Refer Now

Privacy Policy

1. Purpose of this Privacy Policy Canny Focus Pty Ltd ("we," "us," "our") is committed to protecting the privacy and security of personal and sensitive information in accordance with:
  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • The NDIS Act 2013
  • The NDIS Quality and Safeguarding Framework
This policy outlines how we collect, use, store, and disclose personal information when providing behaviour support services under the National Disability Insurance Scheme (NDIS).
2. Scope This Privacy Policy applies to:
  • NDIS participants receiving services from Canny Focus Pty Ltd.
  • Families, caregivers, and legal guardians of participants.
  • Employees, contractors, and service providers engaged with us.
  • Website visitors and individuals making inquiries.
By using our services, you consent to the collection, use, and handling of your personal information as described in this policy.
3. Privacy Obligations under the Service Agreement
3.1 Protection of Personal and Sensitive Information Canny Focus Pty Ltd will collect, use, disclose, and store Personal Information and Health Information only for the purpose of fulfilling obligations under the Service Agreement, in compliance with:
  • The Privacy Act 1988 (Cth)
  • The NDIS Act 2013
  • Other applicable Australian privacy and data protection laws
3.2 Notification of a Data Breach We will notify participants, legal guardians, and relevant authorities in writing in the event of an actual or suspected data breach, in compliance with the Notifiable Data Breaches Scheme under the Privacy Act 1988.
3.3 Privacy Policy Access and Updates
  • Participants and their legal representatives will receive a Welcome Pack when their signed Service Agreement is received. This includes a link to our Privacy Policy on our website.
  • The latest version of this Privacy Policy is always accessible at www.cannyfocus.au.
  • Any significant updates to this policy will be communicated to participants and legal representatives in compliance with NDIS requirements.
3.4 Participant Rights & Information Handling Participants and their legal representatives will be informed about:
  • How their information is stored and used.
  • When and how they can access or correct their information.
  • How to withdraw or amend their consent regarding data use.
  • Their right to provide or withhold consent to the use of secure, AI-assisted transcription or recording tools used solely for the purposes of accurate documentation and service improvement.
4. What Personal Information We Collect
4.1 Personal Information We collect the following personal details necessary for providing behaviour support services:
  • Name, date of birth, and contact details.
  • Emergency contact and next of kin details.
  • NDIS participant number and funding details.
  • Communication records related to service delivery.
4.2 Sensitive Information With consent, we may collect:
  • Disability-related information and behaviour assessments.
  • Medical history, diagnoses, and treatment plans.
  • Incident reports and progress notes.
  • Cultural and linguistic background (if relevant).
  • Audio or video recordings, and AI-assisted transcriptions (with explicit consent), when required for service delivery, documentation, or clinical accuracy via approved secure systems.
  • Photographic or video content only where strictly necessary for service documentation or reporting, and only with prior, written consent. Photographs or recordings that directly identify participants will not be taken or used without explicit, informed consent. Staff are prohibited from taking or sharing any images or videos of participants outside of approved service contexts.
4.3 Website and Technical Information
  • IP addresses, browser types, cookies, and usage data for security and analytics.
  • General traffic data and session analytics to enhance website functionality.
5. How We Collect Your Information We collect personal information through:
  • Direct interactions, such as intake forms, Service Agreements, and consultations.
  • Families, guardians, and support coordinators.
  • Third parties, including healthcare providers, NDIS agencies, and allied health professionals (with consent).
  • Website visits, through IP addresses, cookies, and analytics.
6. How We Use Your Information We use personal information to:
  • Provide behaviour support services under the NDIS.
  • Develop, implement, and review behaviour support plans.
  • Process Service Agreements and manage NDIS funding.
  • Ensure compliance with NDIS reporting requirements.
  • Improve service delivery and participant outcomes.
  • Respond to complaints, incidents, and legal obligations.
  • With prior informed consent, use secure, AI-assisted transcription or recording tools (such as Read AI or integrated CRM tools) to support accurate note-taking, documentation, and clinical quality. These tools are compliant with Australian privacy laws and used solely for internal service provision.
  • We do not use personal information for marketing purposes without explicit consent. We do not publish or disclose images or identifying details of staff members or participants for external purposes.
7. How We Store and Secure Your Information We take reasonable steps to protect personal information from unauthorised access, misuse, loss, or disclosure, including:
  • Secure electronic storage systems with restricted access.
  • Encryption and password-protected databases for sensitive data.
  • Physical security measures for printed records.
  • Regular security protocol reviews to maintain compliance.
  • In the event of a data breach, we will notify affected individuals and report the breach under the Notifiable Data Breach (NDB) Scheme.
8. Data Retention and Disposal We retain personal information in accordance with Australian data retention laws:
  • NDIS participant records (under 18): Retained for 7 years after turning 18.
  • NDIS participant records (18 and over): Retained for 5 years from the last interaction.
  • Incident reports and complaints: Retained for 7 years, per NDIS Commission requirements.
  • HR and staff records: Retained as required by employment laws.
After retention periods expire, records are securely deleted or anonymised.
9. Disclosure of Personal Information We may disclose personal information to:
  • NDIS support coordinators, allied health professionals, and relevant service providers (with consent).
  • Government agencies or regulatory bodies, when required by law.
  • Third-party IT providers, solely for secure data management, including approved transcription and AI services (with consent).
  • Emergency services, if necessary to protect participant safety.
  • We do not sell or share personal data for commercial purposes. Staff names, images, or personal information will not be disclosed or published without their explicit consent, and only where legally permitted.
10. Your Rights and Choices Under the Privacy Act 1988, you have the right to:
  • Access your information – Request a copy of your records.
  • Correct inaccuracies – Request corrections to your personal details.
  • Withdraw consent – Request restrictions on data use, including AI transcription or session recording.
  • Lodge a complaint – If you believe your data is mishandled.
  • To make a request, contact us via the details below.
11. How to Lodge a Complaint With Canny Focus Pty Ltd
  • Feedback and Complaints Form: Available on our website.
  • Email: info@cannyfocus.au
  • Phone: 0481 335 622
  • With the Office of the Australian Information Commissioner (OAIC)
  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
With the NDIS Quality and Safeguards Commission
12. Updates to This Privacy Policy
  • The latest version is always available at www.cannyfocus.au.
  • Participants/legal representatives receive this policy via CRM system when signing a Service Agreement and must acknowledge it before proceeding.
  • If significant changes are made, we will directly notify participants and/or their legal representatives via the email listed in our CRM at that time, in accordance with NDIS requirements and Australian Privacy Laws.
13. Contact Information Canny Focus Pty Ltd