Legal

Privacy Policy

Last updated: April 2026

Our Commitment to Your Privacy

Keystone Community Care (“we”, “our”, or “us”) is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the NDIS Practice Standards.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services or interact with our website.

What Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact details: Name, address, phone number, email address
  • Identification: Date of birth, NDIS participant number (if applicable)
  • Health information: Disability type, support needs, medical conditions relevant to service delivery
  • Service information: Support plans, goals, progress notes, incident reports
  • Financial information: NDIS plan details, invoicing information, payment records
  • Emergency contacts: Names and contact details of nominated persons

Sensitive Information

We only collect sensitive information (such as health information) with your consent or where required by law. This information is necessary to provide appropriate support services tailored to your needs.

How We Collect Information

We collect personal information directly from you through:

  • Initial enquiry forms and consultations
  • Service agreements and consent forms
  • Ongoing support delivery and progress reviews
  • Phone calls, emails, and written correspondence
  • Our website contact forms and enquiry submissions

We may also collect information from third parties with your consent, such as your NDIS plan manager, support coordinator, family members, or healthcare providers.

How We Use Your Information

We use your personal information to:

  • Service Delivery: Provide personalized support services, develop and implement support plans, and monitor your progress
  • Communication: Respond to enquiries, provide updates about your services, and maintain ongoing communication
  • Administration: Process payments, manage invoicing, and maintain accurate service records
  • Compliance: Meet legal obligations under NDIS Practice Standards and other regulatory requirements
  • Safety: Manage incidents, respond to complaints, and ensure participant safety
  • Improvement: Improve our services, train staff, and evaluate service quality

How We Protect Your Information

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. Our security measures include:

  • Secure storage of physical records in locked filing cabinets with restricted access
  • Password-protected electronic systems with encryption for sensitive data
  • Staff training on confidentiality obligations and privacy requirements
  • Regular review and update of security practices
  • Secure disposal of information no longer required (shredding, secure deletion)

Who We Share Your Information With

We only disclose your personal information when necessary and with your consent (except where required by law). We may share information with:

  • NDIS-Related Parties: Your plan manager, support coordinator, or the NDIA for service delivery and funding purposes
  • Healthcare Providers: Medical professionals, therapists, or specialists involved in your care (with your consent)
  • Emergency Contacts: Your nominated family members or guardians in emergency situations
  • Legal Authorities: Government agencies, regulators, or law enforcement when required by law
  • Service Providers: Third-party providers (e.g., IT services, accounting) who assist us in delivering services, bound by confidentiality obligations

Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access Your Information: Request access to the personal information we hold about you
  • Correct Your Information: Request correction of inaccurate, incomplete, or out-of-date information
  • Withdraw Consent: Withdraw consent for us to use your information (subject to legal and contractual obligations)
  • Make a Complaint: Lodge a complaint if you believe we have breached your privacy

To exercise any of these rights, please contact us using the details provided at the end of this policy.

Website and Cookies

Our website may use cookies and similar technologies to improve your browsing experience. Cookies are small text files stored on your device that help us understand how you use our website.

You can disable cookies through your browser settings, though this may affect website functionality. We do not use cookies to collect personal information without your knowledge.

AI Chat Assistant

Our website includes an AI-powered chat assistant that helps visitors learn about our services, check eligibility, and get started. When you use the chat assistant, we collect and store:

  • Your chat messages and the assistant's responses
  • A randomly generated session identifier (not linked to your identity)
  • Your IP address and browser type for security and rate-limiting purposes
  • The date and time of each conversation

We use this information to improve the quality of our chat responses, identify common questions from visitors, and enhance our services. Chat conversations are automatically deleted after 90 days. Conversations that include a callback request are retained for up to 180 days to support follow-up.

If you request a callback through the chat assistant, you will be asked to provide your name and a phone number or email address. This information is stored separately and handled in the same way as a standard contact enquiry.

The chat assistant does not have access to your NDIS plan, personal health records, or any information you have not directly provided during the conversation.

Employee Personal Information

When you complete our employee onboarding form at /staff/onboarding, we collect personal information required to employ you under Australian law and to enrol you in our payroll system. This includes:

  • Identity details: Full legal name, date of birth, gender, address, contact details
  • Tax information: Tax File Number (TFN), residency status, tax-free threshold election, HELP/study loan status
  • Bank account details: Account name, BSB, and account number for salary payments
  • Superannuation details: Super fund name, USI, and member number
  • Employment details: Start date, job title, employment basis (full-time, part-time, or casual)
  • Emergency contact: Name, phone number, and relationship of a nominated person

This information is collected under the authority of the Taxation Administration Act 1953 (Cth), the Superannuation Guarantee (Administration) Act 1992 (Cth), and the Fair Work Act 2009 (Cth). Providing your TFN is optional, but failing to do so will result in tax being withheld at the highest marginal rate.

Sensitive financial information (TFN, bank details, and superannuation membership numbers) is encrypted at rest using industry-standard encryption. Access is restricted to authorised Keystone staff for payroll administration purposes only, and is logged in our internal audit trail.

Third-Party Service Providers

To operate our services, we share limited personal information with the following third-party service providers. Each provider is bound by contractual obligations to protect your information and use it only for the purposes we specify.

  • Xero (payroll processing): Employee onboarding details (including name, date of birth, address, contact details, tax information, bank account, and superannuation details) are transferred to Xero AU Payroll to enable payroll administration, PAYG tax reporting, and Single Touch Payroll (STP) compliance with the Australian Taxation Office. Xero's privacy practices are governed by their privacy notice.
  • Resend (email delivery): We use Resend to send transactional emails (enquiry confirmations, onboarding links, callback replies). Email addresses and message content are transferred to Resend for delivery purposes only.
  • AI chat provider: Messages sent to our chat assistant are processed by a third-party large language model provider to generate responses. Messages are transmitted over encrypted channels and are not retained by the AI provider for training purposes.
  • Infrastructure and hosting: Our website and database are hosted on commercial cloud infrastructure. Personal information is stored in Australian data centres where available.

We do not sell, rent, or disclose personal information to any party except as described in this policy or as required by law.

Retention of Information

We retain your personal information for as long as necessary to provide services and meet our legal obligations. Under NDIS requirements, we must retain service records for at least seven years after service delivery ends.

Chat assistant conversations are retained for 90 days (or 180 days if a callback was requested) and then automatically deleted.

Once information is no longer required, we securely destroy or permanently delete it in accordance with our records management policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the revision date. We encourage you to review this policy periodically.

Making a Complaint

If you believe we have breached your privacy, please contact us immediately. We will:

  1. Acknowledge your complaint within 5 business days
  2. Investigate the matter thoroughly
  3. Provide a written response within 30 days
  4. Take corrective action if a breach is identified

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or the NDIS Quality and Safeguards Commission at www.ndiscommission.gov.au.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:

Keystone Community Care
Email: [email protected]
Phone: 0403 886 293
Service Area: Brisbane & Gold Coast, Queensland