Privacy Policy

Well Health Services (Pouyan Pty Ltd)

 

Effective Date: [Insert Date]
Last Reviewed: [Insert Date]
Next Review Date: [Insert Date]

Legal Entity: Pouyan Pty Ltd
Trading Name: Well Health Services
ABN: 83 169 383 742
ACN: 169 383 742
NDIS Provider Number: [Insert Number]


1. Purpose and Commitment to Privacy

 

Well Health Services is committed to protecting the privacy, confidentiality, dignity, and rights of all individuals who engage with our organisation. We recognise that personal information is sensitive and valuable and are committed to ensuring it is collected, handled, stored, used, and disclosed responsibly, lawfully, and securely.

This Privacy Policy explains how Well Health Services manages personal information in accordance with applicable Australian privacy legislation and NDIS requirements. It outlines:

  • What personal and sensitive information we collect;

  • How information is collected, used, stored, and disclosed;

  • How we protect information from misuse or unauthorised access;

  • Your rights regarding access and correction of information;

  • How to make a privacy complaint; and

  • How we comply with relevant legal and regulatory obligations.

This policy applies to all participants, prospective participants, family members, carers, nominees, guardians, advocates, employees, contractors, volunteers, job applicants, and visitors to our website.


2. Legislative and Regulatory Framework

 

Well Health Services manages personal information in accordance with:

  • Privacy Act 1988 (Cth);

  • Australian Privacy Principles (APPs);

  • National Disability Insurance Scheme Act 2013;

  • NDIS Practice Standards and Quality Indicators;

  • NDIS Code of Conduct;

  • Relevant Health Records legislation;

  • State and Commonwealth record-keeping requirements; and

  • Any other applicable privacy and confidentiality obligations.


3. Types of Information We Collect

 

To provide safe, effective, person-centred, and compliant services, Well Health Services may collect personal information and, where necessary, sensitive information.

3.1 Personal Information

Personal information may include:

  • Full name;

  • Date of birth;

  • Residential and postal address;

  • Telephone number;

  • Email address;

  • Emergency contact details;

  • NDIS participant number;

  • Guardian, nominee, or representative details;

  • Medicare information (where relevant);

  • Service history and support records;

  • Employment information for staff and applicants.

3.2 Sensitive Information

 

Where required to provide services safely and effectively, we may collect:

  • Health and medical information;

  • Disability-related information;

  • Mobility and communication requirements;

  • Allergies and medication information;

  • Behaviour support information;

  • Risk assessments;

  • Cultural and language preferences;

  • Information relevant to participant wellbeing and safety.

Sensitive information will only be collected with consent or where otherwise permitted or required by law.

3.3 Service Delivery Information

 

During the delivery of supports, we may create and maintain records including:

  • Intake and assessment documentation;

  • Service agreements;

  • Client support plans;

  • Progress notes;

  • Shift notes;

  • Incident reports;

  • Feedback and complaint records;

  • Quality assurance and audit records;

  • Communication records.


4. How We Collect Information

 

We collect information through lawful and transparent means, including:

Direct Collection

 

Information may be collected directly from individuals through:

  • Intake and referral forms;

  • Service agreements;

  • Support planning meetings;

  • Risk assessments;

  • Participant reviews;

  • Telephone conversations;

  • Email correspondence;

  • Feedback and complaint processes.

Indirect Collection

 

Where authorised or appropriate, information may also be collected from:

  • Family members or carers;

  • Guardians or nominees;

  • Support coordinators;

  • Plan managers;

  • Healthcare professionals;

  • Government agencies;

  • NDIS documentation;

  • Referring organisations.

Website Collection

 

Information may be collected through our website when individuals:

  • Submit enquiries;

  • Complete contact forms;

  • Subscribe to updates;

  • Communicate with us electronically.

We only collect information that is reasonably necessary for our functions and activities.


5. Why We Collect, Use and Disclose Information

 

We collect and use personal information to:

Service Delivery

  • Assess eligibility and support needs;

  • Develop support plans;

  • Deliver NDIS supports and services;

  • Coordinate participant care and supports;

  • Monitor participant outcomes.

Health, Safety and Risk Management

 

  • Identify and manage risks;

  • Respond to emergencies;

  • Protect participant wellbeing;

  • Meet safeguarding obligations.

Administration and Operations

 

  • Maintain participant records;

  • Schedule services;

  • Manage staffing and rostering;

  • Process invoices and claims;

  • Maintain quality assurance systems.

Legal and Regulatory Compliance

 

  • Meet NDIS Practice Standards;

  • Respond to audits and reviews;

  • Report incidents;

  • Manage complaints;

  • Comply with legislative obligations.

