Privacy policy
(A) 10DayFCA’s policy is to respect and protect the privacy of all people connected with the National Disability Insurance Scheme (NDIS) inclusive of participants, providers, employees and contractors. In dealing with personal information, 10DayFCA abides by the obligations imposed under federal law, inclusive of the Privacy Act 1988 (Cth)and the National Disability Insurance Scheme Act 2013 (Cth).
(B) The Privacy Act 1988 (Cth)authorises the collection of personal information where this is required to facilitate access to services provided under the NDIS and perform the other functions required for service provision. The National Disability Insurance Scheme Act 2013 (Cth) sets the provisions for confidentiality and secrecy which limit how 10DayFCA collect and use personal information and when and to whom this information can be disclosed.
1. Information collected and stored
- 10DayFCA will collect information which is considered reasonably necessary to carry out our role as service providers. The kinds of information we collect and store includes, but is not limited to, personal information (as defined under the Privacy Act 1988 (Cth)) about the participants and other users of our services, and about our employees, contractors and providers.
- We may collect the following types of personal information:
- identity information, such as your full name and date of birth;
- contact details, such as your email and phone number;
- government identifiers, such as your participant number under the National Disability Insurance Scheme (NDIS) if applicable;
- the relevant NDIS Plan information when provided;
- any information or documents which you upload to the 10DayFCA platform;
- information about your interactions with us on or via the 10DayFCA platform;
- information you provide via free text inputs on or via the 10DayFCA platform;
- your occupation;
- your preferences;
- your relationship to other users of 10DayFCA;
- information about you, which is held by third parties, where you have provided your separate consent to such collection, such as information that is or was held by the National Disability Insurance Agency; and
- other personal information that may be required in order to facilitate your dealings with us.
- financial information, such as your bank account details or credit card information, when necessary for processing payments or reimbursements;
- 10DayFCA may also collect ‘health information’ as defined under the Privacy Act 1998 (Cth), such as information about your health or disability, doctors or other health professionals you have seen or health services you have received.
- Use of Health Information
In providing NDIS services, 10DayFCA may collect health information (as defined under the Privacy Act 1988 (Cth)) about participants and other users of our services. This information includes, but is not limited to, medical and diagnostic details, functional assessment outcomes, and copies of NDIS Plans or related support documentation provided by the participant. This information is collected to enable the delivery of high-quality, appropriate, and legally compliant functional capacity assessments and related services.
Health information will only be used internally by authorised personnel for the purposes of:
(i) conducting and documenting assessments;
(ii) coordinating care and communicating with relevant support persons or professionals (with consent);
(iii) meeting reporting requirements under the NDIS and other applicable laws; and quality assurance and internal training purposes.
10DayFCA ensures that health information is protected through secure electronic and physical storage systems. Personal health information is only accessed by authorised personnel on a need-to-know basis.
In line with NDIS and legal obligations, health records will be retained for a minimum of seven (7) years from the date of last service provision (or, if the participant was under 18 at the time of last service, seven years from when they turn 18), after which it will be securely destroyed or de-identified unless further retention is required by law.
Health information is only collected with your consent or as otherwise permitted or required by law. All electronic records containing personal or health information are stored on secure systems with encryption, and access is restricted based on staff roles and operational need.
2. Sensitive information
- Sensitive information is defined under the Privacy Act 1988 (Cth) as “Information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record; or health information”.
- Without your consent, we will not collect sensitive information. Sensitive information will only be collected if it is specifically required for operational purposes. This is subject to certain exceptions such as when collection is required by law, or when the information is necessary for the establishment, exercise or defense of a legal claim.
3. Purposes of information collection and storage
- Where an individual has provided consent, 10DayFCA will use and disclose the personal information we collect to:
- provide and improve our services to our clients and their family members;
- process donations and communicate with our donors and supporters, including sending them information (which may be by phone, email or other electronic means);
- communicating with our clients and their family members, donors and supporters, and volunteers (including responding to queries and complaints) and distributing our publications, conducting events and raising awareness about our services; and
- our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.
