This is the privacy statement of Ability Options Ltd ABN 92 003 175 335, referred to as ‘we’, ‘us’ or ‘our’. Customers, candidates, business contacts and other individuals with whom we deal may provide us with personal information (defined below). The purpose of this privacy statement is to provide information about how we deal with and manage personal information.

We are headquartered in Australia and for that reason this privacy statement is based on the requirements of the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (which exist within the Privacy Act).

Our privacy and confidentiality policy ensures that we comply with the Convention on the Rights of Persons with Disabilities – Article 22 – Respect For Privacy, and, insofar as they relate to privacy, the National Standards for Disability Services.

Our obligations under the Privacy Act exist in respect of our dealings with “personal information” of “individuals”.

What is personal information?

Personal information is defined in the Privacy Act as:
‘information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.’

Why do we collect personal information?

There are few, if any, organisations that can function without personal information. We are no exception.

The information we collect is done so where reasonably necessary to conduct our business and provide services to participants.

Our business activities include:
• providing disability support services to individuals including:
– accommodation and supported living;
– short-term accommodation;
– community and social activities;
• providing employment services to job seekers and employers;
• providing support coordination under the National Disability Insurance Scheme (NDIS);
• marketing our services;
• undertaking research to improve our services;
• obtaining goods and services from other businesses;
• employing staff; and
• complying with legal and regulatory obligations.

Some common examples of personal information that we may collect include an individual’s name, contact details, and details of the type of services they receive from us.

We acknowledge that some of the personal information shared with us may be considered sensitive information. Examples of sensitive information about an individual include information about the individual’s:
• health;
• racial or ethnic origin;
• religious beliefs or affiliations;
• sexual orientation or practices; and
• criminal record.

The nature of the services we provide means it’s reasonable for us to collect sensitive information from and about our participants and other individuals with whom we deal. Any sensitive information which we do collect will either be collected with the consent of the relevant individual or as permitted by law.

How do we collect and keep personal information?

We receive personal information in different ways and through a number of different media including:
• via online sources (including email and other electronic communication channels, Facebook, Instagram, and other social media and technology platforms);
• by telephone;
• through face-to-face communications;
• by hard copy correspondence and documentation; and
• use of CCTV.

Surveillance monitoring through CCTV cameras may be undertaken at our sites. CCTV cameras are for security purposes only. Any images or video footage captured by us pertaining to employees, participants, family members, contractors, and volunteers will not be used without the subject’s consent, unless production is required or authorised under a Commonwealth or State law or a court or tribunal order.

Footage captured is unmonitored unless a security issue has been identified and is retained within a hard drive located at the site where the CCTV is present. All footage obtained will be automatically recorded over once the hard drive has reached capacity. Only authorised members of our team and the security company that maintains its functionality are able to access the footage.

We keep different types of records that include personal information. These include records stored electronically on databases, information stored in the cloud, and also hard copy files.

Our computer servers that house electronic files are located within Australia. Personal information that we have collected is routed through and stored on our servers to support service delivery and other business functions.

We take reasonable steps to protect personal information we hold from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure.

When do we use or disclose or transfer personal information?

Where we collect personal information for a particular purpose, we may use or disclose that personal information for that purpose. For example, if a customer obtains a product or service from us, we may use and/or disclose their personal information for the purpose of providing the product or service to them.

We may also use or disclose personal information for other secondary purposes including:
• where the individual has consented to the use or disclosure for the secondary purpose;
• where the secondary purpose is related to (or in the case of sensitive information directly related to) the purpose for which the personal information was collected, and the individual concerned would reasonably expect us to use or disclose the information – for example providing marketing information to existing customers (unless the customer has requested not to receive marketing information from us);
• the use or disclosure is required or authorised under a particular law or a court or tribunal order;
• a permitted general or health situation exists as defined in the Privacy Act; or
• we reasonably believe that the use or disclosure of the personal information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

We may disclose your personal information to third parties, such as our service providers (including IT services including cloud storage services, insurers, financial institutions, mailing houses), member organisations and other business partners, our professional advisers (including lawyers, accountants, and auditors), and government, regulatory and law enforcement authorities.

We use the personal information that we collect for a variety of purposes related to the services that we provide. We only hold and process personal data when a Commonwealth or State law allows us to.

