PRIVACY POLICY

AU PLUSCARING SERVICES PTY LTD (“we”, “us”, “our”) is committed to protecting the privacy and dignity of all individuals who engage with our services. We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches Scheme, and our obligations as a registered NDIS provider, including the NDIS Code of Conduct and NDIS Practice Standards. This Privacy Statement explains how we collect, use, store, disclose, and protect your personal information when you use our services or visit our website.

We take our privacy responsibilities seriously. We ensure that: • Personal information is collected lawfully, fairly, and transparently. • Sensitive information, including health information, is only collected with your consent or when authorised by law. • Information is collected only when necessary for the safe and effective delivery of our services. • Individuals may request access to, or correction of, their information at any time. • Information is stored securely and protected against loss, misuse, unauthorised access, or disclosure. • We meet all NDIS privacy obligations, including safeguarding participant information and reporting breaches where required.

Depending on your relationship with us, we may collect: General information Name, contact details, date of birth, gender. Identity information Driver’s licence, passport, or other identity documents. Health and support information Medical history, disability information, medication details, assessments, support needs, and care plans. This information is collected with consent or as required by law. Cultural and communication preferences Language, cultural background, religious preferences (where relevant to service delivery). Emergency and representative details Next of kin, guardian, nominee, or advocate. Employment information (for staff and contractors) Resumes, qualifications, background checks, screening clearances. Website usage information IP address, browser details, cookies, and analytics data.

We collect personal information: • Directly from you in person, online, via forms, phone, email, or meetings. • From your authorised representative (e.g., family member, guardian, nominee). • From health professionals and other services involved in your care. • From government agencies (including the NDIA or NDIS Commission) where authorised. • From third parties when you have provided consent or when legally permitted. We prefer to collect information directly from you whenever possible.

We collect and use personal information to: • Deliver and coordinate NDIS and related support services. • Communicate with you and respond to enquiries. • Coordinate supports with health professionals and emergency services. • Manage risk, safety, compliance, and legal obligations. • Improve service quality through training, audits, and evaluation. • Manage recruitment, onboarding, employment, and contracting. We will not use your personal information for unrelated purposes unless required by law or with your consent.

We may disclose personal information to: • Support workers, contractors, or service partners involved in your care. • Health professionals or emergency responders. • The NDIA, NDIS Quality and Safeguards Commission, or other regulators when required. • Your nominated representative, such as a guardian, next of kin, or advocate. • Insurers, auditors, and legal advisors subject to confidentiality obligations. • External service providers supporting our operations (e.g., IT, cloud services, software platforms). We do not sell, rent, or trade personal information. Related Entities Where operational support is provided by related entities, information is shared only where necessary and with your written consent. All related entities must comply with equivalent privacy protections. Serious Threats Information may be disclosed without consent if required to prevent or reduce a serious threat to life, health, or safety, or where otherwise required by law.

Some personal information may be stored or processed by cloud-based providers located overseas. When this occurs, we take reasonable steps to ensure that: • the countries where information is stored or processed are identified where practicable, • overseas providers are contractually required to protect information to standards consistent with the APPs, and • your information remains protected by appropriate safeguards. If a provider cannot specify exact hosting locations, we ensure they meet strict privacy and security requirements. Additional details are available upon request.

We use a range of safeguards to protect personal information, including: • Secure IT systems and encrypted digital storage • Multi-factor authentication and role-based access • Secure physical file storage • Staff training and confidentiality agreements • Data breach response procedures consistent with the Notifiable Data Breaches Scheme

We retain personal information only for the period required to meet: • legal and regulatory obligations, • NDIS Practice Standards, and • operational requirements. Some NDIS-related records may need to be kept longer than seven years. When information is no longer required, it is securely destroyed or permanently de-identified.

You may request: • Access to the personal information we hold, and • Correction of incomplete or inaccurate information. We may ask you to verify your identity. Requests are addressed promptly and within a reasonable period unless lawful exemptions apply.

If you believe your privacy has been breached, you may lodge a complaint: Directly with us We handle complaints confidentially and aim to resolve matters promptly through our internal procedures. Externally Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au (http://www.oaic.gov.au/) NDIS Quality and Safeguards Commission: www.ndiscommission.gov.au(http://www.ndiscommission.gov.au/) Making a complaint will not affect your access to services.

We use cookies and analytics tools to enhance website functionality. These tools may collect information such as device details, browsing patterns, and pages viewed. Some analytics services may be provided by third-party providers. You may disable cookies in your browser settings, though some website features may not function as intended.

We send marketing communications only where you have agreed to receive them. You may opt out at any time by using an unsubscribe link or contacting us directly. We do not use sensitive information for marketing without explicit consent.

We may update this Privacy Statement periodically. Significant updates will be published on our website. Continued use of our services indicates acceptance of updated terms.

For privacy enquiries, access requests, corrections, or complaints, please contact: AU PLUSCARING SERVICES PTY LTD Email: info@aupluscaring.com Phone: +61 240 620 904 Website: www.aupluscaring.com.au(http://www.aupluscaring.com.au/)

Last Updated: Nov 2025.