Hope Heaven Care Australia (ABN 99 671 497 144) ('we', 'us', 'our') is a registered NDIS provider based in Brisbane, Queensland, Australia. We are committed to protecting the privacy and confidentiality of all personal information we collect in the course of providing disability support services and operating our business.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act. Where applicable, we also comply with the NDIS Act 2013 (Cth), the Health Records and Information Privacy Act 2002 (NSW) (where relevant), and any other applicable state or territory legislation.

By accessing our website at www.hopeheavencare.com.au, contacting us by phone or email, submitting an enquiry form, or using any of our services, you acknowledge that you have read and understood this Privacy Policy.

Hope Heaven Care Australia is an Australian private company registered with the Australian Securities and Investments Commission (ASIC) under ACN 671 497 144. We operate as a registered provider under the National Disability Insurance Scheme (NDIS).

Privacy Officer: Hope Heaven Care Australia
Email: info@hopeheavencare.com.au
Phone: 0406 088 001
Website: www.hopeheavencare.com.au
Location: Brisbane, Queensland 4017, Australia

We collect personal information that is reasonably necessary for us to provide our services and conduct our business. The types of personal information we may collect include:

• Full name
• Date of birth and age
• Home address, suburb, and postcode
• Phone number (mobile and/or landline)
• Email address
• Gender and preferred pronouns
• Emergency contact details

• NDIS participant number
• NDIS plan details, goals, and funded supports
• Support coordinator and plan manager contact details
• Disability type, diagnosis, and support needs
• Functional capacity and assessed support requirements
• Care plan, service agreement, and support schedule details
• Progress notes, incident reports, and service delivery records

We may collect sensitive information as defined under the Privacy Act, including:

• Health and medical information (diagnoses, medications, treatment plans, health care provider details)
• Mental health information
• Racial or ethnic origin (where relevant to culturally appropriate care)
• Criminal history (for staff background checks only)

We only collect sensitive information with your explicit consent, or where collection is required or authorised by law.

• NDIS plan budget and funding category details
• Bank account details for payment processing (where applicable)
• Invoicing and billing records

When you visit our website or interact with our digital platforms, we may automatically collect:

• IP address and approximate geographic location
• Browser type and version
• Pages visited, time spent, and links clicked
• Device type and operating system
• Referral source (e.g. search engine or social media platform)
• Cookies and similar tracking technology data (see Section 9)

For job applicants and support workers, we may collect:

• Resume, qualifications, and work history
• Working with Children Check and NDIS Worker Screening Check results
• Police check and criminal history records
• References and professional registrations

We collect personal information through a variety of channels:

• Enquiry forms on our website (www.hopeheavencare.com.au)
• Facebook Lead Ad forms and social media messages
• Phone calls and voicemails
• Emails to info@hopeheavencare.com.au
• In-person meetings, consultations, and home visits
• Service agreements and intake documentation
• Feedback forms and surveys

• The National Disability Insurance Agency (NDIA) or the NDIS portal
• Support coordinators and plan managers acting on your behalf
• Healthcare providers, general practitioners, and specialists
• Hospitals and allied health professionals
• Government agencies (e.g. Department of Social Services)
• Referral agencies and community organisations

• Website cookies and analytics tools (including Google Analytics and Meta Pixel)
• Facebook and Instagram advertising platforms (via Meta Business Suite)
• Social media interactions on our Facebook and Instagram pages
• Email tracking and communication records

Where we collect personal information from a third party or by automatic means, we will take reasonable steps to notify you of this collection as soon as practicable.

We collect and use your personal information for the following purposes:

• To assess your eligibility for and provide NDIS support services
• To develop and implement your personalised care plan
• To coordinate and schedule support workers and services
• To monitor the quality and safety of services we deliver
• To communicate with you about your supports and appointments

• To respond to your enquiries and provide customer service
• To process service agreements and invoices
• To claim NDIS funding through the NDIS portal
• To maintain accurate business and financial records
• To comply with our legal obligations under the NDIS Act and Quality and Safeguards Framework

• To conduct incident reporting and quality assurance activities
• To ensure the safety of participants, staff, and the community
• To conduct staff background checks and screening

• To send you information about our services (with your consent)
• To manage our social media advertising and lead generation activities
• To analyse the effectiveness of our marketing campaigns

You may opt out of receiving marketing communications from us at any time by contacting us at info@hopeheavencare.com.au or by clicking the unsubscribe link in any email we send you.

• To comply with the Privacy Act 1988 (Cth)
• To comply with the NDIS Act 2013 (Cth) and the NDIS Practice Standards
• To comply with the NDIS Quality and Safeguards Commission requirements
• To respond to lawful requests from government authorities or courts

We do not sell, rent, or trade your personal information to third parties. We may disclose your information in the following limited circumstances:

We will share your personal information with other parties only with your express consent, or where you have directed us to do so.

• The National Disability Insurance Agency (NDIA) for claiming and reporting purposes
• Your nominated plan manager for invoicing and financial management
• Your support coordinator for service coordination purposes
• The NDIS Quality and Safeguards Commission (e.g. incident reporting)

• Our support workers and employees involved in your care (on a need-to-know basis only)
• Healthcare providers or allied health professionals involved in your support plan
• Emergency services or other organisations in the event of a safety risk

We use third-party technology providers to assist with our operations. These providers may have access to your personal information solely for the purpose of providing services to us and are bound by confidentiality obligations:

• Meta Platforms (Facebook and Instagram) — advertising and lead management
• Google — website analytics (Google Analytics)
• Email and cloud storage providers
• Accounting and invoicing software providers

We may disclose your information where required or authorised by law, including to:

• Courts, tribunals, or regulatory authorities upon receipt of a valid legal order
• Law enforcement agencies in the event of suspected criminal activity
• The NDIS Quality and Safeguards Commission following a notifiable incident

Some of our third-party service providers (such as Meta Platforms and Google) are based overseas, including in the United States of America. When we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle the information in accordance with the Australian Privacy Principles.

