Privacy policy.
Nextstep Community Care (ABN 46 691 448 405) is committed to protecting the privacy of an individual's personal information. This policy sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us, and the way we collect, use and disclose your personal information.
In handling your personal information, we comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles in the Privacy Act. As a registered NDIS provider, we also comply with our privacy and confidentiality obligations under the NDIS Practice Standards.
We have policies and procedures in place to ensure that:
personal information is managed in an open and transparent way
the privacy of the personal information of participants and staff is protected
we collect and handle personal information fairly
personal information we collect is used and disclosed for legally permitted purposes only
we regulate access to and correction of personal information
we maintain the confidentiality of personal information through appropriate storage and security.
THE KINDS OF INFORMATION WE COLLECT
Participant personal information is collected to provide care and services. Personal information we collect could include your:
name, address, telephone number and email address
date of birth
gender
advocate, guardian or emergency contact details
NDIS number and details of your NDIS plan, goals and support needs
health information
diversity status (for example ethnicity, cultural background and lifestyle preferences).
Health information and diversity information are treated as sensitive information under the Privacy Act, and we handle this information with additional care.
If you contact us to enquire about our services, provide feedback, refer someone to us, or apply to work with us, we collect the information you choose to give us, such as your name, contact details and the content of your message or application.
HOW WE COLLECT PERSONAL INFORMATION
Participant personal information may be collected from:
you, the participant
your family members or significant others
your parent, guardian, nominee or advocate
your doctor or other service providers or facilities
the National Disability Insurance Agency (NDIA), where you have authorised it or the law allows it.
We will collect personal information directly from you unless:
we have your consent to collect the information from someone else
we are required or authorised by law to collect the information from someone else
it is unreasonable or impractical to do so.
You can withdraw your consent at any time by contacting us, although this may affect our capacity to provide services to you.
OUR WEBSITE AND FORMS
Our website (nextstepcc.com.au) includes forms you can use to make a general enquiry, ask about supports, make a referral or provide feedback. When you submit a form, we collect the information you enter so we can respond to and act on your request. If you are referring another person, please only share their information with their consent, or the consent of their parent, guardian or nominee.
Our website is hosted by Squarespace, and form submissions are transmitted and stored securely through that platform before being handled by our team.
We use Google Analytics to understand how visitors use our website. This collects information such as your device type, browser, approximate location and the pages you visit, using cookies. This information is aggregated and does not identify you personally. You can manage or disable cookies through your browser settings, although parts of the website may not work as intended.
PURPOSE OF COLLECTING PERSONAL INFORMATION
Personal information is collected for the purposes of providing care and services. The information may be used to:
provide support services and coordinate your care
enable service providers and medical practitioners to provide care and services
meet our legal, funding, quality and safety obligations as a registered NDIS provider
respond to enquiries, referrals, feedback and complaints
assess applications from people who apply to work or volunteer with us.
DISCLOSURE OF PERSONAL INFORMATION
We may disclose your personal and health information, for the purpose of your care and services, to:
service providers who assist us in providing care and services, medical practitioners, and external health agencies such as the ambulance service and hospitals
the National Disability Insurance Agency (NDIA) and the NDIS Quality and Safeguards Commission, where required for your supports or by law
other relevant government organisations
a person you have nominated as your advocate, for example a parent, child or sibling, spouse, relative, member of your household, guardian, enduring power of attorney, or a person you have nominated to be contacted in an emergency, provided they are at least 18 years of age.
We will not use or disclose personal information for a purpose other than providing care and services, unless:
you have consented
the purpose is related to providing care and services and you would reasonably expect the disclosure of the information for that purpose
we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious threat to your life, health or safety, or a serious threat to public health or public safety
we have reason to suspect unlawful activity, or the disclosure is required or authorised by law.
OVERSEAS DISCLOSURE
We aim to store personal information in Australia. Some of the technology providers we use to run our website and communications, such as our website host and analytics provider, may store or process limited information on servers located overseas, including in the United States. Where this occurs, we take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles. We do not otherwise disclose your personal information to overseas recipients.
ANONYMITY
Where it is lawful and practicable, you may deal with us anonymously or by using a pseudonym, for example when providing general feedback or making a complaint through our website. In some cases, such as providing you with supports, we will need to know who you are in order to assist you.
DIRECT MARKETING
We will only send you marketing or promotional material, such as newsletters or service updates, where you have consented or would reasonably expect to receive it. You can opt out at any time by contacting us or by using the unsubscribe option included in the communication.
SECURITY OF PERSONAL INFORMATION
We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms, on secure premises and in secure, access-controlled systems, including Microsoft 365 for email and document management and our NDIS practice management software, accessible only by authorised staff.
ACCESSING AND CORRECTING THE PERSONAL INFORMATION WE HOLD ABOUT YOU
Under the Privacy Act, you have a right to request access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date or incomplete. If at any time you would like to access or correct your personal information, or you would like more information on our approach to privacy, please contact us using the details below.
To obtain access to your personal information, you will need to provide us with proof of identity. We will respond to your request within a reasonable time, usually within 30 days.
EMPLOYEE AND JOB APPLICANT INFORMATION
Records of current and past employees that relate to the employment relationship are managed in accordance with workplace laws. Privacy laws may apply to employee personal information if it is used for something unrelated to the employment relationship. Personal information provided by job applicants is used only for recruitment purposes.
VOLUNTEER RECORDS
Personal information collected and held by us in relation to our volunteers is managed in accordance with the Privacy Act.
DATA BREACHES
If personal information we hold is lost, stolen, or subject to unauthorised access or disclosure, we will act in accordance with our data breach response procedures and the Notifiable Data Breaches scheme, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.
PRIVACY COMPLAINTS
If you have a concern or complaint about how we have handled your personal information, you can lodge it through our feedback and complaints process, including the Feedback and Complaints form on our website. At all times, privacy complaints will:
be treated seriously
be dealt with as promptly as possible
be dealt with in a confidential manner
not affect the supports and services you receive from us.
You will be informed of the outcome of your complaint following the completion of our investigation. If you are not satisfied with the outcome, you can contact:
the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992
the NDIS Quality and Safeguards Commission at ndiscommission.gov.au or on 1800 035 544.
CONTACT US
Nextstep Community Care
ABN 46 691 448 405
Level 2, 91 George Street, The Rocks NSW 2000
Email: info@nextstepcc.com.au
Phone: 0402 462 229
CHANGES TO THIS POLICY
We may update this policy from time to time to reflect changes in our practices or the law. The current version will always be available on our website.
Version 1.1 | Issued July 2026 | Next review July 2027