Legal
Privacy Policy
How we collect, use, and protect your personal information.
Plain-language summary: Clearpath Garden & Home collects personal information to deliver your supports. We keep your information private, store it securely, and only share it with your consent or when required by law.
1. Purpose
This policy sets out how Clearpath Garden & Home collects, uses, stores, and discloses personal information — including sensitive information — in a way that is lawful, ethical, and respects the privacy of every person we work with.
This policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and aligns with the NDIS Practice Standards — Core Module: Rights and Responsibility (Standard 1.3).
2. Scope
This policy applies to:
- All participants and their representatives
- All staff, contractors, and volunteers
- All personal information Clearpath holds — in paper, digital, or any other format
3. Legislative & Regulatory Framework
- Privacy Act 1988 (Cth) — Australian Privacy Principles (APPs)
- NDIS Act 2013 (Cth)
- NDIS (Provider Registration and Practice Standards) Rules 2018
- Health Records Act (where applicable)
- Notifiable Data Breaches Scheme (Part IIIC, Privacy Act 1988)
4. What Information We Collect
4.1 Personal Information
Clearpath may collect:
- Full name, date of birth, address, and contact details
- Emergency contact details
- NDIS plan number and funding details
- Support coordinator and nominee details
- Records of supports provided (service notes, visit records)
4.2 Sensitive Information
As an NDIS provider, we also collect sensitive information including:
- Health and medical information relevant to support delivery
- Disability-related information
- Cultural background or religious beliefs (where relevant to service delivery)
Clearpath will only collect sensitive information with the participant's explicit consent, or where required or authorised by law.
5. How We Collect Information
We collect information:
- Directly from participants, their families, or nominees during intake
- From support coordinators or allied health professionals (with consent)
- Through service notes and visit records created by staff during support delivery
We will always tell participants why we are collecting their information, how it will be used and stored, and who it may be shared with.
6. How We Use Information
Clearpath uses personal information only for the primary purpose it was collected — to deliver high-quality NDIS supports. This includes:
- Developing and reviewing participant support plans
- Scheduling and delivering services
- Claiming supports through the NDIS portal
- Communicating with participants, families, and coordinators
- Meeting our legal and regulatory obligations
We do not use participant information for marketing without explicit consent.
7. Sharing & Disclosure
Clearpath will not share personal information with third parties without the participant's consent, except where:
- It is required by law (e.g., mandatory reporting of abuse or neglect)
- It is necessary to prevent a serious and imminent threat to health or safety
- It is required by the NDIS Quality and Safeguards Commission during an audit or investigation
- A court order or legal process requires disclosure
Where information is shared with other service providers for continuity of care, we will obtain the participant's consent first (recorded in writing) and share only the minimum information necessary.
8. Storage & Security
Clearpath stores personal information securely:
- Paper records: Kept in locked filing cabinets; access restricted to authorised staff
- Digital records: Stored in password-protected systems with appropriate access controls
- Mobile devices: Staff devices used for service notes are password-protected
Records are retained for a minimum of 7 years from the date of last service (or until the participant turns 25, whichever is later, for participants who were minors at commencement).
Clearpath takes reasonable steps to protect information from misuse, loss, unauthorised access, modification, or disclosure.
9. Access & Correction
Participants have the right to:
- Request access to personal information Clearpath holds about them
- Request corrections to any information that is inaccurate, incomplete, or out of date
To make an access or correction request, contact us at admin@clearpathgardenandhome.com.au. Requests will be responded to within 30 days.
If Clearpath declines an access request, we will explain why in writing and advise the participant of their right to complain to the Office of the Australian Information Commissioner (OAIC): 1300 363 992
10. Notifiable Data Breaches
If a data breach occurs that is likely to result in serious harm to any individual, Clearpath will:
- Contain the breach immediately
- Assess whether notification is required under the Notifiable Data Breaches Scheme
- Notify the OAIC and affected individuals as required (typically within 30 days of becoming aware)
- Document the breach and corrective actions in the Incident Register
11. Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Registered Manager | Overall accountability for privacy compliance; handles access/correction requests and breach response |
| All Staff | Handle participant information with care; only access information needed for their role; report any suspected breaches immediately |
12. Complaints About Privacy
Participants who believe their privacy has been breached can:
- Raise the matter with Clearpath directly — contact our team
- Contact the OAIC: 1300 363 992
- Contact the NDIS Quality and Safeguards Commission: 1800 035 544
13. Review
This policy is reviewed annually or following any data breach, legislative change, or NDIS audit.
14. Related Documents
- Participant Rights & Dignity Policy
- Complaints & Feedback Policy
- Incident Management Policy
- NDIS Service Agreement Template
- Privacy Act 1988 (Cth) — Australian Privacy Principles