Positive Step is committed to protecting the privacy and confidentiality of personal and health information for our clients, families, referrers, and website users.Â
We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store and disclose personal information, and how you can access or correct your information.
As an NDIS-registered provider, we manage information in accordance with the Privacy Act 1988 (Commonwealth), the Australian Privacy Principles, the NDIS Act 2013, and the NDIS Practice Standards. We also uphold professional obligations under AHPRA and duty of care requirements.
Personal Information Collection
We may collect personal information about you, including:
- your name, date of birth, address, phone number and email address
- NDIS-related information (such as your NDIS number, plan dates, goals and supports)
- health and disability-related information where relevant to providing our services
- information about your representatives (such as nominees, guardians or family contacts)
- service delivery records, including notes and incident records
- billing and payment information
Sensitive information is only collected with your consent.
How we collect Information:
We collect personal information in a range of ways, including:
- directly from you when you contact us, complete forms, or use our services
- from your representative (such as your nominee or guardian) where appropriate
- from referrers or other service providers where you have consented or where permitted by law
- through our website when you submit an enquiry or make a referral.
Why We Collect, Use And Disclose Personal Information
We collect, use and disclose personal information for purposes including:
- to assess whether we can provide supports safely and appropriately
- to provide services and coordinate service delivery
- to manage bookings, schedules, and service administration
- to comply with our legal and regulatory obligations
- to manage billing, payments and record-keeping
- to respond to feedback, incidents and complaints
Who We May Disclose Personal Information To
We may disclose personal information to:
- your plan manager, support coordinator, or authorised representatives with your consent.
- other service providers involved in your supports (where appropriate and authorised)
- our staff who need the information to provide services
- our professional advisers (such as accountants, legal advisers) where necessary
- IT service providers who help us operate our systems
- Government bodies, regulators, or law enforcement agencies where required or authorised by law
We do not sell personal information.
How We Store And Protect Personal Information
We take the security of your personal information seriously. All reasonable steps are taken to ensure that all information is treated confidentially, kept secure and protected against unauthorised use and is maintained only for the purpose for which it is intended. Your personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal Information. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Steps that we take to protect your information include:
- Role-based access controls within our practice management systems, ensuring information is only accessible to authorised employees who require it for their work.
- Password protection, device security measures, and two-factor authentication (2FA) requirements for work systems and devices.
- Secure cloud storage, encryption, and approved communication platforms to protect information during storage and transmission.
- Staff training in privacy, confidentiality, and cyber security, including obligations relating to the handling of sensitive personal and health information.
- Secure handling, storage, and disposal of confidential documents and information.
Website and Cookies
Our website may collect limited analytics data to help improve our services. Any personal information submitted via forms is used only to respond to enquiries or provide services.
Access to Your Personal Information
You can request access to your personal information at any time. You may also request for us to update any information or change any information that is incorrect. You may access the personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing. We may need to verify your identity before we respond.
Positive Step will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information. To protect your personal information, we may require identification from you before releasing the requested information.
Policy Updates
This policy may change from time to time.
Privacy Policy Complaints
If you have a complaint about our privacy policy, please contact us at:
Positive Step
PO Box 425, Karrinyup, WA, 6291.
Phone: 08 9341 7300
Email: referrals@positivestep.com.au
If you are not satisfied with our response, you may contact:
- Office of the Australian Information Commissioner
- NDIS Quality and Safeguards Commission
Date: 21/05/2026