Privacy Policy
1. About This Policy
This Privacy Policy explains how Astara Wellness Pty Ltd (ABN 57 675 628 350, NDIS Registration ID: 4-K7XSLC5) - referred to throughout as "Astara Wellness", "we", "us" or "our" - collects, uses, stores, discloses and protects personal information about the people we support, their families and carers, our staff, contractors and any other individuals who interact with us.
This policy applies to all personal information collected through our services, website, forms, phone calls, emails and any other means of communication. By engaging with Astara Wellness, you consent to the collection and use of your information as described in this policy. We review this policy annually and update it whenever there are changes to legislation, our services or our practices. The most current version is always available on our website.
2. Legislation & Framework
Astara Wellness operates in full compliance with Australian privacy law and NDIS legislation, including the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NDIS Act 2013 (Cth), the NDIS (Protection and Disclosure of Information) Rules 2018, the NDIS Practice Standards 2018, the NDIS Code of Conduct, the ACT Health Records (Privacy and Access) Act 1997, and the Disability Discrimination Act 1992 (Cth).
As a registered NDIS provider, we are bound by the NDIS Practice Standards, which require us to collect and manage participant information in a way that respects dignity, promotes autonomy and protects privacy. Under the NDIS (Protection and Disclosure of Information) Rules 2018, certain information about NDIS participants is classified as "protected NDIS information." We are legally required to handle this information with the highest level of care and can only disclose it in specific circumstances defined by law - including with your consent, or where required to prevent serious harm.
3. What Information We Collect
We only collect information that is reasonably necessary to deliver safe, effective and personalised NDIS support services. The types of personal information we may collect include identity information such as your full name, date of birth, address, phone number, email address, gender and preferred pronouns. We also collect NDIS-specific information including your NDIS number, plan details, funding categories, support goals, and plan manager and support coordinator details.
Where relevant to your supports, we may collect health and medical information including your diagnosis, medical history, medications, health conditions, behavioural support needs and clinical assessments. We may also collect information about your living arrangements, household members and carer details, as well as cultural background information including language preferences, religion and any cultural considerations relevant to your care.
Sensitive information - including information about disability, mental health, sexual orientation or criminal history - is only collected with your explicit consent or as required by law. Where you have an authorised guardian, nominee or representative, we will also collect relevant details about that person. Financial information necessary for billing, invoicing and NDIS claiming is also collected and managed in accordance with this policy.
4. How We Collect Your Information
We collect personal information directly from you wherever possible. This may occur through service agreements and intake forms completed when you begin receiving supports, phone calls, emails and in-person conversations with our team during the enquiry or onboarding process, our website through enquiry forms or contact submissions, and through the ongoing delivery of your supports including progress notes, incident reports, assessments and review meetings.
In some circumstances, we may collect information about you from third parties such as the NDIA, plan managers, support coordinators, medical professionals or previous service providers - but only with your consent or as permitted by law. If we collect information about you from a third party, we will take reasonable steps to notify you of this, unless doing so would be contrary to law or impractical.
5. Why We Collect Your Information
Astara Wellness collects personal information for the following primary purposes. First and foremost, to plan, coordinate and deliver the NDIS support services outlined in your service agreement and NDIS plan. We also collect information to communicate with you, your family, carers or representatives about your supports, appointments and any changes to services, and to process payments, submit NDIS claims and manage financial transactions related to your supports.
Your information also helps us identify and respond to risks, incidents or emergencies involving participants or staff, meet our obligations under the NDIS Act, NDIS Practice Standards and other applicable legislation, review and improve the quality, safety and effectiveness of our services, and manage our workforce including worker screening, training and performance. We will not use your personal information for any purpose unrelated to the above without your explicit consent.
6. How We Use Your Information
Your information is used only for the purposes for which it was collected and handled in accordance with the Australian Privacy Principles. Sensitive information - including health records, disability information and cultural background - is treated with the highest level of care and is only used with your consent or as required by law.
