Privacy Policy

At Avalon Home Care, we’re committed to protecting your privacy and the confidentiality of your personal information. We understand that sharing personal details requires trust, and we take that responsibility very seriously. This Privacy Policy explains how we collect, use, and disclose your information, and how we keep it safe. We follow the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth). We want this to be easy to understand, so we’ve used plain language as much as possible. This policy applies to all personal information collected by Avalon Home Care, whether through our website, over the phone, in person, or by any other means.

We collect personal information that is reasonably necessary for us to provide you with high-quality in-home care services and to comply with our legal obligations. The types of personal information we collect may include:

• Contact Information: Your full name, address, date of birth, telephone number(s), and email address.

• Health Information: Information about your health, medical history, current medications, allergies, disabilities, and any other health-related information relevant to your care needs. This is considered “sensitive information” under the Privacy Act.
• Emergency Contact Information: The name, address, and phone number of your nominated emergency contact person(s).
• Financial Information: Your bank account details or credit card details (if you choose to pay by direct debit or credit card), and information about any government funding you receive (e.g., Home Care Package details).
• NDIS Information: If you are an NDIS participant, we will collect information related to your NDIS plan, including your NDIS number, plan goals, and details of your funded supports.
• Aged Care Information: If you are accessing Aged Care, we will collect information related to your Aged Care plan, including your Aged Care number.
• Government Identifiers: Your Medicare number, pension number, or other government identifiers, where required for providing services or complying with legal obligations.
• Family/Carer Information: Information about your family members or carers, where relevant to your care (e.g., their contact details, their relationship to you).
• Other Information: Any other information you provide to us that is relevant to your care, such as your preferences, interests, and social activities.

We collect this information in a number of ways, including:

• Directly from you: When you complete forms, speak with us on the phone, meet with us in person, or interact with our website.
• From your family members or authorised representatives: With your consent, or where permitted by law.
• From your healthcare providers: With your consent, or where permitted by law (e.g., in an emergency).
• From government agencies: Such as the NDIS or Services Australia, where relevant to your funding or services.
• From publicly available sources.

We will only collect sensitive information (such as health information) with your consent, unless we are required or permitted by law to collect it without your consent (e.g., in an emergency).

We use your personal information for the following purposes:

• Providing Services: To provide you with in-home care services, including developing and managing your care plan, scheduling visits, and communicating with you about your care.
• Communication: To communicate with you and your family/carers about your care, appointments, and other relevant matters.
• Payment Processing: To process payments for our services, including invoicing and managing accounts.
• NDIS Compliance (if applicable): To meet our obligations as a registered NDIS provider, including reporting and claiming.
• Aged Care Compliance (if applicable): To meet our obligations as a registered NDIS provider, including reporting and claiming.
• Legal Compliance: To comply with all applicable laws and regulations, including the Privacy Act 1988 (Cth) and the APPs.
• Quality Improvement: To improve our services and develop new services that better meet the needs of our clients. (This use will generally be de-identified).
• Internal Administration: For internal record-keeping, accounting, and administrative purposes.

• Marketing With concent, we may send marketing material.

We will only use your personal information for the purposes for which we collected it, or for directly related purposes that you would reasonably expect, unless we have your consent to use it for other purposes, or we are required or permitted by law to do so.

We may disclose your personal information to the following third parties, but only when necessary and always in accordance with the Privacy Act:

• Our Staff: Our carers and administrative staff who need access to your information to provide you with services.
• Your Healthcare Providers: Your doctor, specialists, therapists, and other healthcare professionals involved in your care (with your consent).
• Your Family Members/Authorised Representatives: With your consent, or where permitted by law.
• Government Agencies: Such as the NDIS, Services Australia, or other relevant agencies, as required by law or for funding purposes.
• Third-Party Service Providers: We may engage third-party service providers to assist us with tasks such as payment processing, IT support, and data storage. We will only disclose your information to these providers to the extent necessary for them to perform their services, and we will ensure that they are bound by confidentiality obligations and comply with the APPs.
• Legal Requirements: We may disclose your information if required to do so by law, such as in response to a court order or subpoena.
• Emergency Situations: In certain situations, we may have no choice but to use information.

We will never sell your personal information to third parties.

We take the security of your personal information very seriously and have implemented a range of measures to protect it from misuse, interference, loss, unauthorized access, modification, or disclosure. These measures include:  

• Physical Security: Secure storage of paper records in locked cabinets and restricted access areas.
• Electronic Security: Password protection for all computer systems and databases, use of firewalls and antivirus software, encryption of sensitive data during transmission and storage.
• Data Access Controls: Limiting access to personal information to authorised personnel only.
• Staff Training: Regular training for all staff on privacy and data security obligations.
• Data Breach Response Plan: A plan in place to respond to any data breaches in accordance with the Notifiable Data Breaches (NDB) scheme.

• Regular Audits: We conduct regular audits of our security systems and procedures.

You have the right to access the personal information we hold about you and to request corrections if you believe it is inaccurate, incomplete, out-of-date, irrelevant, or misleading. To request access or correction, please contact our Privacy Officer using the details provided below.   

We will respond to your request within a reasonable period (usually within 30 days) and will provide access in the manner requested, unless it is unreasonable or impracticable to do so. In some circumstances, we may refuse access or correction. If we do so, we will provide you with written reasons for the refusal and information about how to complain.

If you believe that we have breached the Australian Privacy Principles or have otherwise mishandled your personal information, you can make a complaint to our Privacy Officer using the contact details below. We will investigate your complaint and respond to you in writing within a reasonable period (usually within 30 days).

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The most current version will always be available on our website. We encourage you to review this policy periodically. If we make significant changes, we will notify you by email (if we have your email address) or by posting a notice on our website.