Privacy Policy – Komplete Disability

01

About This Policy

This Privacy Policy explains how KOMplete Disability Support Services Pty Ltd (ABN 58 653 934 108) ("Komplete Disability", "we", "our", "us") collects, holds, uses, and discloses personal information.

This policy applies to all personal information we handle about:

NDIS participants and their families or representatives
Referrers and support coordinators
Job applicants, employees, and contractors
Visitors to our website and offices
Other individuals who interact with our organisation

We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the NDIS Act 2013 and associated rules, including the NDIS Practice Standards. We take our obligations under these laws seriously.

02

Who We Are

Komplete Disability is a registered NDIS provider delivering disability support and allied health services across South Australia. Our services include support coordination, specialist behaviour support, community nursing, personal care, and a range of allied health and therapeutic supports.

Legal NameKOMplete Disability Support Services Pty Ltd

ABN58 653 934 108

NDIS ProviderRegistered NDIS Provider

AddressAdelaide, South Australia

Phone0470 141 139

Emailadmin@kompletedisability.com.au

03

What Information We Collect

We collect personal information that is reasonably necessary for us to provide our services. The types of information we may collect include:

Identity Information

Contact Information

Health & Disability Information

Service & NDIS Information

Employment Information

Website & Technical Data

04

How We Collect Information

We collect personal information in a number of ways, including:

Directly from you — when you make a referral, submit a form, contact us by phone or email, attend our offices, or apply for employment
From third parties — including the NDIS, support coordinators, plan managers, GPs, allied health professionals, hospitals, and other service providers with your consent
Automatically — when you visit our website, certain technical information may be collected via cookies and server logs
From your representative — with authority from a guardian, nominee, or support coordinator acting on your behalf

Where it is lawful and practical, we will collect personal information directly from the individual concerned. We will always tell you why we are collecting information and how it will be used.

05

Why We Collect Information (Purpose)

We use personal information only for the purposes for which it was collected, or for directly related purposes that you would reasonably expect. These include:

Assessing and processing referrals for support services

Planning, coordinating, and delivering disability and allied health support services

Communicating with you about your services, appointments, and care

Complying with our obligations as an NDIS registered provider

Fulfilling mandatory reporting obligations under the NDIS Act and other legislation

Processing employment applications and managing staff records

Investigating and responding to complaints and feedback

Improving the quality and safety of our services

Meeting our legal, insurance, and audit obligations

Responding to enquiries submitted through our website

06

Sensitive Information

We handle sensitive information as defined under the Privacy Act 1988, including:

Health and medical information
Disability information
Racial or ethnic origin
Religious or philosophical beliefs
Sexual orientation or sex life (where relevant to culturally safe support)
Criminal record (for worker screening purposes)

We will only collect sensitive information with your explicit consent, unless we are required or authorised by law to do so (for example, in the case of mandatory reporting of abuse, neglect, or exploitation under the NDIS Act 2013 or Reportable Incidents framework).

Sensitive information receives a higher level of protection. We do not use or disclose it for any purpose other than those described in this policy without your consent, except as required by law.

07

Disclosure of Information

We may disclose your personal information to third parties only where necessary and in accordance with the APPs. Disclosures may include:

NDIS Quality & Safeguards Commission

Mandatory reporting of reportable incidents, audits, and compliance obligations

National Disability Insurance Agency (NDIA)

Service bookings, plan management, and participant-related administration

Allied Health & Medical Professionals

Coordination of care and therapeutic support with your consent

Support Coordinators & Plan Managers

To facilitate service delivery and plan implementation as authorised

Legal & Regulatory Bodies

When required by law, court order, or to protect the health and safety of any person

Technology & Service Providers

Cloud storage, email platforms, and practice management software used under strict data processing agreements

Insurance Providers

Processing of insurance claims and risk management as required

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not disclose your information beyond what is described in this policy without your consent, except where required or authorised by law.

08

Overseas Disclosure

Some of our technology service providers (such as cloud storage or email platforms) may store data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure that overseas recipients handle personal information in accordance with the Australian Privacy Principles or comparable privacy standards.

By using our services and providing your information, you acknowledge that your information may be stored or processed overseas under these arrangements.