By providing your personal information to us and consenting to this Privacy Policy, you consent to the potential disclosure of your personal information to overseas recipients for the purposes described in this Policy.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure.

• Secure, password-protected digital systems and databases
• Encrypted file storage and secure email communications
• Access controls limiting information to authorised staff only
• Secure physical storage for any paper-based records
• Regular security reviews and staff training on data handling

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. In particular:

• NDIS participant records: retained for a minimum of 7 years from the date of last service (or 7 years after a child turns 18, whichever is later), in accordance with the NDIS Practice Standards
• Financial and tax records: retained for a minimum of 7 years in accordance with the Corporations Act 2001 (Cth)
• Staff records: retained in accordance with the Fair Work Act 2009 (Cth) requirements

When personal information is no longer required, we will take reasonable steps to destroy it securely or de-identify it.

Our website uses cookies and similar tracking technologies to improve your browsing experience and help us understand how visitors use our site.

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, analyse site traffic, and personalise content.

• Essential cookies: Required for the website to function properly
• Analytics cookies: Google Analytics — help us understand site usage patterns
• Advertising cookies: Meta Pixel — tracks conversions from our Facebook and Instagram ads and helps us serve relevant advertisements

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You can also opt out of Google Analytics tracking at: https://tools.google.com/dlpage/gaoptout and manage Meta ad preferences at: https://www.facebook.com/ads/preferences

We use Meta Business Suite (Facebook and Instagram) to manage our social media presence and run digital advertising campaigns. When you interact with our Facebook Page, Instagram account, or our advertisements, Meta may collect information about you in accordance with Meta's Privacy Policy.

We may use tools such as the Meta Conversions API and Meta Pixel to measure the effectiveness of our advertising campaigns. These tools help us understand how users interact with our ads and website, but do not allow us to identify you personally without your consent.

If you submit a lead form through a Facebook Lead Ad, the information you provide will be collected by both Meta and Hope Heaven Care Australia, and handled in accordance with this Privacy Policy.

Under the Australian Privacy Principles, you have the following rights in relation to your personal information:

You have the right to request access to the personal information we hold about you. We will respond to your access request within 30 days. We may charge a reasonable fee for providing access in certain circumstances.

If you believe that any personal information we hold about you is inaccurate, incomplete, out-of-date, irrelevant, or misleading, you have the right to request that we correct it. We will respond to correction requests within 30 days.

Where lawful and practicable, you have the option to interact with us anonymously or using a pseudonym. However, this may limit our ability to provide certain services to you.

You may opt out of receiving direct marketing communications from us at any time by contacting us at info@hopeheavencare.com.au or by using the unsubscribe mechanism in any marketing email.

To exercise any of the above rights, please contact us in writing at:
Email: info@hopeheavencare.com.au
Phone: 0406 088 001

If you believe we have breached your privacy or failed to comply with the Australian Privacy Principles, you have the right to make a complaint.

Please contact our Privacy Officer in the first instance. We take all privacy complaints seriously and will investigate your complaint and respond within 30 days:
Email: info@hopeheavencare.com.au
Phone: 0406 088 001

If you are not satisfied with our response, or if we fail to respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

If your complaint relates to the delivery of NDIS services, you may also contact the NDIS Quality and Safeguards Commission:
Phone: 1800 035 544
Website: www.ndiscommission.gov.au

We provide support services to children and young people under 18 years of age as NDIS participants. Where a participant is a minor, personal information is generally collected from and provided to a parent, guardian, or authorised representative.

We do not knowingly collect personal information from minors through our website or digital marketing activities without parental or guardian consent. If you believe we have inadvertently collected information from a minor, please contact us immediately.

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we experience a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take immediate steps to contain the breach
• Assess whether the breach is likely to result in serious harm
• Notify affected individuals as soon as practicable
• Notify the Office of the Australian Information Commissioner (OAIC)

We maintain an internal data breach response plan and conduct regular staff training to minimise the risk of data breaches.

Our website may contain links to third-party websites, including social media platforms, government websites, and other external resources. This Privacy Policy applies only to our website and our business operations. We are not responsible for the privacy practices of third-party websites and encourage you to read their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the 'Last Reviewed' date at the top of this document and, where appropriate, notify you by email or by posting a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our services or website after any changes constitutes your acceptance of the updated Privacy Policy.

This Privacy Policy is governed by the laws of the State of Queensland and the Commonwealth of Australia. Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Queensland, Australia.

This Privacy Policy is designed to comply with, and should be read in conjunction with, the following legislation:

• Privacy Act 1988 (Cth)
• Australian Privacy Principles (APPs) — Schedule 1 of the Privacy Act 1988
• Notifiable Data Breaches Scheme — Part IIIC of the Privacy Act 1988
• National Disability Insurance Scheme Act 2013 (Cth)
• NDIS Practice Standards and Quality Indicators (2018)
• NDIS (Provider Registration and Practice Standards) Rules 2018
• Corporations Act 2001 (Cth)
• Australian Consumer Law — Schedule 2 of the Competition and Consumer Act 2010 (Cth)
• Fair Work Act 2009 (Cth)
• Spam Act 2003 (Cth)
• Do Not Call Register Act 2006 (Cth)