Security of your personal information

We have put in place appropriate technical and organisational measures to help keep the personal information that we collect safe from unauthorised access or disclosure as required by law and in accordance with good industry practice. For example, all information you provide to us is stored on our secure servers and our database is encrypted using only whitelisted IP addresses for access. Any payment transactions will be encrypted using SSL technology.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or websites or other parts of our information systems (“Site”), you are responsible for keeping this password confidential. You must not share your password with anyone.

The transmission of information via the internet is not completely secure. Although we implemented the measures described above to protect your personal information, we cannot guarantee the security of information that is transmitted to our Site and any transmission is at your own risk.

We will react swiftly upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.

Retention of your personal information

We are legally obliged to retain our business records (some of which are, or contain, personal information) for specific timeframes specified by law. The end point of that obligation as it applies to specific information depends on a range of factors, including when the record was created and/or updated. We will only retain your personal information for as long as is necessary for the purposes described in this policy or as long as we are legally required to do so, whichever is longer. This means that retention periods will vary according to the type of personal information that we have collected in the first place. For example, we’ll hold on to your personal information for as long as you have your account, or as long as is needed to be able to provide the services to you but, in addition, we will also retain some of your personal information (even after you have closed your account) for fraud prevention and detection reasons and as long as necessary to comply with our statutory obligations.

Transferring personal information overseas

At all times we will ensure that wherever in the world your personal information is stored or processed, it will be done so in full adherence to prevailing law.

We will process your subject access request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why.

How can you access personal information relating to you that we hold?

You may request access to your personal information held by us by contacting our Quality, Practice and Assurance Team (details below). We will provide access where we are required to do so under law. In other cases, we reserve our right not to provide access. We also reserve the right to recover our reasonable costs of providing you with access to your personal information held by us.

How to contact our Quality, Practice and Assurance Team:
Quality, Practice and Assurance | Ability Options Ltd
PO Box 165, Seven Hills NSW 1730
Email: QualityAssurance@abilityoptions.org.au

Ability Options’ Use of Cookies

In order to improve our websites and our overall services, we collect data by way of “cookies”. A cookie is a small text file containing small amounts of information which are automatically downloaded into your computer (or other electronic devices) when you access our application, site, or platform. Cookies help us to measure the number of visits, average time spent, page views and other statistics relating to your access to our websites. Therefore, generally, we use cookies to:
• recognise your browser as a previous visitor and save any preferences that may have been set during your last visit to one of our sites;
• help your session load faster;
• keep you signed in;
• monitor how you use the website and platform;
• track website analytics and carry out research and statistical analysis to help improve our content, products, and services and to help us better understand our visitors’ or customers’ requirements and interests;
• customise and target our marketing and job-advertising campaigns and those of our partners more effectively;
• measure and research the effectiveness of our interactive online content, features, advertisements, and other communications;
•make your online experience more efficient and enjoyable.

What type of cookies do we use?

We use functional cookies to recognise you on our website and remember your previously selected preferences. These could include what language you prefer to use and your location. A mix of first-party and third-party cookies are used. The exception to functional cookies is where the cookies are strictly necessary for us to operate the Ability Options websites or any related application or site and/or to provide you with a service you have requested.

Further information about cookies, including how to see what cookies have been set on your computer or device and how to manage and delete them, visit www.allaboutcookies.org and www.allaboutcookies.org.

Third-Party Cookies

Third-party cookies are set by a third-party site separate from Ability Options Ltd. We work with third-party service providers who are authorised to place third-party cookies and may also set cookies on our site. These third-party service providers are responsible for the cookies they set on the site. If you want further information, please go to the website of the relevant third party. If you would like to opt-out of all other types of technologies we employ on this Site, you may do so by changing your browser settings to block, delete or disable these technologies as your browser or device permits.

In light of changes to cookies practices in the recent past, with respect to the disablement of third party cookies on some browsers, we include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly:

Management of Complaints

If an individual is concerned about how we manage their personal information or believe we have breached the Australian Privacy Principles (APP), a complaint can be made:

• directly to us through the Ability Options website or via our internal complaints mechanism or to the Office of the Australian Information Commissioner (OAIC).
• the Quality, Practice and Assurance is responsible for handling enquiries, requests, complaints relating to the Privacy Act (QualityAssurance@abilityoptions.org.au).

Do you know someone who could benefit from our services?

Refer them to Ability Options to help them get the support they want and deserve.

Refer a Participant