Communication

 

  • Respond to enquiries;

  • Provide service updates;

  • Share important notices;

  • Conduct participant satisfaction activities.

We will not use personal information for unrelated purposes without consent unless authorised or required by law.


6. Disclosure of Personal Information

 

Personal information may be disclosed when reasonably necessary to provide services or meet legal obligations.

Information may be disclosed to:

  • Employees and authorised contractors;

  • Support coordinators;

  • Plan managers;

  • Nominees and guardians;

  • Family members (with consent);

  • Healthcare practitioners;

  • Allied health professionals;

  • Emergency services;

  • The NDIS Quality and Safeguards Commission;

  • Government agencies;

  • Courts and regulatory bodies;

  • Legal advisers where required.

All staff and contractors are required to maintain strict confidentiality and only access information necessary for their role.

Well Health Services does not sell, rent, trade, or provide personal information to third parties for marketing purposes.


7. Storage and Security of Information

We take reasonable steps to protect personal information from loss, misuse, interference, unauthorised access, modification, or disclosure.

Security Measures

Our safeguards include:

  • Secure electronic record systems;

  • Encryption where appropriate;

  • Password-protected databases;

  • Multi-factor authentication where available;

  • Role-based access controls;

  • Secure cloud-based storage;

  • Audit trails and activity monitoring;

  • Physical security controls;

  • Confidentiality agreements;

  • Staff privacy training.

Physical Records

 

Where paper records are maintained, they are stored securely and only accessible to authorised personnel.

Data Breach Response

 

If a privacy breach occurs, Well Health Services will:

  • Investigate the incident promptly;

  • Contain and assess the breach;

  • Notify affected individuals where required;

  • Comply with Notifiable Data Breach obligations;

  • Implement corrective actions to prevent recurrence.


8. Retention and Destruction of Records

 

Records are retained in accordance with legal, regulatory, and operational requirements.

Generally, records are retained for:

Record Type Retention Period
Adult participant records Minimum 7 years after last service
Child participant records Until age 25 or as required by law
Incident records Minimum 7 years
Complaint records Minimum 7 years
Employment records As required by legislation
Audit and compliance records As required by regulatory obligations

When records are no longer required, they are securely destroyed or permanently de-identified.


9. Accessing and Correcting Personal Information

 

Individuals have the right to:

  • Request access to personal information held about them;

  • Request corrections to inaccurate or incomplete information;

  • Request updates to ensure information remains current.

Requests should be submitted to the Compliance Officer.

We aim to respond within 30 days of receiving a request.

Access may be refused in limited circumstances permitted by law. Where access is refused, written reasons will be provided.


10. Privacy Complaints

Well Health Services is committed to resolving privacy concerns fairly, respectfully, and promptly.

Internal Complaints Process

Complaints may be submitted to the Compliance Officer and should include:

  • Your name and contact details;

  • Details of the privacy concern;

  • Relevant dates and supporting information.

We will:

  • Acknowledge complaints within two business days;

  • Investigate the matter objectively;

  • Provide a response within 14 business days where possible;

  • Keep complainants informed throughout the process.

No person will be disadvantaged or treated unfavourably for making a complaint.

External Review

 

If you are dissatisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)

Phone: 1300 363 992
Website: https://www.oaic.gov.au

NDIS Quality and Safeguards Commission

Phone: 1800 035 544
Website: https://www.ndiscommission.gov.au


11. Website Privacy and Cookies

 

When individuals visit our website, certain information may be collected automatically, including:

  • Browser type;

  • Device information;

  • Pages visited;

  • Time spent on pages;

  • Website usage statistics.

This information is generally anonymous and used to improve website functionality and user experience.

Where cookies are used, they will be limited to operational, analytical, or functional purposes unless additional consent is obtained.

Our website may contain links to third-party websites. Well Health Services is not responsible for the privacy practices of external websites.


12. Changes to this Policy

 

This Privacy Policy may be reviewed and updated periodically to reflect:

  • Legislative changes;

  • Regulatory requirements;

  • Changes to organisational practices;

  • Continuous improvement activities.

The current version will always be available through Well Health Services and on our website.


13. Contact Information

 

For questions, requests, corrections, or privacy complaints, please contact:

Compliance Officer
Well Health Services (Pouyan Pty Ltd)

Phone: 0469 855 937
Email: [Insert Privacy Email]
Address: [Insert Postal Address]

Office Hours: Monday to Friday, 9:00am – 5:00pm (AEST/AEDT)


14. Consent and Acknowledgement

 

By engaging Well Health Services, requesting services, submitting information, or using our website, you acknowledge that your personal information may be collected, used, stored, and disclosed in accordance with this Privacy Policy and applicable privacy legislation.

Where consent is required by law, Well Health Services will seek and record that consent before collecting or sharing personal information.