Circle Logo for All and Sundry Therapy
Submit a referral
Submit a referral

Privacy Policy for All and Sundry Therapy

Effective Date: 28/11/2025

1. Commitment to Privacy

All and Sundry Therapy (“we”, “us”, “our”) is committed to protecting the privacy and rights of our participants. We acknowledge that the privacy of your personal and health information is essential to your dignity and the trust you place in us.

This Privacy Policy explains how we collect, use, disclose, and store your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the NDIS Practice Standards.

2. Information We Collect

We collect information reasonably necessary to provide you with therapeutic supports and Positive Behaviour Support services. This includes:

  • Personal Information: Name, date of birth, address, contact details, and NDIS Participant Number.
  • Sensitive Information: Medical history, disability information, NDIS Plans, behaviour support plans, reports from other providers, and notes on your therapy progress.
  • Website Data: If you use our website, we may collect technical data such as IP addresses and cookies to improve user experience (see Section 9).

3. How We Collect Information

We collect information directly from you or your nominee whenever possible. We may collect information via:

  • New Participant Intake/Referral forms.
  • Face-to-face or telehealth therapy sessions.
  • Phone calls, emails, and website enquiries.
  • Third parties (only with your consent), such as Support Coordinators, other Allied Health professionals, or the NDIS.

4. Use and Disclosure of Information

We use your information for the primary purpose of providing NDIS services. This includes:

  • Developing and delivering therapeutic interventions and behaviour support plans.
  • Communicating with your support network (family, carers, other providers).
  • Administrative purposes like billing and NDIS claiming.

We will not disclose your information to third parties without your consent, except where:

  • Required by Law: For example, mandatory reporting of abuse or neglect, or under a court order.
  • NDIS Auditing: As a registered NDIS provider, our files may be subject to audit by the NDIS Quality and Safeguards Commission or approved quality auditors to ensure we meet practice standards.
  • Safety: We reasonably believe disclosure is necessary to prevent a serious threat to the life, health, or safety of any individual.

5. Storage and Security

We take all reasonable steps to protect your information from misuse, loss, unauthorised access, or modification.

  • Digital Records: Stored in secure, password-protected practice management software (Splose) and cloud document management systems (SharePoint). Access is restricted to authorized personnel using two-factor authentication.
  • Physical Records: Any hard copies are kept in locked cabinets accessible only to authorized staff.
  • Retention: We retain health records for a minimum of 7 years from the last interaction (or until the participant turns 25 if they were a child), after which they are securely destroyed.

6. Cross Border Data Transfer

We operate only within Australia and will not provide your information to parties in any other country.

We do from time to time, however, use web-based programs for particular activities such as email broadcast which may be hosted offshore, or cloud service providers but only when the supplier agrees with us to be bound by privacy laws or where the jurisdiction in which the data is located has laws that are equal to or better than Australian privacy laws.

7. What if there is a Data Breach?

We take all reasonable steps to prevent data breaches. However, if we suspect that a data breach has occurred, we will undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. If so, we will:

  • take all reasonable steps to contain the breach;
  • where possible, take action to remediate any risk of harm;
  • notify individuals and the Commissioner where an individual is likely to suffer serious harm (or if otherwise required by law); and
  • review the incident and consider what actions can be taken to prevent future breaches.

8. Access and Correction

You have the right to request access to the personal information we hold about you. You also have the right to request corrections if you believe the information is inaccurate or out of date.

  • To request access, please contact our Privacy Officer (details below).
  • We may require ID verification before releasing information.

9. Anonymity

Where practicable, you have the option of dealing with us anonymously or using a pseudonym (e.g., for general website enquiries). However, for NDIS service delivery, we generally require your correct identity to create service agreements and process claims.

10. Website Cookies

Our website allandsundrytherapy.com.au may use "cookies" to analyse website traffic and improve your experience. You can choose to reject cookies in your browser settings, though this may limit website functionality.

11. Complaints and Feedback

If you have a concern about how we have handled your privacy, please contact us first so we can resolve the issue.

Privacy Officer – All and Sundry Therapy

  • Phone: 0408 609 081
  • Email: elly@allandsundrytherapy.com.au

If you are not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

NDIS Quality and Safeguards Commission

  • Website: www.ndiscommission.gov.au
  • Phone: 1800 035 544

Connect with us

If you're seeking behaviour support that is steady, collaborative, strengths-focused, and grounded in real-world environments, we're ready to walk alongside you—and the person you support.

We welcome referrals from participants, families, support coordinators, schools, and allied health teams.