Under Australian Privacy Principle 3 (APP 3) and the NDIS Practice Standards, health and disability information is classified as sensitive information and attracts a higher level of protection. We will only collect, use or disclose this information with your consent, or where required by law, to prevent serious harm, or to provide emergency health care. We do not use your personal information for marketing or promotional purposes without your explicit opt-in consent. You may withdraw consent for marketing communications at any time by contacting us.
7. Sharing Your Information
Astara Wellness does not sell, rent or trade your personal information. We may share your information only in the following circumstances: with your consent, to other service providers, family members, support coordinators or any party you authorise; with the NDIA as required to manage your NDIS plan, submit claims or meet our obligations as a registered provider; with the NDIS Quality and Safeguards Commission for auditing, compliance, complaints or incident reporting as required by law; with healthcare professionals where necessary to coordinate your care or respond to a health or safety concern; with emergency services where there is an immediate risk to the life, health or safety of you or another person; and with legal and regulatory bodies where required or authorised by Australian law, a court order or government authority.
We do not disclose your information overseas. All personal information is stored and managed within Australia.
8. Storing & Securing Your Information
Astara Wellness takes all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. Our security measures include secure, password-protected systems with restricted staff access based on role and need, encrypted storage of digital records and secure transmission of sensitive data, locked physical storage for any paper-based records, regular staff training on privacy obligations, data handling and confidentiality, and incident response procedures in the event of a data breach, including notification in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.
We retain your personal information for as long as it is required to deliver services to you or as required by law. When it is no longer needed, we securely destroy or de-identify the information in accordance with our record retention obligations under the NDIS Practice Standards.
9. Your Privacy Rights
Under the Privacy Act 1988 and the Australian Privacy Principles, you have the following rights in relation to your personal information. You have the right to access the personal information we hold about you at any time - we will respond to access requests within 30 days. If your information is inaccurate, incomplete or outdated, you have the right to request a correction and we will action this promptly. You may withdraw consent for specific uses of your information at any time, subject to our legal obligations. If you believe your privacy has been breached, you have the right to make a complaint to us or directly to the Office of the Australian Information Commissioner (OAIC). You have the right to be informed about why we are collecting your information and how it will be used before you provide it. Where lawful and practicable, you also have the right to interact with us anonymously or using a pseudonym.
To exercise any of these rights, please contact our Privacy Officer using the details provided in Section 12.
10. Children, Guardians & Nominees
Where a participant is under 18 years of age or lacks the capacity to provide informed consent, we will collect and manage personal information through their parent, legal guardian or NDIS-appointed nominee, in accordance with the NDIS Act 2013 and relevant state and territory legislation. We take additional care when handling the personal information of children and people with reduced decision-making capacity, and will always act in the best interests of the participant. Guardians and nominees have the same rights of access, correction and complaint as participants, subject to their authorisation and the participant's best interests.
11. Website & Cookies
When you visit our website, we may collect certain non-identifiable technical information including your IP address, browser type, pages visited and time spent on the site. This information is used solely to improve the functionality and user experience of our website. Our website may use cookies - small data files stored on your device - to remember your preferences and improve your browsing experience. You can disable cookies through your browser settings at any time, though this may affect some website functionality. We do not use cookies to track you across other websites, and we do not share website usage data with third-party advertisers. Any personal information submitted through website forms is handled in accordance with this Privacy Policy.
12. Privacy Complaints & Contact
If you have a concern about the way Astara Wellness has handled your personal information, or if you would like to access, correct or request deletion of your information, please contact our Privacy Officer in the first instance. We will acknowledge your concern within 2 business days and aim to resolve it within 20 business days.
If you are not satisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, by phone on 1300 363 992, or by post to GPO Box 5218, Sydney NSW 2001.
Astara Wellness Privacy Officer
Caden Walker, Director Astara Wellness Pty Ltd
Email: hello@astarawellness.com.au
Phone: 02 6116 7000
Location: Canberra, ACT, Australia
NDIS Registration ID: 4-K7XSLC5 ·
ABN: 57 675 628 350.