SKOOT Community Access Privacy Policy

SKOOT Community Access 


Privacy and Information Management Policy and Procedures 


Version 1.2 | Approved: 17/04/2025 | Review Date: 16/04/2026 


 Privacy at a Glance 


SKOOT Community Access respects your privacy. We collect personal and sensitive information to deliver services under the National Disability Insurance Scheme (NDIS). Your data is stored securely and only shared with your consent or when legally required. This policy applies to all participants and users of our services, including those using our website or mobile application. 


Policy 


SKOOT Community Access complies with: 


  • The Privacy Act 1988 (Cth) 
  • The Privacy Amendment (Enhancing Privacy Protection) Act 2012 
  • The Australian Privacy Principles (APPs) 

We have procedures in place for the appropriate collection, use, storage, disclosure, correction, and disposal of personal information. 


Outcome 

  • Compliance with privacy legislation 
  • Protection of participant information 
  • Transparent and respectful information handling 
  • Participant satisfaction with information management 


Background 


The Privacy Act governs how personal information is managed. The 2012 amendment outlines how organisations must handle, store, and disclose sensitive data and inform users of their rights. See Appendix 1 for a summary of the 13 Australian Privacy Principles (APPs). 

State/territory laws may apply additional requirements, including minimum data retention periods for health records. 


Definitions 


Personal Information: Any data (written or otherwise) from which a person’s identity is evident or can be reasonably determined. 
 Sensitive Information: A category of personal information, including health data, racial or ethnic origin, religious beliefs, or sexual orientation. 

 

Scope of this Policy 


This policy applies to all: 


  • Participants 
  • Website users 
  • Mobile app users 
  • Staff and service providers 
    This includes how personal information is collected and managed across all digital and physical platforms, including our mobile application. 

 


Mobile App-Specific Data Collection and Use 


The SKOOT Community Access mobile app may collect: 


  • Personal details (name, contact info) 
  • App usage data (e.g., page views, crash logs) 
  • Device details (e.g., IP address, device ID, OS version) 


Purpose


  • Enable service access 
  • Improve app performance and user experience 
  • Ensure system security 
  • Meet service delivery obligations 

Data is not sold or shared outside SKOOT Community Access unless: 


  • Consent is given 
  • Required to provide services 
  • Required by law 

 

Staff Understanding and Training 


  • The Directors review this policy annually. 
  • All staff are trained in privacy/confidentiality at induction and annually thereafter. 

 

Participant Information Storage 


  • Each participant has a unique record containing: 
  • Personal information 
  • Clinical notes and investigations 
  • Correspondence and assessments 
  • Photos/videos (only with signed consent) 
  • Digital data is protected by firewalls, passwords, and multi-factor authentication. 
  • Paper files are kept in locked, fireproof cabinets. 
  • Retention: 
  • 7 years after discharge 
  • Until age 25 for minors (or 7 years post-discharge, whichever is later) 
  • Secure deletion of digital and paper records is practiced. 

 

Privacy and Consent 


  • Consent is included in the participant's NDIS Service Agreement. 
  • Required consents: 
  • Sharing/obtaining information 
  • Receiving services 
  • Photography 
  • Satisfaction surveys 
  • Quality management activities 

Participants may contact SKOOT without providing personal information, but data will be required to receive services. 


Sharing of Information 


  • Information is only shared with the participant’s consent or as required by law. 
  • Disclosure to third parties only occurs when necessary for service delivery and aligned with ethical/privacy standards. 
  • Participants are informed when their data may need to be shared. 

 

Data Accuracy and Updates 

  • Participants are asked to keep their information current. 
  • Records are updated during reviews and following service delivery. 

 

Secondary Use 


  • No personal information is used for unrelated purposes without explicit written consent. 

 

Access to Information 


  • Participants can access their information by contacting the Directors of SKOOT Community Access. 

 

Complaints Management 


  • Complaints should be directed to the Directors. 
  • If unresolved, complaints may be referred to: 
  • The Office of the Australian Privacy Commissioner 
  • The NDIS Quality and Safeguards Commission 

We will fully cooperate with independent investigations. 


 References 


  • Guidelines on Privacy in the Private Health Sector, Office of the Australian Information Commissioner (OAIC) 

 

Appendix 1: Summary of the 13 Australian Privacy Principles (APPs) 

  1. Open and Transparent Management: Maintain a current and accessible privacy policy. 
  2. Anonymity and Pseudonymity: Offer these options where possible. 
  3. Collection of Solicited Personal Info: Apply high standards, especially for sensitive data. 
  4. Unsolicited Personal Info: Handle appropriately or destroy securely. 
  5. Notification of Collection: Inform individuals when collecting their information. 
  6. Use or Disclosure: Only use/disclose data for the original purpose or with consent. 
  7. Direct Marketing: Only allowed with specific conditions. 
  8. Cross-Border Disclosure: Protect data sent overseas. 
  9. Government Identifiers: Restricted use. 
  10. Data Quality: Ensure information is accurate and up to date. 
  11. Security: Protect against unauthorized access and ensure proper disposal. 
  12. Access: Provide access upon request, with limited exceptions. 
  13. Correction: Correct inaccuracies promptly upon request.