09

Security of Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

Password protection and access controls on all systems

Encrypted storage of files and documents outside public web directories

Role-based access — staff only access information relevant to their role

Privacy and confidentiality training for all staff and contractors

Secure destruction of records when no longer required

Regular review of security practices and privacy procedures

Notifiable Data Breaches: In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Privacy Act 1988 (Notifiable Data Breaches scheme).

10

Retention of Records

We retain personal information for as long as it is necessary to fulfil the purposes described in this policy, and as required by law. Minimum retention periods that apply to our records include:

Record Type Minimum Retention Period

Participant service records 7 years from last service date (or age 25 if minor)

Employment records 7 years after employment ends

Incident and complaint records 7 years (minimum)

Financial records 5–7 years (ATO and NDIS requirements)

Job application records (unsuccessful) 12 months

Website enquiry forms 2 years or until matter is resolved

When records are no longer required, they are securely destroyed in accordance with our records management policy.

11

Access & Correction of Your Information

Under the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you
Request corrections if the information is inaccurate, incomplete, or out of date
Request deletion of information we are no longer required to hold

To make a request, please contact our Privacy Officer using the details in Section 16. We will respond within 30 days. In some circumstances we may be unable to provide access (e.g. where it would unreasonably impact the privacy of another person, or where we are legally required to retain the information), and we will explain any such refusal in writing.

NDIS participants also have rights to access their information under the NDIS Act 2013. In cases involving your NDIS plan, you may also contact the NDIA directly at 1800 800 110.

12

Anonymity & Pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym. For example, you may submit general feedback or enquiries without identifying yourself.

However, due to the nature of NDIS-funded support services, we generally need to identify you in order to safely deliver services, meet NDIS obligations, and maintain required records. We are unable to deliver support services without collecting personal information.

13

Website & Cookies

Our website may collect non-identifiable data about how you use the site, including pages visited, time spent on pages, and browser type. This is used to improve the website experience.

We may use cookies (small text files stored on your device) to:

Remember your accessibility preferences (text size, contrast mode)
Maintain your session during form submissions
Understand how visitors use our website

You can disable cookies in your browser settings. Doing so may affect the functionality of some features on our website.

Our website does not contain third-party advertising or tracking cookies.

14

NDIS-Specific Privacy Obligations

As a registered NDIS provider, we have specific obligations under the:

National Disability Insurance Scheme Act 2013 (Cth)
NDIS (Provider Registration and Practice Standards) Rules 2018
NDIS Practice Standards (Core Module and relevant supplementary modules)
NDIS Code of Conduct

Mandatory Reporting

We are required by law to report certain incidents to the NDIS Quality and Safeguards Commission, including allegations of abuse, neglect, exploitation, and unlawful physical or sexual contact involving NDIS participants.

Worker Screening

We collect information about our workers for the purpose of NDIS Worker Screening Checks and ensure all workers who deliver services to participants hold a valid clearance.

Participant Rights

Participants have the right to make decisions about their own lives, including decisions about who their information is shared with. We will always seek consent before sharing participant information with families or representatives.

Behaviour Support

Where we implement behaviour support plans involving regulated or restrictive practices, additional consent and reporting obligations apply under the NDIS Practice Standards for Specialist Behaviour Support.

15

Privacy Complaints

If you believe we have handled your personal information inappropriately, or you wish to make a privacy complaint, please follow these steps:

1

Contact Us Directly

Email or write to our Privacy Officer (see Section 16). We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

2

NDIS Quality & Safeguards Commission

If your complaint relates to NDIS service delivery, you may also contact the NDIS Commission at 1800 035 544 or ndiscommission.gov.au.

3

Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response, you may lodge a complaint with the OAIC at 1300 363 992 or oaic.gov.au.

16

Contact Us — Privacy Officer

For all privacy-related enquiries, access and correction requests, or complaints, please contact our Privacy Officer:

KOMplete Disability Support Services Pty Ltd

Attn: Privacy Officer

Adelaide, South Australia

0470 141 139

admin@kompletedisability.com.au

Submit a Privacy Complaint General Contact

Policy Updates: This Privacy Policy was last reviewed and updated in June 2026. We may update this policy from time to time to reflect changes in our practices or legal obligations. Updated versions will be published on this page. We encourage you to review this policy periodically.