Privacy Statement

Our promise

We respect your privacy and will keep your personal information safe. This is a simple guide about what we do with your personal information. We wrote it in an easy to read way. You can ask someone you trust to help you read it. 

  

Why this is important

We know that sharing personal information can be hard, especially if you have had tough experiences before. We want you to feel safe and in control. We follow Australian privacy laws and NDIS rules to protect your information. 

​

What is Personal Information and why do we collect it? 

We only collect information that we need to support you. This is usually things about who you are and what help you need. For example, we may collect: 

  

• ✔ Your name and how to contact you. (For example, your address, phone number, and email.) 

• ✔ Details about your health or disability. (This helps us provide the right support. We might ask about medications you take or things you find difficult, so we can assist you better.) 

• ✔ Your birthday and some personal details. (Like what language you speak or your cultural background, if you want to share. This helps us respect your needs.) 

• ✔ Information about the support services you use. (For example, your NDIS plan number, what supports you get from us, and records of what we do together – like notes about your progress or any incidents.) 

• ✔ People who help you. (We may note the name and number of a family member, carer, or guardian, and who to contact in an emergency.) 

• ✔ What you tell us. (If you give us feedback, make a complaint, or tell us your goals, we will record that so we remember.) 

• ✔ Pictures or videos (only if you agree). Sometimes we may ask to take a photo – for example, a photo for your file so staff recognize you, or a picture of an activity you did. We will ask you first. If you say “no”, that is okay. 

​​

 You can choose not to give us some information. We will explain if certain information is needed for your safety or required by law. We won’t collect information that we don’t need. 

​

How do we collect and use your information? 

How we collect your information: We usually ask you directly for information. We might: 

• ✔ Talk with you, your family, or your carer and write down what you tell us. 

• ✔ Ask you to fill in a form with details about yourself (we can help you with this if needed). 

• ✔ Get information from others with your permission. For example, you might want us to talk to your doctor or therapist – if yes, we will ask you first and then only share or collect information that helps with your support. 

• ✔ Use information the NDIS gives us about your plan (with your involvement). 

• ✔ Sometimes another service or support worker might give us information when they refer you to us. We assume they have your consent to share that with us. We will double-check with you that it’s okay. 

​​

We will explain why we ask for each piece of information. You can always ask questions. If you don’t want to answer something, that’s okay – just tell us. We might still need some information to give you a service, but we will only collect what is necessary. 

How we use your information: We use the information we collect to support you and run our services. Here are the main ways we use it: 

 

• ✔ To plan and give you the support you need. For example, we use your health information to make sure the support is safe for you. If we know your goals, we can help you work towards them. 

• ✔ To keep you safe and well. Knowing your emergency contact or allergies helps us protect you. If something happens, we can react quickly with the right info (like calling your doctor or family if you want us to). 

• ✔ To communicate with you. We might use your phone number or email to call you about appointments or send you updates. 

• ✔ To keep track of our services. We write case notes and records each time we work with you. This helps us remember what you like, what you need, and what we have done. It also helps us report to NDIS that we are doing our job. 

• ✔ To follow the law and NDIS rules. Sometimes we need to use information to fill in reports (for example, how many people we supported this year). These reports usually don’t include your name or any details that would identify you. They are more like numbers and general info. 

• ✔ To respond to your feedback. If you tell us something isn’t working, we use that information to fix it. If you make a complaint, we use the details to investigate and make things better. 

• ✔ Only with your consent, for other reasons. We do not use your information for anything else without asking you. For example, if we want to share a success story about you in our newsletter or on our website, we will ask for your permission first. If you say no, we won’t do it – no questions asked.

 

We do not sell your information to anyone. We also won’t use it for advertising or marketing other services to you, unless it’s something related to your support and we think it could help (even then, we would ask). Everything we do with your data is to help you or to meet our legal duties. 

​

When do we share your information and why? 

We understand you might worry about who sees your information. We mostly do not share your personal information with anyone outside Live It Up. But there are a few times when we might need to share, such as: 

• ✔ When you say it’s okay. We will share with people you want involved. For example, you might want us to talk to your parent, sibling, or friend who helps you. Or you agree that we can update your doctor or therapist about how you’re going. We will ask you exactly who we can talk to and what we can share. You are in control. 

