Effective Date: 27 May 2025
Last Updated: 27 May 2025

Good Company Disability Services Pty Ltd (“we”, “our”, or “us”) is committed to protecting your personal information and ensuring your privacy is respected in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the NDIS Practice Standards.

By providing us with your personal information—whether through our website, forms, email, or other communication—you consent to our collection, use, and disclosure of that information as described in this Privacy Policy.

1. What Information We Collect

We may collect the following types of personal and sensitive information:

a. Personal Details

• Full name, date of birth, and gender

• Contact details (email address, phone number)

• Emergency contact information

b. Sensitive Information (with consent)

• Health and medical history

• Disability and support needs

• Cultural background, language preferences

• NDIS participant and plan details

c. Website and Technical Data

• IP address, browser, and device type

• Website interaction history

• Cookies and analytics tracking data

2. How We Collect Information

We collect information through:

• Website forms and registrations

• Direct communication (email, phone, in person)

• Service agreements, intake forms, and feedback tools

• Use of cookies and analytics platforms

• Photography, video, or audio recordings (with consent)

3. Why We Collect Information

We collect personal information to:

• Provide and tailor NDIS support services

• Communicate with clients, carers, and families

• Comply with legal, funding, and reporting obligations

• Improve our services, staff training, and quality assurance

• Enhance user experience on our website

• Promote our services (with explicit consent for media)

4. Use and Disclosure of Personal Information

We only use or disclose your personal information for the purposes it was collected or where otherwise permitted by law. This may include sharing information with:

• Our staff and contractors involved in delivering services

• Health professionals and allied service providers (with consent)

• Government bodies including the NDIA and NDIS Commission

• IT and CRM service providers under appropriate privacy agreements

• Emergency services in the event of a medical emergency

We do not sell, rent, or trade your personal information.

5. Use of Images, Video and Recordings

We may request consent to capture and use photos, video, or audio recordings of participants for specific purposes. Before doing so, we will:

• Explain how and where the media will be used

• Seek your consent in writing or verbally

• Respect your right to refuse or withdraw consent at any time

6. Website Cookies and Analytics

We use cookies and analytics tools to:

• Monitor website traffic and user behaviour

• Improve website content and navigation

• Support digital marketing activities

You may opt out or disable cookies through your browser settings. Some features may be limited as a result.

7. Data Security

We safeguard personal information through:

• Secure, encrypted cloud storage systems

• Role-based access controls and password protection

• Cybersecurity protocols and regular audits

• Staff training in data privacy and breach response

8. Data Retention and Disposal

We retain personal information only as long as necessary for our business, regulatory, and legal obligations. Information no longer required is securely deleted or de-identified using industry best practices.

9. Staff Training and Responsibilities

All staff receive training on privacy, data handling, and confidentiality as part of their onboarding and through ongoing development. Only authorised staff may access personal information relevant to their roles.

10. Participant Rights and Choices

You have the right to:

• Request access to your personal information

• Ask for corrections to inaccurate details

• Withdraw consent at any time

• Lodge complaints about privacy handling

We will respond promptly to all enquiries in accordance with our obligations.

11. Data Breach Notification

In the event of a data breach that could result in serious harm, we will:

• Act promptly to contain and assess the breach

• Notify individuals affected and the OAIC (if required)

• Implement measures to reduce future risks

12. Overseas Disclosure

Some of our third-party systems may be hosted overseas. We ensure these providers meet Australian privacy standards and that appropriate safeguards are in place before transferring any information.

13. Third-Party Websites

Links to third-party sites may appear on our website. We are not responsible for their content or privacy practices and recommend reviewing their privacy policies before sharing your information.

14. Use of Artificial Intelligence (AI)

Good Company Disability Services uses artificial intelligence tools, including ChatGPT by OpenAI, to assist with internal administrative tasks such as:

• Drafting internal documentation

• Improving service templates

• Supporting team learning and compliance

We reassure you that:

• No personal, health, or identifiable client data is input into AI systems

• Only anonymised or generic content is used

• Use is restricted to trained and authorised staff only

• Access is protected through multi-factor authentication (2FA) and cybersecurity safeguards

Good Company uses ChatGPT Team (a business-grade AI solution), which ensures:

“All API data and Enterprise/Team user prompts and outputs are excluded from any training dataset.”
“OpenAI enforces this through contractual terms and technical measures under its business offerings.”
“As part of this plan, OpenAI does not use our business data (inputs or outputs) to train its models.”

This practice complies with the Privacy Act 1988 (Cth) and the NDIS Practice Standards on the date noted as effective date on this policy.

15. Making a Privacy Complaint

If you believe your privacy has been breached:

1. Contact us directly using the details below.

2. We will investigate and respond within a reasonable timeframe.

3. If unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

16. Contact Us

For privacy-related enquiries or complaints:

Good Company Disability Services Pty Ltd
Email: [email protected]
Website: www.goodcompanyds.com.au
Phone (Perth Office): (08) 9334 6995
Phone (Melbourne Office): (03) 9069 7866

17. Updates to This Policy

We may review and update this Privacy Policy periodically. The most current version will always be available on our website, with the effective date clearly noted above.