Skip to main content (M for menu)

Privacy Policy

Our Privacy Commitment

The Disability Services Exchange (DSX) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, and protect your personal information.

Effective Date: 1 January 2025 | Version: 2.0 | Review Cycle: Annual

Data Minimization

We only collect information necessary for service delivery, with explicit consent and clear purpose statements.

Secure Storage

All personal data encrypted at rest and in transit, stored exclusively in Australian data centers.

Transparency

Clear visibility into what data we collect, why we need it, and how it's used to improve services.

Your Control

Access, correct, or delete your information at any time through your account or by contacting us.

1. Information We Collect

Personal Information (APP 3: Collection)

Identity & Contact Information

  • Full name, date of birth (where required for verification)
  • Email address, phone number, postal address
  • Government identifiers (ABN, NDIS registration) for providers
  • Professional qualifications and certifications

Service-Related Information

  • NDIS participant or provider status
  • Service preferences and requirements
  • Support needs and accessibility requirements
  • Feedback, reviews, and quality ratings

Technical Information

  • IP address and device information
  • Browser type and operating system
  • Usage patterns and interaction data
  • Cookies and similar tracking technologies (with consent)

Sensitive Information (APP 3.3)

  • Health information (only with explicit consent for service matching)
  • Disability-related information (for appropriate support provision)
  • Cultural and linguistic background (for culturally appropriate services)

Note: Sensitive information is only collected with your explicit consent and where necessary for service provision.

2. How We Collect Information

  • Directly from you: Through forms, account registration, surveys, and communications
  • Automatically: Via cookies and analytics tools (with your consent)
  • From third parties: NDIS verification systems (with authorization)
  • Public sources: NDIS provider registers and professional directories

3. How We Use Your Information (APP 6)

Primary Purposes

  • Service Delivery: Connecting participants with appropriate providers
  • Account Management: Creating and maintaining your DSX account
  • Communication: Sending service updates, newsletters (with consent)
  • Quality Assurance: Monitoring and improving service quality
  • Compliance: Meeting NDIS Quality and Safeguards requirements
  • Safety: Protecting users and preventing fraud or abuse

Secondary Purposes (with consent)

  • Research and analytics (de-identified data)
  • Sector improvement initiatives
  • Marketing communications (opt-in only)
  • Testimonials and case studies (with explicit permission)

4. Information Sharing & Disclosure (APP 6 & 8)

We May Share Information With:

  • Service Providers: IT hosting, email services (under strict agreements)
  • NDIS Commission: For compliance and quality assurance
  • Law Enforcement: When legally required or to prevent serious harm
  • Professional Advisors: Lawyers, auditors (under confidentiality)
  • With Your Consent: Other parties you explicitly authorize

We Never:

  • Sell or rent your personal information
  • Share data with overseas recipients without consent
  • Use your data for purposes other than those disclosed
  • Allow unauthorized access to your information

5. Data Security & Retention (APP 11)

Security Measures

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Access Controls: Multi-factor authentication, role-based permissions
  • Monitoring: 24/7 security monitoring and threat detection
  • Auditing: Regular security assessments and penetration testing
  • Training: Staff privacy and security awareness programs
  • Incident Response: Established breach notification procedures

Data Retention

  • Active Accounts: Retained while account is active
  • Inactive Accounts: Archived after 2 years, deleted after 7 years
  • Financial Records: 7 years (tax requirements)
  • NDIS Compliance: As per NDIS Commission requirements
  • Marketing Lists: Until consent withdrawn
  • Cookies: Session cookies expire on browser close, persistent cookies after 12 months

6. Your Privacy Rights (APP 12 & 13)

You Have the Right To:

Access (APP 12)

  • Request a copy of your personal information
  • Know what information we hold about you
  • Understand how we use your data
  • Receive data in a portable format

Correction (APP 13)

  • Update incorrect information
  • Complete incomplete records
  • Add explanatory notes
  • Request third-party corrections

Control

  • Opt-out of marketing
  • Withdraw consent
  • Restrict processing
  • Data portability

Deletion

  • Request account deletion
  • Remove unnecessary data
  • Be forgotten (where legally permitted)
  • Anonymization of records

To exercise any of these rights, contact our Privacy Officer at privacy@dsx.org.au. We will respond within 30 days.

7. Cookies & Tracking Technologies

We Use Cookies For:

  • Essential Functions: Authentication, security, accessibility preferences
  • Performance: Site optimization and error tracking
  • Analytics: Understanding usage patterns (anonymized)
  • Preferences: Remembering your settings and choices

Managing Cookies:

You can control cookies through your browser settings. Note that disabling certain cookies may affect site functionality. We respect "Do Not Track" browser signals.

8. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children without parental consent. If you believe we have inadvertently collected such information, please contact us immediately for removal.

9. Cross-Border Data Transfers (APP 8)

Data Sovereignty Commitment

All personal information is stored and processed exclusively within Australia. We do not transfer personal data overseas unless:

  • You explicitly consent to the transfer
  • The transfer is required by law
  • Appropriate safeguards are in place

10. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Significant changes will be notified via email or website announcement at least 30 days before taking effect. Continued use of our services after changes indicates acceptance of the updated policy.

11. Making a Complaint

Complaint Process

Step 1: Contact DSX

Email: privacy@dsx.org.au | Phone: 1800 XXX XXX
We aim to resolve complaints within 30 days.

Step 2: Internal Review

If unsatisfied, request escalation to our Privacy Committee for independent review.

Step 3: External Review

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Web: www.oaic.gov.au | Phone: 1300 363 992

Contact Our Privacy Team

Privacy Officer

Email: privacy@dsx.org.au
Phone: 1800 XXX XXX
Hours: Monday-Friday, 9am-5pm AEST

Postal Address

Privacy Officer
Disability Services Exchange
[Address Line 1]
[City, State Postcode]

Response Time: Access/correction requests - 30 days | Complaints: Initial response within 7 days, resolution within 30 days | Complex matters: We'll notify you if more time is needed

Related Documents

© 2025 Disability Services Exchange. All rights reserved.

This privacy policy aims to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.