(b) We will not share any of your personal information with third parties without your consent except:
(i) if we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including other service providers or insurers) or court order;
(ii) the disclosure of the information will prevent or lessen a serious and imminent threat to somebody’s life or health;
(iii) to our contractors, service providers and volunteers only to the extent necessary for them to perform their duties to us.
(iv) in the event of a merger, acquisition, or sale of all or a portion of our assets, in which case personal information held by us about our customers will be among the assets transferred to the new owner;
- We are obliged to report to the Australian government and other bodies on the services they fund us to provide. Reports cover demographic and service use information only.
4. Processes for collecting and storing information
- 10DayFCA has systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:
- paper-based records which are held securely;
- access to personal information is on a need-to-know basis, by authorised personnel; and
- storage and data systems are regularly updated and audited.
(b) When no longer required, personal information is either archived or destroyed in accordance with federal law.
5. Accessing and correcting your personal information
(a) 10DayFCA aims to ensure that all personal information held about a person is accurate, up to date, complete and relevant before acting on it. If a person learns that the personal information that 10DayFCA holds about them is inaccurate, outdated, incomplete, irrelevant or misleading that person can contact 10DayFCA through the methods detailed in Section 8 so that the information can be updated accordingly.
(b) Where a person requests 10DayFCA to correct the personal information we hold about them, we will action this request promptly. A person can request that we notify this change to any other agencies or organisations that we have previously disclosed the personal information too.
(c) If we do not agree to correct our records as requested, we will give written notice of the decision, setting out our reasons for refusing this request and how the person can lodge a complaint about our decision.
6. Links to Third Party Websites
Our website www.10dayfca.com.au contains external links and widgets operated by certain third parties such as Facebook, Twitter, Instagram and Google. These third parties may not be subject to the Privacy Act 1988 (Cth). 10DayFCA is not responsible for the privacy practices of these third
parties, or the accuracy, content and security of their websites. You should review the Privacy Policies of these individual websites and use your discretion regarding the use of their site.
7. Disclosure to Overseas Recipients and Third-Party Service Providers
10DayFCA engages several third-party service providers to support its telehealth operations, assessments, communications, and administration. Some of these service providers operate outside of Australia or may store personal information on servers located overseas. Where this occurs, we take reasonable steps to ensure your personal information remains protected in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, particularly APP 8 regarding cross-border disclosures.
These service providers include, but are not limited to:
Splose: Practice management software (Data stored securely in Australia; uses encryption for data in transit and at rest)
HubSpot: Customer relationship and communication platform (Data may be stored in the United States, Germany, and other jurisdictions; encrypted and SOC 2 compliant)
Asana: Project and task management tool (Data stored in the United States; encrypted; ISO 27001 and SOC 2 compliant)
Quotify: Service agreement management platform used to collect personal details such as names and digital signatures. Quotify is based in Australia; however, limited public information is available regarding its data security and encryption standards. We continue to monitor and assess the privacy compliance of all providers used, including Quotify.
Fiverr: Online freelance platform used for the development of our website by a contractor based in Bangladesh. This may have involved temporary access to basic content and platform integrations.
By using our services, you acknowledge and consent to the possible disclosure of your personal or health information to these overseas or third-party recipients. We undertake reasonable due diligence to assess the privacy and security standards of our service providers, including those located offshore. If you have concerns about the handling or storage of your data by these services, please contact us so we can discuss how to best address your needs.
All personal and sensitive information shared with third parties is limited to what is reasonably necessary for them to perform their role in supporting our service delivery.
8. Making a complaint
(a) You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting 10DayFCA in writing, by email, mail or fax to the contact information set out at the end of this privacy policy.
(b) 10DayFCA will aim to resolve your complaint within seven (7) days from when your request was made. If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner at the details set out below.
9. Contact information
If you would like to leave feedback or complain about the service you have received from us or you feel that we have breached your privacy obligations, please contact us through any of the following methods.
Phone:
Email: info@10dayfca.com.au
Postal Address: Ground Floor 470 St Kilda Road, Melbourne, Victoria, 3004
If you want to obtain additional information on your privacy rights and how you can enforce them, you can visit the website of the Office of the Australian Information Commissioner at: