Skip to main content

Privacy Policy

Last Updated 19 January 2024

CoAbility Pty Ltd (ABN 48624188049‬) (‘we’, ‘us’, ‘our’) acknowledges the importance of privacy and is committed to protecting the personal information we collect from you. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information when you use our services.

The Information We Collect

Personal Data: “Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us and we collect about you during your interaction with our Services. This may include:

  • your name, address, telephone and email contact details;
  • your gender and date of birth; 
  • financial information, including payment card details, processed via our third-party payment processor, Stripe. Stripe stores all payment information, and we do not have access to that information. Stripe also has its own Privacy Policy.
  • details about payments and services used;
  • records of our interactions with you such as notes and records of conversations you have had with our employees;
  • information about the services you receive, whether under the National Disability Insurance Scheme or otherwise and the current supports you are using;
  • information about the services we provide to you including details of the outcomes or goals we are working with you to achieve, and other plans relating to the services you have asked for and the way in which we will deliver those to you;
  • technical and usage Data including your IP address, browser session, geo-location, device and network information, and website usage data:
  • responses to surveys, participation in contests or events:
  • marketing and communications data: including your preferences for receiving marketing communications; and 
  • your billing details.

Sensitive Information: “Sensitive information” is a subset of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

We collect sensitive information, which may include:

  • details of your NDIS plan;
  • information about your disability and support needs; and
  • health and medical information.

How We Collect Personal Data

We may collect personal data from you in a range of ways, including:

  • when you inquire about services or supports;
  • when you apply to receive services or supports from us;
  • when you apply for or are successful in obtaining employment with us;
  • when you contact us in person, by phone, via mail, email or online (or when we contact you through any means);
  • when you receive services and supports from us; and
  • through our contracted service providers.

Where possible, we will collect your personal information directly from you or your nominated representatives. 

If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we have collected your personal information.

Use of Personal Information

The purposes for which we collect, hold, use, or disclose your personal information depends on how you deal with our organisation.

If you are a person we support or are connected to a person we support (eg, family member, advocate or nominated representative), we may collect, hold, use, or disclose your personal data to:

  • provide you with information about our services and supports;
  • administer our services and supports;
  • process payments;
  • answer your inquiries and deliver customer service to you;
  • conduct quality assurance activities;
  • carry out internal functions including administration, training, accounting, audit and information technology;
  • resolve complaints;
  • comply with laws and regulations and to report to funding and government agencies;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, research, and fundraising appeals
  • conduct surveys, research and analysis;
  • enable third parties, such as the National Disability Insurance Agency, to conduct audits;
  • invite you to participate in research projects and activities; and
  • direct marketing and telemarketing.

If you are an employee, job applicant or volunteer, we may collect, hold, use, or disclose your information to:

  • process your recruitment application and manage your recruitment as an employee;
  • comply with laws and regulations and meet Coability’s corporate governance requirements;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, and research;
  • conduct surveys, research and analysis;
  • invite you to participate in research projects and activities; and
  • direct marketing and telemarketing.

If you use our website, we may collect, hold, use, or disclose your information to:

  • personalise your website visit
  • enable you to use the Virtual Support Connection tool;
  • answer your inquiries;
  • process payments;
  • provide you with the goods and services you have asked us for;
  • resolve complaints; and
  • conduct research, market research and analysis.

Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your deidentified data to be used this way, please contact us. Our contact details are at the end of this Privacy Policy.

Unsolicited Personal Information

Sometimes, we may receive personal information that we did not request. This is known as unsolicited personal information.

If the information is such that we could have lawfully collected it for an allowed purpose as outlined above, then we will deal with the information in the same way as solicited information.

If the information is such that we could not have lawfully collected it, we will destroy or de-identify it as soon as practicable if it is lawful and reasonable to do so.

Personal information provided to us that is additional to the information that we requested will be treated as unsolicited personal information. For example, if an individual completes an application form but attaches medical records that we did not ask for, these are treated as unsolicited personal information and will be destroyed.

Disclosure of Personal Data

In order to operate an efficient and sustainable organisation and to enable us to carry out our activities and provide our services and supports, we may be required to disclose your personal data to third parties. This may include disclosure to:

  • people engaged by us or acting on our behalf in relation to our business, such as our service providers/suppliers, including web developers, web hosting partners, and marketing and communications consultants. Suppliers are required to handle your personal information in accordance with this Privacy Policy;
  • government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, the Commonwealth Department of Human Services, and the Australian Taxation Office;
  • people acting on your behalf including your nominated representatives, legal guardians, executors, trustees and legal representatives;
  • our employees and contractors;
  • lawyers, auditors, banks and other advisors appointed by us or acting on our behalf; and
  • where disclosure is required by law, including where required to the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or government agencies. 
  • payment systems operators or processors
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

We may disclose Sensitive Information to:

  • our employees, contractors and/or related entities;
  • professional advisors;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred third party;
  • disability providers and other service providers that you allow us to contact on your behalf;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings or in order to establish, exercise or defend our legal rights; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Your Rights

Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

Storage and Security

We are committed to ensuring that the personal data we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure personal data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Offshore Disclosure

Our technology infrastructure primarily uses cloud infrastructure or servers located within

Australia, but we may, on occasion, use a platform or service located offshore. Apart from this, we do not typically transfer personal information offshore. By providing your personal information to us or using our services and supports, you are taken to have consented to this transfer.

You can ask us to withdraw or amend your prior consent at any time. Simply contact us to make your request. 

Minors

Whilst we do provide support and service provision to minor customers, our website and service request forms are not designed for minors to use without the supervision of an adult. We request minor customers or potential minor customers not provide Personal Data without the supervision of an adult.

Links to Other Websites

Our website may contain links to external websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal information that you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Updates and Notifications

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.

We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, by contacting you through your email address and/or the physical address provided to CoAbility.

Contact Us

For any questions or concerns regarding this policy email: hello@coability.com.au

Last updated: 19 January 2024