Privacy Policy
Last updated: January 2025
1. Introduction
At Care Management System (CMS), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform and Services.
We understand the sensitive nature of the information we handle, particularly in relation to NDIS participants and care services. We adhere to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and other applicable privacy legislation.
2. Information We Collect
2.1 Personal Information
We collect personal information that you provide directly to us, including:
- Identity Information: Name, date of birth, gender, contact details
- Account Information: Username, password, email address, phone number
- NDIS Information: NDIS participant number, plan details, service agreements
- Health Information: Medical conditions, care needs, support requirements, progress notes
- Financial Information: Billing details, payment information, invoices
- Employment Information: For support workers - qualifications, certifications, employment history
- Communication Data: Messages, support tickets, feedback
2.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent on the Platform
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, system activity
- Cookies and Tracking: Session data, preferences, authentication tokens
2.3 Information from Third Parties
We may receive information from third parties such as NDIS portals, healthcare providers, or other authorized entities involved in care coordination.
3. How We Use Your Information
We use the collected information for the following purposes:
Service Delivery
- Provide and maintain our Platform and Services
- Process and manage care services and appointments
- Generate reports and documentation
- Facilitate communication between participants, providers, and support workers
Account Management
- Create and manage user accounts
- Authenticate users and maintain security
- Process payments and manage subscriptions
- Provide customer support
Compliance and Legal
- Comply with NDIS requirements and regulations
- Meet audit and reporting obligations
- Respond to legal requests and prevent fraud
- Enforce our Terms and Conditions
Improvement and Analytics
- Analyze usage patterns to improve our Services
- Develop new features and functionality
- Conduct research and analytics (in aggregated, de-identified form)
- Monitor and improve system performance
Communication
- Send service-related notifications and updates
- Respond to inquiries and support requests
- Send marketing communications (with your consent)
- Notify you of changes to our Services or policies
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
4.1 With Your Consent
We share information when you explicitly authorize us to do so, such as sharing participant information with assigned support workers or healthcare providers.
4.2 Service Providers
We may share information with trusted third-party service providers who assist us in operating our Platform, such as hosting services, payment processors, and analytics providers. These providers are bound by confidentiality obligations.
4.3 Legal Requirements
We may disclose information when required by law, in response to legal processes, to protect our rights or safety, or to comply with NDIS reporting requirements.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
5. Data Security
We implement industry-standard security measures to protect your information:
Encryption
Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption
Access Controls
Strict access controls and authentication mechanisms to prevent unauthorized access
Regular Audits
Regular security assessments and vulnerability testing
Secure Infrastructure
Hosting on secure servers with backup and disaster recovery procedures
Staff Training
Regular privacy and security training for all staff members
While we implement robust security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.
6. Data Retention
We retain your personal information for as long as necessary to:
- Provide our Services to you
- Comply with legal, regulatory, or NDIS requirements (typically 7 years for financial and care records)
- Resolve disputes and enforce agreements
- Support business operations and analytics
When information is no longer required, we securely delete or anonymize it in accordance with our data retention policies.
7. Your Privacy Rights
Under Australian privacy law, you have the following rights:
Right to Access
Request access to the personal information we hold about you
Right to Correction
Request correction of inaccurate or incomplete information
Right to Deletion
Request deletion of your information (subject to legal retention requirements)
Right to Object
Object to certain uses of your information, such as marketing communications
Right to Data Portability
Request a copy of your information in a portable format
Right to Complain
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise these rights, please contact us using the details provided below.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our Platform:
Essential Cookies: Required for Platform functionality and security
Performance Cookies: Help us understand how users interact with the Platform
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Provide insights into usage patterns and performance
You can control cookies through your browser settings, but disabling certain cookies may affect Platform functionality.
9. Children's Privacy
Our Platform may be used to manage care services for NDIS participants under 18 years of age. In such cases, we collect information only with appropriate parental or guardian consent and in accordance with legal requirements.
We do not knowingly collect personal information from children under 18 without proper authorization and parental consent.
10. International Data Transfers
Your information is primarily stored and processed in Australia. If we transfer information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with Australian privacy law.
11. Third-Party Links
Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through a notice on the Platform. Your continued use of our Services after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Privacy Officer
Email: privacy@kaysconsulting.com.au
Phone: Available upon request
Address: 217/14 Lexington Drive, Bella Vista 2153, NSW Australia
Office of the Australian Information Commissioner (OAIC)
If you are not satisfied with our response to your privacy concern, you may contact:
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Your Consent
By using the Care Management System Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.