• ✔ To help provide your support. Sometimes, to give you the best service, we might work with other providers. For instance, if you have an occupational therapist from another company, we might share some notes with them (with your consent) so they know what’s happening. This teamwork can help everyone support you better. 

• ✔ In an emergency. If there is an urgent situation (for example, a medical emergency), we might share information with emergency services or doctors to protect your life or health. We would only share what they need to know to help you. For example, telling paramedics what medications you’re on if you can’t tell them yourself. 

• ✔ When the law requires it. There are times we must share information because of the law. For example: 
   

• ✔ Reporting to NDIS (de-identified). We sometimes give reports to NDIS or government about our services. These reports do not include your name or personal details. They might say things like “We supported X people this year with Y hours of service”. This helps the government see how the NDIS is working. If any report ever needed your name (very rare), we would tell you why. 

• ✔ Within our team at Live It Up. All the people who work with you at Live It Up can see relevant information about you so they can do their jobs. For example, your support workers see your support plan and notes. A manager might see your file to supervise quality. Everyone on our team is trained to keep your information confidential (private). They have all signed agreements to protect your privacy. They are not allowed to share your info with anyone who isn’t authorised. 

• ✔ Our service providers (with safeguards). We use some secure computer systems (for storing notes, etc.). The companies that run those systems might technically handle your data (for example, data might be stored on a secure server). We make sure any company like that has strong security and privacy policies. They cannot use your data for themselves – it’s just for our use. If any provider is outside Australia, we will be very careful and ensure it’s protected by similar rules. 

 

We do not share your info with people or organisations just because they ask. It’s only shared for reasons listed above. We never give out information like your address or health details to random people. Even family members will not get information unless you said we can share with them (or if they are your legal guardian and have that authority). 

​

If you want us not to share something with a particular person or agency, please tell us. For example, if you don’t want us talking to a certain family member about you, we will note that and follow your wishes. 

​

Remember, you can change your mind about sharing. If you gave consent before and now you’re not comfortable, let us know and we will stop (except for things we must do by law). 

​

We take confidentiality very seriously. We only break confidentiality in rare, serious situations (like safety emergencies or legal requirements). If we ever have to share without asking (for a legal reason or emergency), we will inform you as soon as we can and explain what happened. 

​

What are your rights regarding your information? 

You have rights over your personal information. This is your information, after all! Here’s what you can do: 

• ✔ You can see your information. – You can ask us, “What information do you have about me?” This is called an access request. We can show you or give you a copy of things like your support plan, case notes, or anything else in your file. We might ask for some time to get it ready, but we will give it to you in a reasonable time. If you want, we can also sit with you and go through the information to help explain it. 

• ✔ You can ask us to fix mistakes. – If you see something wrong in your information (for example, a wrong address or a note that you feel is not accurate), tell us. We will correct it. If it’s something we can’t change (say it’s an opinion in a report you disagree with), we can add your comments to the record. That way, your side is noted. 

• ✔ You can change your mind about sharing. – If you gave us permission to share info with someone, you can withdraw that permission. For example, if at first you said “It’s okay to update my sister about my sessions” and later you prefer we don’t, just inform us. We will respect your choice. 

• ✔ You can be anonymous (no name) for some things. – If you just want to ask a question or give feedback, you don’t have to tell us who you are. You have the option to remain anonymous or use a fake name in dealings when possible. (Do note: if you want us to actually provide ongoing services to you, we will need to know who you are. But for general inquiries or surveys, you can choose not to give your name.) 

• ✔ You can say “no” to optional questions. – Sometimes forms ask things that are optional (not required). You can skip those if you want. We will tell you if a question is optional. 

• ✔ You can complain if something’s wrong. – If you think we misused your information or didn’t respect your privacy, you have the right to complain. We actually appreciate knowing if something went wrong, so we can fix it. We will not get angry or punish you for complaining – we promise. We explain how to complain in the next section. 

​​

We support your rights. We will never refuse a reasonable request you make about your information. Privacy laws and NDIS rules also protect these rights for you. 

  

If you want to exercise any of these rights, you can talk to any of our staff or contact us (details below). We will help you through the process. For example, if you want a copy of your file, we can help you make that request and then arrange how to get the copy to you safely 

​

How do we keep your information safe? 

