Young Breeze

  • +61410929002
  • Info@youngbreeze.com.au
  • 9 Violet Cres, Officer, VIC 3809
Call Now
Book Now

Privacy Policy

Effective Date: August 26, 2025

Last Updated: August 26, 2025

1. Introduction

Young Breeze Pty Ltd (“Young Breeze”, “we”, “us”, or “our”) is a registered National Disability Insurance Scheme (NDIS) provider operating in Australia. We are committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (“Privacy Act”), the Australian Privacy Principles (APPs), the National Disability Insurance Scheme Act 2013 (“NDIS Act”), the NDIS Code of Conduct, and the NDIS Practice Standards.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, including sensitive information, about our clients (NDIS participants), their families, carers, nominees, employees, contractors, and other individuals who interact with us. It applies to all personal information we handle in providing disability support services, such as assistance with housing, personal care, community participation, household tasks, work and study support, life transitions, shared living, and assistive technologies.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Sensitive information (a subset of personal information) includes health information, disability details, racial or ethnic origin, religious beliefs, sexual orientation, criminal records, and biometric data, which receives higher protection under the law.

We manage personal information in an open and transparent manner (APP 1). If you have any questions about this policy, please contact our Privacy Officer using the details in Section 11.

2. Anonymity and Pseudonymity

Where lawful and practicable, you have the option to interact with us anonymously or using a pseudonym (APP 2). For example, you may make general enquiries without providing your name. However, due to the nature of NDIS services, anonymity may not be possible when delivering supports, applying for registration, or handling complaints, as we need to verify identities to comply with legal and safety requirements.

3. Collection of Personal Information

We only collect personal information that is reasonably necessary for our functions as an NDIS provider, or as required or authorised by law (APP 3). We collect sensitive information only with your consent, unless collection is required by law or for your direct benefit (e.g., to provide health-related supports).

Types of Information We Collect
  1. Personal Details: Name, date of birth, contact information (address, phone, email), gender, emergency contacts, and government identifiers (e.g., NDIS participant number, Medicare number).
  2. Sensitive Information: Health and disability details, medical history, support needs, goals, cultural or linguistic background, racial or ethnic origin, religious or philosophical beliefs, and biometric data (if relevant to assistive technologies).
  3. Service-Related Information: NDIS plan details, service agreements, progress notes, incident reports, financial information (e.g., for billing), employment or education details (for work/study support), and housing information (e.g., lease details).
  4. Other: Feedback, complaints, job application details (for employees/contractors), and images/recordings (with consent, e.g., for training or service delivery).
How We Collect Information
  • Directly from you or your authorised representative (e.g., via forms, interviews, phone calls, emails, or our website contact forms).
  • From third parties with your consent, such as the National Disability Insurance Agency (NDIA), other NDIS providers, healthcare professionals, family members, or government agencies.
  • Through service delivery activities, such as observations during personal care or community support.
  • Automatically via our website (e.g., IP addresses, cookies for analytics; see Section 9).

We do not collect information in a way that is unfair or unlawful. If we receive unsolicited personal information, we will determine if we could have collected it under APP 3; otherwise, we will destroy or de-identify it (APP 4).

At or before collection (or as soon as practicable), we will notify you of matters such as the purpose of collection, consequences of not providing information, and how to access this policy (APP 5).

4. Use of Personal Information

We use personal information primarily for the purpose for which it was collected, or for related secondary purposes that you would reasonably expect (APP 6). This includes:

  • Assessing eligibility and delivering NDIS supports (e.g., personal care, housing assistance, community engagement).
  • Developing and reviewing NDIS plans, service agreements, and progress reports.
  • Billing, payment processing, and funding claims with the NDIA.
  • Internal operations, such as quality assurance, training, auditing, and risk management.
  • Complying with legal obligations, including reporting incidents to the NDIS Quality and Safeguards Commission.
  • Responding to enquiries, complaints, or feedback.

We do not use personal information for direct marketing unless you consent or it is impracticable to obtain consent, and you can opt out easily (APP 7). For sensitive information, we require explicit consent for any use beyond the primary purpose.

5. Disclosure of Personal Information

We disclose personal information only when necessary for the primary purpose, with your consent, or as required/authorised by law (APP 6). Examples include:

  • To the NDIA or NDIS Commission for funding, compliance, or incident reporting.
  • To other service providers, healthcare professionals, or support coordinators involved in your care (with consent).
  • To government agencies, law enforcement, or courts if legally required (e.g., for child protection or mandatory reporting).
  • To contractors or subcontractors providing services on our behalf (e.g., IT support), bound by confidentiality agreements.
  • In emergencies to protect health or safety.

We do not disclose government-related identifiers (e.g., NDIS numbers) unless necessary for verification or as permitted by law (APP 9).

Cross-Border Disclosure

We primarily store and process information in Australia. If we disclose personal information overseas (e.g., to cloud service providers with servers abroad), we take reasonable steps to ensure the recipient complies with the APPs or obtain your informed consent (APP 8). Potential locations include [e.g., United States, if using common tools; otherwise, state “none anticipated”]. We will notify you if cross-border disclosure is likely.

6. Quality and Security of Personal Information

We take reasonable steps to ensure personal information is accurate, up-to-date, complete, and relevant (APP 10).

To protect against misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11), we implement:

  • Secure digital systems with encryption, firewalls, and access controls (e.g., password-protected databases).
  • Physical security for paper records (e.g., locked cabinets in secure premises).
  • Staff training on privacy and data handling.
  • Regular audits and risk assessments.
  • Data breach response plans, including notification to affected individuals and the Office of the Australian Information Commissioner (OAIC) if eligible data breaches occur under the Notifiable Data Breaches scheme.

We retain information only as long as necessary for our purposes or as required by law (e.g., 7 years for financial records), then securely destroy or de-identify it.

7. Access to Personal Information

You have the right to request access to your personal information we hold (APP 12). We will provide access within a reasonable period (usually 30 days), free of charge, unless exceptions apply (e.g., if access would pose a serious threat to health or safety).

To request access, contact our Privacy Officer. We may provide access in your preferred format where reasonable.

8. Correction of Personal Information

If you believe your information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you can request correction (APP 13). We will respond within 30 days and correct it if reasonable. If we refuse, we will provide reasons and details on how to complain. We may also add a statement to the record noting your requested correction.

9. Our Website and Digital Services

When you visit https://youngbreeze.com.au/, we may collect non-personal information such as IP addresses, browser types, and usage data via cookies for analytics and site improvement. This helps us enhance user experience but does not identify you personally unless combined with other data.

We do not track you across third-party sites. You can disable cookies in your browser settings.

10. Complaints

If you believe we have breached your privacy, you can complain to our Privacy Officer (see Section 11). We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.

If unsatisfied, you can escalate to:

  • NDIS Quality and Safeguards Commission: https://www.ndiscommission.gov.au/ or 1800 035 544.
  • Office of the Australian Information Commissioner: https://www.oaic.gov.au/ or 1300 363 992.

We take complaints seriously and use them to improve our practices.

11. Contact Us

For questions, access/correction requests, or complaints: 

Data Privacy and Compliance Officer

Young Breeze Pty Ltd 

12. Changes to This Policy

We may update this policy to reflect changes in law, our practices, or technology. Updates will be posted on our website with the revised effective date. We encourage you to review it periodically.

This policy complies with the APPs and NDIS requirements for privacy and dignity (NDIS Practice Standards, Core Module 1). For more on the APPs, visit https://www.oaic.gov.au/privacy/australian-privacy-principles.