Privacy Policy

Effective Date: 10/02/2026
Last Updated: 10/02/2026

1. Introduction

Prosperity Care Pty Ltd trading as Verve Care & Support (“we,” “us,” “our,” or “Verve Care”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

As an NDIS Registered Provider, we also comply with the NDIS Practice Standards and NDIS Code of Conduct in relation to the collection, use, and protection of personal and sensitive information.

This Privacy Policy explains:

  • What personal information we collect
  • How we collect, use, and disclose your information
  • How we store and protect your information
  • Your rights regarding your personal information
  • How to contact us about privacy matters

By using our services or providing us with your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

2. About Us

Legal Name: Prosperity Care Pty Ltd T/a Verve Care & Support
ABN: 12 677 399 709
NDIS Registration Number: 405 344 8162
Website: https://vervecare.com.au
Email: info@vervecare.com.au
Phone: +61 0405 874 766
Address: [Insert Business Address]

3. What Personal Information We Collect

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

3.1 Types of Information We Collect

We may collect the following types of personal information:

General Personal Information:

  • Full name, date of birth, and gender
  • Contact details (address, phone number, email)
  • Emergency contact information
  • Proof of identity documents
  • Photographs and videos (with consent)
  • Language preferences and communication needs
  • Cultural background and preferences

Sensitive Information:

  • Health information and medical history
  • Disability information and support needs
  • NDIS plan details and funding information
  • Mental health information
  • Cultural or religious beliefs (if relevant to service delivery)
  • Criminal record information (if relevant and with consent)
  • Biometric information (if required for specific services)

NDIS-Related Information:

  • NDIS participant number
  • Plan management details
  • Support coordination information
  • Goal and outcome information
  • Service agreements and funding arrangements
  • Progress notes and service delivery records
  • Incident and complaint records

Financial Information:

  • Bank account details for payment processing
  • Invoice and payment records
  • NDIS claims and billing information

Other Information:

  • Feedback, complaints, and compliments
  • Website usage data (see our Cookies Policy)
  • Communication records (emails, phone calls, messages)
  • Employment information (for staff and contractors)

3.2 Information About Third Parties

We may also collect information about third parties related to you, including:

  • Family members and carers
  • Nominated representatives and guardians
  • Support coordinators and plan managers
  • Healthcare providers and allied health professionals
  • Other service providers involved in your care

4. How We Collect Personal Information

We collect personal information in various ways:

4.1 Directly From You

  • When you complete our intake and assessment forms
  • During phone calls, emails, or in-person conversations
  • Through our website contact forms
  • When you provide feedback or make complaints
  • During service delivery and support sessions
  • When you apply for employment with us

4.2 From Third Parties (With Your Consent)

  • From the NDIA (National Disability Insurance Agency)
  • From your plan manager or support coordinator
  • From healthcare providers and allied health professionals
  • From your family members, carers, or legal representatives
  • From other service providers involved in your care
  • From government agencies (when required by law)
  • From referral sources

4.3 Automatically

  • Through our website using cookies and analytics tools (see our Cookies Policy)
  • Through CCTV footage at our premises (for safety and security)

4.4 When Required or Authorized by Law

  • Under court orders or subpoenas
  • To comply with government agency requests
  • In response to law enforcement inquiries
  • As required under NDIS legislation and regulations

5. Why We Collect Personal Information

We collect and use your personal information for the following purposes:

5.1 Service Delivery

  • To provide disability support services under the NDIS
  • To assess your needs and develop support plans
  • To deliver services outlined in your NDIS plan
  • To monitor your progress toward goals and outcomes
  • To coordinate with other service providers
  • To ensure your safety and wellbeing

5.2 NDIS Compliance and Administration

  • To verify your NDIS eligibility and funding
  • To process NDIS claims and payments
  • To comply with NDIS Practice Standards
  • To report to the NDIA as required
  • To manage quality and safeguarding obligations
  • To respond to NDIS Commission audits and reviews

5.3 Business Operations

  • To communicate with you about our services
  • To process payments and manage invoices
  • To respond to inquiries and complaints
  • To improve our services and quality
  • To conduct research and analysis (with consent)
  • To maintain accurate records

5.4 Legal and Regulatory Obligations

  • To comply with our legal obligations
  • To respond to legal proceedings
  • To protect our rights and interests
  • To prevent fraud and abuse
  • To meet workplace health and safety requirements

5.5 Marketing (With Your Consent)

  • To send newsletters and updates about our services
  • To inform you about events and programs
  • To seek feedback on our services

You can opt out of marketing communications at any time by contacting us.

6. How We Use and Disclose Personal Information

6.1 Use of Personal Information

We use your personal information only for the purposes for which it was collected, or for related purposes you would reasonably expect.