We do a lot to make sure your information stays private and secure. Here are some of the things we do: 

• ✔ We keep paper files in a locked cabinet. Only the staff who need to see those papers have the key. 

• ✔ Our computers are password-protected. This means only staff with the correct login can access your records. We also use security measures like anti-virus software to protect our systems from hackers. 

• ✔ We limit who sees your info. Not every staff member sees everything. They only see what they need for their job. For example, your support worker sees your support plan, but a volunteer who isn’t working with you won’t see your file at all. 

• ✔ Staff are trained to protect your privacy. When staff join us, they sign a confidentiality agreement (a promise to keep information private). They are trained about privacy rules. We remind them often about the importance of confidentiality. If a staff member breaks these rules, they can get in serious trouble (they could even lose their job). 

• ✔ We lock and log off. Staff are instructed to lock away files and log off computers when not using them, so no one else can sneak a peek. 

• ✔ We only keep information as long as we need it. If you stop using our service, we don’t keep your personal information forever unless we have to. We follow rules about how long to keep records. When the time comes that we don’t need the information, we destroy or delete it in a secure way. 

• ✔ We protect data in transit. If we ever need to send your information somewhere (for example, email a report to your coordinator), we do it carefully. We might use encryption or passwords on documents. We double-check email addresses to avoid sending to the wrong person. 

• ✔ If there is a data breach, we act fast. A data breach is when information might be lost, stolen, or mistakenly shared. We have a plan for this. If something happens – say a laptop with data is stolen or an email with your info was sent to the wrong person – we will: 

  

We know that your personal information is sensitive and private. We treat it like a treasure that needs guarding. Only trusted people can handle it, and they do so with care. If you have any specific worries about security (for example, “Where do you store my data?” or “Is my information sent overseas?”), please ask us. We will gladly explain. (For most cases, your data stays in Australia on secure servers. If we ever consider using a service that stores data overseas, we will let you know and ensure it’s protected.) 

​

Who can you talk to if you have questions or complaints? 

It’s okay to have questions about your privacy. It’s also okay to speak up if something is bothering you about how your information is handled. We want you to feel comfortable and heard. 

If you have questions or need help understanding this policy: 

• ✔ Talk to us! You can ask your support worker or any staff member you trust. They will do their best to answer or will find out the answer for you. 

• ✔ You can also contact our office directly and say you have a privacy question. We’ll connect you with the right person (our Privacy Officer or a manager) who can help. 

If you have a complaint (you’re not happy about something): 

• ✔ Tell us as soon as possible. You can speak to a staff member you’re comfortable with, or contact our Privacy Officer or Managing Director. You can do this in person, by phone, or in writing – whatever is easiest for you. 

• ✔ We will listen and help. We take all complaints seriously. We will not blame you or treat you differently for complaining. In fact, we appreciate you telling us so we can fix the issue. 

• ✔ What happens next: We will try to fix the problem straight away if we can. If it’s something that needs investigation, we’ll look into it and get back to you with what we found and what we’ll do about it. We aim to resolve complaints quickly (usually within a month at most). We might talk to you during the process to make sure we understand everything. 

• ✔ We will keep it private. Only the people who need to know about the complaint (to resolve it) will be involved. We won’t broadcast your complaint to others. 

  

Contact details for privacy matters: 

• 📞 Phone: 0407 677 428

• 📧 Email: hello@liveitup.net.au

  

You can use any of the above to ask questions, request your information, or make a complaint. If you need support to contact us (for example, you need an interpreter or want someone to speak on your behalf), we can arrange that too. 

  

If you are not happy with our response: 

Sometimes, you might feel we didn’t fully address your issue. Or you might not be comfortable raising something directly with us. You have other ways to get help: 

  

• ✔ Office of the Australian Information Commissioner (OAIC): This is a government office that oversees privacy laws. You can complain to the OAIC if you think we broke your privacy rights. They are independent – not part of Live It Up. To contact them, you can: 
   

(OAIC is a bit like the “privacy police” – they make sure organisations follow privacy rules. You can go to them after trying with us, or anytime you feel it’s necessary.) 

