DSC’s Annual NDIS Conference 2024

Sydney & Online, March 26-27

Privacy
policy

Our privacy obligations

Disability Services Consulting (DSC) is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). The APPs regulate how personal information is handled by DSC.  

‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable. DSC’s Privacy Policy applies to personal information collected and/or held by DSC. 

We will review this policy regularly, and we may update it from time to time. 

The types of personal information we collect and hold

We collect personal information about our customers, as part of our routine activities. We also collect personal information about our staff, contractors and suppliers, as well as the contact details of individuals who work for contractors and suppliers, and other types of professional associates and personal contacts.

How we collect personal information

Information that you specifically give us
We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us.  This might happen over the telephone or email, through our website, logging on and engaging with our Learning Management System (LMS), by filling in an online survey, or meeting with us face-to-face.  You might also provide your personal information to us, without us directly asking for it, for example if you engage with us on social media or enter other personal information into our LMS.

Information that we collect from others
If you apply for a job or contract with us, we will collect personal information about you from your referees.  With your consent we may also use a third party service to ensure your employment, educational and identity records are valid.  We may also check some details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases. 

Sometimes a third party (such as your employer or colleague) might provide us with information about you so that we can provide you with products or services. For example, someone else may provide us with your contact details when creating a profile for you to view our content.

Information that we generate ourselves
We maintain records of the interactions we have with our customers, including the products and services we have provided to you. Where relevant, DSC maintains copies of consulting proposals and products delivered and our response to any complaints and feedback received.

We collect limited information about users of our websites, for diagnostic and analytic purposes as well as personal information that you provide to us, directly or indirectly, through your use of our website.  We use cookies, beacons and gather IP addresses to do so. This information includes the email campaigns you have interacted with and web pages you have visited on our site.

The types of personal information we collect

The types of personal information we collect about our customers includes:

  • your name;

  • login details;

  • contact details (including email and phone);

  • organisation, department and position title information;

  • accessibility requirements;

  • preferences and interests;

  • user generated content including images or documents you have uploaded to your profile;

  • course completion, status and results;

  • information provided by you as part of our products or services to you;  

  • details of products and services we have provided to you and related correspondence; 

  • research or survey responses; 

  • payment details;

  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;

  • information about your access and use of our website, including through the use of internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your internet service provider

How we treat personal information that is also sensitive information

Sensitive information is a subset of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information or biometric information.

We will not collect sensitive information about you without first obtaining your consent. Provided you consent, your sensitive information may only be used and disclosed for purposes directly relating to the primary purpose for which the sensitive information was collected. Sensitive information may also be used or disclosed if required or authorised by law.

Links to other websites

On our website, we may provide links to third party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.

How we use personal information 

We may use your personal information for the following purposes:

  • to provide the service or product you have requested;

  • to provide technical or other support to you;

  • to answer your enquiry about our services, or to respond to a complaint;

  • to enable you to access and use our website, and associated applications;

  • to contact and communicate with you;

  • to manage our employment or business relationship with you;

  • to promote our other programs, products or services which may be of interest to you (unless you unsubscribe from such communications);

  • to comply with legal and regulatory obligations and resolve any dispute that we may have if otherwise permitted or required by law; or

  • for other purposes with your consent, unless you withdraw your consent.

We will keep personal information about you, to use for the above purposes. DSC will take reasonable steps to destroy personal information when it is no longer necessary to be retained. If you wish for us to destroy or de-identify your personal information, we will do so upon your written request, provided it is lawful to do so.

When we disclose personal information 

Team administrator or leader
We may share your details with the team leader or person assigned administrator permissions when you are added to a team in our LMS. Details that may be shared include name, DSC training history, accessibility and dietary requirements. If any of this information is to be kept confidential, please notify us.

Our third party service providers
DSC uses a range of third party providers to help us maximise the quality and efficiency of our services. This means that individuals and organisations outside of DSC may have access to information held by us. The personal information of our customers, staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third party service providers.  Our third party service providers are bound by contract to only use your personal information on our behalf, under our instructions.

We may disclose your personal information to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;

  • our employees, contractors and/or related entities;

  • our existing or potential agents or business partners;

  • payment systems operators;

  • sponsors or collaboration partners;

  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;

  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia and the European Economic Area, including in the U.S.A.; and

  • third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia and the European Economic Area, including in the U.S.A.

Please note that we use the following specific third parties to process your personal information: Amazon Web Services (AWS EC2/S3, etc. with our data stored in locations in Australia, Germany and the U.S.A), Intercom, Google Analytics, Appcues, Hubspot, Klaviyo, Shopify, Litmos, Xero, Stripe, Slack, Brights (Ukraine), Google, Workflow Max, Facebook, Zoom, Amazon Web Services, SCORM Cloud (US) and LinkedIn. 

We will manage the disclosure of any personal information outside of Australia or the European Economic Area in accordance with our obligations under the Privacy Act and any contractual obligations we may agree to abide by, including in any applicable data processing agreement/addendum.

Security of your personal information 

We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.

We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in secure premises. We take reasonable steps to:

  • Make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;

  • Protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;

  • Destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.

The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, secure server environments, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.

Payment security
We process payments using Stripe, Shopify Payments  and direct deposit. All transactions processed by us meet industry security standards to ensure payment details are protected.

Website security
While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk.

You can also help to protect the privacy of your personal information by maintaining the confidentiality of your  account (including your password), and by ensuring that you log out of your account on (learning portal) when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.

We appoint a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.

We will take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately. 

Accessing or correcting your personal information 

You have the right to request access to the personal information DSC holds about you.  Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period, and without unreasonable expense.

You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date.  Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period.  We do not charge for making corrections.

To seek access to, or correction of, your personal information, please contact the Privacy Officer.

Contact our Privacy Officer

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:

Email the Privacy Officer at [email protected].

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above.  We will acknowledge your formal complaint within 5 working days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001