6.2 Disclosure of Personal Information

We may disclose your personal information to:

NDIS-Related Parties:

  • The NDIA (National Disability Insurance Agency)
  • Your plan manager or support coordinator
  • The NDIS Quality and Safeguards Commission
  • NDIS auditors and reviewers

Healthcare and Support Providers:

  • Your nominated healthcare providers
  • Allied health professionals (with your consent)
  • Other NDIS service providers involved in your care
  • Hospitals and medical facilities (in emergencies)

Service Delivery Partners:

  • Our employees, contractors, and volunteers
  • Transport providers
  • Activity and program facilitators
  • Equipment and assistive technology providers

Administrative and Professional Services:

  • Our legal advisors and accountants
  • Insurance providers
  • IT service providers and cloud storage services
  • Payment processors and banks

Government Agencies:

  • Medicare and Centrelink (when required)
  • Department of Health and Aged Care
  • State and territory disability services
  • Law enforcement agencies (when required by law)
  • Courts and tribunals (when required by law)

Family and Representatives:

  • Your family members, carers, or legal guardians (with your consent)
  • Your nominated representative or decision-maker

Other Parties:

  • Emergency services (in urgent situations)
  • Parties involved in complaints or legal proceedings
  • Anyone else you have authorized us to share information with

6.3 Overseas Disclosure

We generally do not disclose personal information overseas. However, some of our IT service providers may store data on servers located overseas (e.g., cloud storage providers).

If we disclose your information overseas, we will:

  • Only use reputable providers with strong privacy protections
  • Ensure appropriate safeguards are in place
  • Obtain your consent where required
  • Comply with the Australian Privacy Principles

Countries where data may be stored include: [List countries if known, e.g., United States, Singapore]

7. Data Quality and Security

7.1 Accuracy of Information

We take reasonable steps to ensure the personal information we collect, use, and disclose is accurate, complete, and up-to-date.

You can help us by:

  • Providing accurate information
  • Notifying us of any changes to your details
  • Reviewing and updating your information regularly

7.2 Security Measures

We are committed to protecting your personal information from:

  • Misuse, interference, and loss
  • Unauthorized access, modification, or disclosure

We implement security measures including:

Physical Security:

  • Secure premises with restricted access
  • Locked filing cabinets for paper records
  • CCTV monitoring (where appropriate)
  • Visitor sign-in procedures

Technical Security:

  • Encrypted data storage and transmission
  • Secure password-protected systems
  • Regular software updates and security patches
  • Firewall and antivirus protection
  • Secure backup systems
  • Access controls and user authentication

Administrative Security:

  • Staff training on privacy and confidentiality
  • Confidentiality agreements for all staff and contractors
  • Clear privacy policies and procedures
  • Regular privacy audits and reviews
  • Incident response procedures

7.3 Data Retention

We retain your personal information only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements

Retention Periods:

  • NDIS service records: Minimum 7 years after service ends (NDIS requirement)
  • Financial records: 7 years (taxation requirement)
  • Employment records: 7 years after employment ends
  • Complaint records: 7 years after resolution
  • Other records: As required by law or our internal policies

After the retention period, we securely destroy or de-identify personal information.

7.4 Data Breaches

If we become aware of a data breach that is likely to result in serious harm to you, we will:

  • Notify you as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Take steps to contain and remedy the breach
  • Provide information about the breach and recommended actions

8. Your Rights and Choices

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the following rights:

8.1 Access to Your Information

You have the right to request access to the personal information we hold about you.

How to request access:

  • Submit a written request to our Privacy Officer
  • Provide identification to verify your identity
  • Specify what information you wish to access

Our response:

  • We will respond within 30 days
  • We will provide access unless an exception applies
  • We may charge a reasonable fee for processing complex requests

Exceptions: We may refuse or limit access if:

  • Providing access would pose a serious threat to someone’s life, health, or safety
  • Providing access would have an unreasonable impact on another person’s privacy
  • The request is frivolous or vexatious
  • Legal proceedings are involved
  • Law enforcement or national security issues exist
  • Denying access is required or authorized by law

8.2 Correction of Your Information

You have the right to request correction of inaccurate, incomplete, or out-of-date information.

How to request correction:

  • Contact us and identify the information to be corrected
  • Provide evidence supporting the correction
  • We will respond within 30 days

If we disagree:

  • We will notify you of our decision
  • You can request that we attach a statement to the record noting your disagreement

8.3 Complaints

If you believe we have breached your privacy, you have the right to make a complaint.

How to make a complaint:

  1. Contact our Privacy Officer (details in Section 13)
  2. Provide details of the alleged breach
  3. We will investigate and respond within 30 days

If you’re not satisfied:

  • You can escalate to the Office of the Australian Information Commissioner (OAIC)
  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

For NDIS-related privacy concerns, you can also contact:

  • NDIS Quality and Safeguards Commission
  • Phone: 1800 035 544
  • Website: www.ndiscommission.gov.au

8.4 Withdrawal of Consent

Where we rely on your consent to collect, use, or disclose your information, you can withdraw consent at any time by contacting us.