• ✔ NDIS Quality and Safeguards Commission: This Commission looks after the quality and safety of NDIS services. You can complain to the NDIS Commission about us (or any provider) if you’re not happy with how we handled your personal information or any part of our service. They will look into it or help resolve it. To contact the NDIS Commission: 
   
  You can contact the NDIS Commission if you:* 
   
  They are there to help participants like you. 

  

We hope that you will never need to go to these external agencies, but it’s important you know your options. We will do our best to sort things out internally. If you do go to an external agency, we will cooperate and continue to support you. 

  

In summary: Your privacy is protected by law and by our own promise to you. You should always feel free to ask questions or speak up. We will support you in whatever you choose to do regarding your personal information. 

  

Thank you for taking the time to read this Easy Read Privacy Statement. We are committed to creating a safe and trusting environment for you. If you want any more information or a full copy of our detailed Privacy Policy, just let us know – we can provide that to you. 

  

This Easy Read version is a summary. The full Privacy Statement has more detailed information. We have tried to cover all the important points here in plain language. 

  

Your privacy, your rights – always respected at Live It Up. 

• feel your rights to privacy or safety under the NDIS were not respected, 

• have a problem with how we dealt with your complaint, 

• or don’t want to talk to us directly. 

• Call 1800 035 544 (this is a free call from landlines). 

• TTY (for hearing impaired): 133 677, then ask for 1800 035 544. 

• Email contactcentre@ndiscommission.gov.au. 

• Their website www.ndiscommission.gov.au also has a complaint form. 

• Call 1300 363 992. 

• Email enquiries@oaic.gov.au. 

• Or use their online form on www.oaic.gov.au. 

• Let our managers know immediately and try to fix the issue (like remotely wiping a stolen laptop, or contacting the wrong email recipient to delete the email). 

• Inform you if the breach could affect you. We will tell you what happened and what we are doing about it. 

• Inform authorities if needed. For example, we might tell the Office of the Australian Information Commissioner and the NDIS Commission if the problem is serious. 

• Learn from it. We will review what went wrong and update our practices so it doesn’t happen again. 

• If a court orders us to provide certain records. 

• If we suspect someone (you or another person) is in danger, we might have to inform the police or child protection (this is called mandatory reporting – it’s about preventing harm). 

• If the NDIS Quality and Safeguards Commission (the government body that checks NDIS services) asks for information as part of a complaint or an investigation. We would have to comply, but they also have rules to keep your info private. 

• Promptly notifying our Privacy Officer and management of the incident. 

• Containing the breach (e.g., shutting down systems, changing passwords, retrieving documents). 

• Investigating what happened and what data was affected. 

• Notifying you and authorities if required: If a breach is likely to result in serious harm (for example, if your sensitive information was stolen), we will contact you as soon as possible to explain what occurred and what you can do, and we will report it to the Office of the Australian Information Commissioner as required by law. We will also notify the NDIS Commission if the breach involves NDIS participant information . Our notification will include details of the breach and our recommendations for steps you can take. 

• Taking steps to remediate and prevent future incidents (such as improving security controls or providing additional staff training). 

• *NDIS and Regulatory Reporting: As an NDIS provider, we must report certain serious incidents (called “reportable incidents”) to the NDIS Quality and Safeguards Commission. These reports might include personal details (like your name and what happened). We are also subject to audits by the NDIS Commission or approved auditors to ensure we meet practice standards – auditors may review client files, but they are also bound by confidentiality rules. We will respect your privacy preferences during audits (you can opt out of participating in interviews or having your personal information shared with auditors, and we will notify auditors of any such preferences on your file). 

• Mandatory reporting and safety: If we believe you or another person is at risk of serious harm (for instance, if we suspect abuse, neglect, or a serious health/safety risk), we may need to notify appropriate authorities to protect you or others. For example, providers are mandated reporters of child abuse in some instances, and we may have to give information to child protection services or police . We will only share the information required in these cases. 

• Law enforcement and court orders: If the police, a court, or another government body lawfully requires us to provide personal information – such as via a subpoena, warrant, or other legal directive – we must comply. In doing so, we will verify any request is legitimate and only provide the minimum information necessary. Where the law allows, we will inform you of such disclosures. 

• Public health or welfare obligations: On rare occasions, we might be required to share information for public health reasons (for example, during a disease outbreak, we might need to give contact information to health officials for contact tracing) or to assist in locating a missing person, etc., as permitted by privacy laws.