Privacy Policy

Our Commitment to Your Privacy

Dedicated Plan Management respects your privacy rights and is committed to handling your sensitive personal information with the utmost care. This Privacy Policy explains what information we collect, how we use it, our protection measures, sharing practices, and your rights regarding your personal data, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

We gather only information that is reasonably necessary for our NDIS plan management services:

• Personal details: Name, address, contact information, date of birth, gender
• NDIS-related information: Participant number, plan details, budget allocations
• Health/disability information: Details collected with your consent or as required by law
• Financial information: Bank account details, invoices, payment information

2. How We Collect Your Information

Information is collected from:

• Direct communication (in person, phone, email, forms)
• Authorised representatives
• Approved service providers
• National Disability Insurance Scheme (NDIS) when authorised
• Public sources where lawful and relevant

Unsolicited information not required for our services will be destroyed or de-identified.

3. Anonymity and Pseudonymity

Where possible, you may choose not to identify yourself or to use a pseudonym (for example, when making a general enquiry). However, identification is required for NDIS plan management services.

4. Why We Collect and Use Your Information

We use your information to:

• Set up and manage your NDIS plan funding
• Process and pay invoices
• Provide budget reports and spending updates
• Communicate with you and your service providers
• Meet legal and NDIS compliance requirements

5. Direct Marketing

We will not use your personal information for marketing purposes without your consent. You can opt out of any marketing communications at any time by contacting us.

6. Sharing Your Information

We do not sell or rent your personal information. We may disclose your information:

• With your consent
• To service providers delivering your supports
• To your authorised representatives
• To government agencies when legally required
• To contractors under confidentiality agreements, for the purpose of supporting service delivery only

7. Cross-Border Disclosure

Our participant portal and cloud storage are located in Australia. The portal is provided by MYP Technologies, an Australian software company based in Brisbane, Queensland, which stores all Australian participant data in Australian data centres.

Where reasonably necessary for other aspects of service delivery (for example, accounting and bookkeeping software, email services, and file storage), your personal information may be handled by service providers located outside Australia, primarily in the United States, New Zealand, or the United Kingdom. In all cases, we take reasonable steps to ensure overseas recipients are bound by comparable privacy protections under their local laws, contractual obligations, or both.

8. Government-Related Identifiers

Government identifiers (such as NDIS participant numbers) are not adopted, used, or disclosed except as required by law or for service delivery verification.

9. Quality of Personal Information

We take reasonable steps to ensure that personal information we collect, use, or disclose is accurate, complete, and up-to-date. We encourage you to notify us of any changes to your information.

10. Protecting Your Information

Our security measures include:

• Password-protected, encrypted databases
• Restricted access on a need-to-know basis
• Staff privacy training
• Secure destruction of outdated information

Our participant portal is provided by MYP Technologies. Data is encrypted at the database level, regularly penetration tested, and backed up daily to a secondary Australian data centre.

11. Retention and Destruction

We retain your personal information only for as long as it is needed for the purposes set out in this policy, or as required by law (for example, the NDIA requires records to be kept for a minimum of 7 years). Information that is no longer needed is securely destroyed or de-identified.

12. Data Breach Notification

In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

13. Access and Correction

You have the right to access personal information we hold about you and to request corrections for accuracy and completeness. We aim to respond to all access and correction requests within a reasonable timeframe.

14. Website and Cookies

We may collect anonymous usage data such as pages viewed, device type, and browser information. Cookies are used to improve your browsing experience; disabling them may affect website functionality.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. The current version will always be available on our website.

16. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or have a privacy concern, please contact us:

We respond to all privacy concerns promptly and follow complaints resolution procedures under the Privacy Act 1988 (Cth).

Privacy complaints to the OAIC

If you are not satisfied with our response to your privacy concern, you may contact the Office of the Australian Information Commissioner (OAIC):