Privacy Policy

Last updated: 21 November 2025

Crown Again Care Connect (“we”, “our”, “the Provider”) is committed to protecting the privacy, confidentiality, and security of personal and health information. We comply with the Privacy Act 1988, the Australian Privacy Principles (APPs), the NDIS Act 2013, and the NDIS Quality and Safeguards Commission requirements.

1. What Information We Collect

We collect information necessary to provide safe, effective, personalised disability and allied-health services. This may include:

• Personal details (name, address, phone number, date of birth)
• NDIS number, plan details, goals and support requirements
• Medical history, diagnoses, medications and relevant reports
• Clinical notes from therapy sessions and assessments
• Carer/guardian details
• Communication preferences
• Emergency contact information
• Support coordination information
• Website usage data (IP address, device, browser type)
• Newsletter subscription details (email only)

2. How We Collect Information

• Directly from participants, families, carers or guardians
• Through referral agencies or health professionals (with consent)
• During assessments, therapy sessions, or service delivery
• Via email, online forms or our website
• Through telehealth platforms
• From plan managers, support coordinators or the NDIA when authorised

3. Why We Collect Your Information

We use personal and health information to:

• Provide allied-health and disability support services
• Perform functional capacity assessments and prepare clinical reports
• Develop personalised therapy and support plans
• Coordinate services with health professionals and NDIS stakeholders
• Communicate with Clients about appointments, updates and service requirements
• Meet legal, regulatory and reporting obligations
• Improve service quality and participant outcomes
• Manage billing, invoicing and service agreements

4. Sensitive Information

We often collect sensitive information such as medical records, behavioural data, psychological information, and disability-related documentation. This information is handled with enhanced confidentiality and only collected with informed consent unless legally required.

5. Consent

By engaging our services, you consent to the collection, use and disclosure of information as outlined in this Policy. Explicit written consent is required for:

• Therapy or assessment involving minors
• Sharing information with third parties
• Publishing testimonials, photos or videos
• Using telehealth where healthcare privacy applies

6. Sharing of Information

We may share relevant information with:

• Support coordinators and plan managers
• General practitioners, specialists and allied health providers
• The NDIA or NDIS Quality and Safeguards Commission
• Schools, service providers or organisations involved in the participant’s care
• Third-party contractors engaged to deliver services (bound by confidentiality)
• Emergency services when required to prevent harm or respond to an incident

We do not sell, rent or trade personal information.

7. Telehealth Privacy

Telehealth sessions may involve video, audio or text communication. We use secure platforms; however, Clients must ensure:

• A private, safe environment during sessions
• Stable internet connection
• No unauthorised persons are present unless agreed

8. Storage & Security

We store information in secure digital systems with password protection, encryption, access logs and compliance-grade security. Paper files (if used) are stored in locked facilities.

• Access is restricted to authorised staff only
• We use secure cloud platforms with Australian-compliant data storage
• Regular backups and security updates are performed
• Data breaches are managed under the Notifiable Data Breach Scheme

9. Data Retention

We retain records for the period required by law, professional guidelines and NDIS obligations. Clinical records for minors may be kept longer depending on legal requirements.

10. Website Data, Cookies & Analytics

Our website may collect:

• IP address
• Browser type and device
• Pages visited
• Time spent on site
• Referral source

We may use:

• Google Analytics or similar services
• Cookies for improved user experience
• Session tracking for security

You can disable cookies in your browser settings.

11. Email Marketing & Newsletters

If you subscribe to our email updates, we collect your email address solely for sending newsletters and service information. You can unsubscribe at any time through the link in the email.

12. Accessing or Updating Your Information

You may request:

• Access to your personal or health records
• Corrections to inaccurate information
• Copies of reports and clinical documents

Requests must be in writing and may require ID verification.

13. Children & Minors

For participants under 18, information is collected with the consent of a parent, guardian or authorised representative unless the law provides otherwise.

14. Mandatory Reporting & Legal Exceptions

We may disclose information without consent if required by law, such as:

• Risk of serious harm or abuse
• Subpoenas or court orders
• NDIS Commission investigations
• Public health or emergency situations

15. Third-Party Websites

Our website may contain external links. We are not responsible for the privacy practices or content of third-party websites.

16. Changes to This Policy

We may update this Privacy Policy to reflect service, legal or operational changes. The latest version will always be available on our website.

17. Questions, Complaints or Contact

If you have concerns about privacy or wish to make a complaint, contact us:

Email: care@crownagain.com.au
Phone: 07 3254 8644
Website: crownagain.com.au

If you are not satisfied with our response, you may escalate to:
• The NDIS Quality and Safeguards Commission
• The Office of the Australian Information Commissioner (OAIC)