customer Service: Email: info@aridyn.com.au

If any National or State legislation prevent us providing access to, or amending your records, you will be given an explanation and told of the processes available to you.

Any feedback or complaints provided to Aridyn will be managed through the feedback and complaints management processes, which are outlined on the Feedback and Complaints page on Aridyn’s website.

External Framework

The Privacy of Personal Information and Data policy illustrates Aridyn’s adherence to the:

  • NDIS Practice Standards (2018) and NDIS Code of Conduct, specifically within the NDIS Practice Standards and Quality Indicators:

    • Core Module: 1. Rights and Responsibilities, under the relevant Outcomes.

    • Core Module: 2. Provider Governance and Operational Management, under the relevant Outcomes.

    • Core Module: 3. Provision of Supports, under the relevant Outcomes.

    • Core Module: 4. Support Provision Environment, under the relevant Outcomes.

    • Supplementary Module: 1. High Intensity Daily Personal Activities, under the relevant Outcomes.

    • Supplementary Module: 2a. Implementing Behaviour Support Plans, under all Outcomes.

Critical Definitions

Aridyn Stakeholders – are organisations and individuals with whom Aridyn regularly interacts, namely:

  • people with disabilities

  • families and carers of people with disabilities

  • governments

  • strategic alliance partners

  • Aridyn’s staff

Data – refers to personal information, including sensitive information that is collected, stored, used, or disclosed digitally.

Personal Information – is any information or an opinion about an identified or reasonably identified person, regardless if the information is true or is stored in a material form.  This can be identifying information (for example, name, contact details, etc) and may include sensitive information, which is given additional protection in the Privacy Act (for example, information regarding a person’s health, political, philosophical, or religious beliefs and affiliations, sexual orientation and practices, criminal record, etc).

Privacy – protection from unwanted actions or unauthorised disclosure or use of personal information (including sensitive information) that is collected, stored, used, or disclosed in any hardcopy, digital or immaterial form.

Legislation and Guidelines

National

  • Disability Services Act 1986 (Cth)

  • Freedom of Information Act 1982 (Cth)

  • National Disability Insurance Scheme Act 2013 (Cth)

  • National Disability Insurance Scheme Amendment (Quality and Safeguards Commission and other measures) Bill 2017 (Cth)

  • Privacy Act 1988 (Cth)

  • Privacy Amendment (Enhancing privacy protection) Act 2012 (Cth)

  • Privacy Amendment (Notifiable data breaches) Act 2017 (Cth)

  • Privacy Amendment (Private Sector) Act 2000 (Cth)

  • Spam Act 2003 (Cth)

  • Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth)

Victoria

  • Children Youth and Families Act 2005 (VIC)

  • Freedom of Information Act 1982 (VIC)

  • Health Records Act 2001 (VIC)

  • Health Services Act 1988 (VIC)

  • Privacy and Data Protection Act 2014 (VIC)