Assist Plan Managers (APM, us, our and we) is committed to respecting the privacy of personal information we collect in connection with our business and as part of the services we offer. We are bound by, and operate in accordance with, the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).
Personal information is any information (or an opinion) about an individual that is reasonably identifiable. Sensitive information is a category of personal information which is subject to greater protections, and includes information about any disability, sexual orientation, race or health services provided to an individual.
- how and the purposes for which APM collects, uses, stores, discloses and otherwise handles personal information and/or sensitive information, in accordance with our legislative obligations;
- how you may access or seek correction of your personal information
- how you can make a complaint and how we will handle the same; and
- the circumstances in which we are likely to disclose your personal information to overseas recipients.
2. What personal information does APM collect and hold?
The types of personal information we collect, generally consist of:
- identity information such as your name, date of birth and gender;
- contact details such as your address, email address, telephone number(s);
- financial information (e.g. bank account details);
- government identifiers, such as your participant number under the National Disability Insurance Scheme (NDIS);
- sensitive health and disability information, including:
- about your service providers, including correspondence in relation to your services and supports and NDIS Plan;
- health and disability services provided or to be provided to you; or
- other relevant NDIS Plan details and information (including goals and aspirations);
- other information about your interactions with us or which is obtained to assist in managing client and business relationships;
- information about you, which is held by third parties, where permitted by law, namely:
- information that is or was held by the National Disability Insurance Agency (NDIA); and
- information that is held by our related entities, including My Plan Manager.com.au Pty Ltd (MPM);
- information which APM is required or authorised to collect under law (including under the NDIS Act); and
- any other personal information that may be required or obtained in order to facilitate your dealings with us and manage client and business relationships.
Where this information constitutes sensitive information, we will only collect that information where reasonably necessary for one or more of our functions (e.g. plan management services), and where either we have the individual’s consent to collect, or the collection is required or authorised by law.
3. How does APM collect personal information?
We may collect your information from you in a variety of ways including face-to-face, over the telephone, through an online form or portal, through a paper form or by email.
Sometimes we will collect personal information from a third party or publicly available source if it is unreasonable or impracticable to collect the personal information directly from you, including from:
- someone with responsibility for you (such as your parent or guardian);
- the NDIA;
- MPM, where we have obtained your consent (in relation to sensitive information), or where otherwise permitted under the Privacy Act; and
- Service providers and health professional, where information is provided to us in order for us to assist in relation to your NDIS Plan management.
4. Why do we collect, use and disclose your personal information?
We generally collect, hold, use and disclose your personal information for the following purposes:
- as indicated to you at the time we collected your personal information;
- to provide our plan management services, including associated capacity building activities (e.g. budget discussions, seeking approvals, individual capacity building services and coaching etc);
- operating the APM business, including:
- processing, monitoring and screening fees payable by APM;
- developing and improving our products and service offerings;
- recording and responding to queries and complaints; and
- providing you with information and considering employment applications and recruit APM personnel and contractors;
- to comply with regulatory obligations, or as otherwise required or authorised by law, including as may be required to comply with our obligations under the NDIS Act and NDIS Code of Conduct;
- providing you with information in relation to the services and products we, our related entities [or third-party business partners] provide, offer or propose to offer;
- for any purpose for which you have provided your express consent.
5. Who does APM disclose your personal information and sensitive information to?
We may disclose your personal information (including sensitive information) to:
- our employees and third-party contractors (including information technology suppliers and business partners located in Australia and overseas, who help us conduct our business;
- our related entities (such as MPM), including to fulfil plan management obligations and associated capacity building activities, expand each entity’s service capabilities, and improve the services (including the efficiency and scope of services) offered by each entity;
- third parties authorised by you (generally, this will be with your consent) to receive information held by us. This may include to someone with responsibility for you (such as your parent or guardian); and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, or authorised by applicable law (including the NDIS Act, or policy requirements of the NDIA).
Other than third parties and as required by applicable law, APM will seek written consent or verbal consent to obtain or release any information about you to or from an external party (e.g. to speak to other support providers) in accordance with these four provisions.
You may grant or withhold consent at your discretion, but if the Consent is not obtained we may ask the person seeking information to liaise directly with you or your nominated person.
Generally, these entities are all located in Australia, but APM does use contractors located in the Philippines to provide invoicing and billing support.
6. Security and storage of personal information
APM is committed to keeping your personal and sensitive information secure, and has internal procedures which address how it manages your personal information in accordance with the Privacy Act.
We take reasonable steps (including using a number of physical, administrative, personnel and technical measures) to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. For example, we:
- require employees and contractors to enter into confidentiality agreements
- implement security measures for access to computer systems;
- password protect data storage devices such as laptops, tablets and smart phones; and
- provide a discreet environment for confidential discussions.
However, we cannot guarantee the security of your personal information.
- We store your personal information on servers located in Australia.
7. Accessing or correcting your personal information
You can access the personal information APM holds about you, by contacting us at the details in section 9 below. Sometimes, we may not be able to provide you with access to some or all of your personal information and, where this is the case, we will tell you why. APM will deal with requests for access to personal information as quickly as possible.
APM endeavours to ensure that the personal information it collects and holds about you is accurate, complete and up-to-date. If you think that any personal information we hold about you is inaccurate, please contact us at the details in section 9 below and we will take reasonable steps to ensure that it is corrected.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request, and inform you of how you can complain about our refusal. We may also need to verify your identity when you request your personal information.
8. Making a complaint
If you have a complaint regarding the way in which your personal information is being handled by APM, please contact us using the details set out in section 9 below, and we will handle the complaint in accordance with our internal policy.
We will use our best endeavours to resolve any complaint to your satisfaction in a reasonable timeframe, however if you are unhappy you may
• the Office of the Australian Privacy Commissioner; or
• the NDIS Quality and Safeguards Commission, who may investigate your complaint further.
9. Contact us
Last updated: 13/10/21