PRIVACY POLICY

Last Updated: 24/07/25

1. Our Commitment to Your Privacy

Human Embraced ("we", "us", "our") is committed to the transparent management of personal and health information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cwlth), as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth). This Privacy Policy outlines how we collect, use, store, and disclose your personal information across the services we provide, including:

  • NDIS Support Work

  • NDIS Recovery Coaching

  • Core Energetics Body Psychotherapy

2. Information We Collect

We may collect and hold personal and sensitive information, including:

  • Name, date of birth, pronouns, and gender identity

  • Contact information (phone, email, address)

  • Emergency contact details

  • Government identifiers (e.g., Medicare, NDIS number, Centrelink ID)

  • Financial information (e.g., bank details for invoicing/payments)

  • Medical and mental health history

  • Information provided via referrals or shared by health professionals

  • Notes and records from sessions or interactions

  • Feedback, complaints, or reports related to your support

  • Photographs (only with explicit consent)

3. How We Collect Your Information

Information may be collected:

  • Directly from you via intake forms, phone, email, or in-session

  • From third parties (with your consent) such as allied health professionals, plan managers, or family members

  • When you use our website, communicate with us online, or access shared resources

4. Why We Collect Your Information

We collect and use your personal information to:

  • Deliver safe, effective, and individualised support services

  • Fulfil requirements under the NDIS Practice Standards and Quality Indicators

  • Coordinate and manage services across your supports

  • Communicate with you and your nominated contacts

  • Maintain service records, progress reports, and documentation for professional standards

  • Meet legal, insurance, and audit requirements

5. How We Store and Secure Your Information

We take reasonable steps to protect the security and confidentiality of your personal information, including:

  • Password-protected devices and cloud storage

  • No physical documentation

  • Encrypted digital record-keeping where possible

  • Role-based access controls

We use Sponse as our primary platform to securely store client case notes and files.

We also use Dropbox to store:

  • Templates and administrative resources

  • Limited client risk management documentation only when necessary for safety or support continuity

Dropbox is accessed using secure protocols, and only authorised personnel have access to these folders.

Please note: Dropbox does not fully comply with Australian Privacy Principle requirements for data sovereignty, as some data may be stored on servers outside Australia. By accessing services with Human Embraced, you acknowledge and consent to Dropbox being used for this limited purpose.

If you are not comfortable with this, please speak to us to discuss alternatives.

6. How Long We Keep Your Information

We retain client records for 7 years from the date of your last contact, or longer if legally required (e.g., for children or in cases involving reportable incidents). After this period, records will be securely deleted or destroyed.

If you request that we stop holding your information earlier, we will review and respond to this on a case-by-case basis in line with legal and ethical obligations.

7. Breaches and Notifications

In the unlikely event of a data breach that is likely to cause serious harm, we will notify you as soon as possible, including:

  • The nature of the breach

  • What data may have been affected

  • What steps we are taking in response

We are committed to transparency and minimising harm. If you have any concerns about a breach or would like to report one, please contact us at:

hello@humanembraced.com.au

8. Disclosure of Your Information

We only disclose your information:

  • With your consent

  • When legally required (e.g., in response to a subpoena or where serious harm is likely)

  • To relevant health professionals, agencies, or plan managers for coordinated care (with consent)

We will not sell or rent your information to third parties.

9. Access and Correction

You have the right to:

  • Request access to your personal information

  • Request correction of inaccurate or incomplete information

Please contact us in writing, and we will respond within a reasonable timeframe.

10. Making a Complaint

If you have concerns about how your information is handled, you can:

  1. Contact us directly at:
    hello@humanembraced.com.au

  2. Lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
    Office of the Information Commissioner, Queensland
    PO Box 10143
    Adelaide Street Brisbane
    Queensland 4000
    Phone: (07) 3234 7373
    Email: enquiries@oic.qld.gov.au
    Online complaints: www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or practice. The latest version will always be available upon request or on our website.