Contact

Privacy Policy

PURPOSE
This Privacy Policy outlines Forming Connections’ commitment to protecting the privacy of personal and sensitive information of participants, staff, and other stakeholders in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breach (NDB) Scheme, the NDIS Practice Standards, and the NDIS (Quality Indicators) Guidelines 2018.

SCOPE
This policy applies to all Forming Connections employees, contractors, volunteers, participants, and stakeholders whose personal information is collected, stored, or used by Forming Connections.

DEFINITIONS

  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
  • Sensitive Information: Includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health information, or criminal record.
  • Health Information: A subset of sensitive information relating to an individual’s physical or mental health, disabilities, or health services provided.

COLLECTION OF INFORMATION
Forming Connections collects personal information through various means, including consent forms, interviews, surveys, photographs, and interactions on social media. Where possible, information is collected directly from the individual or their legal representative.
Forming Connections will obtain explicit written consent before collecting or using sensitive information, including health-related data, except where collection is required by law.

USE OF INFORMATION
Personal information is used only for the purposes for which it was collected, including the provision of services, compliance with legal and regulatory obligations, and internal administrative purposes. Forming Connections ensures all uses comply with the Privacy Act 1988 (Cth) and NDIS Practice Standards.

WITHDRAWAL OF CONSENT
Individuals have the right to withdraw consent at any time. Upon withdrawal, Forming Connections will cease processing the individual’s personal information unless required by law to retain it.

DISCLOSURE OF INFORMATION

Forming Connections may disclose personal information to:

  • Government agencies for compliance and reporting purposes.
  • Third-party service providers who are contractually bound to comply with privacy laws.
  • Emergency services when necessary to protect an individual’s health or safety.
  • Third-party service providers handling personal data must adhere to the Privacy Act 1988 (Cth) and enter into confidentiality agreements before accessing any Forming Connections data.

USE OF PHOTOS AND VIDEOS
Forming Connections will only use photos or videos of individuals with their informed consent. Images may be used for marketing, social media, or internal purposes. Individuals have the right to withdraw consent at any time.

STORAGE, SECURITY, AND RETENTION OF INFORMATION

Forming Connections employs strict measures to ensure the security of personal information, including:

  • Encryption of electronic data.
  • Restricted access to physical and digital records.
  • Secure destruction of records no longer required under law.

Data Retention Periods:

  • Participant records: Minimum 7 years from last service provision.
  • Employee records: Minimum 7 years after termination.
  • Incident reports: Minimum 7 years from resolution.
  • Financial records: Minimum 5 years.

ACCESS AND CORRECTION OF INFORMATION
Individuals can request access to their personal information and seek corrections if the information is inaccurate or outdated. Requests should be made in writing to the Privacy Officer at Forming Connections.

Process for Data Access Requests:

  • Forming Connections will acknowledge receipt of the request within 14 days.
  • Requests will be processed within 30 days unless legally exempt.
  • If a request is denied, Forming Connections will provide written reasons and options for appeal.

COMPLAINTS AND ESCALATION PROCESS
Individuals who believe their privacy rights have been breached can lodge a complaint with the Privacy Officer. Complaints will be:

  • Acknowledged within 14 days.
  • Investigated and resolved within 30 days.
  • If unresolved, escalated to the Office of the Australian Information Commissioner (OAIC).

DATA BREACH RESPONSE
In the event of a data breach, Forming Connections will follow the Notifiable Data Breach (NDB) Scheme, which includes:

  • Assessing the breach within 30 days.
  • Notifying affected individuals if the breach is likely to cause serious harm.
  • Reporting the breach to the Office of the Australian Information Commissioner (OAIC) where required.

COMPLIANCE AND ENFORCEMENT
Breaches of this policy will result in disciplinary action and may be subject to legal penalties. Forming Connections conducts regular audits and staff training to ensure compliance with privacy laws and NDIS standards.