Please note:

  • Withdrawing consent may affect our ability to provide services
  • We may still be required to retain certain information for legal purposes
  • Withdrawal does not affect previous uses of your information

8.5 Anonymity and Pseudonymity

Where practicable, you have the option to:

  • Not identify yourself when dealing with us
  • Use a pseudonym

However:

  • This may not be practical for service delivery
  • We may be required by law to collect identifying information
  • NDIS services require identification for funding and compliance purposes

9. Specific Privacy Considerations

9.1 NDIS Participants

As an NDIS Registered Provider, we:

  • Comply with NDIS Practice Standards related to privacy
  • Follow the NDIS Code of Conduct
  • Protect your information in accordance with NDIS Quality and Safeguards Commission requirements
  • Only share information necessary for service delivery and NDIS compliance
  • Obtain your consent before sharing information with non-NDIS parties

9.2 Children and Young People

When providing services to children under 18:

  • We obtain consent from parents/guardians for information collection
  • We respect the child’s right to privacy appropriate to their age and maturity
  • We involve children in decisions about their information where appropriate
  • We take extra care to protect sensitive information

9.3 People with Decision-Making Support Needs

For participants with guardians, administrators, or decision-makers:

  • We verify the authority of representatives
  • We obtain consent from authorized decision-makers
  • We still involve participants in decisions where possible
  • We respect supported decision-making arrangements

9.4 Aboriginal and Torres Strait Islander People

We recognize and respect the privacy needs of Aboriginal and Torres Strait Islander people, including:

  • Cultural sensitivities around information sharing
  • Community consultation practices
  • Respect for cultural protocols
  • Working with Aboriginal and Torres Strait Islander organizations

9.5 People from Culturally and Linguistically Diverse Backgrounds

We provide:

  • Interpreter services when needed
  • Information in accessible formats and languages
  • Culturally appropriate privacy practices
  • Support to understand privacy rights

10. Website Privacy

10.1 Cookies and Tracking

Our website uses cookies and similar technologies. Please see our Cookies Policy for detailed information.

10.2 Website Forms

When you submit forms through our website:

  • Information is transmitted securely (SSL encryption)
  • We collect only necessary information
  • We will contact you only for the purposes indicated

10.3 External Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

10.4 Social Media

If you interact with us on social media:

  • Your public posts may be visible to others
  • Social media platforms have their own privacy policies
  • We may collect publicly available information for service improvement

11. Employment and Contractor Privacy

11.1 Staff and Contractor Information

We collect personal information from employees and contractors including:

  • Contact and identification details
  • Employment history and qualifications
  • Working with Children Check and police checks
  • Tax file numbers and superannuation details
  • Performance and training records
  • Health information (if relevant to employment)

11.2 Use of Staff Information

We use this information to:

  • Manage employment and contractor relationships
  • Meet workplace health and safety obligations
  • Process payroll and superannuation
  • Comply with taxation and employment laws
  • Provide training and professional development
  • Manage performance and conduct

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in laws and regulations
  • Changes in our practices
  • New services or technologies
  • Feedback from stakeholders

When we update this policy:

  • We will post the updated version on our website
  • We will update the “Last Updated” date
  • We may notify you of significant changes
  • Continued use of our services constitutes acceptance of changes

We encourage you to review this policy regularly.

13. Contact Us

If you have any questions, concerns, or complaints about privacy, or wish to exercise your rights, please contact our Privacy Officer:

Privacy Officer
Prosperity Care Pty Ltd T/a Verve Care & Support

Email: info@vervecare.com.au
Phone: +61 0405 874 766
Mail: PO Box 108, WAVELL HEIGHTS NORTH QLD 4012
Website: https://vervecare.com.au

Business Hours: Monday – Friday : 8:00 AM to 5:00 PM

We will respond to your inquiry within 30 days.

14. Additional Resources

For more information about privacy in Australia:

Office of the Australian Information Commissioner (OAIC)

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

NDIS Quality and Safeguards Commission

  • Website: www.ndiscommission.gov.au
  • Phone: 1800 035 544

National Disability Abuse and Neglect Hotline

  • Phone: 1800 880 052

Acknowledgment

Verve Care & Support acknowledges the Traditional Owners of the lands on which we live and work and recognises their connection to land, sea and community. We acknowledge Elders past, present and emerging for they are the holders of culture, knowledge, wisdom and leadership that is passed from generation to generation.

Document Version: 1.0
Approved By: Managing Director
Review Date: 10/02/2027